[GitHub] [pinot] apucher commented on a diff in pull request #9252: add @ManualAuthorization annotation for non-standard endpoints

Mon, 22 Aug 2022 17:41:15 -0700 


apucher commented on code in PR #9252:
URL: https://github.com/apache/pinot/pull/9252#discussion_r952039456


##########
pinot-controller/src/main/java/org/apache/pinot/controller/api/resources/PinotSegmentUploadDownloadRestletResource.java:
##########
@@ -139,24 +138,12 @@ public class PinotSegmentUploadDownloadRestletResource {
   @Produces(MediaType.APPLICATION_OCTET_STREAM)
   @Path("/segments/{tableName}/{segmentName}")
   @ApiOperation(value = "Download a segment", notes = "Download a segment")
+  @Authenticate(AccessType.READ)
   public Response downloadSegment(
       @ApiParam(value = "Name of the table", required = true) 
@PathParam("tableName") String tableName,
       @ApiParam(value = "Name of the segment", required = true) 
@PathParam("segmentName") @Encoded String segmentName,
       @Context HttpHeaders httpHeaders)
       throws Exception {
-    // Validate data access
-    boolean hasDataAccess;
-    try {
-      AccessControl accessControl = _accessControlFactory.create();
-      hasDataAccess = accessControl.hasDataAccess(httpHeaders, tableName);
-    } catch (Exception e) {
-      throw new ControllerApplicationException(LOGGER,
-          "Caught exception while validating access to table: " + tableName, 
Response.Status.INTERNAL_SERVER_ERROR, e);
-    }
-    if (!hasDataAccess) {
-      throw new ControllerApplicationException(LOGGER, "No data access to 
table: " + tableName,
-          Response.Status.FORBIDDEN);
-    }
 

Review Comment:
   This is the same strictness as before. The endpoint provides a table name, 
therefore, we'll perform auth based on headers and table name. The only change 
is removing the call to a deprecated method.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

Reply via email to