org.apache.kylin.rest.request.AccessRequest Java Examples

The following examples show how to use org.apache.kylin.rest.request.AccessRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AccessControllerTest.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthInProjectLevel() throws Exception {
    List<AccessEntryResponse> aes = null;
    swichToAdmin();
    List<ProjectInstance> projects = projectController.getProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
    //grant auth in project level
    swichToAdmin();
    aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(1, projects.size());

    //revoke auth
    swichToAdmin();
    AccessRequest request = getAccessRequest(ANALYST, READ, true);
    request.setAccessEntryId((Integer) aes.get(0).getId());
    accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
}
 
Example #2
Source File: AccessControllerTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testAuthInProjectLevel() throws Exception {
    List<AccessEntryResponse> aes = null;
    swichToAdmin();
    List<ProjectInstance> projects = projectController.getProjects(10000, 0);
    assertTrue(projects.size() > 0);
    ProjectInstance project = projects.get(0);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
    //grant auth in project level
    swichToAdmin();
    aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(1, projects.size());

    //revoke auth
    swichToAdmin();
    AccessRequest request = getAccessRequest(ANALYST, READ, true);
    request.setAccessEntryId((Integer) aes.get(0).getId());
    accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
    swichToAnalyst();
    projects = projectController.getProjects(10000, 0);
    assertEquals(0, projects.size());
}
 
Example #3
Source File: AccessControllerTest.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
private AccessRequest getAccessRequest(String role, String permission, boolean isPrincipal) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(isPrincipal);
    return accessRequest;
}
 
Example #4
Source File: BeanTest.java    From Kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null, null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ, "hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ') or hasPermission(filterObject, 'MANAGEMENT') " + "or hasPermission(filterObject, 'OPERATION') or hasPermission(filterObject, 'ADMINISTRATION')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #5
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param AccessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    return accessService.generateAceResponses(acl);
}
 
Example #6
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #7
Source File: AccessController.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal());
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #8
Source File: BeanTest.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
            null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
            "hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
                    + " or hasPermission(filterObject, 'MANAGEMENT')"
                    + " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #9
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 
Example #10
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #11
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #12
Source File: AclUtilTest.java    From kylin with Apache License 2.0 5 votes vote down vote up
private AccessRequest getAccessRequest(String role, String permission) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(true);
    return accessRequest;
}
 
Example #13
Source File: AccessControllerTest.java    From kylin with Apache License 2.0 5 votes vote down vote up
private AccessRequest getAccessRequest(String role, String permission, boolean isPrincipal) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(isPrincipal);
    return accessRequest;
}
 
Example #14
Source File: BeanTest.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
@Test
public void test() {
    try {
        BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(TableMeta.class, new String[0]);
        BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
        BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
        BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
        BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
        BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
        BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
        BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
    } catch (IntrospectionException e) {
    }

    new SQLResponse(null, null, 0, true, null);

    SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
            null, null, null, 0, 0, 0, null, false, false, false);
    Assert.assertTrue(!coulmnMeta.isAutoIncrement());
    Assert.assertTrue(!coulmnMeta.isCaseSensitive());
    Assert.assertTrue(!coulmnMeta.isSearchable());
    Assert.assertTrue(!coulmnMeta.isCurrency());
    Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
    Assert.assertTrue(!coulmnMeta.isSigned());

    Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
    Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
            "hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
                    + " or hasPermission(filterObject, 'MANAGEMENT')"
                    + " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
    Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
    Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
    Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
    Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
 
Example #15
Source File: AccessController.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 
Example #16
Source File: AccessController.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #17
Source File: AccessController.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #18
Source File: AclUtilTest.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
private AccessRequest getAccessRequest(String role, String permission) {
    AccessRequest accessRequest = new AccessRequest();
    accessRequest.setPermission(permission);
    accessRequest.setSid(role);
    accessRequest.setPrincipal(true);
    return accessRequest;
}
 
Example #19
Source File: AccessControllerTest.java    From kylin with Apache License 2.0 4 votes vote down vote up
private void grantPermission(String sid, String permission, String uuid) throws IOException {
    swichToAdmin();
    AccessRequest groupAccessRequest = getAccessRequest(sid, permission, false);
    accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest);
}
 
Example #20
Source File: AccessControllerTest.java    From kylin-on-parquet-v2 with Apache License 2.0 4 votes vote down vote up
private void grantPermission(String sid, String permission, String uuid) throws IOException {
    swichToAdmin();
    AccessRequest groupAccessRequest = getAccessRequest(sid, permission, false);
    accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest);
}