KYLIN-1972 code review
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/1d046421 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/1d046421 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/1d046421 Branch: refs/heads/1.5.x-CDH5.7 Commit: 1d046421feb2c4845f4a833d6a2a7f3d07a5730b Parents: 1ea79dd Author: Yang Li <liy...@apache.org> Authored: Sat Aug 27 22:30:33 2016 +0800 Committer: Yang Li <liy...@apache.org> Committed: Sat Aug 27 22:30:33 2016 +0800 ---------------------------------------------------------------------- .../kylin/rest/controller/QueryController.java | 42 +------------------- .../apache/kylin/rest/service/QueryService.java | 31 ++++++++++++++- 2 files changed, 31 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/1d046421/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java index a45f82e..5cf6492 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java @@ -29,9 +29,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.io.IOUtils; import org.apache.kylin.common.KylinConfig; import org.apache.kylin.common.debug.BackdoorToggles; -import org.apache.kylin.cube.CubeInstance; -import org.apache.kylin.metadata.project.RealizationEntry; -import org.apache.kylin.metadata.realization.RealizationType; import org.apache.kylin.rest.constant.Constant; import org.apache.kylin.rest.exception.InternalErrorException; import org.apache.kylin.rest.metrics.QueryMetricsFacade; @@ -46,7 +43,6 @@ import org.apache.kylin.rest.response.SQLResponse; import org.apache.kylin.rest.service.QueryService; import org.apache.kylin.rest.util.QueryUtil; import org.apache.kylin.storage.exception.ScanOutOfLimitException; -import org.apache.kylin.storage.hybrid.HybridInstance; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -259,46 +255,10 @@ public class QueryController extends BasicController { private void checkQueryAuth(SQLResponse sqlResponse) throws AccessDeniedException { if (!sqlResponse.getIsException() && KylinConfig.getInstanceFromEnv().isQuerySecureEnabled()) { - HybridInstance hybridInstance = this.queryService.getHybridManager().getHybridInstance(sqlResponse.getCube()); - if (hybridInstance != null) { - if (checkHybridAuthorization(hybridInstance)) { - logger.info(hybridInstance.getName() + " ACL validation success."); - } else { - throw new AccessDeniedException("Access is denied"); - } - } else { - CubeInstance cubeInstance = this.queryService.getCubeManager().getCube(sqlResponse.getCube()); - queryService.checkAuthorization(cubeInstance); - } + queryService.checkAuthorization(sqlResponse.getCube()); } } - private boolean checkHybridAuthorization(HybridInstance hybridInstance) { - boolean access = false; - List<RealizationEntry> realizationEntries = hybridInstance.getRealizationEntries(); - for (RealizationEntry realizationEntry : realizationEntries) { - String reName = realizationEntry.getRealization(); - logger.debug("[realizationEntry] realizationEntry name: " + reName + " realizationEntry type: " + realizationEntry.getType().name()); - if (RealizationType.CUBE == realizationEntry.getType()) { - CubeInstance cubeInstance = queryService.getCubeManager().getCube(reName); - try { - queryService.checkAuthorization(cubeInstance); - logger.info(hybridInstance.getName() + " ACL validation cube: " + cubeInstance.getName() + " success."); - logger.info(hybridInstance.getName() + " ACL validation success."); - return true; - } catch (AccessDeniedException e) { - logger.info(hybridInstance.getName() + " ACL validation cube: " + cubeInstance.getName() + " failed."); - } - } else if (RealizationType.HYBRID == realizationEntry.getType()) { - HybridInstance innerHybridInstance = queryService.getHybridManager().getHybridInstance(reName); - if (checkHybridAuthorization(innerHybridInstance)) { - return true; - } - } - } - return access; - } - public void setQueryService(QueryService queryService) { this.queryService = queryService; } http://git-wip-us.apache.org/repos/asf/kylin/blob/1d046421/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java index 6d778d0..3acaeb8 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java @@ -55,6 +55,8 @@ import org.apache.kylin.common.util.Bytes; import org.apache.kylin.cube.CubeInstance; import org.apache.kylin.cube.CubeManager; import org.apache.kylin.cube.cuboid.Cuboid; +import org.apache.kylin.metadata.project.RealizationEntry; +import org.apache.kylin.metadata.realization.RealizationType; import org.apache.kylin.query.relnode.OLAPContext; import org.apache.kylin.rest.constant.Constant; import org.apache.kylin.rest.model.ColumnMeta; @@ -67,6 +69,7 @@ import org.apache.kylin.rest.response.SQLResponse; import org.apache.kylin.rest.util.QueryUtil; import org.apache.kylin.rest.util.Serializer; import org.apache.kylin.storage.hbase.HBaseConnection; +import org.apache.kylin.storage.hybrid.HybridInstance; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -258,8 +261,34 @@ public class QueryService extends BasicService { logger.info(stringBuilder.toString()); } + public void checkAuthorization(String cubeName) throws AccessDeniedException { + // special care for hybrid + HybridInstance hybridInstance = getHybridManager().getHybridInstance(cubeName); + if (hybridInstance != null) { + checkHybridAuthorization(hybridInstance); + return; + } + + CubeInstance cubeInstance = getCubeManager().getCube(cubeName); + checkCubeAuthorization(cubeInstance); + } + @PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN + " or hasPermission(#cube, 'ADMINISTRATION') or hasPermission(#cube, 'MANAGEMENT')" + " or hasPermission(#cube, 'OPERATION') or hasPermission(#cube, 'READ')") - public void checkAuthorization(CubeInstance cube) throws AccessDeniedException { + private void checkCubeAuthorization(CubeInstance cube) throws AccessDeniedException { + } + + private void checkHybridAuthorization(HybridInstance hybridInstance) throws AccessDeniedException { + List<RealizationEntry> realizationEntries = hybridInstance.getRealizationEntries(); + for (RealizationEntry realizationEntry : realizationEntries) { + String reName = realizationEntry.getRealization(); + if (RealizationType.CUBE == realizationEntry.getType()) { + CubeInstance cubeInstance = getCubeManager().getCube(reName); + checkCubeAuthorization(cubeInstance); + } else if (RealizationType.HYBRID == realizationEntry.getType()) { + HybridInstance innerHybridInstance = getHybridManager().getHybridInstance(reName); + checkHybridAuthorization(innerHybridInstance); + } + } } private SQLResponse queryWithSqlMassage(SQLRequest sqlRequest) throws Exception {
