[GitHub] [incubator-pinot] sajjad-moradi commented on a change in pull request #6507: Add Access Control for REST endpoints of Controller - Declarative Approach

Wed, 03 Feb 2021 11:25:34 -0800 


sajjad-moradi commented on a change in pull request #6507:
URL: https://github.com/apache/incubator-pinot/pull/6507#discussion_r569686621



##########
File path: 
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotTableRestletResource.java
##########
@@ -121,11 +132,19 @@
   @Produces(MediaType.APPLICATION_JSON)
   @Path("/tables")
   @ApiOperation(value = "Adds a table", notes = "Adds a table")
-  public SuccessResponse addTable(String tableConfigStr) {
+  public SuccessResponse addTable(String tableConfigStr, @Context HttpHeaders 
httpHeaders, @Context Request request) {
     // TODO introduce a table config ctor with json string.
     TableConfig tableConfig;
+    String tableName;
     try {
       tableConfig = JsonUtils.stringToObject(tableConfigStr, 
TableConfig.class);
+
+      // validate permission

Review comment:
       When there's any `@Authentication` annotation available on a method, 
authFilter check if tableName parameter is provided. If it is not, the endpoint 
is considered an admin level endpoint (because it's not related to any specific 
table). Here if we just put CREATE annotation, it means only admins can create 
tables and that's not what we want.
   I believe what you're referring to about authentication on creation and then 
updating is correct, but it will be handled by implementation of 
`AccessControl` interface.

##########
File path: 
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotTaskRestletResource.java
##########
@@ -289,6 +291,7 @@ public StringResultResponse getTaskStateDeprecated(
 
   @POST
   @Path("/tasks/schedule")
+  @Authenticate(AccessType.UPDATE)

Review comment:
       Yeah, as you and I mentioned earlier, some of these endpoints are tricky 
in terms of annotating with create or update. Here I thought this method just 
updates the state of the system by triggering tasks.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to