org.apache.kylin.common.persistence.AclEntity Java Examples
The following examples show how to use
org.apache.kylin.common.persistence.AclEntity.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')" + " or hasPermission(#ae, 'MANAGEMENT')" + " or hasPermission(#ae, 'OPERATION')" + " or hasPermission(#ae, 'READ')") public MutableAclRecord getAcl(AclEntity ae) { if (null == ae) { return null; } MutableAclRecord acl = null; try { acl = aclService.readAcl(new ObjectIdentityImpl(ae)); } catch (NotFoundException e) { //do nothing? } return acl; }
Example #2
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (permission == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); if (sid == null) throw new BadRequestException(msg.getSID_REQUIRED()); MutableAclRecord acl = null; try { acl = aclService.readAcl(new ObjectIdentityImpl(ae)); } catch (NotFoundException e) { acl = init(ae, null); } secureOwner(acl, sid); return aclService.upsertAce(acl, sid, permission); }
Example #3
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public void batchGrant(AclEntity ae, Map<Sid, Permission> sidToPerm) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (sidToPerm == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); MutableAclRecord acl; try { acl = aclService.readAcl(new ObjectIdentityImpl(ae)); } catch (NotFoundException e) { acl = init(ae, null); } for (Sid sid : sidToPerm.keySet()) { secureOwner(acl, sid); } aclService.batchUpsertAce(acl, sidToPerm); }
Example #4
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
@Transactional public MutableAclRecord init(AclEntity ae, Permission initPermission) { MutableAclRecord acl = null; ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae); try { // Create acl record for secured domain object. acl = (MutableAclRecord) aclService.createAcl(objectIdentity); } catch (AlreadyExistsException e) { acl = aclService.readAcl(objectIdentity); } if (null != initPermission) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); PrincipalSid sid = new PrincipalSid(auth); acl = grant(ae, initPermission, sid); } return acl; }
Example #5
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public MutableAclRecord update(AclEntity ae, int accessEntryIndex, Permission newPermission) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (newPermission == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae)); Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid(); secureOwner(acl, sid); return aclService.upsertAce(acl, sid, newPermission); }
Example #6
Source File: AccessController.java From kylin with Apache License 2.0 | 6 votes |
/** * Batch API.Grant a new access on a domain object to a user/role */ @RequestMapping(value = "batch/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" }) @ResponseBody public void batchGrant(@PathVariable String type, @PathVariable String uuid, @RequestBody List<Object[]> reqs) throws IOException { Map<Sid, Permission> sidToPerm = new HashMap<>(); AclEntity ae = accessService.getAclEntity(type, uuid); for (Object[] req : reqs) { Preconditions.checkArgument(req.length == 3, "error access requests."); String name = (String) req[0]; boolean isPrincipal = (boolean) req[1]; validateUtil.checkIdentifiersExists(name, isPrincipal); Sid sid = accessService.getSid(name, isPrincipal); Permission permission = AclPermissionFactory.getPermission((String) req[2]); sidToPerm.put(sid, permission); } accessService.batchGrant(ae, sidToPerm); }
Example #7
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public void clean(AclEntity ae, boolean deleteChildren) { Message msg = MsgPicker.getMsg(); if (ae == null) { throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); } // For those may have null uuid, like DataModel, won't delete Acl. if (ae.getId() == null) return; ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae); try { aclService.deleteAcl(objectIdentity, deleteChildren); } catch (NotFoundException e) { //do nothing? } }
Example #8
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')" + " or hasPermission(#ae, 'MANAGEMENT')" + " or hasPermission(#ae, 'OPERATION')" + " or hasPermission(#ae, 'READ')") public MutableAclRecord getAcl(AclEntity ae) { if (null == ae) { return null; } MutableAclRecord acl = null; try { acl = aclService.readAcl(new ObjectIdentityImpl(ae)); } catch (NotFoundException e) { //do nothing? } return acl; }
Example #9
Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae); if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
Example #10
Source File: MigrationService.java From kylin with Apache License 2.0 | 6 votes |
public List<String> getCubeAdmins(CubeInstance cubeInstance) { ProjectInstance prjInstance = cubeInstance.getProjectInstance(); AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid()); logger.info("ProjectUUID : " + prjInstance.getUuid()); Acl acl = accessService.getAcl(ae); String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix(); List<String> cubeAdmins = Lists.newArrayList(); if (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { if (ace.getPermission().getMask() == 16) { PrincipalSid ps = (PrincipalSid) ace.getSid(); cubeAdmins.add(ps.getPrincipal() + mailSuffix); } } } if (cubeAdmins.isEmpty()) { throw new BadRequestException("Cube access list is null, please add at least one role in it."); } return cubeAdmins; }
Example #11
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
private Map<String, Integer> getProjectPermission(String project) { Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); Acl acl = getAcl(ae); if (acl != null && acl.getEntries() != null) { List<AccessControlEntry> aces = acl.getEntries(); for (AccessControlEntry ace : aces) { Sid sid = ace.getSid(); if (sid instanceof PrincipalSid) { String principal = ((PrincipalSid) sid).getPrincipal(); SidWithPermission.put(principal, ace.getPermission().getMask()); } if (sid instanceof GrantedAuthoritySid) { String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority(); SidWithPermission.put(grantedAuthority, ace.getPermission().getMask()); } } } return SidWithPermission; }
Example #12
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public void clean(AclEntity ae, boolean deleteChildren) { Message msg = MsgPicker.getMsg(); if (ae == null) { throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); } // For those may have null uuid, like DataModel, won't delete Acl. if (ae.getId() == null) return; ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae); try { aclService.deleteAcl(objectIdentity, deleteChildren); } catch (NotFoundException e) { //do nothing? } }
Example #13
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public MutableAclRecord update(AclEntity ae, int accessEntryIndex, Permission newPermission) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (newPermission == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae)); Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid(); secureOwner(acl, sid); return aclService.upsertAce(acl, sid, newPermission); }
Example #14
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public MutableAclRecord grant(AclEntity ae, Permission permission, Sid sid) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (permission == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); if (sid == null) throw new BadRequestException(msg.getSID_REQUIRED()); MutableAclRecord acl = null; try { acl = aclService.readAcl(new ObjectIdentityImpl(ae)); } catch (NotFoundException e) { acl = init(ae, null); } secureOwner(acl, sid); return aclService.upsertAce(acl, sid, permission); }
Example #15
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public void batchGrant(AclEntity ae, Map<Sid, Permission> sidToPerm) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); if (sidToPerm == null) throw new BadRequestException(msg.getACL_PERMISSION_REQUIRED()); MutableAclRecord acl; try { acl = aclService.readAcl(new ObjectIdentityImpl(ae)); } catch (NotFoundException e) { acl = init(ae, null); } for (Sid sid : sidToPerm.keySet()) { secureOwner(acl, sid); } aclService.batchUpsertAce(acl, sidToPerm); }
Example #16
Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
@Transactional public MutableAclRecord init(AclEntity ae, Permission initPermission) { MutableAclRecord acl = null; ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae); try { // Create acl record for secured domain object. acl = (MutableAclRecord) aclService.createAcl(objectIdentity); } catch (AlreadyExistsException e) { acl = aclService.readAcl(objectIdentity); } if (null != initPermission) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); PrincipalSid sid = new PrincipalSid(auth); acl = grant(ae, initPermission, sid); } return acl; }
Example #17
Source File: AccessController.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
/** * Batch API.Grant a new access on a domain object to a user/role */ @RequestMapping(value = "batch/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" }) @ResponseBody public void batchGrant(@PathVariable String type, @PathVariable String uuid, @RequestBody List<Object[]> reqs) throws IOException { Map<Sid, Permission> sidToPerm = new HashMap<>(); AclEntity ae = accessService.getAclEntity(type, uuid); for (Object[] req : reqs) { Preconditions.checkArgument(req.length == 3, "error access requests."); String name = (String) req[0]; boolean isPrincipal = (boolean) req[1]; validateUtil.checkIdentifiersExists(name, isPrincipal); Sid sid = accessService.getSid(name, isPrincipal); Permission permission = AclPermissionFactory.getPermission((String) req[2]); sidToPerm.put(sid, permission); } accessService.batchGrant(ae, sidToPerm); }
Example #18
Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
/** * Grant a new access on a domain object to a user/role * * @param accessRequest */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }) @ResponseBody public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) { AclEntity ae = accessService.getAclEntity(type, uuid); Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal()); Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission()); Acl acl = accessService.grant(ae, permission, sid); return accessService.generateAceResponses(acl); }
Example #19
Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
/** * Grant a new access on a domain object to a user/role * * @param accessRequest */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" }) @ResponseBody public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException { boolean isPrincipal = accessRequest.isPrincipal(); String name = accessRequest.getSid(); validateUtil.checkIdentifiersExists(name, isPrincipal); AclEntity ae = accessService.getAclEntity(type, uuid); Sid sid = accessService.getSid(name, isPrincipal); Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission()); Acl acl = accessService.grant(ae, permission, sid); return accessService.generateAceResponses(acl); }
Example #20
Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
/** * Get access entry list of a domain object * * @param uuid * @return * @throws IOException */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.GET }) @ResponseBody public List<AccessEntryResponse> getAccessEntities(@PathVariable String type, @PathVariable String uuid) { AclEntity ae = accessService.getAclEntity(type, uuid); Acl acl = accessService.getAcl(ae); return accessService.generateAceResponses(acl); }
Example #21
Source File: ValidateUtil.java From kylin with Apache License 2.0 | 5 votes |
private List<Sid> getAllSids(String project) { List<Sid> allSids = new ArrayList<>(); ProjectInstance prj = projectService.getProjectManager().getProject(project); AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid()); Acl acl = accessService.getAcl(ae); if (acl != null && acl.getEntries() != null) { for (AccessControlEntry ace : acl.getEntries()) { allSids.add(ace.getSid()); } } return allSids; }
Example #22
Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
/** * Update a access on a domain object * * @param accessRequest */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }) @ResponseBody public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) { AclEntity ae = accessService.getAclEntity(type, uuid); Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission()); Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission); return accessService.generateAceResponses(acl); }
Example #23
Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
/** * Revoke access on a domain object from a user/role * * @param AccessRequest */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }) public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) { AclEntity ae = accessService.getAclEntity(type, uuid); Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId()); return accessService.generateAceResponses(acl); }
Example #24
Source File: AccessService.java From kylin with Apache License 2.0 | 5 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public MutableAclRecord revoke(AclEntity ae, int accessEntryIndex) { Message msg = MsgPicker.getMsg(); if (ae == null) throw new BadRequestException(msg.getACL_DOMAIN_NOT_FOUND()); MutableAclRecord acl = aclService.readAcl(new ObjectIdentityImpl(ae)); Sid sid = acl.getAclRecord().getAccessControlEntryAt(accessEntryIndex).getSid(); secureOwner(acl, sid); return aclService.upsertAce(acl, sid, null); }
Example #25
Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public Acl update(AclEntity ae, Long accessEntryId, Permission newPermission) { Assert.notNull(ae, "Acl domain object required"); Assert.notNull(accessEntryId, "Ace id required"); Assert.notNull(newPermission, "Acl permission required"); ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId()); MutableAcl acl = (MutableAcl) aclService.readAclById(objectIdentity); int indexOfAce = -1; for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry ace = acl.getEntries().get(i); if (ace.getId().equals(accessEntryId)) { indexOfAce = i; break; } } if (indexOfAce != -1) { secureOwner(acl, indexOfAce); try { acl.updateAce(indexOfAce, newPermission); acl = aclService.updateAcl(acl); } catch (NotFoundException e) { } } return acl; }
Example #26
Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public Acl revoke(AclEntity ae, Long accessEntryId) { Assert.notNull(ae, "Acl domain object required"); Assert.notNull(accessEntryId, "Ace id required"); ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId()); MutableAcl acl = (MutableAcl) aclService.readAclById(objectIdentity); int indexOfAce = -1; for (int i = 0; i < acl.getEntries().size(); i++) { AccessControlEntry ace = acl.getEntries().get(i); if (((Long) ace.getId()).equals(accessEntryId)) { indexOfAce = i; break; } } if (indexOfAce != -1) { secureOwner(acl, indexOfAce); try { acl.deleteAce(indexOfAce); acl = aclService.updateAcl(acl); } catch (NotFoundException e) { } } return acl; }
Example #27
Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
@Transactional @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#ae, 'ADMINISTRATION')") public void clean(AclEntity ae, boolean deleteChildren) { Assert.notNull(ae, "Acl domain object required"); ObjectIdentity objectIdentity = new ObjectIdentityImpl(ae.getClass(), ae.getId()); try { aclService.deleteAcl(objectIdentity, deleteChildren); } catch (NotFoundException e) { } }
Example #28
Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
/** * Revoke access on a domain object from a user/role * * @param accessRequest */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" }) public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException { AclEntity ae = accessService.getAclEntity(type, uuid); Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId()); if (accessRequest.isPrincipal()) { revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER); } else { revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP); } return accessService.generateAceResponses(acl); }
Example #29
Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
/** * Update a access on a domain object * * @param accessRequest */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" }) @ResponseBody public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) { AclEntity ae = accessService.getAclEntity(type, uuid); Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission()); Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission); return accessService.generateAceResponses(acl); }
Example #30
Source File: AccessServiceTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
@Test public void testBatchGrant() { AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant"); final Map<Sid, Permission> sidToPerm = new HashMap<>(); for (int i = 0; i < 10; i++) { sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION); } accessService.batchGrant(ae, sidToPerm); MutableAclRecord acl = accessService.getAcl(ae); List<AccessControlEntry> e = acl.getEntries(); Assert.assertEquals(10, e.size()); for (int i = 0; i < e.size(); i++) { Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid()); } }