All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.kylin.rest.controller.TableACLController Maven / Gradle / Ivy

There is a newer version: 4.0.4
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
*/

package org.apache.kylin.rest.controller;

import java.io.IOException;
import java.util.List;
import java.util.Set;

import static org.apache.kylin.metadata.MetadataConstants.TYPE_USER;

import org.apache.kylin.rest.constant.Constant;
import org.apache.kylin.rest.service.TableACLService;
import org.apache.kylin.rest.service.UserService;
import org.apache.kylin.rest.util.ValidateUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
@RequestMapping(value = "/acl")
public class TableACLController extends BasicController {

    @Autowired
    @Qualifier("TableAclService")
    private TableACLService tableACLService;

    @Autowired
    @Qualifier("validateUtil")
    private ValidateUtil validateUtil;

    @Autowired
    @Qualifier("userService")
    private UserService userService;

    @RequestMapping(value = "/table/{project}/{type}/{table:.+}", method = {RequestMethod.GET}, produces = {"application/json"})
    @ResponseBody
    public List getUsersCanQueryTheTbl(@PathVariable String project, @PathVariable String type, @PathVariable String table) throws IOException {
        validateUtil.validateArgs(project, table);
        validateUtil.validateTable(project, table);
        Set allIdentifiers = validateUtil.getAllIdentifiersInPrj(project, type);
        // add global admins
        if (type.equals(TYPE_USER)) {
            allIdentifiers.addAll(userService.listAdminUsers());
        } else {
            allIdentifiers.add(Constant.ROLE_ADMIN);
        }
        return tableACLService.getCanAccessList(project, table, allIdentifiers, type);
    }

    @RequestMapping(value = "/table/{project}/{type}/black/{table:.+}", method = {RequestMethod.GET}, produces = {"application/json"})
    @ResponseBody
    public List getUsersCannotQueryTheTbl(@PathVariable String project, @PathVariable String type, @PathVariable String table) throws IOException {
        validateUtil.validateArgs(project, table);
        validateUtil.validateTable(project, table);
        return tableACLService.getNoAccessList(project, table, type);
    }

    // because the frontend passes user can not visit, so that means put it to the table black list
    @RequestMapping(value = "/table/{project}/{type}/{table}/{name}", method = {RequestMethod.DELETE}, produces = {"application/json"})
    @ResponseBody
    public void putUserToTableBlackList(
            @PathVariable String project,
            @PathVariable String type,
            @PathVariable String table,
            @PathVariable String name) throws IOException {
        validateUtil.validateArgs(project, table, name);
        validateUtil.validateIdentifiers(project, name, type);
        validateUtil.validateTable(project, table);
        tableACLService.addToTableACL(project, name, table, type);
    }

    // because the frontend passes user can visit, so that means remove the user from the table black list
    @RequestMapping(value = "/table/{project}/{type}/{table}/{name}", method = {RequestMethod.POST}, produces = {"application/json"})
    @ResponseBody
    public void deleteUserFromTableBlackList(
            @PathVariable String project,
            @PathVariable String type,
            @PathVariable String table,
            @PathVariable String name) throws IOException {
        validateUtil.validateArgs(project, table, name);
        validateUtil.validateIdentifiers(project, name, type);
        validateUtil.validateTable(project, table);
        tableACLService.deleteFromTableACL(project, name, table, type);
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy