Vsevolod Ostapenko commented on KYLIN-3223:

[~yimingliu], I created a revised version of the fix to use updated ACL 
checking API provided by KYLIN-3239 (Refactor the ACL code about 
checkPermission and hasPermission).
Please review and provide feedback.

> Query for the list of hybrid cubes results in NPE
> -------------------------------------------------
>                 Key: KYLIN-3223
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3223
>             Project: Kylin
>          Issue Type: Bug
>          Components: REST Service
>    Affects Versions: v2.2.0
>         Environment: HDP 2.5.6, Kylin 2.2
>            Reporter: Vsevolod Ostapenko
>            Assignee: Vsevolod Ostapenko
>            Priority: Major
>             Fix For: v2.3.0
>         Attachments: 
> 0001-KYLIN-3223-Query-for-the-list-of-hybrid-cubes-result.patch, 
> KYLIN-3223.master.001.patch
> Calling REST API to get the list of hybrid cubes returns stack trace with NPE 
> exception.
> {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json'  -d {}  
> [http://localhost:7070/kylin/api/hybrids]
>  {quote}
> If a parameter project without a value is specified, call succeeds. E.g.
> {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json'  -d {} 
> [http://localhost:7070/kylin/api/hybrids?project]
> {quote}
> Quick look at the HybridService.java suggests that there is a bug in the 
> code, where the very first line tries to check ACLs on the project using the 
> project name, which is NULL, when project parameter is not specified as part 
> of the URL.
>  If parameter is specified without a value, ACL check is not performed, so 
> it's another bug, as the list of projects is retrieved without read 
> permission checking.

This message was sent by Atlassian JIRA

Reply via email to