Repository: kylin Updated Branches: refs/heads/master 7145b6d21 -> 84ba56158
KYLIN-2720 Should not allow user to access to all tables' metadata of a project Signed-off-by: shaofengshi <shaofeng...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/84ba5615 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/84ba5615 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/84ba5615 Branch: refs/heads/master Commit: 84ba5615898de99e154d0e13912a82815a0cf02f Parents: 7145b6d Author: qiumingming <qiumingm...@bytedance.com> Authored: Mon Jul 17 15:25:20 2017 +0800 Committer: shaofengshi <shaofeng...@apache.org> Committed: Fri Jul 21 14:16:46 2017 +0800 ---------------------------------------------------------------------- .../apache/kylin/rest/service/QueryService.java | 56 +++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/84ba5615/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java index f3402ef..f42859d 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java @@ -142,6 +142,10 @@ public class QueryService extends BasicService { private ModelService modelService; @Autowired + @Qualifier("cubeMgmtService") + private CubeService cubeService; + + @Autowired private AclUtil aclUtil; public QueryService() { @@ -508,6 +512,32 @@ public class QueryService extends BasicService { } protected List<TableMeta> getMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException { + //list all tableMetas first + List<TableMeta> tableMetas = listAllMetadata(cubeMgr, project, cubedOnly); + + //get cubes that current user can access to in this project, then get all tables of these cubes. + List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project, null, true); + Set<TableRef> tableRefs = new HashSet<TableRef>(); + for (CubeInstance cube : cubeInstances) { + tableRefs.addAll(cube.getDescriptor().getModel().getAllTables()); + } + + //filter out tableMetas that current user should not access to + List<TableMeta> filterTableMetas = new ArrayList<TableMeta>(); + for (TableMeta tableMeta : tableMetas) { + String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME(); + for (TableRef t : tableRefs) { + if (t.getTableIdentity().equals(fullTableName)) { + filterTableMetas.add(tableMeta); + break; + } + } + } + + return filterTableMetas; + } + + protected List<TableMeta> listAllMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException { Connection conn = null; ResultSet columnMeta = null; @@ -575,11 +605,33 @@ public class QueryService extends BasicService { } public List<TableMetaWithType> getMetadataV2(String project) throws SQLException, IOException { - return getMetadataV2(getCubeManager(), project, true); + //list all tableMetas first + List<TableMetaWithType> tableMetas = listAllMetadataV2(getCubeManager(), project, true); + + //get cubes that current user can access to in this project, then get all tables of these cubes. + List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project, null, true); + Set<TableRef> tableRefs = new HashSet<TableRef>(); + for (CubeInstance cube : cubeInstances) { + tableRefs.addAll(cube.getDescriptor().getModel().getAllTables()); + } + + //filter out tableMetas that current user should not access to + List<TableMetaWithType> filterTableMetas = new ArrayList<TableMetaWithType>(); + for (TableMetaWithType tableMeta : tableMetas) { + String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME(); + for (TableRef t : tableRefs) { + if (t.getTableIdentity().equals(fullTableName)) { + filterTableMetas.add(tableMeta); + break; + } + } + } + + return filterTableMetas; } @SuppressWarnings("checkstyle:methodlength") - protected List<TableMetaWithType> getMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly) + protected List<TableMetaWithType> listAllMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException, IOException { //Message msg = MsgPicker.getMsg();
