KYLIN-1909 wrong ACL when getting cubes
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/ae9ccf39 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/ae9ccf39 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/ae9ccf39 Branch: refs/heads/1.5.x-CDH5.7 Commit: ae9ccf39aa21afe7296db39505243a5843180645 Parents: 658839d Author: shaofengshi <shaofeng...@apache.org> Authored: Fri Jul 22 15:47:55 2016 +0800 Committer: shaofengshi <shaofeng...@apache.org> Committed: Fri Jul 22 15:47:55 2016 +0800 ---------------------------------------------------------------------- .../metadata/project/learn_kylin.json | 2 +- .../kylin/rest/controller/CubeController.java | 12 ++++++++++-- .../kylin/rest/controller/ProjectController.java | 2 +- .../apache/kylin/rest/service/CubeService.java | 19 +++++++++---------- .../kylin/rest/service/ProjectService.java | 10 ++++++++++ 5 files changed, 31 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/ae9ccf39/examples/sample_cube/metadata/project/learn_kylin.json ---------------------------------------------------------------------- diff --git a/examples/sample_cube/metadata/project/learn_kylin.json b/examples/sample_cube/metadata/project/learn_kylin.json index fcfd505..e468214 100644 --- a/examples/sample_cube/metadata/project/learn_kylin.json +++ b/examples/sample_cube/metadata/project/learn_kylin.json @@ -1,5 +1,5 @@ { - "uuid": "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b", + "uuid": "2fbca32a-a33e-4b69-83dd-0bb8b1f8c91b", "name": "learn_kylin", "realizations": [ { http://git-wip-us.apache.org/repos/asf/kylin/blob/ae9ccf39/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java index c049a15..7932211 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java @@ -30,6 +30,7 @@ import java.util.UUID; import org.apache.commons.lang.StringUtils; import org.apache.kylin.common.util.JsonUtil; import org.apache.kylin.cube.CubeInstance; +import org.apache.kylin.cube.CubeManager; import org.apache.kylin.cube.CubeSegment; import org.apache.kylin.cube.model.CubeBuildTypeEnum; import org.apache.kylin.cube.model.CubeDesc; @@ -172,8 +173,13 @@ public class CubeController extends BasicController { @RequestMapping(value = "/{cubeName}/cost", method = { RequestMethod.PUT }) @ResponseBody public CubeInstance updateCubeCost(@PathVariable String cubeName, @RequestParam(value = "cost") int cost) { + CubeInstance cube = cubeService.getCubeManager().getCube(cubeName); + if (cube == null) { + throw new InternalErrorException("Cannot find cube " + cubeName); + } + try { - return cubeService.updateCubeCost(cubeName, cost); + return cubeService.updateCubeCost(cube, cost); } catch (Exception e) { String message = "Failed to update cube cost: " + cubeName + " : " + cost; logger.error(message, e); @@ -203,7 +209,9 @@ public class CubeController extends BasicController { @ResponseBody public CubeInstance rebuildLookupSnapshot(@PathVariable String cubeName, @PathVariable String segmentName, @RequestParam(value = "lookupTable") String lookupTable) { try { - return cubeService.rebuildLookupSnapshot(cubeName, segmentName, lookupTable); + final CubeManager cubeMgr = cubeService.getCubeManager(); + final CubeInstance cube = cubeMgr.getCube(cubeName); + return cubeService.rebuildLookupSnapshot(cube, segmentName, lookupTable); } catch (IOException e) { logger.error(e.getLocalizedMessage(), e); throw new InternalErrorException(e.getLocalizedMessage()); http://git-wip-us.apache.org/repos/asf/kylin/blob/ae9ccf39/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java index f829fff..496e44a 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java @@ -76,7 +76,7 @@ public class ProjectController extends BasicController { @RequestMapping(value = "", method = { RequestMethod.GET }) @ResponseBody public List<ProjectInstance> getProjects(@RequestParam(value = "limit", required = false) Integer limit, @RequestParam(value = "offset", required = false) Integer offset) { - return projectService.listAllProjects(limit, offset); + return projectService.listProjects(limit, offset); } @RequestMapping(value = "/readable", method = { RequestMethod.GET }) http://git-wip-us.apache.org/repos/asf/kylin/blob/ae9ccf39/server-base/src/main/java/org/apache/kylin/rest/service/CubeService.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/CubeService.java b/server-base/src/main/java/org/apache/kylin/rest/service/CubeService.java index 72942e8..cfb4cf8 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/CubeService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/CubeService.java @@ -128,6 +128,7 @@ public class CubeService extends BasicService { return filterCubes; } + @PostFilter(Constant.ACCESS_POST_FILTER_READ) public List<CubeInstance> getCubes(final String cubeName, final String projectName, final String modelName, final Integer limit, final Integer offset) { List<CubeInstance> cubes; @@ -147,12 +148,9 @@ public class CubeService extends BasicService { return cubes.subList(coffset, coffset + climit); } - @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN) - public CubeInstance updateCubeCost(String cubeName, int cost) throws IOException { - CubeInstance cube = getCubeManager().getCube(cubeName); - if (cube == null) { - throw new IOException("Cannot find cube " + cubeName); - } + @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#cube, 'ADMINISTRATION') or hasPermission(#cube, 'MANAGEMENT')") + public CubeInstance updateCubeCost(CubeInstance cube, int cost) throws IOException { + if (cube.getCost() == cost) { // Do nothing return cube; @@ -167,6 +165,7 @@ public class CubeService extends BasicService { return getCubeManager().updateCube(cubeBuilder); } + @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or " + Constant.ACCESS_HAS_ROLE_MODELER) public CubeInstance createCubeAndDesc(String cubeName, String projectName, CubeDesc desc) throws IOException { if (getCubeManager().getCube(cubeName) != null) { throw new InternalErrorException("The cube named " + cubeName + " already exists"); @@ -485,6 +484,7 @@ public class CubeService extends BasicService { * * @param tableName */ + @PreAuthorize(Constant.ACCESS_HAS_ROLE_MODELER + " or " + Constant.ACCESS_HAS_ROLE_ADMIN) public void calculateCardinality(String tableName, String submitter) { String[] dbTableName = HadoopUtil.parseHiveTableName(tableName); tableName = dbTableName[0] + "." + dbTableName[1]; @@ -526,11 +526,10 @@ public class CubeService extends BasicService { getCubeDescManager().updateCubeDesc(desc); } - public CubeInstance rebuildLookupSnapshot(String cubeName, String segmentName, String lookupTable) throws IOException { - CubeManager cubeMgr = getCubeManager(); - CubeInstance cube = cubeMgr.getCube(cubeName); + @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#cube, 'ADMINISTRATION') or hasPermission(#cube, 'OPERATION') or hasPermission(#cube, 'MANAGEMENT')") + public CubeInstance rebuildLookupSnapshot(CubeInstance cube, String segmentName, String lookupTable) throws IOException { CubeSegment seg = cube.getSegment(segmentName, SegmentStatusEnum.READY); - cubeMgr.buildSnapshotTable(seg, lookupTable); + getCubeManager().buildSnapshotTable(seg, lookupTable); return cube; } http://git-wip-us.apache.org/repos/asf/kylin/blob/ae9ccf39/server-base/src/main/java/org/apache/kylin/rest/service/ProjectService.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/ProjectService.java b/server-base/src/main/java/org/apache/kylin/rest/service/ProjectService.java index c0610a2..b4cceb2 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/ProjectService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/ProjectService.java @@ -32,6 +32,7 @@ import org.apache.kylin.rest.security.AclPermission; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; @@ -48,6 +49,7 @@ public class ProjectService extends BasicService { @Autowired private AccessService accessService; + @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN) public ProjectInstance createProject(CreateProjectRequest projectRequest) throws IOException { String projectName = projectRequest.getName(); String description = projectRequest.getDescription(); @@ -81,6 +83,14 @@ public class ProjectService extends BasicService { return updatedProject; } + + @PostFilter(Constant.ACCESS_POST_FILTER_READ) + public List<ProjectInstance> listProjects(final Integer limit, final Integer offset) { + List<ProjectInstance> projects = listAllProjects(limit, offset); + return projects; + } + + @Deprecated public List<ProjectInstance> listAllProjects(final Integer limit, final Integer offset) { List<ProjectInstance> projects = getProjectManager().listAllProjects();
