[
https://issues.apache.org/jira/browse/KYLIN-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16357639#comment-16357639
]
Vsevolod Ostapenko commented on KYLIN-3223:
-------------------------------------------
[~yimingliu], I attached the proposed patch for NPE and missing read access
check on projects, when project either not specified or empty.
Please review or have someone to look at the changes and provide feedback.
> Query for the list of hybrid cubes results in NPE
> -------------------------------------------------
>
> Key: KYLIN-3223
> URL: https://issues.apache.org/jira/browse/KYLIN-3223
> Project: Kylin
> Issue Type: Bug
> Components: REST Service
> Affects Versions: v2.2.0
> Environment: HDP 2.5.6, Kylin 2.2
> Reporter: Vsevolod Ostapenko
> Assignee: nichunen
> Priority: Major
> Attachments:
> 0001-KYLIN-3223-Query-for-the-list-of-hybrid-cubes-result.patch
>
>
> Calling REST API to get the list of hybrid cubes returns stack trace with NPE
> exception.
> {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
> [http://localhost:7070/kylin/api/hybrids]
> {quote}
>
> If a parameter project without a value is specified, call succeeds. E.g.
> {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {}
> [http://localhost:7070/kylin/api/hybrids?project]
> {quote}
> Quick look at the HybridService.java suggests that there is a bug in the
> code, where the very first line tries to check ACLs on the project using the
> project name, which is NULL, when project parameter is not specified as part
> of the URL.
> If parameter is specified without a value, ACL check is not performed, so
> it's another bug, as the list of projects is retrieved without read
> permission checking.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
