org.apache.kylin.rest.response.AccessEntryResponse Java Examples
The following examples show how to use
org.apache.kylin.rest.response.AccessEntryResponse.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
boolean isCaseSensitive) {
if (null == acl) {
return Collections.emptyList();
}
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
for (AccessControlEntry ace : acl.getEntries()) {
if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
continue;
}
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
return result;
}
Example #2
| Source File: AccessControllerTest.java From kylin with Apache License 2.0 | 6 votes |
|
@Test
public void testAuthInProjectLevel() throws Exception {
List<AccessEntryResponse> aes = null;
swichToAdmin();
List<ProjectInstance> projects = projectController.getProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
swichToAnalyst();
projects = projectController.getProjects(10000, 0);
assertEquals(0, projects.size());
//grant auth in project level
swichToAdmin();
aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
swichToAnalyst();
projects = projectController.getProjects(10000, 0);
assertEquals(1, projects.size());
//revoke auth
swichToAdmin();
AccessRequest request = getAccessRequest(ANALYST, READ, true);
request.setAccessEntryId((Integer) aes.get(0).getId());
accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
swichToAnalyst();
projects = projectController.getProjects(10000, 0);
assertEquals(0, projects.size());
}
Example #3
| Source File: AccessControllerTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 6 votes |
|
@Test
public void testAuthInProjectLevel() throws Exception {
List<AccessEntryResponse> aes = null;
swichToAdmin();
List<ProjectInstance> projects = projectController.getProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
swichToAnalyst();
projects = projectController.getProjects(10000, 0);
assertEquals(0, projects.size());
//grant auth in project level
swichToAdmin();
aes = accessController.grant(PROJECT_INSTANCE, project.getUuid(), getAccessRequest(ANALYST, READ, true));
swichToAnalyst();
projects = projectController.getProjects(10000, 0);
assertEquals(1, projects.size());
//revoke auth
swichToAdmin();
AccessRequest request = getAccessRequest(ANALYST, READ, true);
request.setAccessEntryId((Integer) aes.get(0).getId());
accessController.revoke(PROJECT_INSTANCE, project.getUuid(), request);
swichToAnalyst();
projects = projectController.getProjects(10000, 0);
assertEquals(0, projects.size());
}
Example #4
| Source File: AccessService.java From kylin with Apache License 2.0 | 6 votes |
|
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg,
boolean isCaseSensitive) {
if (null == acl) {
return Collections.emptyList();
}
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
for (AccessControlEntry ace : acl.getEntries()) {
if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) {
continue;
}
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
return result;
}
Example #5
| Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
|
/**
* Revoke access on a domain object from a user/role
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
AclEntity ae = accessService.getAclEntity(type, uuid);
Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());
if (accessRequest.isPrincipal()) {
revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
} else {
revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
}
return accessService.generateAceResponses(acl);
}
Example #6
| Source File: BeanTest.java From Kylin with Apache License 2.0 | 5 votes |
|
@Test
public void test() {
try {
BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
BeanValidator.validateAccssor(TableMeta.class, new String[0]);
BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
} catch (IntrospectionException e) {
}
new SQLResponse(null, null, null, 0, true, null);
SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null, null, null, null, 0, 0, 0, null, false, false, false);
Assert.assertTrue(!coulmnMeta.isAutoIncrement());
Assert.assertTrue(!coulmnMeta.isCaseSensitive());
Assert.assertTrue(!coulmnMeta.isSearchable());
Assert.assertTrue(!coulmnMeta.isCurrency());
Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
Assert.assertTrue(!coulmnMeta.isSigned());
Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ, "hasRole('ROLE_ADMIN') or hasPermission(filterObject, 'READ') or hasPermission(filterObject, 'MANAGEMENT') " + "or hasPermission(filterObject, 'OPERATION') or hasPermission(filterObject, 'ADMINISTRATION')");
Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
Example #7
| Source File: AccessService.java From Kylin with Apache License 2.0 | 5 votes |
|
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
if (null == acl) {
return Collections.emptyList();
}
List<AccessEntryResponse> accessControlEntities = new ArrayList<AccessEntryResponse>();
// Cause there is a circle reference in AccessControlEntry, it needs to
// set acl to null as a workaround.
for (AccessControlEntry ace : acl.getEntries()) {
accessControlEntities.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
return accessControlEntities;
}
Example #8
| Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
|
/**
* Revoke access on a domain object from a user/role
*
* @param AccessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());
return accessService.generateAceResponses(acl);
}
Example #9
| Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
|
/**
* Update a access on a domain object
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);
return accessService.generateAceResponses(acl);
}
Example #10
| Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
|
/**
* Grant a new access on a domain object to a user/role
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal());
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.grant(ae, permission, sid);
return accessService.generateAceResponses(acl);
}
Example #11
| Source File: AccessController.java From Kylin with Apache License 2.0 | 5 votes |
|
/**
* Get access entry list of a domain object
*
* @param uuid
* @return
* @throws IOException
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.GET })
@ResponseBody
public List<AccessEntryResponse> getAccessEntities(@PathVariable String type, @PathVariable String uuid) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Acl acl = accessService.getAcl(ae);
return accessService.generateAceResponses(acl);
}
Example #12
| Source File: BeanTest.java From kylin with Apache License 2.0 | 5 votes |
|
@Test
public void test() {
try {
BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
BeanValidator.validateAccssor(TableMeta.class, new String[0]);
BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
} catch (IntrospectionException e) {
}
new SQLResponse(null, null, 0, true, null);
SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
null, null, null, 0, 0, 0, null, false, false, false);
Assert.assertTrue(!coulmnMeta.isAutoIncrement());
Assert.assertTrue(!coulmnMeta.isCaseSensitive());
Assert.assertTrue(!coulmnMeta.isSearchable());
Assert.assertTrue(!coulmnMeta.isCurrency());
Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
Assert.assertTrue(!coulmnMeta.isSigned());
Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
"hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
+ " or hasPermission(filterObject, 'MANAGEMENT')"
+ " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
Example #13
| Source File: AccessService.java From kylin with Apache License 2.0 | 5 votes |
|
public Object generateAllAceResponses(Acl acl) {
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
while (acl != null) {
for (AccessControlEntry ace : acl.getEntries()) {
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
acl = acl.getParentAcl();
}
return result;
}
Example #14
| Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
|
/**
* Update a access on a domain object
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);
return accessService.generateAceResponses(acl);
}
Example #15
| Source File: AccessController.java From kylin with Apache License 2.0 | 5 votes |
|
/**
* Grant a new access on a domain object to a user/role
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
boolean isPrincipal = accessRequest.isPrincipal();
String name = accessRequest.getSid();
validateUtil.checkIdentifiersExists(name, isPrincipal);
AclEntity ae = accessService.getAclEntity(type, uuid);
Sid sid = accessService.getSid(name, isPrincipal);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.grant(ae, permission, sid);
return accessService.generateAceResponses(acl);
}
Example #16
| Source File: BeanTest.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
@Test
public void test() {
try {
BeanValidator.validateAccssor(ColumnMeta.class, new String[0]);
BeanValidator.validateAccssor(TableMeta.class, new String[0]);
BeanValidator.validateAccssor(SelectedColumnMeta.class, new String[0]);
BeanValidator.validateAccssor(AccessRequest.class, new String[0]);
BeanValidator.validateAccssor(CubeRequest.class, new String[0]);
BeanValidator.validateAccssor(JobListRequest.class, new String[0]);
BeanValidator.validateAccssor(SQLRequest.class, new String[0]);
BeanValidator.validateAccssor(AccessEntryResponse.class, new String[0]);
BeanValidator.validateAccssor(SQLResponse.class, new String[0]);
} catch (IntrospectionException e) {
}
new SQLResponse(null, null, 0, true, null);
SelectedColumnMeta coulmnMeta = new SelectedColumnMeta(false, false, false, false, 0, false, 0, null, null,
null, null, null, 0, 0, 0, null, false, false, false);
Assert.assertTrue(!coulmnMeta.isAutoIncrement());
Assert.assertTrue(!coulmnMeta.isCaseSensitive());
Assert.assertTrue(!coulmnMeta.isSearchable());
Assert.assertTrue(!coulmnMeta.isCurrency());
Assert.assertTrue(coulmnMeta.getIsNullable() == 0);
Assert.assertTrue(!coulmnMeta.isSigned());
Assert.assertEquals(Constant.ACCESS_HAS_ROLE_ADMIN, "hasRole('ROLE_ADMIN')");
Assert.assertEquals(Constant.ACCESS_POST_FILTER_READ,
"hasRole('ROLE_ADMIN') " + " or hasPermission(filterObject, 'ADMINISTRATION')"
+ " or hasPermission(filterObject, 'MANAGEMENT')"
+ " or hasPermission(filterObject, 'OPERATION')" + " or hasPermission(filterObject, 'READ')");
Assert.assertEquals(Constant.FakeCatalogName, "defaultCatalog");
Assert.assertEquals(Constant.FakeSchemaName, "defaultSchema");
Assert.assertEquals(Constant.IDENTITY_ROLE, "role");
Assert.assertEquals(Constant.IDENTITY_USER, "user");
}
Example #17
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
public Object generateAllAceResponses(Acl acl) {
List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>();
while (acl != null) {
for (AccessControlEntry ace : acl.getEntries()) {
result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting()));
}
acl = acl.getParentAcl();
}
return result;
}
Example #18
| Source File: AccessController.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
/**
* Revoke access on a domain object from a user/role
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
AclEntity ae = accessService.getAclEntity(type, uuid);
Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());
if (accessRequest.isPrincipal()) {
revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
} else {
revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
}
return accessService.generateAceResponses(acl);
}
Example #19
| Source File: AccessController.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
/**
* Update a access on a domain object
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
AclEntity ae = accessService.getAclEntity(type, uuid);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);
return accessService.generateAceResponses(acl);
}
Example #20
| Source File: AccessController.java From kylin-on-parquet-v2 with Apache License 2.0 | 5 votes |
|
/**
* Grant a new access on a domain object to a user/role
*
* @param accessRequest
*/
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
boolean isPrincipal = accessRequest.isPrincipal();
String name = accessRequest.getSid();
validateUtil.checkIdentifiersExists(name, isPrincipal);
AclEntity ae = accessService.getAclEntity(type, uuid);
Sid sid = accessService.getSid(name, isPrincipal);
Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
Acl acl = accessService.grant(ae, permission, sid);
return accessService.generateAceResponses(acl);
}
Example #21
| Source File: AccessService.java From kylin with Apache License 2.0 | 4 votes |
|
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
return generateAceResponsesByFuzzMatching(acl, null, false);
}
Example #22
| Source File: AccessService.java From kylin-on-parquet-v2 with Apache License 2.0 | 4 votes |
|
public List<AccessEntryResponse> generateAceResponses(Acl acl) {
return generateAceResponsesByFuzzMatching(acl, null, false);
}
