server-base/src/main/java/org/apache/kylin/rest/util/AclEvaluate.java - kylin - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
 */

 package org.apache.kylin.rest.util;

 import org.apache.kylin.common.KylinConfig;
 import org.apache.kylin.cube.CubeInstance;
 import org.apache.kylin.cube.CubeManager;
 import org.apache.kylin.engine.mr.CubingJob;
 import org.apache.kylin.job.JobInstance;
 import org.apache.kylin.job.execution.AbstractExecutable;
 import org.apache.kylin.job.execution.CheckpointExecutable;
 import org.apache.kylin.job.execution.ExecutableManager;
 import org.apache.kylin.metadata.project.ProjectInstance;
 import org.apache.kylin.metadata.project.ProjectManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.stereotype.Component;

 @Component("aclEvaluate")
 public class AclEvaluate {
     @Autowired
     private AclUtil aclUtil;

     private ProjectInstance getProjectInstance(String projectName) {
         return ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(projectName);
     }

     private ProjectInstance getProjectInstanceByCubeName(String cube) {
         CubeInstance cubeInstance = CubeManager.getInstance(KylinConfig.getInstanceFromEnv()).getCube(cube);
         return cubeInstance.getProjectInstance();
     }

     private ProjectInstance getProjectByJob(JobInstance job) {
         AbstractExecutable executable = ExecutableManager.getInstance(KylinConfig.getInstanceFromEnv())
                 .getJob(job.getUuid());
         String projectName = null;
         if (executable instanceof CubingJob) {
             projectName = ((CubingJob) executable).getProjectName();
         } else if (executable instanceof CheckpointExecutable) {
             projectName = ((CheckpointExecutable) executable).getProjectName();
         } else {
             return null;
         }
         return getProjectInstance(projectName);
     }

     public void checkProjectAdminPermission(ProjectInstance projectInstance) {
         aclUtil.hasProjectAdminPermission(projectInstance);
     }

     //for raw project
     public void checkProjectReadPermission(ProjectInstance projectInstance) {
         aclUtil.hasProjectReadPermission(projectInstance);
     }

     public void checkProjectWritePermission(ProjectInstance projectInstance) {
         aclUtil.hasProjectWritePermission(projectInstance);
     }

     public void checkProjectOperationPermission(ProjectInstance projectInstance) {
         aclUtil.hasProjectOperationPermission(projectInstance);
     }

     public void checkProjectAdminPermission(String projectName) {
         ProjectInstance projectInstance = getProjectInstance(projectName);
         checkProjectAdminPermission(projectInstance);
     }

     //for raw project
     public void checkProjectReadPermission(String projectName) {
         ProjectInstance projectInstance = getProjectInstance(projectName);
         checkProjectReadPermission(projectInstance);
     }

     public void checkProjectWritePermission(String projectName) {
         ProjectInstance projectInstance = getProjectInstance(projectName);
         checkProjectWritePermission(projectInstance);
     }

     public void checkProjectOperationPermission(String projectName) {
         ProjectInstance projectInstance = getProjectInstance(projectName);
         checkProjectOperationPermission(projectInstance);
     }

     //for cube acl entity
     public void checkProjectReadPermission(CubeInstance cube) {
         aclUtil.hasProjectReadPermission(cube.getProjectInstance());
     }

     public void checkProjectWritePermission(CubeInstance cube) {
         aclUtil.hasProjectWritePermission(cube.getProjectInstance());
     }

     public void checkProjectOperationPermission(CubeInstance cube) {
         aclUtil.hasProjectOperationPermission(cube.getProjectInstance());
     }

     //for job acl entity
     public void checkProjectReadPermission(JobInstance job) {
         aclUtil.hasProjectReadPermission(getProjectByJob(job));
     }

     public void checkProjectWritePermission(JobInstance job) {
         aclUtil.hasProjectWritePermission(getProjectByJob(job));
     }

     public void checkProjectOperationPermission(JobInstance job) {
         aclUtil.hasProjectOperationPermission(getProjectByJob(job));
     }

     // ACL util's method, so that you can use AclEvaluate
     public String getCurrentUserName() {
         return aclUtil.getCurrentUserName();
     }

     public boolean hasCubeReadPermission(CubeInstance cube) {
         return hasProjectReadPermission(cube.getProjectInstance());
     }

     public boolean hasProjectReadPermission(ProjectInstance project) {
         boolean _hasProjectReadPermission = false;
         try {
             _hasProjectReadPermission = aclUtil.hasProjectReadPermission(project);
         } catch (AccessDeniedException e) {
             //ignore to continue
         }
         return _hasProjectReadPermission;
     }

     public boolean hasProjectOperationPermission(ProjectInstance project) {
         boolean _hasProjectOperationPermission = false;
         try {
             _hasProjectOperationPermission = aclUtil.hasProjectOperationPermission(project);
         } catch (AccessDeniedException e) {
             //ignore to continue
         }
         return _hasProjectOperationPermission;
     }

     public boolean hasProjectWritePermission(ProjectInstance project) {
         boolean _hasProjectWritePermission = false;
         try {
             _hasProjectWritePermission = aclUtil.hasProjectWritePermission(project);
         } catch (AccessDeniedException e) {
             //ignore to continue
         }
         return _hasProjectWritePermission;
     }

     public boolean hasProjectAdminPermission(ProjectInstance project) {
         boolean _hasProjectAdminPermission = false;
         try {
             _hasProjectAdminPermission = aclUtil.hasProjectAdminPermission(project);
         } catch (AccessDeniedException e) {
             //ignore to continue
         }
         return _hasProjectAdminPermission;
     }

     public void checkIsGlobalAdmin() {
         aclUtil.checkIsGlobalAdmin();
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.kylin.rest.util;

	import org.apache.kylin.common.KylinConfig;
	import org.apache.kylin.cube.CubeInstance;
	import org.apache.kylin.cube.CubeManager;
	import org.apache.kylin.engine.mr.CubingJob;
	import org.apache.kylin.job.JobInstance;
	import org.apache.kylin.job.execution.AbstractExecutable;
	import org.apache.kylin.job.execution.CheckpointExecutable;
	import org.apache.kylin.job.execution.ExecutableManager;
	import org.apache.kylin.metadata.project.ProjectInstance;
	import org.apache.kylin.metadata.project.ProjectManager;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.security.access.AccessDeniedException;
	import org.springframework.stereotype.Component;

	@Component("aclEvaluate")
	public class AclEvaluate {
	@Autowired
	private AclUtil aclUtil;

	private ProjectInstance getProjectInstance(String projectName) {
	return ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(projectName);
	}

	private ProjectInstance getProjectInstanceByCubeName(String cube) {
	CubeInstance cubeInstance = CubeManager.getInstance(KylinConfig.getInstanceFromEnv()).getCube(cube);
	return cubeInstance.getProjectInstance();
	}

	private ProjectInstance getProjectByJob(JobInstance job) {
	AbstractExecutable executable = ExecutableManager.getInstance(KylinConfig.getInstanceFromEnv())
	.getJob(job.getUuid());
	String projectName = null;
	if (executable instanceof CubingJob) {
	projectName = ((CubingJob) executable).getProjectName();
	} else if (executable instanceof CheckpointExecutable) {
	projectName = ((CheckpointExecutable) executable).getProjectName();
	} else {
	return null;
	}
	return getProjectInstance(projectName);
	}

	public void checkProjectAdminPermission(ProjectInstance projectInstance) {
	aclUtil.hasProjectAdminPermission(projectInstance);
	}

	//for raw project
	public void checkProjectReadPermission(ProjectInstance projectInstance) {
	aclUtil.hasProjectReadPermission(projectInstance);
	}

	public void checkProjectWritePermission(ProjectInstance projectInstance) {
	aclUtil.hasProjectWritePermission(projectInstance);
	}

	public void checkProjectOperationPermission(ProjectInstance projectInstance) {
	aclUtil.hasProjectOperationPermission(projectInstance);
	}

	public void checkProjectAdminPermission(String projectName) {
	ProjectInstance projectInstance = getProjectInstance(projectName);
	checkProjectAdminPermission(projectInstance);
	}

	//for raw project
	public void checkProjectReadPermission(String projectName) {
	ProjectInstance projectInstance = getProjectInstance(projectName);
	checkProjectReadPermission(projectInstance);
	}

	public void checkProjectWritePermission(String projectName) {
	ProjectInstance projectInstance = getProjectInstance(projectName);
	checkProjectWritePermission(projectInstance);
	}

	public void checkProjectOperationPermission(String projectName) {
	ProjectInstance projectInstance = getProjectInstance(projectName);
	checkProjectOperationPermission(projectInstance);
	}

	//for cube acl entity
	public void checkProjectReadPermission(CubeInstance cube) {
	aclUtil.hasProjectReadPermission(cube.getProjectInstance());
	}

	public void checkProjectWritePermission(CubeInstance cube) {
	aclUtil.hasProjectWritePermission(cube.getProjectInstance());
	}

	public void checkProjectOperationPermission(CubeInstance cube) {
	aclUtil.hasProjectOperationPermission(cube.getProjectInstance());
	}

	//for job acl entity
	public void checkProjectReadPermission(JobInstance job) {
	aclUtil.hasProjectReadPermission(getProjectByJob(job));
	}

	public void checkProjectWritePermission(JobInstance job) {
	aclUtil.hasProjectWritePermission(getProjectByJob(job));
	}

	public void checkProjectOperationPermission(JobInstance job) {
	aclUtil.hasProjectOperationPermission(getProjectByJob(job));
	}

	// ACL util's method, so that you can use AclEvaluate
	public String getCurrentUserName() {
	return aclUtil.getCurrentUserName();
	}

	public boolean hasCubeReadPermission(CubeInstance cube) {
	return hasProjectReadPermission(cube.getProjectInstance());
	}

	public boolean hasProjectReadPermission(ProjectInstance project) {
	boolean _hasProjectReadPermission = false;
	try {
	_hasProjectReadPermission = aclUtil.hasProjectReadPermission(project);
	} catch (AccessDeniedException e) {
	//ignore to continue
	}
	return _hasProjectReadPermission;
	}

	public boolean hasProjectOperationPermission(ProjectInstance project) {
	boolean _hasProjectOperationPermission = false;
	try {
	_hasProjectOperationPermission = aclUtil.hasProjectOperationPermission(project);
	} catch (AccessDeniedException e) {
	//ignore to continue
	}
	return _hasProjectOperationPermission;
	}

	public boolean hasProjectWritePermission(ProjectInstance project) {
	boolean _hasProjectWritePermission = false;
	try {
	_hasProjectWritePermission = aclUtil.hasProjectWritePermission(project);
	} catch (AccessDeniedException e) {
	//ignore to continue
	}
	return _hasProjectWritePermission;
	}

	public boolean hasProjectAdminPermission(ProjectInstance project) {
	boolean _hasProjectAdminPermission = false;
	try {
	_hasProjectAdminPermission = aclUtil.hasProjectAdminPermission(project);
	} catch (AccessDeniedException e) {
	//ignore to continue
	}
	return _hasProjectAdminPermission;
	}

	public void checkIsGlobalAdmin() {
	aclUtil.checkIsGlobalAdmin();
	}

	}