This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new 9822514 [ZEPPELIN-4645]. Only list the interpreters that the user has
permission in creating note and interpreter binding
9822514 is described below
commit 982251418ff7d75a0c141b4c2960d95192d94b8d
Author: Jeff Zhang <zjf...@apache.org>
AuthorDate: Wed Feb 26 17:33:07 2020 +0800
[ZEPPELIN-4645]. Only list the interpreters that the user has permission in
creating note and interpreter binding
### What is this PR for?
It doesn't make sense to list the interpreters that user don't have
permission. This PR just filter the interpreters that user don't have
permission in the creating note page and interpreter binding section. But I
would always add the default interpreter in the interpreter binding section
without checking its permission, because it would make user confused if the
default interpreter is lost after interpreter permission is changed.
### What type of PR is it?
[ Improvement]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-4645
### How should this be tested?
* CI pass and tested manually
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Jeff Zhang <zjf...@apache.org>
Closes #3663 from zjffdu/ZEPPELIN-4645 and squashes the following commits:
f920c8d15 [Jeff Zhang] [ZEPPELIN-4645]. Only list the interpreters that the
user has permission in creating note and interpreter binding
---
.../apache/zeppelin/service/NotebookService.java | 4 ++-
.../org/apache/zeppelin/socket/NotebookServer.java | 29 ++++++++++++++++------
.../zeppelin/rest/InterpreterRestApiTest.java | 4 +--
.../apache/zeppelin/socket/NotebookServerTest.java | 3 ++-
.../java/org/apache/zeppelin/notebook/Note.java | 18 +++++++++-----
.../helium/HeliumApplicationFactoryTest.java | 4 ++-
.../org/apache/zeppelin/notebook/NotebookTest.java | 18 +++++++-------
7 files changed, 52 insertions(+), 28 deletions(-)
diff --git
a/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
b/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
index f7b3ab6..b6dda71 100644
---
a/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
+++
b/zeppelin-server/src/main/java/org/apache/zeppelin/service/NotebookService.java
@@ -27,6 +27,7 @@ import com.google.gson.reflect.TypeToken;
import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@@ -1112,7 +1113,8 @@ public class NotebookService {
// propagate change to (Remote) AngularObjectRegistry
Note note = notebook.getNote(noteId);
if (note != null) {
- List<InterpreterSetting> settings = note.getBindedInterpreterSettings();
+ List<InterpreterSetting> settings =
+ note.getBindedInterpreterSettings(new
ArrayList(context.getUserAndRoles()));
for (InterpreterSetting setting : settings) {
if (setting.getInterpreterGroup(user, note.getId()) == null) {
continue;
diff --git
a/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
b/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
index d29ab4f..01c463d 100644
---
a/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
+++
b/zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java
@@ -271,7 +271,8 @@ public class NotebookServer extends WebSocketServlet
ZeppelinConfiguration conf = ZeppelinConfiguration.create();
boolean allowAnonymous = conf.isAnonymousAllowed();
if (!allowAnonymous && messagereceived.principal.equals("anonymous")) {
- throw new Exception("Anonymous access not allowed ");
+ LOG.warn("Anonymous access not allowed.");
+ return;
}
if (Message.isDisabledForRunningNotes(messagereceived.op)) {
@@ -429,7 +430,7 @@ public class NotebookServer extends WebSocketServlet
getEditorSetting(conn, messagereceived);
break;
case GET_INTERPRETER_SETTINGS:
- getInterpreterSettings(conn);
+ getInterpreterSettings(conn, messagereceived);
break;
case WATCHER:
connectionManager.switchConnectionToWatcher(conn);
@@ -529,10 +530,12 @@ public class NotebookServer extends WebSocketServlet
public void getInterpreterBindings(NotebookSocket conn, Message fromMessage)
throws IOException {
List<InterpreterSettingsList> settingList = new ArrayList<>();
+ ServiceContext context = getServiceContext(fromMessage);
String noteId = (String) fromMessage.data.get("noteId");
Note note = getNotebook().getNote(noteId);
if (note != null) {
- List<InterpreterSetting> bindedSettings =
note.getBindedInterpreterSettings();
+ List<InterpreterSetting> bindedSettings =
+ note.getBindedInterpreterSettings(new
ArrayList<>(context.getUserAndRoles()));
for (InterpreterSetting setting : bindedSettings) {
settingList.add(new InterpreterSettingsList(setting.getId(),
setting.getName(),
setting.getInterpreterInfos(), true));
@@ -545,6 +548,7 @@ public class NotebookServer extends WebSocketServlet
public void saveInterpreterBindings(NotebookSocket conn, Message
fromMessage) throws IOException {
List<InterpreterSettingsList> settingList = new ArrayList<>();
String noteId = (String) fromMessage.data.get("noteId");
+ ServiceContext context = getServiceContext(fromMessage);
Note note = getNotebook().getNote(noteId);
if (note != null) {
List<String> settingIdList =
@@ -555,7 +559,8 @@ public class NotebookServer extends WebSocketServlet
getNotebook().saveNote(note,
new AuthenticationInfo(fromMessage.principal,
fromMessage.roles, fromMessage.ticket));
}
- List<InterpreterSetting> bindedSettings =
note.getBindedInterpreterSettings();
+ List<InterpreterSetting> bindedSettings =
+ note.getBindedInterpreterSettings(new
ArrayList<>(context.getUserAndRoles()));
for (InterpreterSetting setting : bindedSettings) {
settingList.add(new InterpreterSettingsList(setting.getId(),
setting.getName(),
setting.getInterpreterInfos(), true));
@@ -1973,7 +1978,8 @@ public class NotebookServer extends WebSocketServlet
continue;
}
- List<InterpreterSetting> intpSettings =
note.getBindedInterpreterSettings();
+ List<InterpreterSetting> intpSettings =
+ note.getBindedInterpreterSettings(new
ArrayList<>(note.getOwners()));
if (intpSettings.isEmpty()) {
continue;
}
@@ -2031,11 +2037,18 @@ public class NotebookServer extends WebSocketServlet
});
}
- private void getInterpreterSettings(NotebookSocket conn)
+ private void getInterpreterSettings(NotebookSocket conn, Message message)
throws IOException {
- List<InterpreterSetting> availableSettings =
getNotebook().getInterpreterSettingManager().get();
+ ServiceContext context = getServiceContext(message);
+ List<InterpreterSetting> allSettings =
getNotebook().getInterpreterSettingManager().get();
+ List<InterpreterSetting> result = new ArrayList<>();
+ for (InterpreterSetting setting : allSettings) {
+ if (setting.isUserAuthorized(new
ArrayList<>(context.getUserAndRoles()))) {
+ result.add(setting);
+ }
+ }
conn.send(serializeMessage(
- new Message(OP.INTERPRETER_SETTINGS).put("interpreterSettings",
availableSettings)));
+ new Message(OP.INTERPRETER_SETTINGS).put("interpreterSettings",
result)));
}
@Override
diff --git
a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/InterpreterRestApiTest.java
b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/InterpreterRestApiTest.java
index fa9f001..9819b87 100644
---
a/zeppelin-server/src/test/java/org/apache/zeppelin/rest/InterpreterRestApiTest.java
+++
b/zeppelin-server/src/test/java/org/apache/zeppelin/rest/InterpreterRestApiTest.java
@@ -255,7 +255,7 @@ public class InterpreterRestApiTest extends
AbstractTestRestApi {
assertEquals(p.getReturn().message().get(0).getData(),
getSimulatedMarkdownResult("markdown"));
// when: restart interpreter
- for (InterpreterSetting setting : note.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note.getBindedInterpreterSettings(new
ArrayList<>())) {
if (setting.getName().equals("md")) {
// call restart interpreter API
PutMethod put = httpPut("/interpreter/setting/restart/" +
setting.getId(), "");
@@ -308,7 +308,7 @@ public class InterpreterRestApiTest extends
AbstractTestRestApi {
// when: get md interpreter
InterpreterSetting mdIntpSetting = null;
- for (InterpreterSetting setting : note.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note.getBindedInterpreterSettings(new
ArrayList<>())) {
if (setting.getName().equals("md")) {
mdIntpSetting = setting;
break;
diff --git
a/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
b/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
index 69df579..f035c6c 100644
---
a/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
+++
b/zeppelin-server/src/test/java/org/apache/zeppelin/socket/NotebookServerTest.java
@@ -36,6 +36,7 @@ import static org.mockito.Mockito.when;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
@@ -273,7 +274,7 @@ public class NotebookServerTest extends AbstractTestRestApi
{
// get reference to interpreterGroup
InterpreterGroup interpreterGroup = null;
- List<InterpreterSetting> settings = note1.getBindedInterpreterSettings();
+ List<InterpreterSetting> settings = note1.getBindedInterpreterSettings(new
ArrayList<>());
for (InterpreterSetting setting : settings) {
if (setting.getName().equals("angular")) {
interpreterGroup = setting.getOrCreateInterpreterGroup("anonymous",
"sharedProcess");
diff --git
a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
index ec0caa2..0f902f6 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java
@@ -18,6 +18,7 @@
package org.apache.zeppelin.notebook;
import com.google.common.annotations.VisibleForTesting;
+import com.google.common.collect.Lists;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
@@ -920,7 +921,7 @@ public class Note implements JsonSerializable {
private void snapshotAngularObjectRegistry(String user) {
angularObjects = new HashMap<>();
- List<InterpreterSetting> settings = getBindedInterpreterSettings();
+ List<InterpreterSetting> settings =
getBindedInterpreterSettings(Lists.newArrayList(user));
if (settings == null || settings.size() == 0) {
return;
}
@@ -937,7 +938,7 @@ public class Note implements JsonSerializable {
private void removeAllAngularObjectInParagraph(String user, String
paragraphId) {
angularObjects = new HashMap<>();
- List<InterpreterSetting> settings = getBindedInterpreterSettings();
+ List<InterpreterSetting> settings =
getBindedInterpreterSettings(Lists.newArrayList(user));
if (settings == null || settings.size() == 0) {
return;
}
@@ -975,7 +976,7 @@ public class Note implements JsonSerializable {
}
}
- public List<InterpreterSetting> getBindedInterpreterSettings() {
+ public List<InterpreterSetting> getBindedInterpreterSettings(List<String>
userAndRoles) {
// use LinkedHashSet because order matters, the first one represent the
default interpreter setting.
Set<InterpreterSetting> settings = new LinkedHashSet<>();
// add the default interpreter group
@@ -987,7 +988,9 @@ public class Note implements JsonSerializable {
// add the interpreter setting with the same group of default interpreter
group
for (InterpreterSetting intpSetting : interpreterSettingManager.get()) {
if (intpSetting.getGroup().equals(defaultIntpSetting.getGroup())) {
- settings.add(intpSetting);
+ if (intpSetting.isUserAuthorized(userAndRoles)) {
+ settings.add(intpSetting);
+ }
}
}
@@ -995,8 +998,11 @@ public class Note implements JsonSerializable {
for (Paragraph p : getParagraphs()) {
try {
Interpreter intp = p.getBindedInterpreter();
- settings.add((
- (ManagedInterpreterGroup)
intp.getInterpreterGroup()).getInterpreterSetting());
+ InterpreterSetting interpreterSetting = (
+ (ManagedInterpreterGroup)
intp.getInterpreterGroup()).getInterpreterSetting();
+ if (interpreterSetting.isUserAuthorized(userAndRoles)) {
+ settings.add(interpreterSetting);
+ }
} catch (InterpreterNotFoundException e) {
// ignore this
}
diff --git
a/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
b/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
index ac7bd5b..a39c83e 100644
---
a/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
+++
b/zeppelin-zengine/src/test/java/org/apache/zeppelin/helium/HeliumApplicationFactoryTest.java
@@ -21,6 +21,8 @@ import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import java.io.IOException;
+import java.util.ArrayList;
+
import org.apache.zeppelin.interpreter.AbstractInterpreterTest;
import org.apache.zeppelin.interpreter.Interpreter;
import org.apache.zeppelin.interpreter.InterpreterException;
@@ -233,7 +235,7 @@ public class HeliumApplicationFactoryTest extends
AbstractInterpreterTest {
Note note1 = notebook.createNote("note1", anonymous);
String mock1IntpSettingId = null;
- for (InterpreterSetting setting : note1.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note1.getBindedInterpreterSettings(new
ArrayList<>())) {
if (setting.getName().equals("mock1")) {
mock1IntpSettingId = setting.getId();
break;
diff --git
a/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
b/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
index b5f8866..94956ae 100644
---
a/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
+++
b/zeppelin-zengine/src/test/java/org/apache/zeppelin/notebook/NotebookTest.java
@@ -916,7 +916,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
// create a note and a paragraph
Note note = notebook.createNote("note1", anonymous);
- AngularObjectRegistry registry =
note.getBindedInterpreterSettings().get(0).getOrCreateInterpreterGroup(anonymous.getUser(),
"sharedProcess")
+ AngularObjectRegistry registry = note.getBindedInterpreterSettings(new
ArrayList<>()).get(0).getOrCreateInterpreterGroup(anonymous.getUser(),
"sharedProcess")
.getAngularObjectRegistry();
Paragraph p1 = note.addNewParagraph(AuthenticationInfo.ANONYMOUS);
@@ -947,7 +947,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
// create a note and a paragraph
Note note = notebook.createNote("note1", anonymous);
- AngularObjectRegistry registry =
note.getBindedInterpreterSettings().get(0).getOrCreateInterpreterGroup(anonymous.getUser(),
"sharedProcess")
+ AngularObjectRegistry registry = note.getBindedInterpreterSettings(new
ArrayList<>()).get(0).getOrCreateInterpreterGroup(anonymous.getUser(),
"sharedProcess")
.getAngularObjectRegistry();
Paragraph p1 = note.addNewParagraph(AuthenticationInfo.ANONYMOUS);
@@ -979,7 +979,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
// create a note and a paragraph
Note note = notebook.createNote("note1", anonymous);
- AngularObjectRegistry registry =
note.getBindedInterpreterSettings().get(0).getOrCreateInterpreterGroup(anonymous.getUser(),
"sharedProcess")
+ AngularObjectRegistry registry = note.getBindedInterpreterSettings(new
ArrayList<>()).get(0).getOrCreateInterpreterGroup(anonymous.getUser(),
"sharedProcess")
.getAngularObjectRegistry();
// add local scope object
@@ -988,8 +988,8 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
registry.add("o2", "object2", null, null);
// restart interpreter
-
interpreterSettingManager.restart(note.getBindedInterpreterSettings().get(0).getId());
- registry = note.getBindedInterpreterSettings().get(0)
+ interpreterSettingManager.restart(note.getBindedInterpreterSettings(new
ArrayList<>()).get(0).getId());
+ registry = note.getBindedInterpreterSettings(new ArrayList<>()).get(0)
.getOrCreateInterpreterGroup(anonymous.getUser(), "sharedProcess")
.getAngularObjectRegistry();
@@ -1195,7 +1195,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
p1.setAuthenticationInfo(anonymous);
// restart interpreter with per user session enabled
- for (InterpreterSetting setting : note1.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note1.getBindedInterpreterSettings(new
ArrayList<>())) {
setting.getOption().setPerNote(setting.getOption().SCOPED);
notebook.getInterpreterSettingManager().restart(setting.getId());
}
@@ -1243,7 +1243,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
// restart interpreter with per note session enabled
- for (InterpreterSetting setting : note1.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note1.getBindedInterpreterSettings(new
ArrayList<>())) {
setting.getOption().setPerNote(InterpreterOption.SCOPED);
notebook.getInterpreterSettingManager().restart(setting.getId());
}
@@ -1286,7 +1286,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
assertEquals(p1.getReturn().message().get(0).getData(),
p2.getReturn().message().get(0).getData());
// restart interpreter with scoped mode enabled
- for (InterpreterSetting setting : note1.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note1.getBindedInterpreterSettings(new
ArrayList<>())) {
setting.getOption().setPerNote(InterpreterOption.SCOPED);
notebook.getInterpreterSettingManager().restart(setting.getId());
}
@@ -1301,7 +1301,7 @@ public class NotebookTest extends AbstractInterpreterTest
implements ParagraphJo
assertNotEquals(p1.getReturn().message().get(0).getData(),
p2.getReturn().message().get(0).getData());
// restart interpreter with isolated mode enabled
- for (InterpreterSetting setting : note1.getBindedInterpreterSettings()) {
+ for (InterpreterSetting setting : note1.getBindedInterpreterSettings(new
ArrayList<>())) {
setting.getOption().setPerNote(InterpreterOption.ISOLATED);
setting.getInterpreterSettingManager().restart(setting.getId());
}
