[kylin] 04/07: minor, check user/group exists when grant access.

Tue, 06 Mar 2018 09:54:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

billyliu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 5807cdf70f8e8215566fcb20ae3b900f20f8ed27
Author: Jiatao Tao <245915...@qq.com>
AuthorDate: Tue Feb 6 19:38:31 2018 +0800

    minor, check user/group exists when grant access.
---
 .../org/apache/kylin/rest/controller/AccessController.java | 14 +++++++++++---
 .../main/java/org/apache/kylin/rest/util/ValidateUtil.java |  2 +-
 .../apache/kylin/rest/controller/AccessControllerTest.java | 11 ++++++++---
 .../test/java/org/apache/kylin/rest/util/AclUtilTest.java  |  4 +++-
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
 
b/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
index 7935f77..56cae10 100644
--- 
a/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
+++ 
b/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java
@@ -36,6 +36,7 @@ import org.apache.kylin.rest.service.ProjectService;
 import org.apache.kylin.rest.service.TableACLService;
 import org.apache.kylin.rest.service.UserService;
 import org.apache.kylin.rest.util.AclPermissionUtil;
+import org.apache.kylin.rest.util.ValidateUtil;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -75,7 +76,10 @@ public class AccessController extends BasicController 
implements InitializingBea
     @Qualifier("userService")
     private UserService userService;
 
-    
+    @Autowired
+    @Qualifier("validateUtil")
+    private ValidateUtil validateUtil;
+
     @Override
     public void afterPropertiesSet() throws Exception {
         // init ExternalAclProvider
@@ -138,9 +142,13 @@ public class AccessController extends BasicController 
implements InitializingBea
      */
     @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, 
produces = { "application/json" })
     @ResponseBody
-    public List<AccessEntryResponse> grant(@PathVariable String type, 
@PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
+    public List<AccessEntryResponse> grant(@PathVariable String type, 
@PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws 
IOException {
+        boolean isPrincipal = accessRequest.isPrincipal();
+        String name = accessRequest.getSid();
+        validateUtil.checkIdentifiersExists(name, isPrincipal);
+
         AclEntity ae = accessService.getAclEntity(type, uuid);
-        Sid sid = accessService.getSid(accessRequest.getSid(), 
accessRequest.isPrincipal());
+        Sid sid = accessService.getSid(name, isPrincipal);
         Permission permission = 
AclPermissionFactory.getPermission(accessRequest.getPermission());
         Acl acl = accessService.grant(ae, permission, sid);
 
diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java 
b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
index c250da7..1d56a71 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
@@ -89,7 +89,7 @@ public class ValidateUtil {
     public void validateIdentifiers(String prj, String name, String type) 
throws IOException {
         Set<String> allIdentifiers = getAllIdentifiersInPrj(prj, type);
         if (!allIdentifiers.contains(name)) {
-            throw new RuntimeException("Operation failed, identifiers:" + name 
+ " not exists");
+            throw new RuntimeException("Operation failed, " + type + ":" + 
name + " not exists in project.");
         }
     }
 
diff --git 
a/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
 
b/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
index 217b54c..dea37f5 100644
--- 
a/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
+++ 
b/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java
@@ -34,6 +34,7 @@ import org.apache.kylin.rest.security.AclEntityType;
 import org.apache.kylin.rest.security.AclPermissionType;
 import org.apache.kylin.rest.security.ManagedUser;
 import org.apache.kylin.rest.service.CubeService;
+import org.apache.kylin.rest.service.IUserGroupService;
 import org.apache.kylin.rest.service.ProjectService;
 import org.apache.kylin.rest.service.ServiceTestBase;
 import org.apache.kylin.rest.service.UserService;
@@ -78,6 +79,10 @@ public class AccessControllerTest extends ServiceTestBase 
implements AclEntityTy
     @Qualifier("userService")
     UserService userService;
 
+    @Autowired
+    @Qualifier("userGroupService")
+    private IUserGroupService userGroupService;
+
     @Before
     public void setup() throws Exception {
         super.setup();
@@ -88,11 +93,11 @@ public class AccessControllerTest extends ServiceTestBase 
implements AclEntityTy
     }
 
     @Test
-    public void testGetUserPermissionInPrj() {
+    public void testGetUserPermissionInPrj() throws IOException {
         List<ProjectInstance> projects = projectController.getProjects(10000, 
0);
         assertTrue(projects.size() > 0);
         ProjectInstance project = projects.get(0);
-        ManagedUser user = new ManagedUser("u", "kylin", false, "all_users");
+        ManagedUser user = new ManagedUser("u", "kylin", false, "all_users", 
"g1", "g2", "g3", "g4");
         userService.createUser(user);
 
         grantPermission("g1", READ, project.getUuid());
@@ -249,7 +254,7 @@ public class AccessControllerTest extends ServiceTestBase 
implements AclEntityTy
         return accessRequest;
     }
 
-    private void grantPermission(String sid, String permission, String uuid) {
+    private void grantPermission(String sid, String permission, String uuid) 
throws IOException {
         swichToAdmin();
         AccessRequest groupAccessRequest = getAccessRequest(sid, permission, 
false);
         accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest);
diff --git a/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java 
b/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java
index b8fbe5f..18e5bf5 100644
--- a/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java
+++ b/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java
@@ -32,6 +32,8 @@ import 
org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import java.io.IOException;
+
 public class AclUtilTest extends ServiceTestBase {
     @Autowired
     AccessController accessController;
@@ -40,7 +42,7 @@ public class AclUtilTest extends ServiceTestBase {
     AclUtil aclUtil;
 
     @Test
-    public void testBasic() {
+    public void testBasic() throws IOException {
         final String PROJECT = "default";
         final String ANALYST = "ANALYST";
         final String ADMIN = "ADMIN";

-- 
To stop receiving notification emails like this one, please contact
billy...@apache.org.

Reply via email to