#476 enable model read permission when grant cube permissions
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/8ca0d321 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/8ca0d321 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/8ca0d321 Branch: refs/heads/KYLIN-2606 Commit: 8ca0d3217453929d0ac0c3078d9e78e769f852b0 Parents: 7f79083 Author: Roger Shi <rogershijich...@hotmail.com> Authored: Thu Jun 29 17:23:13 2017 +0800 Committer: liyang-gmt8 <liy...@apache.org> Committed: Thu Jun 29 18:05:01 2017 +0800 ---------------------------------------------------------------------- .../kylin/rest/controller2/AccessControllerV2.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/8ca0d321/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java b/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java index 1ca8652..bd7d897 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller2/AccessControllerV2.java @@ -21,12 +21,15 @@ package org.apache.kylin.rest.controller2; import java.io.IOException; import org.apache.kylin.common.persistence.AclEntity; +import org.apache.kylin.cube.CubeInstance; import org.apache.kylin.rest.controller.BasicController; import org.apache.kylin.rest.request.AccessRequest; import org.apache.kylin.rest.response.EnvelopeResponse; import org.apache.kylin.rest.response.ResponseCode; +import org.apache.kylin.rest.security.AclEntityType; import org.apache.kylin.rest.security.AclPermissionFactory; import org.apache.kylin.rest.service.AccessService; +import org.apache.kylin.rest.service.CubeService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.acls.model.Acl; @@ -51,6 +54,10 @@ public class AccessControllerV2 extends BasicController { @Qualifier("accessService") private AccessService accessService; + @Autowired + @Qualifier("cubeMgmtService") + private CubeService cubeService; + /** * Get access entry list of a domain object * @@ -100,6 +107,15 @@ public class AccessControllerV2 extends BasicController { Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission()); Acl acl = accessService.grant(ae, permission, sid); + if (AclEntityType.CUBE_INSTANCE.equals(type)) { + CubeInstance instance = cubeService.getCubeManager().getCubeByUuid(uuid); + if (instance != null) { + AclEntity model = accessService.getAclEntity(AclEntityType.DATA_MODEL_DESC, instance.getModel().getUuid()); + // FIXME: should not always grant + accessService.grant(model, permission, sid); + } + } + return new EnvelopeResponse(ResponseCode.CODE_SUCCESS, accessService.generateAceResponses(acl), ""); }
