kylin access for cube and model (#2782)
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/a794544f Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/a794544f Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/a794544f Branch: refs/heads/2.2.x Commit: a794544f9c79f04d44015730bed96c03055b6733 Parents: 32b2400 Author: luguosheng1314 <550175...@qq.com> Authored: Tue Oct 17 04:25:13 2017 -0500 Committer: lidongsjtu <lid...@apache.org> Committed: Tue Oct 17 17:44:05 2017 +0800 ---------------------------------------------------------------------- webapp/app/js/controllers/cubeSchema.js | 5 ----- webapp/app/js/controllers/modelSchema.js | 4 ---- webapp/app/js/controllers/page.js | 21 +++++++++++++++++---- webapp/app/partials/common/access.html | 10 +++++----- webapp/app/partials/cubes/cube_detail.html | 4 ++-- webapp/app/partials/cubes/cubes.html | 6 +++--- webapp/app/partials/models/models_tree.html | 2 +- webapp/app/partials/projects/projects.html | 4 ++-- 8 files changed, 30 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/js/controllers/cubeSchema.js ---------------------------------------------------------------------- diff --git a/webapp/app/js/controllers/cubeSchema.js b/webapp/app/js/controllers/cubeSchema.js index a912c72..2a47a8c 100755 --- a/webapp/app/js/controllers/cubeSchema.js +++ b/webapp/app/js/controllers/cubeSchema.js @@ -160,11 +160,6 @@ KylinApp.controller('CubeSchemaCtrl', function ($scope, QueryService, UserServic }); - // ~ public methods - $scope.filterProj = function(project){ - return $scope.userService.hasRole('ROLE_ADMIN') || $scope.hasPermission(project,$scope.permissions.ADMINISTRATION.mask); - }; - $scope.removeElement = function (arr, element) { var index = arr.indexOf(element); http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/js/controllers/modelSchema.js ---------------------------------------------------------------------- diff --git a/webapp/app/js/controllers/modelSchema.js b/webapp/app/js/controllers/modelSchema.js index 41a26bb..d1744bb 100644 --- a/webapp/app/js/controllers/modelSchema.js +++ b/webapp/app/js/controllers/modelSchema.js @@ -84,10 +84,6 @@ KylinApp.controller('ModelSchemaCtrl', function ($scope, QueryService, UserServi }); - // ~ public methods - $scope.filterProj = function (project) { - return $scope.userService.hasRole('ROLE_ADMIN') || $scope.hasPermission(project, $scope.permissions.ADMINISTRATION.mask); - }; $scope.removeElement = function (arr, element) { var index = arr.indexOf(element); http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/js/controllers/page.js ---------------------------------------------------------------------- diff --git a/webapp/app/js/controllers/page.js b/webapp/app/js/controllers/page.js index 575f455..5a77195 100644 --- a/webapp/app/js/controllers/page.js +++ b/webapp/app/js/controllers/page.js @@ -88,20 +88,33 @@ KylinApp.controller('PageCtrl', function ($scope, $q, AccessService, $modal, $lo }; // common acl methods - $scope.hasPermission = function (entity) { + $scope.hasPermission = function (accessType, entity) { var curUser = UserService.getCurUser(); if (!curUser.userDetails) { return curUser; } - var hasPermission = false; var masks = []; - for (var i = 1; i < arguments.length; i++) { + for (var i = 2; i < arguments.length; i++) { if (arguments[i]) { masks.push(arguments[i]); } } - + var project = '' + var projectAccesses = ProjectModel.projects || [] + if (accessType === 'cube') { + project = entity.project + } else if (accessType === 'project') { + project = entity.name + } else if (accessType === 'model') { + project = ProjectModel.getProjectByCubeModel(entity.name) + } + for(var i = 0;i<projectAccesses.length;i++){ + if(projectAccesses[i].name === project) { + entity = projectAccesses[i] + break; + } + } if (entity) { angular.forEach(entity.accessEntities, function (acessEntity, index) { if (masks.indexOf(acessEntity.permission.mask) != -1) { http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/partials/common/access.html ---------------------------------------------------------------------- diff --git a/webapp/app/partials/common/access.html b/webapp/app/partials/common/access.html index be0a9d0..ee41e64 100644 --- a/webapp/app/partials/common/access.html +++ b/webapp/app/partials/common/access.html @@ -19,7 +19,7 @@ <div ng-controller="AccessCtrl"> <div class="space-4"></div> <div class="pull-right"> - <button class="btn btn-primary btn-xs" ng-click="renewAccess(entity)" ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(entity, 16) && !newAccess"><i + <button class="btn btn-primary btn-xs" ng-click="renewAccess(entity)" ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('project',entity, 16) && !newAccess"><i class="fa fa-plus"></i> Grant </button> <button class="btn btn-primary btn-xs" ng-click="resetNewAcess()" ng-if="newAccess"><i @@ -72,8 +72,8 @@ <th>Name</th> <th>Type</th> <th>Access</th> - <th ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(entity, 16)">Update</th> - <th ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(entity, 16)">Revoke</th> + <th ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('project',entity, 16)">Update</th> + <th ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('project',entity, 16)">Revoke</th> </tr> </thead> <tbody> @@ -92,7 +92,7 @@ <span ng-if="accessEntity.permission.mask == 64">OPERATION</span> <span ng-if="accessEntity.permission.mask == 16">ADMIN</span> </td> - <td ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(entity, 16)"> + <td ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('project',entity, 16)"> <select ng-model="accessEntity.newPermission" ng-init="newAccess.permission=permissions.READ.value" ng-options="permission.value as permission.name for (name, permission) in permissions"> <option value="">-- select access --</option> @@ -101,7 +101,7 @@ ng-click="update(type, entity, accessEntity, accessEntity.newPermission)">Update </button> </td> - <td ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(entity, 16)"> + <td ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('project',entity, 16)"> <button class="btn btn-default btn-xs" ng-click="revoke(type, accessEntity, entity)">Revoke</button> </td> </tr> http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/partials/cubes/cube_detail.html ---------------------------------------------------------------------- diff --git a/webapp/app/partials/cubes/cube_detail.html b/webapp/app/partials/cubes/cube_detail.html index 674e3f0..db0ed8d 100755 --- a/webapp/app/partials/cubes/cube_detail.html +++ b/webapp/app/partials/cubes/cube_detail.html @@ -26,7 +26,7 @@ <a href="" ng-click="cube.visiblePage='sql';getCubeSql(cube)">SQL</a> </li> <li class="{{cube.visiblePage=='json'? 'active':''}}" - ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(cube, 16) && !newAccess"> + ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('cube',cube, 16) && !newAccess"> <a href="" ng-click="cube.visiblePage='json';">JSON(Cube)</a> </li> <!--<li class="{{cube.visiblePage=='access'? 'active':''}}"--> @@ -34,7 +34,7 @@ <!--<a href="" ng-click="cube.visiblePage='access';listAccess(cube, 'CubeInstance');">Access</a>--> <!--</li>--> <li class="{{cube.visiblePage=='notification'? 'active':''}}" - ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(cube, 16) && !newAccess"> + ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('cube',cube, 16) && !newAccess"> <a href="" ng-click="cube.visiblePage='notification';getNotifyListString(cube);">Notification</a> </li> <li class="{{cube.visiblePage=='hbase'? 'active':''}}" http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/partials/cubes/cubes.html ---------------------------------------------------------------------- diff --git a/webapp/app/partials/cubes/cubes.html b/webapp/app/partials/cubes/cubes.html index d43b857..22ab122 100644 --- a/webapp/app/partials/cubes/cubes.html +++ b/webapp/app/partials/cubes/cubes.html @@ -87,10 +87,10 @@ data-toggle="dropdown" ng-click="listAccess(cube, 'CubeInstance')"> Action <span class="ace-icon fa fa-caret-down icon-on-right"></span> </button> - <ul ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission(cube, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask)" class="dropdown-menu" role="menu"> + <ul ng-if="userService.hasRole('ROLE_ADMIN') || hasPermission('cube',cube, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask)" class="dropdown-menu" role="menu"> <li ng-if="cube.status!='READY' && userService.hasRole('ROLE_ADMIN') "> <a ng-click="dropCube(cube)" tooltip="Drop the cube, related jobs and data permanently.">Drop</a></li> - <li ng-if="(userService.hasRole('ROLE_ADMIN') || hasPermission(cube, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask))"> + <li ng-if="(userService.hasRole('ROLE_ADMIN') || hasPermission('cube',cube, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask))"> <a ng-click="cubeEdit(cube);">Edit</a></li> <li ng-if="cube.status!='DESCBROKEN'"><a ng-click="startJobSubmit(cube);">Build</a></li> <li ng-if="cube.status!='DESCBROKEN'"><a ng-click="startRefresh(cube)">Refresh</a></li> @@ -101,7 +101,7 @@ <li ng-if="cube.status!='DESCBROKEN'"><a ng-click="cloneCube(cube)">Clone</a></li> </ul> - <ul ng-if="!(userService.hasRole('ROLE_ADMIN') || hasPermission(cube, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))" class="dropdown-menu" role="menu"> + <ul ng-if="!(userService.hasRole('ROLE_ADMIN') || hasPermission('cube',cube, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))" class="dropdown-menu" role="menu"> <li><a>N/A</a></li> </ul> </div> http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/partials/models/models_tree.html ---------------------------------------------------------------------- diff --git a/webapp/app/partials/models/models_tree.html b/webapp/app/partials/models/models_tree.html index 399f839..d6d0b1a 100644 --- a/webapp/app/partials/models/models_tree.html +++ b/webapp/app/partials/models/models_tree.html @@ -52,7 +52,7 @@ <button type="button" class="btn btn-default btn-xs dropdown-toggle" data-toggle="dropdown" ng-click="listModelAccess(model)"> Action <span class="ace-icon fa fa-caret-down icon-on-right"></span> </button> - <ul class="dropdown-menu" role="menu" ng-if="(userService.hasRole('ROLE_ADMIN') || hasPermission(model, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))"> + <ul class="dropdown-menu" role="menu" ng-if="(userService.hasRole('ROLE_ADMIN') || hasPermission('model',model, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))"> <li><a ng-click="editModel(model, false)" title="Edit Model" style="cursor:pointer;margin-right: 8px;" >Edit</a></li> <li><a ng-click="cloneModel(model)" title="Clone Model" style="cursor:pointer;margin-right: 8px;" >Clone </a></li> <li><a ng-click="dropModel(model)" title="Drop Model" style="cursor:pointer;margin-right: 8px;">Drop</a></li> http://git-wip-us.apache.org/repos/asf/kylin/blob/a794544f/webapp/app/partials/projects/projects.html ---------------------------------------------------------------------- diff --git a/webapp/app/partials/projects/projects.html b/webapp/app/partials/projects/projects.html index 96e4a91..95fc359 100644 --- a/webapp/app/partials/projects/projects.html +++ b/webapp/app/partials/projects/projects.html @@ -58,10 +58,10 @@ <td>{{ project.create_time_utc | utcToConfigTimeZone}}</td> <td> <button class="btn btn-xs btn-info" ng-click="toEdit(project)" tooltip="Edit" - ng-disabled="!(userService.hasRole('ROLE_ADMIN') || hasPermission(project, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))"> + ng-disabled="!(userService.hasRole('ROLE_ADMIN') || hasPermission('project',project, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))"> <i class="fa fa-pencil"></i></button> <button class="btn btn-xs btn-danger" ng-click="delete(project)" tooltip="Delete" - ng-disabled="!(userService.hasRole('ROLE_ADMIN') || hasPermission(project, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))" + ng-disabled="!(userService.hasRole('ROLE_ADMIN') || hasPermission('project',project, permissions.ADMINISTRATION.mask, permissions.MANAGEMENT.mask, permissions.OPERATION.mask))" ><i class="fa fa-trash-o"></i></button> </td> </tr>
