kylin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shaofeng...@apache.org
Subject kylin git commit: KYLIN-2720 Should not allow user to access to all tables' metadata of a project
Date Wed, 26 Jul 2017 01:27:37 GMT
Repository: kylin
Updated Branches:
  refs/heads/2.1.x e2bd2eb75 -> c8a0622d6


KYLIN-2720 Should not allow user to access to all tables' metadata of a project

Signed-off-by: shaofengshi <shaofengshi@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/kylin/repo
Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/c8a0622d
Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/c8a0622d
Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/c8a0622d

Branch: refs/heads/2.1.x
Commit: c8a0622d64658bf5999120874d7f282ba1cbb713
Parents: e2bd2eb
Author: qiumingming <qiumingming@bytedance.com>
Authored: Mon Jul 17 15:25:20 2017 +0800
Committer: shaofengshi <shaofengshi@apache.org>
Committed: Wed Jul 26 09:27:34 2017 +0800

----------------------------------------------------------------------
 .../apache/kylin/rest/service/QueryService.java | 56 +++++++++++++++++++-
 1 file changed, 54 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kylin/blob/c8a0622d/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
----------------------------------------------------------------------
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
index 1c55f6b..83acfd8 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java
@@ -142,6 +142,10 @@ public class QueryService extends BasicService {
     private ModelService modelService;
 
     @Autowired
+    @Qualifier("cubeMgmtService")
+    private CubeService cubeService;
+
+    @Autowired
     private AclUtil aclUtil;
 
     public QueryService() {
@@ -509,6 +513,32 @@ public class QueryService extends BasicService {
     }
 
     protected List<TableMeta> getMetadata(CubeManager cubeMgr, String project, boolean
cubedOnly) throws SQLException {
+        //list all tableMetas first
+        List<TableMeta> tableMetas = listAllMetadata(cubeMgr, project, cubedOnly);
+
+        //get cubes that current user can access to in this project, then get all tables
of these cubes.
+        List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project,
null, true);
+        Set<TableRef> tableRefs = new HashSet<TableRef>();
+        for (CubeInstance cube : cubeInstances) {
+            tableRefs.addAll(cube.getDescriptor().getModel().getAllTables());
+        }
+
+        //filter out tableMetas that current user should not access to
+        List<TableMeta> filterTableMetas = new ArrayList<TableMeta>();
+        for (TableMeta tableMeta : tableMetas) {
+            String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME();
+            for (TableRef t : tableRefs) {
+                if (t.getTableIdentity().equals(fullTableName)) {
+                    filterTableMetas.add(tableMeta);
+                    break;
+                }
+            }
+        }
+
+        return filterTableMetas;
+    }
+
+    protected List<TableMeta> listAllMetadata(CubeManager cubeMgr, String project,
boolean cubedOnly) throws SQLException {
 
         Connection conn = null;
         ResultSet columnMeta = null;
@@ -575,11 +605,33 @@ public class QueryService extends BasicService {
     }
 
     public List<TableMetaWithType> getMetadataV2(String project) throws SQLException,
IOException {
-        return getMetadataV2(getCubeManager(), project, true);
+        //list all tableMetas first
+        List<TableMetaWithType> tableMetas = listAllMetadataV2(getCubeManager(), project,
true);
+
+        //get cubes that current user can access to in this project, then get all tables
of these cubes.
+        List<CubeInstance> cubeInstances = cubeService.listAllCubes(null, project,
null, true);
+        Set<TableRef> tableRefs = new HashSet<TableRef>();
+        for (CubeInstance cube : cubeInstances) {
+            tableRefs.addAll(cube.getDescriptor().getModel().getAllTables());
+        }
+
+        //filter out tableMetas that current user should not access to
+        List<TableMetaWithType> filterTableMetas = new ArrayList<TableMetaWithType>();
+        for (TableMetaWithType tableMeta : tableMetas) {
+            String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME();
+            for (TableRef t : tableRefs) {
+                if (t.getTableIdentity().equals(fullTableName)) {
+                    filterTableMetas.add(tableMeta);
+                    break;
+                }
+            }
+        }
+
+        return filterTableMetas;
     }
 
     @SuppressWarnings("checkstyle:methodlength")
-    protected List<TableMetaWithType> getMetadataV2(CubeManager cubeMgr, String project,
boolean cubedOnly)
+    protected List<TableMetaWithType> listAllMetadataV2(CubeManager cubeMgr, String
project, boolean cubedOnly)
             throws SQLException, IOException {
         //Message msg = MsgPicker.getMsg();
 


Mime
View raw message