org.apache.kylin.rest.constant.Constant Java Examples

The following examples show how to use org.apache.kylin.rest.constant.Constant. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KylinUserManagerTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testBasic() throws IOException, InterruptedException {
    final KylinUserManager managerA = new KylinUserManager(configA);
    final KylinUserManager managerB = new KylinUserManager(configB);
    ManagedUser u1 = new ManagedUser("u1", "skippped", false, Lists.<GrantedAuthority> newArrayList());
    managerA.update(u1);
    Thread.sleep(3000);
    ManagedUser u11 = new ManagedUser("u1", "password", false,
            Lists.<GrantedAuthority> newArrayList(new SimpleGrantedAuthority(Constant.ROLE_ANALYST)));
    managerB.update(u11);
    Thread.sleep(3000);
    Assert.assertEquals("password", managerA.get("u1").getPassword());
    Assert.assertEquals("password", managerB.get("u1").getPassword());
    managerB.delete("u1");
    Thread.sleep(3000);
    Assert.assertNull(managerA.get("u1"));
    Assert.assertNull(managerB.get("u1"));
}
 
Example #2
Source File: ProjectService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
    Message msg = MsgPicker.getMsg();

    String projectName = newProject.getName();
    String description = newProject.getDescription();
    LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();

    ProjectInstance currentProject = getProjectManager().getProject(projectName);

    if (currentProject != null) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
    }
    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
            overrideProps);
    accessService.init(createdProject, AclPermission.ADMINISTRATION);
    logger.debug("New project created.");

    return createdProject;
}
 
Example #3
Source File: UserController.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@RequestMapping(value = "/{userName:.+}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
//do not use aclEvaluate, if getManagedUsersByFuzzMatching there's no users and will come into init() and will call save.
public ManagedUser create(@PathVariable("userName") String userName, @RequestBody ManagedUser user) {
    checkProfileEditAllowed();

    if (StringUtils.equals(getPrincipal(), user.getUsername()) && user.isDisabled()) {
        throw new ForbiddenException("Action not allowed!");
    }

    checkUserName(userName);

    user.setUsername(userName);
    user.setPassword(pwdEncode(user.getPassword()));

    logger.info("Creating {}", user);

    completeAuthorities(user);
    userService.createUser(user);
    return get(userName);
}
 
Example #4
Source File: CubeService.java    From Kylin with Apache License 2.0 6 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public CubeInstance updateCubeCost(String cubeName, int cost) throws IOException {
    CubeInstance cube = getCubeManager().getCube(cubeName);
    if (cube == null) {
        throw new IOException("Cannot find cube " + cubeName);
    }
    if (cube.getCost() == cost) {
        // Do nothing
        return cube;
    }
    cube.setCost(cost);

    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    cube.setOwner(owner);

    return getCubeManager().updateCube(cube);
}
 
Example #5
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord update(AclEntity ae, int accessEntryIndex, Permission newPermission) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    if (newPermission == null)
        throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());

    MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid();

    secureOwner(acl, sid);

    return aclService.upsertAce(acl, sid, newPermission);
}
 
Example #6
Source File: UserController.java    From kylin with Apache License 2.0 6 votes vote down vote up
@RequestMapping(value = "/{userName:.+}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
//do not use aclEvaluate, if getManagedUsersByFuzzMatching there's no users and will come into init() and will call save.
public ManagedUser create(@PathVariable("userName") String userName, @RequestBody ManagedUser user) {
    checkProfileEditAllowed();

    if (StringUtils.equals(getPrincipal(), user.getUsername()) && user.isDisabled()) {
        throw new ForbiddenException("Action not allowed!");
    }

    checkUserName(userName);

    user.setUsername(userName);
    user.setPassword(pwdEncode(user.getPassword()));

    logger.info("Creating {}", user);

    completeAuthorities(user);
    userService.createUser(user);
    return get(userName);
}
 
Example #7
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public void batchGrant(AclEntity ae, Map<Sid, Permission> sidToPerm) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    if (sidToPerm == null)
        throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());

    MutableAclRecord acl;
    try {
        acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    } catch (NotFoundException e) {
        acl = init(ae, null);
    }

    for (Sid sid : sidToPerm.keySet()) {
        secureOwner(acl, sid);
    }
    aclService.batchUpsertAce(acl, sidToPerm);
}
 
Example #8
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public void clean(AclEntity ae, boolean deleteChildren) {
    Message msg = MsgPicker.getMsg();

    if (ae == null) {
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    }

    // For those may have null uuid, like DataModel, won't delete Acl.
    if (ae.getId() == null)
        return;

    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        aclService.deleteAcl(objectIdentity, deleteChildren);
    } catch (NotFoundException e) {
        //do nothing?
    }
}
 
Example #9
Source File: AuthoritiesPopulator.java    From kylin with Apache License 2.0 6 votes vote down vote up
/**
 * @param contextSource
 * @param groupSearchBase
 */
public AuthoritiesPopulator(ContextSource contextSource, String groupSearchBase, String adminRole,
        String defaultRole) {
    super(contextSource, groupSearchBase);
    this.adminRoleAsAuthority = new SimpleGrantedAuthority(adminRole.toUpperCase(Locale.ROOT)); // spring will
    // convert group names to uppercase by default

    String[] defaultRoles = StringUtils.split(defaultRole, ",");
    if (ArrayUtils.contains(defaultRoles, Constant.ROLE_MODELER)) {
        this.defaultAuthorities.add(modelerAuthority);
        this.defaultAuthorities.add(analystAuthority);
    }

    if (ArrayUtils.contains(defaultRoles, Constant.ROLE_ANALYST))
        this.defaultAuthorities.add(analystAuthority);
}
 
Example #10
Source File: UserServiceTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testBasics() throws IOException {
    userService.deleteUser("MODELER");

    Assert.assertTrue(!userService.userExists("MODELER"));

    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    authorities.add(new SimpleGrantedAuthority(Constant.ROLE_ADMIN));
    ManagedUser user = new ManagedUser("MODELER", "PWD", false, authorities);
    userService.createUser(user);

    Assert.assertTrue(userService.userExists("MODELER"));

    UserDetails ud = userService.loadUserByUsername("MODELER");
    Assert.assertEquals("MODELER", ud.getUsername());
    Assert.assertEquals("PWD", ud.getPassword());
    Assert.assertEquals(Constant.ROLE_ADMIN, ud.getAuthorities().iterator().next().getAuthority());
    Assert.assertEquals(2, ud.getAuthorities().size());

}
 
Example #11
Source File: MigrationService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void approve(CubeInstance cube, MigrationRuleSet.Context ctx) throws Exception {
    checkRule(ctx);

    String cubeName = cube.getName();
    String projectName = ctx.getTgtProjectName();
    try {
        sendApprovedMailQuietly(cubeName, projectName);

        // do cube migration
        new CubeMigrationCLI().moveCube(localHost, ctx.getTargetAddress(), cubeName, projectName, "true", "false",
                "true", "true", "false");

        sendCompletedMailQuietly(cubeName, projectName);
    } catch (Exception e) {
        logger.error(e.getMessage(), e);
        sendMigrationFailedMailQuietly(cubeName, projectName, e.getMessage());
        throw e;
    }
}
 
Example #12
Source File: MigrationService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public boolean reject(String cubeName, String projectName, String reason) {
    try {
        Map<String, String> root = Maps.newHashMap();
        root.put("cubename", cubeName);
        root.put("rejectedReason", reason);
        root.put("status", "REJECTED");
        root.put("envname", envName);

        sendMigrationMail(MailNotificationUtil.MIGRATION_REJECTED, getEmailRecipients(cubeName), root);
    } catch (Exception e) {
        logger.error(e.getMessage(), e);
        return false;
    }
    return true;
}
 
Example #13
Source File: ProjectService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
    Message msg = MsgPicker.getMsg();

    String projectName = newProject.getName();
    String description = newProject.getDescription();
    LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();

    ProjectInstance currentProject = getProjectManager().getProject(projectName);

    if (currentProject != null) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
    }
    String owner = SecurityContextHolder.getContext().getAuthentication().getName();
    ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
            overrideProps);
    accessService.init(createdProject, AclPermission.ADMINISTRATION);
    logger.debug("New project created.");

    return createdProject;
}
 
Example #14
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    if (permission == null)
        throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED());
    if (sid == null)
        throw new BadRequestException(msg.getSID_REQUIRED());

    MutableAclRecord acl = null;
    try {
        acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    } catch (NotFoundException e) {
        acl = init(ae, null);
    }

    secureOwner(acl, sid);

    return aclService.upsertAce(acl, sid, permission);
}
 
Example #15
Source File: CubeService.java    From Kylin with Apache License 2.0 6 votes vote down vote up
@PostFilter(Constant.ACCESS_POST_FILTER_READ)
public List<CubeInstance> listAllCubes(final String cubeName, final String projectName) {
    List<CubeInstance> cubeInstances = null;
    ProjectInstance project = (null != projectName) ? getProjectManager().getProject(projectName) : null;

    if (null == project) {
        cubeInstances = getCubeManager().listAllCubes();
    } else {
        cubeInstances = listAllCubes(projectName);
    }

    List<CubeInstance> filterCubes = new ArrayList<CubeInstance>();
    for (CubeInstance cubeInstance : cubeInstances) {
        boolean isCubeMatch = (null == cubeName) || cubeInstance.getName().toLowerCase().contains(cubeName.toLowerCase());

        if (isCubeMatch) {
            filterCubes.add(cubeInstance);
        }
    }

    return filterCubes;
}
 
Example #16
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public void clean(AclEntity ae, boolean deleteChildren) {
    Message msg = MsgPicker.getMsg();

    if (ae == null) {
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());
    }

    // For those may have null uuid, like DataModel, won't delete Acl.
    if (ae.getId() == null)
        return;

    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae);

    try {
        aclService.deleteAcl(objectIdentity, deleteChildren);
    } catch (NotFoundException e) {
        //do nothing?
    }
}
 
Example #17
Source File: StreamingV2Service.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN
        + " or hasPermission(#cube, 'ADMINISTRATION') or hasPermission(#cube, 'MANAGEMENT')")
public List<CubeAssignment> getStreamingCubeAssignments(final CubeInstance cube) {
    if (cube == null) {
        return streamMetadataStore.getAllCubeAssignments();
    }
    List<CubeAssignment> result = Lists.newArrayList();
    CubeAssignment assignment = streamMetadataStore.getAssignmentsByCube(cube.getName());
    if (assignment != null) {
        result.add(assignment);
    }
    return result;
}
 
Example #18
Source File: AdminService.java    From kylin with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void cleanupStorage() {
    StorageCleanupJob job = null;
    try {
        job = new StorageCleanupJob();
    } catch (IOException e) {
        throw new RuntimeException("Can not init StorageCleanupJob", e);
    }
    String[] args = new String[] { "-delete", "true" };
    job.execute(args);
}
 
Example #19
Source File: StreamingV2Service.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void removeReceiver(Node receiver) {
    List<ReplicaSet> replicaSets = streamMetadataStore.getReplicaSets();
    for (ReplicaSet replicaSet : replicaSets) {
        Set<Node> receivers = replicaSet.getNodes();
        if (receivers != null && receivers.contains(receiver)) {
            throw new IllegalStateException("Before remove receiver, it must be firstly removed from replica set:"
                    + replicaSet.getReplicaSetID());
        }
    }
    streamMetadataStore.removeReceiver(receiver);
}
 
Example #20
Source File: AclUtil.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN +
        " or hasPermission(#project, 'ADMINISTRATION')" +
        " or hasPermission(#project, 'MANAGEMENT')" +
        " or hasPermission(#project, 'OPERATION')")
public boolean hasProjectOperationPermission(ProjectInstance project) {
    return true;
}
 
Example #21
Source File: KylinUserGroupController.java    From kylin with Apache License 2.0 5 votes vote down vote up
@RequestMapping(value = "/users/{name:.+}", method = { RequestMethod.POST, RequestMethod.PUT }, produces = {
        "application/json" })
@ResponseBody
public EnvelopeResponse<String> addOrDelUsers(@PathVariable String name, @RequestBody List<String> users)
        throws IOException {
    if (StringUtil.equals(name, Constant.ROLE_ADMIN) && users.size() == 0) {
        throw new InternalErrorException("role_admin must have at least one user");
    }
    userGroupService.modifyGroupUsers(name, users);
    return new EnvelopeResponse<>(ResponseCode.CODE_SUCCESS, null, "");
}
 
Example #22
Source File: BeanTest.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null, null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ, "hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ') or hasPermission(filterObject, 'MANAGEMENT') " + "or hasPermission(filterObject, 'OPERATION') or hasPermission(filterObject, 'ADMINISTRATION')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #23
Source File: StreamingV2Service.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN
        + " or hasPermission(#project, 'ADMINISTRATION')")
public StreamingSourceConfig createStreamingConfig(StreamingSourceConfig config, ProjectInstance project) throws IOException {
    if (getStreamingManagerV2().getConfig(config.getName()) != null) {
        throw new InternalErrorException("The streamingSourceConfig named " + config.getName() + " already exists");
    }
    StreamingSourceConfig streamingSourceConfig = getStreamingManagerV2().saveStreamingConfig(config);
    return streamingSourceConfig;
}
 
Example #24
Source File: CubeService.java    From kylin with Apache License 2.0 5 votes vote down vote up
public void updateOnNewSegmentReady(String cubeName) {
    final KylinConfig kylinConfig = KylinConfig.getInstanceFromEnv();
    String serverMode = kylinConfig.getServerMode();
    if (Constant.SERVER_MODE_JOB.equals(serverMode.toLowerCase(Locale.ROOT))
            || Constant.SERVER_MODE_ALL.equals(serverMode.toLowerCase(Locale.ROOT))) {
        CubeInstance cube = getCubeManager().getCube(cubeName);
        if (cube != null) {
            CubeSegment seg = cube.getLatestBuiltSegment();
            if (seg != null && seg.getStatus() == SegmentStatusEnum.READY) {
                keepCubeRetention(cubeName);
                mergeCubeSegment(cubeName);
            }
        }
    }
}
 
Example #25
Source File: ExtFilterService.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void saveExternalFilter(ExternalFilterDesc desc) throws IOException {
    Message msg = MsgPicker.getMsg();

    if (getTableManager().getExtFilterDesc(desc.getName()) != null) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getFILTER_ALREADY_EXIST(), desc.getName()));
    }
    getTableManager().saveExternalFilter(desc);
}
 
Example #26
Source File: ExtFilterService.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void updateExternalFilter(ExternalFilterDesc desc) throws IOException {
    Message msg = MsgPicker.getMsg();

    if (getTableManager().getExtFilterDesc(desc.getName()) == null) {
        throw new BadRequestException(String.format(Locale.ROOT, msg.getFILTER_NOT_FOUND(), desc.getName()));
    }
    getTableManager().saveExternalFilter(desc);
}
 
Example #27
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public void clean(AclEntity ae, boolean deleteChildren) {
    Assert.notNull(ae, "Acl domain object required");

    ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId());

    try {
        aclService.deleteAcl(objectIdentity, deleteChildren);
    } catch (NotFoundException e) {
    }
}
 
Example #28
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@Transactional
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')")
public MutableAclRecord revoke(AclEntity ae, int accessEntryIndex) {
    Message msg = MsgPicker.getMsg();

    if (ae == null)
        throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND());

    MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae));
    Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid();

    secureOwner(acl, sid);

    return aclService.upsertAce(acl, sid, null);
}
 
Example #29
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
public String getUserPermissionInPrj(String project) {
    String grantedPermission = "";
    List<String> groups = getGroupsFromCurrentUser();
    if (groups.contains(Constant.ROLE_ADMIN)) {
        return "GLOBAL_ADMIN";
    }

    // {user/group:permission}
    Map<String, Integer> projectPermissions = getProjectPermission(project);
    Integer greaterPermission = projectPermissions
            .get(SecurityContextHolder.getContext().getAuthentication().getName());
    for (String group : groups) {
        Integer groupPerm = projectPermissions.get(group);
        greaterPermission = Preconditions.checkNotNull(getGreaterPerm(groupPerm, greaterPermission));
    }

    switch (greaterPermission) {
    case 16:
        grantedPermission = "ADMINISTRATION";
        break;
    case 32:
        grantedPermission = "MANAGEMENT";
        break;
    case 64:
        grantedPermission = "OPERATION";
        break;
    case 1:
        grantedPermission = "READ";
        break;
    case 0:
        grantedPermission = "EMPTY";
        break;
    default:
        throw new RuntimeException("invalid permission state:" + greaterPermission);
    }
    return grantedPermission;
}
 
Example #30
Source File: ProjectService.java    From kylin with Apache License 2.0 5 votes vote down vote up
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public void deleteProject(String projectName, ProjectInstance project) throws IOException {
    Set<String> tables = project.getTables();
    for (String table : Sets.newTreeSet(tables)) {
        tableService.unloadHiveTable(table, projectName);
        getTableManager().removeTableExt(table, projectName);
        getTableACLManager().deleteTableACLByTbl(projectName, table);
    }
    getProjectManager().dropProject(projectName);
    accessService.clean(project, true);
}