org.apache.kylin.rest.response.AccessEntryResponse Java Examples

The following examples show how to use org.apache.kylin.rest.response.AccessEntryResponse. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
        boolean isCaseSensitive) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
    for (AccessControlEntry ace : acl.getEntries()) {
        if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
            continue;
        }
        result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
    }

    return result;
}
 
Example #2
Source File: AccessControllerTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthInProjectLevel() throws Exception {
    List<AccessEntryResponse> aes = null;
    swichToAdmin();
    List<ProjectInstance> projects = projectController.getProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
    //grant auth in project level
    swichToAdmin();
    aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(1, projects.size());

    //revoke auth
    swichToAdmin();
    AccessRequest request = getAccessRequest(ANALYST, READ, true);
    request.setAccessEntryId((Integer) aes.get(0).getId());
    accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
}
 
Example #3
Source File: AccessControllerTest.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthInProjectLevel() throws Exception {
    List<AccessEntryResponse> aes = null;
    swichToAdmin();
    List<ProjectInstance> projects = projectController.getProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
    //grant auth in project level
    swichToAdmin();
    aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(1, projects.size());

    //revoke auth
    swichToAdmin();
    AccessRequest request = getAccessRequest(ANALYST, READ, true);
    request.setAccessEntryId((Integer) aes.get(0).getId());
    accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
}
 
Example #4
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
        boolean isCaseSensitive) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
    for (AccessControlEntry ace : acl.getEntries()) {
        if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
            continue;
        }
        result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
    }

    return result;
}
 
Example #5
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 
Example #6
Source File: BeanTest.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null, null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ, "hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ') or hasPermission(filterObject, 'MANAGEMENT') " + "or hasPermission(filterObject, 'OPERATION') or hasPermission(filterObject, 'ADMINISTRATION')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #7
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
    if (null == acl) {
        return Collections.emptyList();
    }
    List<AccessEntryResponse> accessControlEntities = new ArrayList<AccessEntryResponse>();

    // Cause there is a circle reference in AccessControlEntry, it needs to
    // set acl to null as a workaround.
    for (AccessControlEntry ace : acl.getEntries()) {
        accessControlEntities.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
    }

    return accessControlEntities;
}
 
Example #8
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param AccessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    return accessService.generateAceResponses(acl);
}
 
Example #9
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #10
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal());
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #11
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Get access entry list of a domain object
 * 
 * @param uuid
 * @return
 * @throws IOException
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.GET })
@ResponseBody
public List<AccessEntryResponse> getAccessEntities(@PathVariable String type, @PathVariable String uuid) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.getAcl(ae);

    return accessService.generateAceResponses(acl);
}
 
Example #12
Source File: BeanTest.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
            null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
            "hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
                    + " or hasPermission(filterObject, 'MANAGEMENT')"
                    + " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #13
Source File: AccessService.java    From kylin with Apache License 2.0 5 votes vote down vote up
public Object generateAllAceResponses(Acl acl) {
    List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();

    while (acl != null) {
        for (AccessControlEntry ace : acl.getEntries()) {
            result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
        }
        acl = acl.getParentAcl();
    }

    return result;
}
 
Example #14
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #15
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #16
Source File: BeanTest.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
            null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
            "hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
                    + " or hasPermission(filterObject, 'MANAGEMENT')"
                    + " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #17
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
public Object generateAllAceResponses(Acl acl) {
    List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();

    while (acl != null) {
        for (AccessControlEntry ace : acl.getEntries()) {
            result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
        }
        acl = acl.getParentAcl();
    }

    return result;
}
 
Example #18
Source File: AccessController.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 
Example #19
Source File: AccessController.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #20
Source File: AccessController.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #21
Source File: AccessService.java    From kylin with Apache License 2.0 4 votes vote down vote up
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
    return generateAceResponsesByFuzzMatching(acl, null, false);
}
 
Example #22
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 4 votes vote down vote up
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
    return generateAceResponsesByFuzzMatching(acl, null, false);
}