[pinot] branch master updated: fixing permission check case issue in BasicAuthPrincipal (#7354)

Mon, 23 Aug 2021 19:19:02 -0700 

This is an automated email from the ASF dual-hosted git repository.

xiangfu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git


The following commit(s) were added to refs/heads/master by this push:
     new c907dca  fixing permission check case issue in BasicAuthPrincipal 
(#7354)
c907dca is described below

commit c907dca917b208cade9d46d2e0804c335901d9b2
Author: Xiang Fu <xiangfu.1...@gmail.com>
AuthorDate: Mon Aug 23 19:18:41 2021 -0700

    fixing permission check case issue in BasicAuthPrincipal (#7354)
---
 .../apache/pinot/core/auth/BasicAuthPrincipal.java |  5 ++-
 .../org/apache/pinot/core/auth/BasicAuthTest.java  | 51 ++++++++++++++++++++++
 2 files changed, 54 insertions(+), 2 deletions(-)

diff --git 
a/pinot-core/src/main/java/org/apache/pinot/core/auth/BasicAuthPrincipal.java 
b/pinot-core/src/main/java/org/apache/pinot/core/auth/BasicAuthPrincipal.java
index 2cc6354..e2d7cb9 100644
--- 
a/pinot-core/src/main/java/org/apache/pinot/core/auth/BasicAuthPrincipal.java
+++ 
b/pinot-core/src/main/java/org/apache/pinot/core/auth/BasicAuthPrincipal.java
@@ -19,6 +19,7 @@
 package org.apache.pinot.core.auth;
 
 import java.util.Set;
+import java.util.stream.Collectors;
 
 
 /**
@@ -34,7 +35,7 @@ public class BasicAuthPrincipal {
     _name = name;
     _token = token;
     _tables = tables;
-    _permissions = permissions;
+    _permissions = permissions.stream().map(s -> 
s.toLowerCase()).collect(Collectors.toSet());
   }
 
   public String getName() {
@@ -50,6 +51,6 @@ public class BasicAuthPrincipal {
   }
 
   public boolean hasPermission(String permission) {
-    return _permissions.isEmpty() || _permissions.contains(permission);
+    return _permissions.isEmpty() || 
_permissions.contains(permission.toLowerCase());
   }
 }
diff --git 
a/pinot-core/src/test/java/org/apache/pinot/core/auth/BasicAuthTest.java 
b/pinot-core/src/test/java/org/apache/pinot/core/auth/BasicAuthTest.java
new file mode 100644
index 0000000..bcadc8b8
--- /dev/null
+++ b/pinot-core/src/test/java/org/apache/pinot/core/auth/BasicAuthTest.java
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pinot.core.auth;
+
+import com.google.common.collect.ImmutableSet;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+
+public class BasicAuthTest {
+
+  @Test
+  public void testBasicAuthPrincipal()
+      throws Exception {
+    Assert.assertTrue(new BasicAuthPrincipal("name", "token", 
ImmutableSet.of("myTable"), ImmutableSet.of("READ"))
+        .hasTable("myTable"));
+    Assert.assertTrue(
+        new BasicAuthPrincipal("name", "token", ImmutableSet.of("myTable", 
"myTable1"), ImmutableSet.of("Read"))
+            .hasTable("myTable1"));
+    Assert.assertFalse(new BasicAuthPrincipal("name", "token", 
ImmutableSet.of("myTable"), ImmutableSet.of("read"))
+        .hasTable("myTable1"));
+    Assert.assertFalse(
+        new BasicAuthPrincipal("name", "token", ImmutableSet.of("myTable", 
"myTable1"), ImmutableSet.of("read"))
+            .hasTable("myTable2"));
+
+    Assert.assertTrue(new BasicAuthPrincipal("name", "token", 
ImmutableSet.of("myTable"), ImmutableSet.of("READ"))
+        .hasPermission("read"));
+    Assert.assertTrue(new BasicAuthPrincipal("name", "token", 
ImmutableSet.of("myTable"), ImmutableSet.of("Read"))
+        .hasPermission("READ"));
+    Assert.assertTrue(new BasicAuthPrincipal("name", "token", 
ImmutableSet.of("myTable"), ImmutableSet.of("read"))
+        .hasPermission("Read"));
+    Assert.assertFalse(new BasicAuthPrincipal("name", "token", 
ImmutableSet.of("myTable"), ImmutableSet.of("read"))
+        .hasPermission("write"));
+  }
+}

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to