[jira] [Commented] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353698#comment-16353698 ] Shaofeng SHI commented on KYLIN-3214: - +1 LGTM > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353725#comment-16353725 ] Zhixiong Chen commented on KYLIN-3243: -- OK, Thanks. I will merge it into Kylin master. > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated KYLIN-3214: Attachment: 0001-KYLIN-3214.patch > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
Zhong Yanghong created KYLIN-3244: - Summary: Is it allowable to add qualified users to kylin when they have not logged in kylin before Key: KYLIN-3244 URL: https://issues.apache.org/jira/browse/KYLIN-3244 Project: Kylin Issue Type: Improvement Components: Security Reporter: Zhong Yanghong -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16354906#comment-16354906 ] Zhong Yanghong commented on KYLIN-3244: --- Hi [~peng.jianhua], what's your opinion on this? Thanks. > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhong Yanghong updated KYLIN-3244: -- Description: For current design, it's not allowed unless users have ever logged in kylin. However, this makes the process to grant acl for a new user a bit trivial. > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-2999) One click migrate cube in web
[ https://issues.apache.org/jira/browse/KYLIN-2999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kaige Liu updated KYLIN-2999: - Attachment: KYLIN-2999-fix-ut.patch > One click migrate cube in web > - > > Key: KYLIN-2999 > URL: https://issues.apache.org/jira/browse/KYLIN-2999 > Project: Kylin > Issue Type: New Feature > Components: Tools, Build and Test, Web >Reporter: kangkaisen >Assignee: kangkaisen >Priority: Major > Fix For: v2.3.0 > > Attachments: KYLIN-2999-fix-cube-automigration-1.patch, > KYLIN-2999-fix-ut.patch, KYLIN-2999.patch > > > Currently, the cube migration must be done by Kylin Admin, which will waste > a lot of time for Kylin Admin. So, we should allow use to migrate cube by one > click in web. Of Course, which is configurable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3239) Refactor the ACL code about "checkPermission" and "hasPermission"
[ https://issues.apache.org/jira/browse/KYLIN-3239?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355011#comment-16355011 ] peng.jianhua commented on KYLIN-3239: - I think different people have different opinions for this issue. We do not modify this non-functional issues. > Refactor the ACL code about "checkPermission" and "hasPermission" > - > > Key: KYLIN-3239 > URL: https://issues.apache.org/jira/browse/KYLIN-3239 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: Guangyao Li >Priority: Minor > Fix For: v2.3.0 > > Attachments: > KYLIN-3239-Refactor-the-ACL-code-about-checkPermissi.patch > > > According to the design of "checkPermission" and "HasPermission", > Refactoring the ACL code -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355029#comment-16355029 ] peng.jianhua commented on KYLIN-3244: - The issue had been fixed. Please refer to https://github.com/apache/kylin/commit/577d0c62fbc7798e26c57bc57cadda3ae1e00649 > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua resolved KYLIN-3214. - Resolution: Fixed > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua reassigned KYLIN-3244: --- Assignee: peng.jianhua > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua reassigned KYLIN-3244: --- Assignee: (was: peng.jianhua) > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3239) Refactor the ACL code about "checkPermission" and "hasPermission"
[ https://issues.apache.org/jira/browse/KYLIN-3239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Guangyao Li updated KYLIN-3239: --- Attachment: KYLIN-3239-Refactor-the-ACL-code-about-checkPermissi.patch > Refactor the ACL code about "checkPermission" and "hasPermission" > - > > Key: KYLIN-3239 > URL: https://issues.apache.org/jira/browse/KYLIN-3239 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: Guangyao Li >Priority: Minor > Fix For: v2.3.0 > > Attachments: > KYLIN-3239-Refactor-the-ACL-code-about-checkPermissi.patch > > > According to the design of "checkPermission" and "HasPermission", > Refactoring the ACL code -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16355001#comment-16355001 ] peng.jianhua commented on KYLIN-3244: - OK. I also think we should enhance this logical. Thanks. > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Issue Comment Deleted] (KYLIN-3244) Is it allowable to add qualified users to kylin when they have not logged in kylin before
[ https://issues.apache.org/jira/browse/KYLIN-3244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] peng.jianhua updated KYLIN-3244: Comment: was deleted (was: OK. I also think we should enhance this logical. Thanks.) > Is it allowable to add qualified users to kylin when they have not logged in > kylin before > - > > Key: KYLIN-3244 > URL: https://issues.apache.org/jira/browse/KYLIN-3244 > Project: Kylin > Issue Type: Improvement > Components: Security >Reporter: Zhong Yanghong >Assignee: peng.jianhua >Priority: Major > > For current design, it's not allowed unless users have ever logged in kylin. > However, this makes the process to grant acl for a new user a bit trivial. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peng Xing updated KYLIN-3197: - Description: When ldap is opened, I config the kylin.properties, and give wkhGroup the admin permission. {code:java} ## Admin roles in LDAP, for ldap and saml kylin.security.acl.admin-role=wkhGroup {code} then I create a new user named 'wkh' whose group is 'wkhGroup', then I use '{color:#ff}wkh{color}' to login in, which is normal. But when I use '{color:#ff}WKH{color}' to login in, the page does not respond. I analyze the backgroud code, and find the function of 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, String)' has problem. When userDn is "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and username is "{color:#ff}WKH{color}", then authorities will be empty Set by the follow code: {code:java} Set authorities = super.getGroupMembershipRoles(userDn, username); {code} So I have added 'getAdditionalRoles' function to get the authorities again. I have test the patch, please review, thanks! was: When ldap is opened, I config the kylin.properties, and give wkhGroup the admin permission. {code:java} ## Admin roles in LDAP, for ldap and saml kylin.security.acl.admin-role=wkhGroup {code} then I create a new user named 'wkh' whose group is 'wkhGroup', then I use '{color:#ff}wkh{color}' to login in, which is normal. But when I use '{color:#ff}WKH{color}' to login in, the page does not respond. I analyze the backgroud code, and find the function of 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, String)' has problem. When userDn is "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and username is "{color:#ff}WKH{color}", then authorities will be null by the follow code: {code:java} Set authorities = super.getGroupMembershipRoles(userDn, username); {code} So I have added 'getAdditionalRoles' function to get the authorities again. I have test the patch, please review, thanks! > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353595#comment-16353595 ] Peng Xing edited comment on KYLIN-3243 at 2/6/18 8:59 AM: -- Hi [~Zhixiong Chen], I have checked all the pages and modified was (Author: xingpeng1): Hi [~Zhixiong Chen], I hava checked all the pages and modified > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3236) The function 'reGenerateAdvancedDict()' has an error logical judgment, which will cause an exception when you edit the cube.
[ https://issues.apache.org/jira/browse/KYLIN-3236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peng Xing updated KYLIN-3236: - Attachment: 0001-KYLIN-3236-The-function-reGenerateAdvancedDict-has-a.patch > The function 'reGenerateAdvancedDict()' has an error logical judgment, which > will cause an exception when you edit the cube. > > > Key: KYLIN-3236 > URL: https://issues.apache.org/jira/browse/KYLIN-3236 > Project: Kylin > Issue Type: Bug > Components: Web >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Attachments: > 0001-KYLIN-3236-The-function-reGenerateAdvancedDict-has-a.patch, 1.PNG, > 2.PNG, 3.PNG > > > # When remove deprecated distinct measures, the code has an error logical > judgment In function 'reGenerateAdvancedDict()', as follows: > {code:java} > //remove deprecated distinct measures > angular.forEach($scope.cubeMetaFrame.dictionaries, function (dict, index) > { > if (distinctMeasures.indexOf(dict.column) === -1 && > reuseColumns.indexOf(dict.column) === -1) { > $scope.cubeMetaFrame.dictionaries.splice(index, 1); > } > }); > {code} > This will result in accidental deletion of advanced dictionaries. > Please review the patch, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353561#comment-16353561 ] peng.jianhua commented on KYLIN-3197: - +1 > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353584#comment-16353584 ] Zhixiong Chen commented on KYLIN-3243: -- Hi,[~xingpeng1] Could you check other pages to use permissions.xxx.mask instead of figure ? > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3214) Initialize ExternalAclProvider when starting kylin
[ https://issues.apache.org/jira/browse/KYLIN-3214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353544#comment-16353544 ] peng.jianhua commented on KYLIN-3214: - Hi [~Shaofengshi], please merge the issue to v2.3.0. The Kylin plugin of the Ranger need the function. Thanks. > Initialize ExternalAclProvider when starting kylin > -- > > Key: KYLIN-3214 > URL: https://issues.apache.org/jira/browse/KYLIN-3214 > Project: Kylin > Issue Type: Improvement > Components: Security >Affects Versions: v2.2.0 >Reporter: peng.jianhua >Assignee: peng.jianhua >Priority: Minor > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3214.patch > > > Currently, ExternalAclProvider is initialized only when calling acl related > api. > Manage ACL through Ranger,ranger can not get the status of the > ExternalAclProvider in time because of ExternalAclProvider not initialized > when starting kylin. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353557#comment-16353557 ] Peng Xing commented on KYLIN-3197: -- Hi [~Aron.tao] and [~peng.jianhua], I'm sorry that I have not described clearly, the function will return empty Set, I have modified the description, thank you very much! > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be empty Set > by the follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
[ https://issues.apache.org/jira/browse/KYLIN-3243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Peng Xing updated KYLIN-3243: - Attachment: 0001-KYLIN-3243.patch > Optimize the code and keep the code consistent in the access.html > - > > Key: KYLIN-3243 > URL: https://issues.apache.org/jira/browse/KYLIN-3243 > Project: Kylin > Issue Type: Improvement > Components: Web >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Trivial > Fix For: v2.3.0 > > Attachments: 0001-KYLIN-3243.patch > > > Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (KYLIN-3243) Optimize the code and keep the code consistent in the access.html
Peng Xing created KYLIN-3243: Summary: Optimize the code and keep the code consistent in the access.html Key: KYLIN-3243 URL: https://issues.apache.org/jira/browse/KYLIN-3243 Project: Kylin Issue Type: Improvement Components: Web Reporter: Peng Xing Assignee: Peng Xing Fix For: v2.3.0 Attachments: 0001-KYLIN-3243.patch Using "$rootScope.permissions.xxx.mask" instead of figure will be more uniform -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-3197) When ldap is opened, I use an ignored case user to login, the page does not respond.
[ https://issues.apache.org/jira/browse/KYLIN-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16353551#comment-16353551 ] peng.jianhua commented on KYLIN-3197: - Hi [~xingpeng1], please modified your description. The function can return empty, not is null. > When ldap is opened, I use an ignored case user to login, the page does not > respond. > > > Key: KYLIN-3197 > URL: https://issues.apache.org/jira/browse/KYLIN-3197 > Project: Kylin > Issue Type: Bug > Components: Security >Affects Versions: v2.3.0 >Reporter: Peng Xing >Assignee: Peng Xing >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-3197-When-ldap-is-opened-I-use-an-ignored-case.patch, > image-2018-01-25-17-22-39-970.png, image-2018-02-06-14-09-32-591.png > > > When ldap is opened, I config the kylin.properties, and give wkhGroup the > admin permission. > {code:java} > ## Admin roles in LDAP, for ldap and saml > kylin.security.acl.admin-role=wkhGroup > {code} > then I create a new user named 'wkh' whose group is 'wkhGroup', then I use > '{color:#ff}wkh{color}' to login in, which is normal. > But when I use '{color:#ff}WKH{color}' to login in, the page does not > respond. > I analyze the backgroud code, and find the function of > 'org.apache.kylin.rest.security.LDAPAuthoritiesPopulator.getGroupMembershipRoles(String, > String)' has problem. > When userDn is > "uid={color:#ff}wkh{color},ou=People,ou=defaultCluster,dc=zdh,dc=com" and > username is "{color:#ff}WKH{color}", then authorities will be null by the > follow code: > {code:java} > Set authorities = super.getGroupMembershipRoles(userDn, > username); > {code} > So I have added 'getAdditionalRoles' function to get the authorities again. > I have test the patch, please review, thanks! -- This message was sent by Atlassian JIRA (v7.6.3#76005)