idzikovsky opened a new pull request, #4624:
URL: https://github.com/apache/zeppelin/pull/4624
### What is this PR for?
Users who are able to see notes in some directory can rename, move to trash
and remove from trash that directory without being owner or having write
permissions for notes in that directory.
This is resolved in first commit.
Secondly, after renaming directory to the name of already existing
directory, old notes in target directory become unaccessible (in fact those
notes are removed in file system, but still visible in UI as they are present
in NoteManager registry).
This addresses 2nd point in ZEPPELIN-5333.
Fixed in 2nd commit.
### What type of PR is it?
Improvement
### What is the Jira issue?
* [ZEPPELIN-5934](https://issues.apache.org/jira/browse/ZEPPELIN-5934)
* [ZEPPELIN-5333.](https://issues.apache.org/jira/browse/ZEPPELIN-5333.)
### How should this be tested?
* I've tested this manually by creating some note in directory, giving read
permission to it for some other user, and checking whether that user can move
to trash, remove, rename or restore directory with that note.
* I've checked and it does not seem like there are available infrastructure
in `NotebookServiceTest` or in `NoteManagerTest` to cover multi-user scenarios.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
