org.apache.kylin.rest.request.AccessRequest Java Examples

@Test
public void testAuthInProjectLevel() throws Exception {
    List<AccessEntryResponse> aes = null;
    swichToAdmin();
    List<ProjectInstance> projects = projectController.getProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
    //grant auth in project level
    swichToAdmin();
    aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(1, projects.size());

    //revoke auth
    swichToAdmin();
    AccessRequest request = getAccessRequest(ANALYST, READ, true);
    request.setAccessEntryId((Integer) aes.get(0).getId());
    accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
}
 

@Test
public void testAuthInProjectLevel() throws Exception {
    List<AccessEntryResponse> aes = null;
    swichToAdmin();
    List<ProjectInstance> projects = projectController.getProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
    //grant auth in project level
    swichToAdmin();
    aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(1, projects.size());

    //revoke auth
    swichToAdmin();
    AccessRequest request = getAccessRequest(ANALYST, READ, true);
    request.setAccessEntryId((Integer) aes.get(0).getId());
    accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
}
 

private AccessRequest getAccessRequest(String role, String permission, boolean isPrincipal) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(isPrincipal);
    return accessRequest;
}
 

@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null, null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ, "hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ') or hasPermission(filterObject, 'MANAGEMENT') " + "or hasPermission(filterObject, 'OPERATION') or hasPermission(filterObject, 'ADMINISTRATION')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 

/**
 * Revoke access on a domain object from a user/role
 * 
 * @param AccessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    return accessService.generateAceResponses(acl);
}
 

/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 

/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal());
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 

@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
            null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
            "hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
                    + " or hasPermission(filterObject, 'MANAGEMENT')"
                    + " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 

/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 

/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 

/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 

private AccessRequest getAccessRequest(String role, String permission) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(true);
    return accessRequest;
}
 

private AccessRequest getAccessRequest(String role, String permission, boolean isPrincipal) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(isPrincipal);
    return accessRequest;
}
 

@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
            null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
            "hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
                    + " or hasPermission(filterObject, 'MANAGEMENT')"
                    + " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 

/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 

/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 

/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 

private AccessRequest getAccessRequest(String role, String permission) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(true);
    return accessRequest;
}
 

private void grantPermission(String sid, String permission, String uuid) throws IOException {
    swichToAdmin();
    AccessRequest groupAccessRequest = getAccessRequest(sid, permission, false);
    accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest);
}
 

private void grantPermission(String sid, String permission, String uuid) throws IOException {
    swichToAdmin();
    AccessRequest groupAccessRequest = getAccessRequest(sid, permission, false);
    accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest);
}