[40/50] [abbrv] kylin git commit: KYLIN-2621 The user of the LDAP group named admin always has ROLE_ADMIN permission

Fri, 19 May 2017 16:57:59 -0700 

KYLIN-2621 The user of the LDAP group named admin always has ROLE_ADMIN 
permission

Signed-off-by: Billy Liu <billy...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/a34db26f
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/a34db26f
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/a34db26f

Branch: refs/heads/KYLIN-2624
Commit: a34db26f0bd594b55fd4df29b66f15579bb3c8ff
Parents: 858d947
Author: 10069681 <peng.jian...@zte.com.cn>
Authored: Mon May 15 20:31:26 2017 +0800
Committer: Billy Liu <billy...@apache.org>
Committed: Wed May 17 16:23:12 2017 +0800

----------------------------------------------------------------------
 .../rest/security/AuthoritiesPopulator.java     | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/a34db26f/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java
 
b/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java
index 2b290ce..592791c 100644
--- 
a/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java
+++ 
b/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java
@@ -52,8 +52,11 @@ public class AuthoritiesPopulator extends 
DefaultLdapAuthoritiesPopulator {
         this.adminRoleAsAuthority = new SimpleGrantedAuthority(adminRole);
 
         String[] defaultRoles = StringUtils.split(defaultRole, ",");
-        if (ArrayUtils.contains(defaultRoles, Constant.ROLE_MODELER))
+        if (ArrayUtils.contains(defaultRoles, Constant.ROLE_MODELER)) {
             this.defaultAuthorities.add(modelerAuthority);
+            this.defaultAuthorities.add(analystAuthority);
+        }
+
         if (ArrayUtils.contains(defaultRoles, Constant.ROLE_ANALYST))
             this.defaultAuthorities.add(analystAuthority);
     }
@@ -62,19 +65,16 @@ public class AuthoritiesPopulator extends 
DefaultLdapAuthoritiesPopulator {
     public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String 
username) {
         Set<GrantedAuthority> authorities = 
super.getGroupMembershipRoles(userDn, username);
 
-        authorities.addAll(defaultAuthorities);
+        Set<GrantedAuthority> userAuthorities = new 
HashSet<GrantedAuthority>();
+        userAuthorities.addAll(defaultAuthorities);
 
         if (authorities.contains(adminRoleAsAuthority)) {
-            authorities.add(adminAuthority);
-            authorities.add(modelerAuthority);
-            authorities.add(analystAuthority);
-        }
-
-        if (authorities.contains(modelerAuthority)) {
-            authorities.add(analystAuthority);
+            userAuthorities.add(adminAuthority);
+            userAuthorities.add(modelerAuthority);
+            userAuthorities.add(analystAuthority);
         }
 
-        return authorities;
+        return userAuthorities;
     }
 
 }

Reply via email to