[
https://issues.apache.org/jira/browse/KYLIN-1909?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15427905#comment-15427905
]
julian pan commented on KYLIN-1909:
-----------------------------------
Hi
The fix for list cube ACL has some issues.
If the cube user has permission not in the range (offset ~ limit), then the
cube will not return.
[https://github.com/apache/kylin/blob/kylin-1.5.3/server-base/src/main/java/org/apache/kylin/rest/service/CubeService.java]
The root cause is org.apache.kylin.rest.service.CubeService.getCubes method
will call listAllCubes. Due to internal call, the annotation for listAllCubes
will not work. getCubes get all cubes from listAllCubes. Then get the sub cubes
from all cube instead of the permission cube. The ACL will double check the sub
cubes, and return permission cube in sub cubes. If the permission not in sub
cube list, then user can not get it. The ticket closed, so I cannot attached
patch for this ticket. I'm glad to attached my patch if you open it.
Thanks & Regards
Julian
> Wrong access control to rest get cubes
> --------------------------------------
>
> Key: KYLIN-1909
> URL: https://issues.apache.org/jira/browse/KYLIN-1909
> Project: Kylin
> Issue Type: Bug
> Components: REST Service
> Affects Versions: v1.5.2
> Reporter: Dong Li
> Assignee: Shaofeng SHI
> Priority: Minor
> Fix For: v1.5.3
>
>
> 1. Import sample data
> 2. Login with user: ANALYST, see nothing
> 3. Request rest api:
> http://sandbox:7070/kylin/api/cubes?limit=15&offset=0&projectName=learn_kylin
> Then found the list of cubes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
