ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbeerbo...@apache.org
Subject [2/2] git commit: AMBARI-6627 - Views : Admin - Add custom permissions
Date Tue, 29 Jul 2014 12:04:32 GMT
AMBARI-6627 - Views : Admin - Add custom permissions


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/11336361
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/11336361
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/11336361

Branch: refs/heads/trunk
Commit: 11336361fa4b0e180961f29b95802bb51090c196
Parents: 8536204
Author: tbeerbower <tbeerbower@hortonworks.com>
Authored: Sun Jul 27 09:33:45 2014 -0400
Committer: tbeerbower <tbeerbower@hortonworks.com>
Committed: Tue Jul 29 08:01:54 2014 -0400

----------------------------------------------------------------------
 .../resources/ResourceInstanceFactoryImpl.java  |   4 +
 .../ViewPermissionResourceDefinition.java       |  58 +++++
 .../ViewVersionResourceDefinition.java          |   7 +-
 .../api/services/ViewPermissionService.java     | 185 +++++++++++++
 .../server/api/services/ViewVersionService.java |  13 +
 .../ambari/server/controller/AmbariServer.java  |   7 +-
 .../internal/DefaultProviderModule.java         |   2 +
 .../internal/PrivilegeResourceProvider.java     |  23 +-
 .../ViewPermissionResourceProvider.java         | 178 +++++++++++++
 .../ambari/server/controller/spi/Resource.java  |   4 +-
 .../apache/ambari/server/orm/dao/MemberDAO.java |   9 +-
 .../ambari/server/orm/dao/PermissionDAO.java    |  20 +-
 .../ambari/server/orm/dao/PrivilegeDAO.java     |  25 +-
 .../server/orm/entities/PermissionEntity.java   |  15 +-
 .../server/orm/entities/ResourceTypeEntity.java |  21 ++
 .../ambari/server/orm/entities/ViewEntity.java  |  47 ++++
 .../ambari/server/view/ViewContextImpl.java     |  43 ++-
 .../apache/ambari/server/view/ViewRegistry.java | 172 +++++++++---
 .../view/configuration/PermissionConfig.java    |  39 +++
 .../server/view/configuration/ViewConfig.java   |  15 ++
 .../main/resources/Ambari-DDL-MySQL-CREATE.sql  |   1 +
 .../main/resources/Ambari-DDL-Oracle-CREATE.sql |   1 +
 .../resources/Ambari-DDL-Postgres-CREATE.sql    |   1 +
 .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql     |   1 +
 .../ViewPermissionResourceDefinitionTest.java   |  49 ++++
 .../ViewVersionResourceDefinitionTest.java      |   7 +-
 .../api/services/ViewPermissionServiceTest.java | 100 +++++++
 .../ambari/server/view/ViewRegistryTest.java    |  70 +++--
 .../configuration/PermissionConfigTest.java     |  69 +++++
 ambari-views/examples/pom.xml                   |   1 +
 .../examples/restricted-view/docs/index.md      | 261 +++++++++++++++++++
 ambari-views/examples/restricted-view/pom.xml   |  89 +++++++
 .../view/restricted/RestrictedResource.java     |  57 ++++
 .../view/restricted/UnrestrictedResource.java   |  49 ++++
 .../restricted-view/src/main/resources/view.xml |  38 +++
 .../apache/ambari/view/SecurityException.java   |  44 ++++
 .../org/apache/ambari/view/ViewContext.java     |  12 +
 37 files changed, 1638 insertions(+), 99 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
index 892ac22..5399404 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
@@ -254,6 +254,10 @@ public class ResourceInstanceFactoryImpl implements ResourceInstanceFactory {
         resourceDefinition = new PrivilegeResourceDefinition(Resource.Type.ViewPrivilege);
         break;
 
+      case ViewPermission:
+        resourceDefinition = new ViewPermissionResourceDefinition();
+        break;
+
       default:
         throw new IllegalArgumentException("Unsupported resource type: " + type);
     }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java
new file mode 100644
index 0000000..1ff360d
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.resources;
+
+import org.apache.ambari.server.controller.spi.Resource;
+
+import java.util.Collections;
+import java.util.Set;
+
+
+/**
+ * Permission resource definition.
+ */
+public class ViewPermissionResourceDefinition extends BaseResourceDefinition {
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct a permission resource definition.
+   */
+  public ViewPermissionResourceDefinition() {
+    super(Resource.Type.ViewPermission);
+  }
+
+
+  // ----- ResourceDefinition ------------------------------------------------
+
+  @Override
+  public String getPluralName() {
+    return "permissions";
+  }
+
+  @Override
+  public String getSingularName() {
+    return "permission";
+  }
+
+  @Override
+  public Set<SubResourceDefinition> getSubResourceDefinitions() {
+    return Collections.emptySet();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java
index e67a50b..be21d1b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java
@@ -20,7 +20,7 @@ package org.apache.ambari.server.api.resources;
 
 import org.apache.ambari.server.controller.spi.Resource;
 
-import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 
 
@@ -53,6 +53,9 @@ public class ViewVersionResourceDefinition extends BaseResourceDefinition {
 
   @Override
   public Set<SubResourceDefinition> getSubResourceDefinitions() {
-    return Collections.singleton(new SubResourceDefinition(Resource.Type.ViewInstance));
+    Set<SubResourceDefinition> subResourceDefinitions = new HashSet<SubResourceDefinition>();
+    subResourceDefinitions.add(new SubResourceDefinition(Resource.Type.ViewInstance));
+    subResourceDefinitions.add(new SubResourceDefinition(Resource.Type.ViewPermission));
+    return subResourceDefinitions;
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java
new file mode 100644
index 0000000..711e85b
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java
@@ -0,0 +1,185 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.controller.spi.Resource;
+
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+import java.util.HashMap;
+import java.util.Map;
+
+
+/**
+ * Service responsible for custom view permission resource requests.
+ */
+public class ViewPermissionService extends BaseService {
+
+  /**
+   * Parent view name.
+   */
+  private final String viewName;
+
+  /**
+   * The view version.
+   */
+  private final String version;
+
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct a view permission service.
+   *
+   * @param viewName  the view id
+   * @param version   the version
+   */
+  public ViewPermissionService(String viewName, String version) {
+    this.viewName = viewName;
+    this.version  = version;
+  }
+
+
+  // ----- ViewPermissionService -----------------------------------------------
+
+  /**
+   * Handles: GET /permissions/{permissionID}
+   * Get a specific permission.
+   *
+   * @param headers        http headers
+   * @param ui             uri info
+   * @param permissionId   permission id
+   *
+   * @return permission instance representation
+   */
+  @GET
+  @Path("{permissionId}")
+  @Produces("text/plain")
+  public Response getPermission(@Context HttpHeaders headers, @Context UriInfo ui,
+                                @PathParam("permissionId") String permissionId) {
+
+    return handleRequest(headers, null, ui, Request.Type.GET, createPermissionResource(
+        viewName, version, permissionId));
+  }
+
+  /**
+   * Handles: GET  /permissions
+   * Get all permissions.
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   *
+   * @return permission collection resource representation
+   */
+  @GET
+  @Produces("text/plain")
+  public Response getPermissions(@Context HttpHeaders headers, @Context UriInfo ui) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createPermissionResource(
+        viewName, version, null));
+  }
+
+  /**
+   * Handles: POST /permissions/{permissionID}
+   * Create a specific permission.
+   *
+   * @param headers    http headers
+   * @param ui         uri info
+   * @param permissionId   permission id
+   *
+   * @return information regarding the created permission
+   */
+  @POST
+  @Path("{permissionId}")
+  @Produces("text/plain")
+  public Response createPermission(String body, @Context HttpHeaders headers, @Context UriInfo ui,
+                                   @PathParam("permissionId") String permissionId) {
+
+    return handleRequest(headers, body, ui, Request.Type.POST, createPermissionResource(
+        viewName, version, permissionId));
+  }
+
+  /**
+   * Handles: PUT /permissions/{permissionID}
+   * Update a specific permission.
+   *
+   * @param headers   http headers
+   * @param ui        uri info
+   * @param permissionId  permission id
+   *
+   * @return information regarding the updated permission
+   */
+  @PUT
+  @Path("{permissionId}")
+  @Produces("text/plain")
+  public Response updatePermission(String body, @Context HttpHeaders headers, @Context UriInfo ui,
+                                   @PathParam("permissionId") String permissionId) {
+
+    return handleRequest(headers, body, ui, Request.Type.PUT, createPermissionResource(
+        viewName, version, permissionId));
+  }
+
+  /**
+   * Handles: DELETE /permissions/{permissionID}
+   * Delete a specific permission.
+   *
+   * @param headers   http headers
+   * @param ui        uri info
+   * @param permissionId  permission id
+   *
+   * @return information regarding the deleted permission
+   */
+  @DELETE
+  @Path("{permissionId}")
+  @Produces("text/plain")
+  public Response deletePermission(@Context HttpHeaders headers, @Context UriInfo ui,
+                                   @PathParam("permissionId") String permissionId) {
+
+    return handleRequest(headers, null, ui, Request.Type.DELETE, createPermissionResource(
+        viewName, version, permissionId));
+  }
+
+
+  // ----- helper methods ----------------------------------------------------
+
+  /**
+   * Create a permission resource.
+   *
+   * @param permissionId permission name
+   *
+   * @return a permission resource instance
+   */
+  protected ResourceInstance createPermissionResource(String viewName, String viewVersion, String permissionId) {
+    Map<Resource.Type,String> mapIds = new HashMap<Resource.Type, String>();
+    mapIds.put(Resource.Type.View, viewName);
+    mapIds.put(Resource.Type.ViewVersion, viewVersion);
+    mapIds.put(Resource.Type.ViewPermission, permissionId);
+
+    return createResource(Resource.Type.ViewPermission, mapIds);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java
index 0dac300..8152ae6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java
@@ -166,6 +166,19 @@ public class ViewVersionService extends BaseService {
     return new ViewInstanceService(viewName, version);
   }
 
+  /**
+   * Get the permissions sub-resource
+   *
+   * @param version  the version
+   *
+   * @return the permission service
+   */
+  @Path("{version}/permissions")
+  public ViewPermissionService getPermissionHandler(@PathParam("version") String version) {
+
+    return new ViewPermissionService(viewName, version);
+  }
+
 
   // ----- helper methods ----------------------------------------------------
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 6803a01..eb34a77 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -53,12 +53,14 @@ import org.apache.ambari.server.controller.internal.PrivilegeResourceProvider;
 import org.apache.ambari.server.controller.internal.RecommendationResourceProvider;
 import org.apache.ambari.server.controller.internal.StackDefinedPropertyProvider;
 import org.apache.ambari.server.controller.internal.StackDependencyResourceProvider;
+import org.apache.ambari.server.controller.internal.ViewPermissionResourceProvider;
 import org.apache.ambari.server.controller.nagios.NagiosPropertyProvider;
 import org.apache.ambari.server.orm.GuiceJpaInitializer;
 import org.apache.ambari.server.orm.PersistenceType;
 import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
 import org.apache.ambari.server.orm.dao.BlueprintDAO;
 import org.apache.ambari.server.orm.dao.GroupDAO;
+import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.MetainfoDAO;
 import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.PrincipalDAO;
@@ -541,11 +543,14 @@ public class AmbariServer {
     ClusterResourceProvider.init(injector.getInstance(BlueprintDAO.class), ambariMetaInfo);
     AlertDefinitionResourceProvider.init(injector.getInstance(AlertDefinitionDAO.class));
     PermissionResourceProvider.init(injector.getInstance(PermissionDAO.class));
+    ViewPermissionResourceProvider.init(injector.getInstance(PermissionDAO.class));
     PrivilegeResourceProvider.init(injector.getInstance(PrivilegeDAO.class), injector.getInstance(UserDAO.class),
         injector.getInstance(GroupDAO.class), injector.getInstance(PrincipalDAO.class),
         injector.getInstance(PermissionDAO.class), injector.getInstance(ResourceDAO.class));
     ViewRegistry.init(injector.getInstance(ViewDAO.class), injector.getInstance(ViewInstanceDAO.class),
-        injector.getInstance(ResourceDAO.class), injector.getInstance(ResourceTypeDAO.class));
+        injector.getInstance(ResourceDAO.class), injector.getInstance(ResourceTypeDAO.class),
+        injector.getInstance(UserDAO.class), injector.getInstance(MemberDAO.class),
+        injector.getInstance(PrivilegeDAO.class));
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
index 1d20075..88e4296 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
@@ -75,6 +75,8 @@ public class DefaultProviderModule extends AbstractProviderModule {
         return new AmbariPrivilegeResourceProvider();
       case ViewPrivilege:
         return new ViewPrivilegeResourceProvider();
+      case ViewPermission:
+        return new ViewPermissionResourceProvider();
       default:
         return AbstractControllerResourceProvider.getResourceProvider(type, propertyIds,
             keyPropertyIds, managementController);

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
index c7476e5..d04345b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
@@ -40,6 +40,7 @@ import org.apache.ambari.server.orm.entities.GroupEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
 
 import java.util.Collections;
@@ -303,22 +304,26 @@ public abstract class PrivilegeResourceProvider<T> extends AbstractResourceProvi
    * @return the new privilege entity
    */
   protected PrivilegeEntity toEntity(Map<String, Object> properties, Long resourceId) {
-    PrivilegeEntity entity = new PrivilegeEntity();
+    PrivilegeEntity entity         = new PrivilegeEntity();
+    String          permissionName = (String) properties.get(PERMISSION_NAME_PROPERTY_ID);
+    ResourceEntity  resourceEntity = resourceDAO.findById(resourceId);
 
-    String permissionName = (String) properties.get(PERMISSION_NAME_PROPERTY_ID);
-
-    entity.setPermission(permissionDAO.findPermissionByName(permissionName));
-    entity.setResource(resourceDAO.findById(resourceId));
+    entity.setResource(resourceEntity);
+    entity.setPermission(permissionDAO.findPermissionByNameAndType(permissionName, resourceEntity.getResourceType()));
 
     String principalName = (String) properties.get(PRINCIPAL_NAME_PROPERTY_ID);
     String principalType = (String) properties.get(PRINCIPAL_TYPE_PROPERTY_ID);
 
     if (PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME.equalsIgnoreCase(principalType)) {
       GroupEntity groupEntity = groupDAO.findGroupByName(principalName);
-      entity.setPrincipal(principalDAO.findById(groupEntity.getPrincipal().getId()));
+      if (groupEntity != null) {
+        entity.setPrincipal(principalDAO.findById(groupEntity.getPrincipal().getId()));
+      }
     } else if (PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME.equalsIgnoreCase(principalType)) {
       UserEntity userEntity = userDAO.findLocalUserByName(principalName);
-      entity.setPrincipal(principalDAO.findById(userEntity.getPrincipal().getId()));
+      if (userEntity != null) {
+        entity.setPrincipal(principalDAO.findById(userEntity.getPrincipal().getId()));
+      }
     }
     return entity;
   }
@@ -335,6 +340,10 @@ public abstract class PrivilegeResourceProvider<T> extends AbstractResourceProvi
 
         PrivilegeEntity entity = toEntity(properties, resourceId);
 
+        if (entity.getPrincipal() == null) {
+          throw new AmbariException("Can't find principal " + properties.get(PRINCIPAL_TYPE_PROPERTY_ID) +
+              " " + properties.get(PRINCIPAL_NAME_PROPERTY_ID) + " for privilege.");
+        }
         if (privilegeDAO.exists(entity)) {
             throw new DuplicateResourceException("The privilege already exists.");
         }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java
new file mode 100644
index 0000000..547692d
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java
@@ -0,0 +1,178 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.RequestStatus;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
+import org.apache.ambari.server.controller.spi.SystemException;
+import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.ViewEntity;
+import org.apache.ambari.server.view.ViewRegistry;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Resource provider for custom view permissions.
+ */
+public class ViewPermissionResourceProvider extends AbstractResourceProvider {
+
+  /**
+   * Data access object used to obtain permission entities.
+   */
+  protected static PermissionDAO permissionDAO;
+
+  /**
+   * Permission property id constants.
+   */
+  public static final String VIEW_NAME_PROPERTY_ID       = "PermissionInfo/view_name";
+  public static final String VIEW_VERSION_PROPERTY_ID    = "PermissionInfo/version";
+  public static final String PERMISSION_ID_PROPERTY_ID   = "PermissionInfo/permission_id";
+  public static final String PERMISSION_NAME_PROPERTY_ID = "PermissionInfo/permission_name";
+  public static final String RESOURCE_NAME_PROPERTY_ID   = "PermissionInfo/resource_name";
+
+
+  /**
+   * The key property ids for a permission resource.
+   */
+  private static Map<Resource.Type, String> keyPropertyIds = new HashMap<Resource.Type, String>();
+  static {
+    keyPropertyIds.put(Resource.Type.View, VIEW_NAME_PROPERTY_ID);
+    keyPropertyIds.put(Resource.Type.ViewVersion, VIEW_VERSION_PROPERTY_ID);
+    keyPropertyIds.put(Resource.Type.ViewPermission, PERMISSION_ID_PROPERTY_ID);
+  }
+
+  /**
+   * The property ids for a permission resource.
+   */
+  private static Set<String> propertyIds = new HashSet<String>();
+  static {
+    propertyIds.add(VIEW_NAME_PROPERTY_ID);
+    propertyIds.add(VIEW_VERSION_PROPERTY_ID);
+    propertyIds.add(PERMISSION_ID_PROPERTY_ID);
+    propertyIds.add(PERMISSION_NAME_PROPERTY_ID);
+    propertyIds.add(RESOURCE_NAME_PROPERTY_ID);
+  }
+
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct a permission resource provider.
+   */
+  public ViewPermissionResourceProvider() {
+    super(propertyIds, keyPropertyIds);
+  }
+
+
+  // ----- PermissionResourceProvider ----------------------------------------
+
+  /**
+   * Static initialization.
+   *
+   * @param dao  permission data access object
+   */
+  public static void init(PermissionDAO dao) {
+    permissionDAO = dao;
+  }
+
+
+  // ----- ResourceProvider --------------------------------------------------
+
+  @Override
+  public RequestStatus createResources(Request request)
+      throws SystemException, UnsupportedPropertyException,
+      ResourceAlreadyExistsException, NoSuchParentResourceException {
+    throw new UnsupportedOperationException("Not supported.");
+  }
+
+  @Override
+  public Set<Resource> getResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    ViewRegistry  viewRegistry = ViewRegistry.getInstance();
+    Set<Resource> resources    = new HashSet<Resource>();
+    Set<String>   requestedIds = getRequestPropertyIds(request, predicate);
+
+    for(PermissionEntity permissionEntity : permissionDAO.findAll()){
+      ResourceTypeEntity resourceType = permissionEntity.getResourceType();
+
+      ViewEntity viewEntity = viewRegistry.getDefinition(resourceType);
+
+      if (viewEntity != null) {
+        resources.add(toResource(permissionEntity, resourceType, viewEntity, requestedIds));
+      }
+    }
+
+    return resources;
+  }
+
+  @Override
+  public RequestStatus updateResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    throw new UnsupportedOperationException("Not supported.");
+  }
+
+  @Override
+  public RequestStatus deleteResources(Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    throw new UnsupportedOperationException("Not supported.");
+  }
+
+  @Override
+  public Map<Resource.Type, String> getKeyPropertyIds() {
+    return keyPropertyIds;
+  }
+
+
+  // ----- AbstractResourceProvider ------------------------------------------
+
+  @Override
+  protected Set<String> getPKPropertyIds() {
+    return new HashSet<String>(keyPropertyIds.values());
+  }
+
+
+  // ----- helper methods ----------------------------------------------------
+
+  // convert the given permission entity to a resource
+  private Resource toResource(PermissionEntity entity, ResourceTypeEntity resourceType,
+                              ViewEntity viewEntity, Set<String> requestedIds) {
+
+    Resource resource = new ResourceImpl(Resource.Type.ViewPermission);
+
+    setResourceProperty(resource, VIEW_NAME_PROPERTY_ID, viewEntity.getCommonName(), requestedIds);
+    setResourceProperty(resource, VIEW_VERSION_PROPERTY_ID, viewEntity.getVersion(), requestedIds);
+
+    setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, entity.getId(), requestedIds);
+    setResourceProperty(resource, PERMISSION_NAME_PROPERTY_ID, entity.getPermissionName(), requestedIds);
+    setResourceProperty(resource, RESOURCE_NAME_PROPERTY_ID, resourceType.getName(), requestedIds);
+
+    return resource;
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
index 50519cc..c6cc95b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
@@ -115,7 +115,8 @@ public interface Resource {
     AlertDefinition,
     AmbariPrivilege,
     ClusterPrivilege,
-    ViewPrivilege;
+    ViewPrivilege,
+    ViewPermission;
 
     /**
      * Get the {@link Type} that corresponds to this InternalType.
@@ -192,6 +193,7 @@ public interface Resource {
     public static final Type AmbariPrivilege = InternalType.AmbariPrivilege.getType();
     public static final Type ClusterPrivilege = InternalType.ClusterPrivilege.getType();
     public static final Type ViewPrivilege = InternalType.ViewPrivilege.getType();
+    public static final Type ViewPermission = InternalType.ViewPermission.getType();
 
     /**
      * The type name.

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java
index b4e015d..5788b81 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java
@@ -29,6 +29,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.UserEntity;
 
 @Singleton
 public class MemberDAO {
@@ -44,7 +45,13 @@ public class MemberDAO {
 
   @RequiresSession
   public List<MemberEntity> findAll() {
-    final TypedQuery<MemberEntity> query = entityManagerProvider.get().createQuery("SELECT member FROM MemberEntity member", MemberEntity.class);
+    final TypedQuery<MemberEntity> query = entityManagerProvider.get().createQuery("SELECT m FROM MemberEntity m", MemberEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  public List<MemberEntity> findAllMembersByUser(UserEntity userEntity) {
+    TypedQuery<MemberEntity> query = entityManagerProvider.get().createQuery("SELECT m FROM MemberEntity m WHERE m.user = :userEntity", MemberEntity.class);
+    query.setParameter("userEntity", userEntity);
     return daoUtils.selectList(query);
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
index c00b47a..0ab5af8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
@@ -22,9 +22,9 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 
 import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
 import java.util.List;
 
@@ -58,24 +58,22 @@ public class PermissionDAO {
    * @return all entities or an empty List
    */
   public List<PermissionEntity> findAll() {
-    TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT resource FROM PermissionEntity resource", PermissionEntity.class);
+    TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT p FROM PermissionEntity p", PermissionEntity.class);
     return daoUtils.selectList(query);
   }
 
   /**
-   * Find a permission entity by name.
+   * Find a permission entity by name and type.
    *
-   * @param name  the permission name
+   * @param name         the permission name
+   * @param resourceType the resource type
    *
    * @return  a matching permission entity or null
    */
-  public PermissionEntity findPermissionByName(String name) {
-    final TypedQuery<PermissionEntity> query = entityManagerProvider.get().createNamedQuery("permissionByName", PermissionEntity.class);
+  public PermissionEntity findPermissionByNameAndType(String name, ResourceTypeEntity resourceType) {
+    TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT p FROM PermissionEntity p WHERE p.permissionName=:permissionname AND p.resourceType=:resourcetype", PermissionEntity.class);
     query.setParameter("permissionname", name);
-    try {
-      return query.getSingleResult();
-    } catch (NoResultException e) {
-      return null;
-    }
+    query.setParameter("resourcetype", resourceType);
+    return daoUtils.selectSingle(query);
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
index de18031..7fed17b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
@@ -22,7 +22,10 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
 
 import javax.persistence.EntityManager;
 import javax.persistence.TypedQuery;
@@ -63,19 +66,33 @@ public class PrivilegeDAO {
   }
 
   /**
-   * Determine whether or not the given privilege entity already exists.
+   * Determine whether or not the given privilege entity exists.
    *
    * @param entity  the privilege entity
    *
    * @return true if the given privilege entity already exists
    */
   public boolean exists(PrivilegeEntity entity) {
+    return exists(entity.getPrincipal(), entity.getResource(), entity.getPermission());
+  }
+
+  /**
+   * Determine whether or not the privilege entity exists defined by the given principal, resource and
+   * permission exists.
+   *
+   * @param principalEntity   the principal entity
+   * @param resourceEntity    the resource entity
+   * @param permissionEntity  the permission entity
+   *
+   * @return true if the privilege entity already exists
+   */
+  public boolean exists(PrincipalEntity principalEntity, ResourceEntity resourceEntity, PermissionEntity permissionEntity) {
     TypedQuery<PrivilegeEntity> query = entityManagerProvider.get().createQuery(
         "SELECT privilege FROM PrivilegeEntity privilege WHERE privilege.principal = :principal AND privilege.resource = :resource AND privilege.permission = :permission", PrivilegeEntity.class);
 
-    query.setParameter("principal", entity.getPrincipal());
-    query.setParameter("resource", entity.getResource());
-    query.setParameter("permission", entity.getPermission());
+    query.setParameter("principal", principalEntity);
+    query.setParameter("resource", resourceEntity);
+    query.setParameter("permission", permissionEntity);
 
     List<PrivilegeEntity> privilegeEntities = daoUtils.selectList(query);
     return !(privilegeEntities == null || privilegeEntities.isEmpty());

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
index a770f1d..8889bde 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
@@ -43,10 +43,6 @@ import javax.persistence.TableGenerator;
     , initialValue = 5
     , allocationSize = 1
 )
-
-@NamedQueries({
-    @NamedQuery(name = "permissionByName", query = "SELECT permission_entity FROM PermissionEntity permission_entity where permission_entity.permissionName=:permissionname")
-})
 public class PermissionEntity {
 
   /**
@@ -137,17 +133,14 @@ public class PermissionEntity {
 
     PermissionEntity that = (PermissionEntity) o;
 
-    if (!id.equals(that.id)) return false;
-    if (permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null)
-      return false;
-    if (resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null) return false;
-
-    return true;
+    return !(id != null ? !id.equals(that.id) : that.id != null) &&
+        !(permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null) &&
+        !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null);
   }
 
   @Override
   public int hashCode() {
-    int result = id.hashCode();
+    int result = id != null ? id.hashCode() : 0;
     result = 31 * result + (permissionName != null ? permissionName.hashCode() : 0);
     result = 31 * result + (resourceType != null ? resourceType.hashCode() : 0);
     return result;

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java
index 9842a6a..1fdb737 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java
@@ -99,5 +99,26 @@ public class ResourceTypeEntity {
   public void setName(String name) {
     this.name = name;
   }
+
+
+  // ----- Object overrides --------------------------------------------------
+
+  @Override
+  public boolean equals(Object o) {
+    if (this == o) return true;
+    if (o == null || getClass() != o.getClass()) return false;
+
+    ResourceTypeEntity that = (ResourceTypeEntity) o;
+
+    return !(id != null ? !id.equals(that.id) : that.id != null) && !(name != null ?
+        !name.equals(that.name) : that.name != null);
+  }
+
+  @Override
+  public int hashCode() {
+    int result = id != null ? id.hashCode() : 0;
+    result = 31 * result + (name != null ? name.hashCode() : 0);
+    return result;
+  }
 }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
index 59d87aa..da6e2d2 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java
@@ -121,6 +121,18 @@ public class ViewEntity implements ViewDefinition {
   @OneToMany(cascade = CascadeType.ALL, mappedBy = "view")
   private Collection<ViewInstanceEntity> instances = new HashSet<ViewInstanceEntity>();
 
+  /**
+   * The list of view permissions.
+   */
+  @OneToMany(cascade = CascadeType.ALL)
+  @JoinColumns({
+      @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false),
+  })
+  private Collection<PermissionEntity> permissions = new HashSet<PermissionEntity>();
+
+  /**
+   * The resource type.
+   */
   @ManyToOne
   @JoinColumns({
       @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false),
@@ -352,6 +364,41 @@ public class ViewEntity implements ViewDefinition {
   }
 
   /**
+   * Get the view custom permissions.
+   *
+   * @return the view permissions
+   */
+  public Collection<PermissionEntity> getPermissions() {
+    return permissions;
+  }
+
+  /**
+   * Set the custom view permissions.
+   *
+   * @param permissions  the permissions
+   */
+  public void setPermissions(Collection<PermissionEntity> permissions) {
+    this.permissions = permissions;
+  }
+
+  /**
+   * Get the permission entity for the given permission name.
+   *
+   * @param permissionName  the permission name
+   *
+   * @return the matching permission entity or null
+   */
+  public PermissionEntity getPermission(String permissionName) {
+
+    for (PermissionEntity permissionEntity : permissions) {
+      if (permissionEntity.getPermissionName().equals(permissionName)) {
+        return permissionEntity;
+      }
+    }
+    return null;
+  }
+
+  /**
    * Get the view resources.
    *
    * @return the view resources

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
index 6426575..d36ad6e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java
@@ -21,13 +21,19 @@ package org.apache.ambari.server.view;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import org.apache.ambari.server.configuration.ComponentSSLConfiguration;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.ViewEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
+import org.apache.ambari.server.view.configuration.ParameterConfig;
+import org.apache.ambari.server.view.configuration.ViewConfig;
 import org.apache.ambari.server.view.events.EventImpl;
 import org.apache.ambari.server.view.persistence.DataStoreImpl;
 import org.apache.ambari.server.view.persistence.DataStoreModule;
 import org.apache.ambari.view.DataStore;
+import org.apache.ambari.view.MaskException;
+import org.apache.ambari.view.Masker;
 import org.apache.ambari.view.ResourceProvider;
+import org.apache.ambari.view.SecurityException;
 import org.apache.ambari.view.URLStreamProvider;
 import org.apache.ambari.view.ViewContext;
 import org.apache.ambari.view.ViewController;
@@ -35,6 +41,9 @@ import org.apache.ambari.view.ViewDefinition;
 import org.apache.ambari.view.ViewInstanceDefinition;
 import org.apache.ambari.view.events.Event;
 import org.apache.ambari.view.events.Listener;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.exception.ParseErrorException;
@@ -51,14 +60,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 
-import org.apache.ambari.server.view.configuration.ParameterConfig;
-import org.apache.ambari.server.view.configuration.ViewConfig;
-import org.apache.ambari.view.MaskException;
-import org.apache.ambari.view.Masker;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
 /**
  * View context implementation.
  */
@@ -239,6 +240,32 @@ public class ViewContextImpl implements ViewContext, ViewController {
   }
 
   @Override
+  public void hasPermission(String userName, String permissionName) throws org.apache.ambari.view.SecurityException {
+
+    if (userName == null || userName.length() == 0) {
+      throw new SecurityException("No user name specified.");
+    }
+
+    if (permissionName == null || permissionName.length() == 0) {
+      throw new SecurityException("No permission name specified.");
+    }
+
+    if (viewInstanceEntity == null) {
+      throw new SecurityException("There is no instance associated with the view context");
+    }
+
+    PermissionEntity permissionEntity = viewEntity.getPermission(permissionName);
+
+    if (permissionEntity == null) {
+      throw new SecurityException("The permission " + permissionName + " is not defined for " + viewEntity.getName());
+    }
+
+    if (!viewRegistry.hasPermission(permissionEntity, viewInstanceEntity.getResource(), userName)) {
+      throw new SecurityException("The user " + userName + " has not been granted permission " + permissionName);
+    }
+  }
+
+  @Override
   public URLStreamProvider getURLStreamProvider() {
     return streamProvider;
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 4859836..7b7d9a4 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -29,12 +29,19 @@ import org.apache.ambari.server.api.services.ViewExternalSubResourceService;
 import org.apache.ambari.server.api.services.ViewSubResourceService;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.orm.dao.MemberDAO;
+import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
+import org.apache.ambari.server.orm.entities.GroupEntity;
+import org.apache.ambari.server.orm.entities.MemberEntity;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
 import org.apache.ambari.server.orm.entities.ViewEntity;
 import org.apache.ambari.server.orm.entities.ViewEntityEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceDataEntity;
@@ -44,6 +51,7 @@ import org.apache.ambari.server.orm.entities.ViewResourceEntity;
 import org.apache.ambari.server.view.configuration.EntityConfig;
 import org.apache.ambari.server.view.configuration.InstanceConfig;
 import org.apache.ambari.server.view.configuration.ParameterConfig;
+import org.apache.ambari.server.view.configuration.PermissionConfig;
 import org.apache.ambari.server.view.configuration.PersistenceConfig;
 import org.apache.ambari.server.view.configuration.PropertyConfig;
 import org.apache.ambari.server.view.configuration.ResourceConfig;
@@ -164,6 +172,21 @@ public class ViewRegistry {
    */
   private static ResourceTypeDAO resourceTypeDAO;
 
+  /**
+   * User data access object.
+   */
+  private static UserDAO userDAO;
+
+  /**
+   * Group member data access object.
+   */
+  private static MemberDAO memberDAO;
+
+  /**
+   * Privilege data access object.
+   */
+  private static PrivilegeDAO privilegeDAO;
+
 
   // ----- Constructors ------------------------------------------------------
 
@@ -198,6 +221,23 @@ public class ViewRegistry {
   }
 
   /**
+   * Get the view definition for the given resource type.
+   *
+   * @param resourceTypeEntity  the resource type
+   *
+   * @return the view definition for the given resource type or null
+   */
+  public ViewEntity getDefinition(ResourceTypeEntity resourceTypeEntity) {
+
+    for (ViewEntity viewEntity : viewDefinitions.values()) {
+      if (viewEntity.getResourceType().equals(resourceTypeEntity)) {
+        return viewEntity;
+      }
+    }
+    return null;
+  }
+
+  /**
    * Add a view definition to the registry.
    *
    * @param definition  the definition
@@ -605,6 +645,43 @@ public class ViewRegistry {
     listeners.add(listener);
   }
 
+  /**
+   * Determine whether or not the access specified by the given permission
+   * is permitted for the given user on the view instance identified by
+   * the given resource.
+   *
+   * @param permissionEntity  the permission entity
+   * @param resourceEntity    the resource entity
+   * @param userName          the user name
+   *
+   * @return true if the access specified by the given permission
+   *         is permitted for the given user.
+   */
+  public boolean hasPermission(PermissionEntity permissionEntity, ResourceEntity resourceEntity, String userName) {
+
+    UserEntity userEntity = userDAO.findLocalUserByName(userName);
+
+    if (userEntity == null) {
+      return false;
+    }
+
+    if (privilegeDAO.exists(userEntity.getPrincipal(), resourceEntity, permissionEntity)) {
+      return true;
+    }
+
+    List<MemberEntity> memberEntities = memberDAO.findAllMembersByUser(userEntity);
+
+    for (MemberEntity memberEntity : memberEntities) {
+
+      GroupEntity groupEntity = memberEntity.getGroup();
+
+      if (privilegeDAO.exists(groupEntity.getPrincipal(), resourceEntity, permissionEntity)) {
+        return true;
+      }
+    }
+    return false;
+  }
+
 
   // ----- helper methods ----------------------------------------------------
 
@@ -700,6 +777,24 @@ public class ViewRegistry {
       }
       viewDefinition.setResources(resources);
     }
+
+    ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
+    resourceTypeEntity.setName(viewDefinition.getName());
+
+    viewDefinition.setResourceType(resourceTypeEntity);
+
+    List<PermissionConfig> permissionConfigurations = viewConfig.getPermissions();
+
+    Collection<PermissionEntity> permissions = new HashSet<PermissionEntity>();
+    for (PermissionConfig permissionConfiguration : permissionConfigurations) {
+      PermissionEntity permissionEntity =  new PermissionEntity();
+
+      permissionEntity.setPermissionName(permissionConfiguration.getName());
+      permissionEntity.setResourceType(resourceTypeEntity);
+      permissions.add(permissionEntity);
+    }
+    viewDefinition.setPermissions(permissions);
+
     View view = null;
     if (viewConfig.getView() != null) {
       view = getView(viewConfig.getViewClass(cl), new ViewContextImpl(viewDefinition, this));
@@ -774,6 +869,10 @@ public class ViewRegistry {
 
     setPersistenceEntities(viewInstanceDefinition);
 
+    ResourceEntity resourceEntity = new ResourceEntity();
+    resourceEntity.setResourceType(viewDefinition.getResourceType());
+    viewInstanceDefinition.setResource(resourceEntity);
+
     viewDefinition.addInstanceDefinition(viewInstanceDefinition);
   }
 
@@ -885,35 +984,8 @@ public class ViewRegistry {
       if (LOG.isDebugEnabled()) {
         LOG.debug("Creating View " + viewName + ".");
       }
-      // get or create an admin resource type to represent this view
-      ResourceTypeEntity resourceTypeEntity = resourceTypeDAO.findByName(viewName);
-      if (resourceTypeEntity == null) {
-        resourceTypeEntity = new ResourceTypeEntity();
-        resourceTypeEntity.setName(view.getName());
-        resourceTypeDAO.create(resourceTypeEntity);
-      }
-
-      view.setResourceType(resourceTypeEntity);
-
-      for( ViewInstanceEntity instance : view.getInstances()) {
-
-        // create an admin resource to represent this view instance
-        ResourceEntity resourceEntity = new ResourceEntity();
-        resourceEntity.setResourceType(resourceTypeEntity);
-        resourceDAO.create(resourceEntity);
-
-        instance.setResource(resourceEntity);
-      }
       // ... merge it
-      viewDAO.merge(view);
-
-      persistedView = viewDAO.findByName(viewName);
-      if (persistedView == null) {
-        String message = "View  " + persistedView.getViewName() + " can not be found.";
-
-        LOG.error(message);
-        throw new IllegalStateException(message);
-      }
+      persistedView = viewDAO.merge(view);
     }
 
     Map<String, ViewInstanceEntity> instanceEntityMap = new HashMap<String, ViewInstanceEntity>();
@@ -921,6 +993,9 @@ public class ViewRegistry {
       instanceEntityMap.put(instance.getName(), instance);
     }
 
+    view.setResourceType(persistedView.getResourceType());
+    view.setPermissions(persistedView.getPermissions());
+
     // make sure that each instance of the view in the db is reflected in the given view
     for (ViewInstanceEntity persistedInstance : persistedView.getInstances()){
       String instanceName = persistedInstance.getName();
@@ -947,9 +1022,7 @@ public class ViewRegistry {
       instance.setProperties(persistedInstance.getProperties());
       instance.setEntities(persistedInstance.getEntities());
 
-      if (instance.getResource() == null) {
-        instance.setResource(persistedInstance.getResource());
-      }
+      instance.setResource(persistedInstance.getResource());
     }
 
     // these instances appear in the archive but have been deleted
@@ -1078,12 +1151,20 @@ public class ViewRegistry {
    * @param instanceDAO      view instance data access object
    * @param resourceDAO      resource data access object
    * @param resourceTypeDAO  resource type data access object
+   * @param userDAO          user data access object
+   * @param memberDAO        group member data access object
+   * @param privilegeDAO     the privilege data access object
    */
-  public static void init(ViewDAO viewDAO, ViewInstanceDAO instanceDAO, ResourceDAO resourceDAO, ResourceTypeDAO resourceTypeDAO) {
+  public static void init(ViewDAO viewDAO, ViewInstanceDAO instanceDAO, ResourceDAO resourceDAO,
+                          ResourceTypeDAO resourceTypeDAO, UserDAO userDAO, MemberDAO memberDAO,
+                          PrivilegeDAO privilegeDAO) {
     setViewDAO(viewDAO);
     setInstanceDAO(instanceDAO);
     setResourceDAO(resourceDAO);
     setResourceTypeDAO(resourceTypeDAO);
+    setUserDAO(userDAO);
+    setMemberDAO(memberDAO);
+    setPrivilegeDAO(privilegeDAO);
   }
 
   /**
@@ -1122,6 +1203,33 @@ public class ViewRegistry {
     ViewRegistry.resourceTypeDAO = resourceTypeDAO;
   }
 
+  /**
+   * Set the user DAO.
+   *
+   * @param userDAO  the user DAO
+   */
+  protected static void setUserDAO(UserDAO userDAO) {
+    ViewRegistry.userDAO = userDAO;
+  }
+
+  /**
+   * Set the group member DAO.
+   *
+   * @param memberDAO  the group member DAO
+   */
+  protected static void setMemberDAO(MemberDAO memberDAO) {
+    ViewRegistry.memberDAO = memberDAO;
+  }
+
+  /**
+   * Set the privilege DAO.
+   *
+   * @param privilegeDAO  the privilege DAO
+   */
+  protected static void setPrivilegeDAO(PrivilegeDAO privilegeDAO) {
+    ViewRegistry.privilegeDAO = privilegeDAO;
+  }
+
 
   // ----- inner class : ViewRegistryHelper ----------------------------------
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java
new file mode 100644
index 0000000..07d1b53
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.view.configuration;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+
+/**
+ * View custom permission configuration.
+ */
+@XmlAccessorType(XmlAccessType.FIELD)
+public class PermissionConfig {
+  private String name;
+  private String description;
+
+  public String getName() {
+    return name;
+  }
+
+  public String getDescription() {
+    return description;
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java
index e084918..ddca446 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java
@@ -109,6 +109,12 @@ public class ViewConfig {
   private PersistenceConfig persistence;
 
   /**
+   * The list of view parameters.
+   */
+  @XmlElement(name="permission")
+  private List<PermissionConfig> permissions;
+
+  /**
    * Get the unique name.
    *
    * @return the view name
@@ -241,4 +247,13 @@ public class ViewConfig {
   public PersistenceConfig getPersistence() {
     return persistence;
   }
+
+  /**
+   * Get the list of custom permissions defined for the view.
+   *
+   * @return the list of custom permissions
+   */
+  public List<PermissionConfig> getPermissions() {
+    return permissions == null ? Collections.<PermissionConfig>emptyList() : permissions;
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index f3cac2e..cf51a49 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -129,6 +129,7 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
 ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
 ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
 ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
 ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
 ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
 ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index 2328ffc..c05affd 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -119,6 +119,7 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
 ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
 ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
 ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
 ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
 ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
 ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index 43addca..82335e3 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -152,6 +152,7 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
 ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
 ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
 ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
 ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
 ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
 ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index 2fc99be..b5fcd94 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -215,6 +215,7 @@ ALTER TABLE ambari.viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY
 ALTER TABLE ambari.adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
 ALTER TABLE ambari.adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
 ALTER TABLE ambari.adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE ambari.adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id);
 ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
 ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
 ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java
new file mode 100644
index 0000000..fbb20f2
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.resources;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Set;
+
+/**
+ * ViewPermissionResourceDefinition tests.
+ */
+public class ViewPermissionResourceDefinitionTest {
+  @Test
+  public void testGetPluralName() throws Exception {
+    ViewPermissionResourceDefinition ViewPermissionResourceDefinition = new ViewPermissionResourceDefinition();
+    Assert.assertEquals("permissions", ViewPermissionResourceDefinition.getPluralName());
+  }
+
+  @Test
+  public void testGetSingularName() throws Exception {
+    ViewPermissionResourceDefinition ViewPermissionResourceDefinition = new ViewPermissionResourceDefinition();
+    Assert.assertEquals("permission", ViewPermissionResourceDefinition.getSingularName());
+  }
+
+  @Test
+  public void testGetSubResourceDefinitions() throws Exception {
+    ViewPermissionResourceDefinition ViewPermissionResourceDefinition = new ViewPermissionResourceDefinition();
+    Set<SubResourceDefinition> subResourceDefinitions = ViewPermissionResourceDefinition.getSubResourceDefinitions ();
+
+    Assert.assertTrue(subResourceDefinitions.isEmpty());
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java
index 32c13b3..d83c902 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java
@@ -44,8 +44,11 @@ public class ViewVersionResourceDefinitionTest {
     ViewVersionResourceDefinition viewVersionResourceDefinition = new ViewVersionResourceDefinition();
     Set<SubResourceDefinition> subResourceDefinitions = viewVersionResourceDefinition.getSubResourceDefinitions ();
 
-    Assert.assertEquals(1, subResourceDefinitions.size());
+    Assert.assertEquals(2, subResourceDefinitions.size());
 
-    Assert.assertEquals("ViewInstance", subResourceDefinitions.iterator().next().getType().name());
+    for (SubResourceDefinition subResourceDefinition : subResourceDefinitions) {
+      String name = subResourceDefinition.getType().name();
+      Assert.assertTrue(name.equals("ViewInstance") || name.equals("ViewPermission"));
+    }
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java
new file mode 100644
index 0000000..f841be9
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java
@@ -0,0 +1,100 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
+import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.UriInfo;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Unit tests for ViewPermissionService.
+ */
+public class ViewPermissionServiceTest extends BaseServiceTest {
+
+
+  public List<ServiceTestInvocation> getTestInvocations() throws Exception {
+    List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+
+    //getPermission
+    ViewPermissionService permissionService = new TestViewPermissionService("MY_VIEW", "1.0", "permissionName");
+    Method m = permissionService.getClass().getMethod("getPermission", HttpHeaders.class, UriInfo.class, String.class);
+    Object[] args = new Object[] {getHttpHeaders(), getUriInfo(), "permissionName"};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.GET, permissionService, m, args, null));
+
+    //getPermissions
+    permissionService = new TestViewPermissionService("MY_VIEW", "1.0",null);
+    m = permissionService.getClass().getMethod("getPermissions", HttpHeaders.class, UriInfo.class);
+    args = new Object[] {getHttpHeaders(), getUriInfo()};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.GET, permissionService, m, args, null));
+
+    //createPermission
+    permissionService = new TestViewPermissionService("MY_VIEW", "1.0","permissionName");
+    m = permissionService.getClass().getMethod("createPermission", String.class, HttpHeaders.class, UriInfo.class, String.class);
+    args = new Object[] {"body", getHttpHeaders(), getUriInfo(), "permissionName"};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.POST, permissionService, m, args, "body"));
+
+    //deletePermission
+    permissionService = new TestViewPermissionService("MY_VIEW", "1.0","permissionName");
+    m = permissionService.getClass().getMethod("deletePermission", HttpHeaders.class, UriInfo.class, String.class);
+    args = new Object[] {getHttpHeaders(), getUriInfo(), "permissionName"};
+    listInvocations.add(new ServiceTestInvocation(Request.Type.DELETE, permissionService, m, args, null));
+
+    return listInvocations;
+  }
+
+
+  private class TestViewPermissionService extends ViewPermissionService {
+    private String permissionId;
+
+    private TestViewPermissionService(String viewName, String version, String permissionId) {
+
+      super(viewName, version);
+      this.permissionId = permissionId;
+    }
+
+    @Override
+    protected ResourceInstance createPermissionResource(String viewName, String viewVersion, String permissionId) {
+      assertEquals(this.permissionId, permissionId);
+      return getTestResource();
+    }
+
+    @Override
+    RequestFactory getRequestFactory() {
+      return getTestRequestFactory();
+    }
+
+    @Override
+    protected RequestBodyParser getBodyParser() {
+      return getTestBodyParser();
+    }
+
+    @Override
+    protected ResultSerializer getResultSerializer() {
+      return getTestResultSerializer();
+    }
+  }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
index 5bd5c38..fbe1c90 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
@@ -22,8 +22,11 @@ import org.apache.ambari.server.api.resources.SubResourceDefinition;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.spi.Resource;
 import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.orm.dao.MemberDAO;
+import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
@@ -175,12 +178,22 @@ public class ViewRegistryTest {
     ViewRegistry.setViewDAO(vDAO);
 
     ViewEntity viewDefinition = ViewEntityTest.getViewEntity();
+    viewDefinition.setResourceType(resourceTypeEntity);
 
-    viewDefinition.setInstances(ViewInstanceEntityTest.getViewInstanceEntities(viewDefinition));
+    Set<ViewInstanceEntity> viewInstanceEntities = ViewInstanceEntityTest.getViewInstanceEntities(viewDefinition);
+    viewDefinition.setInstances(viewInstanceEntities);
 
     Map<File, ViewConfig> viewConfigs =
         Collections.singletonMap(viewArchive, viewDefinition.getConfiguration());
 
+    long resourceId = 99L;
+    for (ViewInstanceEntity viewInstanceEntity : viewInstanceEntities) {
+      ResourceEntity resourceEntity = new ResourceEntity();
+      resourceEntity.setId(resourceId);
+      resourceEntity.setResourceType(resourceTypeEntity);
+      viewInstanceEntity.setResource(resourceEntity);
+    }
+
     Map<String, File> files = new HashMap<String, File>();
 
     files.put("/var/lib/ambari-server/resources/views/work", extractedArchiveDir);
@@ -242,17 +255,10 @@ public class ViewRegistryTest {
     Capture<ViewEntity> captureViewEntity = new Capture<ViewEntity>();
 
     expect(vDAO.findByName("MY_VIEW{1.0.0}")).andReturn(null);
-    expect(vDAO.merge(capture(captureViewEntity))).andReturn(null);
-    expect(vDAO.findByName("MY_VIEW{1.0.0}")).andReturn(viewDefinition);
+    expect(vDAO.merge(capture(captureViewEntity))).andReturn(viewDefinition);
 
     expect(vDAO.findAll()).andReturn(Collections.<ViewEntity>emptyList());
 
-    expect(rtDAO.findByName("MY_VIEW{1.0.0}")).andReturn(resourceTypeEntity);
-
-    Capture<ResourceEntity> resourceEntityCapture = new Capture<ResourceEntity>();
-    rDAO.create(capture(resourceEntityCapture));
-    rDAO.create(capture(resourceEntityCapture));
-
     // replay mocks
     replay(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir,
         libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO, rtDAO, rDAO);
@@ -305,10 +311,22 @@ public class ViewRegistryTest {
     ViewRegistry.setViewDAO(vDAO);
 
     ViewEntity viewDefinition = ViewEntityTest.getViewEntity();
+    viewDefinition.setResourceType(resourceTypeEntity);
+
+    Set<ViewInstanceEntity> viewInstanceEntities = ViewInstanceEntityTest.getViewInstanceEntities(viewDefinition);
+    viewDefinition.setInstances(viewInstanceEntities);
 
     Map<File, ViewConfig> viewConfigs =
         Collections.singletonMap(viewArchive, viewDefinition.getConfiguration());
 
+    long resourceId = 99L;
+    for (ViewInstanceEntity viewInstanceEntity : viewInstanceEntities) {
+      ResourceEntity resourceEntity = new ResourceEntity();
+      resourceEntity.setId(resourceId);
+      resourceEntity.setResourceType(resourceTypeEntity);
+      viewInstanceEntity.setResource(resourceEntity);
+    }
+
     Map<String, File> files = new HashMap<String, File>();
 
     files.put("/var/lib/ambari-server/resources/views/work", extractedArchiveDir);
@@ -374,11 +392,7 @@ public class ViewRegistryTest {
 
     expect(vDAO.findAll()).andReturn(Collections.<ViewEntity>emptyList());
 
-    expect(rtDAO.findByName("MY_VIEW{1.0.0}")).andReturn(resourceTypeEntity);
-
     Capture<ResourceEntity> resourceEntityCapture = new Capture<ResourceEntity>();
-    rDAO.create(capture(resourceEntityCapture));
-    rDAO.create(capture(resourceEntityCapture));
 
     // replay mocks
     replay(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir,
@@ -511,8 +525,11 @@ public class ViewRegistryTest {
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
     ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
     ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
+    MemberDAO memberDAO = createNiceMock(MemberDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -549,8 +566,11 @@ public class ViewRegistryTest {
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
     ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
     ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
+    MemberDAO memberDAO = createNiceMock(MemberDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -582,8 +602,11 @@ public class ViewRegistryTest {
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
     ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
     ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
+    MemberDAO memberDAO = createNiceMock(MemberDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -616,8 +639,11 @@ public class ViewRegistryTest {
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
     ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
     ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
+    MemberDAO memberDAO = createNiceMock(MemberDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -658,8 +684,11 @@ public class ViewRegistryTest {
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
     ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
     ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
+    MemberDAO memberDAO = createNiceMock(MemberDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -698,8 +727,11 @@ public class ViewRegistryTest {
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
     ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
     ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
+    MemberDAO memberDAO = createNiceMock(MemberDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java
new file mode 100644
index 0000000..2600f17
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.view.configuration;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import javax.xml.bind.JAXBException;
+import java.util.List;
+
+/**
+ * EntityConfig tests.
+ */
+public class PermissionConfigTest {
+
+  private final static String xml = "<view>\n" +
+      "    <name>MY_VIEW</name>\n" +
+      "    <label>My View!</label>\n" +
+      "    <version>1.0.0</version>\n" +
+      "    <instance>\n" +
+      "        <name>INSTANCE1</name>\n" +
+      "    </instance>\n" +
+      "  <permission>\n" +
+      "    <name>RESTRICTED</name>\n" +
+      "    <description>Access permission for a restricted view resource.</description>\n" +
+      "  </permission>" +
+      "</view>";
+
+
+  @Test
+  public void testGetName() throws Exception {
+    List<PermissionConfig> permissions = getPremissionConfig();
+
+    Assert.assertEquals(1, permissions.size());
+
+    Assert.assertEquals("RESTRICTED", permissions.get(0).getName());
+  }
+
+  @Test
+  public void testGetDescription() throws Exception {
+    List<PermissionConfig> permissions = getPremissionConfig();
+
+    Assert.assertEquals(1, permissions.size());
+
+    Assert.assertEquals("Access permission for a restricted view resource.", permissions.get(0).getDescription());
+  }
+
+  public static List<PermissionConfig> getPremissionConfig() throws JAXBException {
+    ViewConfig config = ViewConfigTest.getConfig(xml);
+
+    return config.getPermissions();
+  }
+}


Mime
View raw message