This is an automated email from the ASF dual-hosted git repository. nixon pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/atlas.git
commit 86e9149b031d62536fce6bb6fa815536d57144bc Author: nixonrodrigues <[email protected]> AuthorDate: Thu Sep 24 00:02:54 2020 +0530 ATLAS-3952 :- Authorize Super And SubTypes and depend entityType for type-read access while creating Classificationdef Change-Id: Ieb78c49615173db7eb1ce4911700799dfa1083bd --- .../org/apache/atlas/type/AtlasTypeRegistry.java | 4 ---- .../graph/v2/AtlasClassificationDefStoreV2.java | 25 +++++++++++++++++----- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java b/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java index 4a79b6f..4c7f8c6 100644 --- a/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java +++ b/intg/src/main/java/org/apache/atlas/type/AtlasTypeRegistry.java @@ -750,10 +750,6 @@ public class AtlasTypeRegistry { } if (typeDef != null) { - if (this.isRegisteredType(typeDef.getName())) { - throw new AtlasBaseException(AtlasErrorCode.TYPE_ALREADY_EXISTS, typeDef.getName()); - } - if (typeDef.getClass().equals(AtlasEnumDef.class)) { AtlasEnumDef enumDef = (AtlasEnumDef) typeDef; diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java index 9ffede4..93e7012 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java @@ -23,20 +23,21 @@ import org.apache.atlas.authorize.AtlasPrivilege; import org.apache.atlas.authorize.AtlasAuthorizationUtils; import org.apache.atlas.authorize.AtlasTypeAccessRequest; import org.apache.atlas.exception.AtlasBaseException; +import org.apache.atlas.model.typedef.AtlasBaseTypeDef; import org.apache.atlas.model.typedef.AtlasClassificationDef; +import org.apache.atlas.model.typedef.AtlasEntityDef; import org.apache.atlas.repository.Constants; import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.type.AtlasClassificationType; import org.apache.atlas.type.AtlasType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.typesystem.types.DataTypes.TypeCategory; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; +import java.util.*; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -70,6 +71,11 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif throw new AtlasBaseException(AtlasErrorCode.TYPE_MATCH_FAILED, classificationDef.getName(), TypeCategory.TRAIT.name()); } + verifyTypeReadAccess(classificationDef.getSuperTypes()); + verifyTypeReadAccess(classificationDef.getEntityTypes()); + + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, classificationDef), "create classification-def ", classificationDef.getName()); + AtlasVertex ret = typeDefStore.findTypeVertexByName(classificationDef.getName()); if (ret != null) { @@ -93,8 +99,6 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif LOG.debug("==> AtlasClassificationDefStoreV1.create({}, {})", classificationDef, preCreateResult); } - AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, classificationDef), "create classification-def ", classificationDef.getName()); - AtlasVertex vertex = (preCreateResult == null) ? preCreate(classificationDef) : preCreateResult; updateVertexAddReferences(classificationDef, vertex); @@ -363,4 +367,15 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif return m.matches(); } + + private void verifyTypeReadAccess(Set<String> types) throws AtlasBaseException { + if (CollectionUtils.isNotEmpty(types)) { + for (String type : types) { + AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type); + if (def != null) { + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category", def.getCategory(), def.getName()); + } + } + } + } }
