This is an automated email from the ASF dual-hosted git repository.
nixon pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new 3711141 ATLAS-3950 : Authorize for Read Type for Classification,
Business metadata , Entity typesdef attributes.
3711141 is described below
commit 37111415cb72459a718e8f6feb5b6a5c764dd14c
Author: chaitali borole <[email protected]>
AuthorDate: Tue Sep 29 16:10:38 2020 +0530
ATLAS-3950 : Authorize for Read Type for Classification, Business metadata
, Entity typesdef attributes.
Signed-off-by: nixonrodrigues <[email protected]>
(cherry picked from commit d4a50aadfc2e7076d8e5281f9be60fad4c5c232d)
---
.../store/graph/v2/AtlasAbstractDefStoreV2.java | 49 ++++++++++++++++++++++
.../graph/v2/AtlasBusinessMetadataDefStoreV2.java | 21 ++++++++++
.../graph/v2/AtlasClassificationDefStoreV2.java | 17 ++------
.../store/graph/v2/AtlasEntityDefStoreV2.java | 4 ++
.../graph/v2/AtlasRelationshipDefStoreV2.java | 6 +++
.../store/graph/v2/AtlasStructDefStoreV2.java | 5 +++
6 files changed, 88 insertions(+), 14 deletions(-)
diff --git
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java
index 2cb2b47..3dab120 100644
---
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java
+++
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java
@@ -20,16 +20,23 @@ package org.apache.atlas.repository.store.graph.v2;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasErrorCode;
import org.apache.atlas.AtlasException;
+import org.apache.atlas.authorize.AtlasAuthorizationUtils;
+import org.apache.atlas.authorize.AtlasPrivilege;
+import org.apache.atlas.authorize.AtlasTypeAccessRequest;
import org.apache.atlas.exception.AtlasBaseException;
import org.apache.atlas.model.typedef.AtlasBaseTypeDef;
import org.apache.atlas.model.typedef.AtlasStructDef;
import org.apache.atlas.query.AtlasDSL;
import org.apache.atlas.repository.graphdb.AtlasVertex;
import org.apache.atlas.repository.store.graph.AtlasDefStore;
+import org.apache.atlas.type.AtlasType;
import org.apache.atlas.type.AtlasTypeRegistry;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.Collection;
import java.util.List;
import java.util.regex.Pattern;
@@ -54,6 +61,48 @@ import java.util.regex.Pattern;
this.typeRegistry = typeRegistry;
}
+ public void verifyTypesReadAccess(Collection<? extends AtlasType> types)
throws AtlasBaseException {
+ if (CollectionUtils.isNotEmpty(types)) {
+ for (AtlasType type : types) {
+ AtlasBaseTypeDef def =
typeRegistry.getTypeDefByName(type.getTypeName());
+ if (def != null) {
+ AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of
category ", def.getCategory(), " ", def.getName());
+ }
+ }
+ }
+ }
+
+ public void verifyTypeReadAccess(Collection<String> types) throws
AtlasBaseException {
+ if (CollectionUtils.isNotEmpty(types)) {
+ for (String type : types) {
+ AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type);
+ if (def != null) {
+ AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of
category ", def.getCategory(), " ", def.getName());
+ }
+ }
+ }
+ }
+
+ public void verifyTypeReadAccess(String type) throws AtlasBaseException {
+ if (StringUtils.isNotEmpty(type)) {
+ AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type);
+ if (def != null) {
+ AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of
category ", def.getCategory(), " ", def.getName());
+ }
+ }
+ }
+
+ public void
verifyAttributeTypeReadAccess(Collection<AtlasStructDef.AtlasAttributeDef>
types) throws AtlasBaseException {
+ if (CollectionUtils.isNotEmpty(types)) {
+ for (AtlasStructDef.AtlasAttributeDef attributeDef : types) {
+ AtlasBaseTypeDef def =
typeRegistry.getTypeDefByName(attributeDef.getTypeName());
+ if (def != null) {
+ AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of
category ", def.getCategory(), " ", def.getName());
+ }
+ }
+ }
+ }
+
public void validateType(AtlasBaseTypeDef typeDef) throws
AtlasBaseException {
if (!isValidName(typeDef.getName())) {
throw new
AtlasBaseException(AtlasErrorCode.TYPE_NAME_INVALID_FORMAT, typeDef.getName(),
typeDef.getCategory().name());
diff --git
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java
index 6b4fa65..23964f4 100644
---
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java
+++
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java
@@ -29,6 +29,7 @@ import org.apache.atlas.model.typedef.AtlasStructDef;
import org.apache.atlas.repository.Constants;
import org.apache.atlas.repository.graphdb.AtlasVertex;
import org.apache.atlas.type.AtlasBusinessMetadataType;
+import org.apache.atlas.type.AtlasStructType;
import org.apache.atlas.type.AtlasType;
import org.apache.atlas.type.AtlasTypeRegistry;
import org.apache.atlas.typesystem.types.DataTypes;
@@ -104,6 +105,16 @@ public class AtlasBusinessMetadataDefStoreV2 extends
AtlasAbstractDefStoreV2<Atl
LOG.debug("==> AtlasBusinessMetadataDefStoreV2.create({}, {})",
businessMetadataDef, preCreateResult);
}
+ verifyAttributeTypeReadAccess(businessMetadataDef.getAttributeDefs());
+
+ if
(CollectionUtils.isNotEmpty(businessMetadataDef.getAttributeDefs())) {
+ AtlasBusinessMetadataType businessMetadataType =
typeRegistry.getBusinessMetadataTypeByName(businessMetadataDef.getName());
+ for (AtlasStructType.AtlasAttribute attribute :
businessMetadataType.getAllAttributes().values()) {
+ AtlasBusinessMetadataType.AtlasBusinessAttribute bmAttribute =
(AtlasBusinessMetadataType.AtlasBusinessAttribute) attribute;
+ verifyTypesReadAccess(bmAttribute.getApplicableEntityTypes());
+ }
+ }
+
AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, businessMetadataDef),
"create businessMetadata-def ", businessMetadataDef.getName());
AtlasVertex vertex = (preCreateResult == null) ?
preCreate(businessMetadataDef) : preCreateResult;
@@ -186,6 +197,16 @@ public class AtlasBusinessMetadataDefStoreV2 extends
AtlasAbstractDefStoreV2<Atl
LOG.debug("==> AtlasBusinessMetadataDefStoreV2.update({})",
typeDef);
}
+ verifyAttributeTypeReadAccess(typeDef.getAttributeDefs());
+
+ if (CollectionUtils.isNotEmpty(typeDef.getAttributeDefs())) {
+ AtlasBusinessMetadataType businessMetadataType =
typeRegistry.getBusinessMetadataTypeByName(typeDef.getName());
+ for (AtlasStructType.AtlasAttribute attribute :
businessMetadataType.getAllAttributes().values()) {
+ AtlasBusinessMetadataType.AtlasBusinessAttribute bmAttribute =
(AtlasBusinessMetadataType.AtlasBusinessAttribute) attribute;
+ verifyTypesReadAccess(bmAttribute.getApplicableEntityTypes());
+ }
+ }
+
validateType(typeDef);
AtlasBusinessMetadataDef ret =
StringUtils.isNotBlank(typeDef.getGuid()) ? updateByGuid(typeDef.getGuid(),
typeDef)
diff --git
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java
index 93e7012..f460cd1 100644
---
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java
+++
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java
@@ -23,16 +23,13 @@ import org.apache.atlas.authorize.AtlasPrivilege;
import org.apache.atlas.authorize.AtlasAuthorizationUtils;
import org.apache.atlas.authorize.AtlasTypeAccessRequest;
import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.model.typedef.AtlasBaseTypeDef;
import org.apache.atlas.model.typedef.AtlasClassificationDef;
-import org.apache.atlas.model.typedef.AtlasEntityDef;
import org.apache.atlas.repository.Constants;
import org.apache.atlas.repository.graphdb.AtlasVertex;
import org.apache.atlas.type.AtlasClassificationType;
import org.apache.atlas.type.AtlasType;
import org.apache.atlas.type.AtlasTypeRegistry;
import org.apache.atlas.typesystem.types.DataTypes.TypeCategory;
-import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -181,6 +178,9 @@ class AtlasClassificationDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasClassif
LOG.debug("==> AtlasClassificationDefStoreV1.update({})",
classifiDef);
}
+ verifyTypeReadAccess(classifiDef.getSuperTypes());
+ verifyTypeReadAccess(classifiDef.getEntityTypes());
+
validateType(classifiDef);
AtlasClassificationDef ret =
StringUtils.isNotBlank(classifiDef.getGuid())
@@ -367,15 +367,4 @@ class AtlasClassificationDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasClassif
return m.matches();
}
-
- private void verifyTypeReadAccess(Set<String> types) throws
AtlasBaseException {
- if (CollectionUtils.isNotEmpty(types)) {
- for (String type : types) {
- AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type);
- if (def != null) {
- AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of
category", def.getCategory(), def.getName());
- }
- }
- }
- }
}
diff --git
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java
index e5153de..b86cd91 100644
---
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java
+++
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java
@@ -88,6 +88,8 @@ public class AtlasEntityDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasEntityDe
LOG.debug("==> AtlasEntityDefStoreV1.create({}, {})", entityDef,
preCreateResult);
}
+ verifyAttributeTypeReadAccess(entityDef.getAttributeDefs());
+
AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, entityDef), "create
entity-def ", entityDef.getName());
AtlasVertex vertex = (preCreateResult == null) ? preCreate(entityDef)
: preCreateResult;
@@ -173,6 +175,8 @@ public class AtlasEntityDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasEntityDe
LOG.debug("==> AtlasEntityDefStoreV1.update({})", entityDef);
}
+ verifyAttributeTypeReadAccess(entityDef.getAttributeDefs());
+
validateType(entityDef);
AtlasEntityDef ret = StringUtils.isNotBlank(entityDef.getGuid()) ?
updateByGuid(entityDef.getGuid(), entityDef)
diff --git
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java
index 64ef18b..cf316ea 100644
---
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java
+++
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java
@@ -133,6 +133,9 @@ public class AtlasRelationshipDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasRe
LOG.debug("==> AtlasRelationshipDefStoreV1.create({}, {})",
relationshipDef, preCreateResult);
}
+ verifyTypeReadAccess(relationshipDef.getEndDef1().getType());
+ verifyTypeReadAccess(relationshipDef.getEndDef2().getType());
+
AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, relationshipDef), "create
relationship-def ", relationshipDef.getName());
AtlasVertex vertex = (preCreateResult == null) ?
preCreate(relationshipDef) : preCreateResult;
@@ -216,6 +219,9 @@ public class AtlasRelationshipDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasRe
LOG.debug("==> AtlasRelationshipDefStoreV1.update({})",
relationshipDef);
}
+ verifyTypeReadAccess(relationshipDef.getEndDef1().getType());
+ verifyTypeReadAccess(relationshipDef.getEndDef2().getType());
+
validateType(relationshipDef);
AtlasRelationshipDef ret =
StringUtils.isNotBlank(relationshipDef.getGuid())
diff --git
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java
index 9a45f00..0c13a78 100644
---
a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java
+++
b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java
@@ -98,6 +98,8 @@ public class AtlasStructDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasStructDe
LOG.debug("==> AtlasStructDefStoreV1.create({}, {})", structDef,
preCreateResult);
}
+ verifyAttributeTypeReadAccess(structDef.getAttributeDefs());
+
AtlasAuthorizationUtils.verifyAccess(new
AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, structDef), "create
struct-def ", structDef.getName());
if (CollectionUtils.isEmpty(structDef.getAttributeDefs())) {
@@ -186,6 +188,9 @@ public class AtlasStructDefStoreV2 extends
AtlasAbstractDefStoreV2<AtlasStructDe
LOG.debug("==> AtlasStructDefStoreV1.update({})", structDef);
}
+ verifyAttributeTypeReadAccess(structDef.getAttributeDefs());
+
+
validateType(structDef);
AtlasStructDef ret = StringUtils.isNotBlank(structDef.getGuid()) ?
updateByGuid(structDef.getGuid(), structDef)
