server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java - kylin - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
 */

 package org.apache.kylin.rest.util;

 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;
 import java.util.regex.Pattern;

 import org.apache.commons.lang.StringUtils;
 import org.apache.kylin.common.persistence.AclEntity;
 import org.apache.kylin.metadata.MetadataConstants;
 import org.apache.kylin.metadata.model.ColumnDesc;
 import org.apache.kylin.metadata.model.TableDesc;
 import org.apache.kylin.metadata.project.ProjectInstance;
 import org.apache.kylin.rest.service.AccessService;
 import org.apache.kylin.rest.service.IUserGroupService;
 import org.apache.kylin.rest.service.ProjectService;
 import org.apache.kylin.rest.service.TableService;
 import org.apache.kylin.rest.service.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.acls.domain.GrantedAuthoritySid;
 import org.springframework.security.acls.domain.PrincipalSid;
 import org.springframework.security.acls.model.AccessControlEntry;
 import org.springframework.security.acls.model.Acl;
 import org.springframework.security.acls.model.Sid;
 import org.springframework.stereotype.Component;

 import org.apache.kylin.shaded.com.google.common.base.Preconditions;

 @Component("validateUtil")
 public class ValidateUtil {
     private final static Pattern alphaNumUnderscorePattern = Pattern.compile("[a-zA-Z0-9_]+");

     @Autowired
     @Qualifier("tableService")
     private TableService tableService;

     @Autowired
     @Qualifier("projectService")
     private ProjectService projectService;

     @Autowired
     @Qualifier("accessService")
     private AccessService accessService;

     @Autowired
     @Qualifier("userService")
     private UserService userService;

     @Autowired
     @Qualifier("userGroupService")
     private IUserGroupService userGroupService;

     public static boolean isAlphanumericUnderscore(String toCheck) {
         return toCheck != null && alphaNumUnderscorePattern.matcher(toCheck).matches();
     }

     public static String convertStringToBeAlphanumericUnderscore(String toBeConverted) {
         return toBeConverted.replaceAll("[^a-zA-Z0-9_]", "");
     }

     public void checkIdentifiersExists(String name, boolean isPrincipal) throws IOException {
         if (isPrincipal && !userService.userExists(name)) {
             throw new RuntimeException("Operation failed, user:" + name + " not exists, please add first.");
         }
         if (!isPrincipal && !userGroupService.exists(name)) {
             throw new RuntimeException("Operation failed, group:" + name + " not exists, please add first.");
         }
     }

     //Identifiers may be user or user authority(you may call role or group)
     public void validateIdentifiers(String prj, String name, String type) throws IOException {
         Set<String> allIdentifiers = getAllIdentifiersInPrj(prj, type);
         if (!allIdentifiers.contains(name)) {
             throw new RuntimeException("Operation failed, " + type + ":" + name + " not exists in project.");
         }
     }

     //get all users/user authorities that has permission in the project
     public Set<String> getAllIdentifiersInPrj(String project, String type) throws IOException {
         List<Sid> allSids = getAllSids(project);
         if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER)) {
             return getUsersInPrj(allSids);
         } else {
             return getAuthoritiesInPrj(allSids);
         }
     }

     private Set<String> getAuthoritiesInPrj(List<Sid> allSids) {
         Set<String> allAuthorities = new TreeSet<>();
         for (Sid sid : allSids) {
             if (sid instanceof GrantedAuthoritySid) {
                 allAuthorities.add(((GrantedAuthoritySid) sid).getGrantedAuthority());
             }
         }
         return allAuthorities;
     }

     private Set<String> getUsersInPrj(List<Sid> allSids) throws IOException {
         Set<String> allUsers = new TreeSet<>();
         for (Sid sid : allSids) {
             if (sid instanceof PrincipalSid) {
                 allUsers.add(((PrincipalSid) sid).getPrincipal());
             }
         }
         return allUsers;
     }

     private List<Sid> getAllSids(String project) {
         List<Sid> allSids = new ArrayList<>();
         ProjectInstance prj = projectService.getProjectManager().getProject(project);
         AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid());
         Acl acl = accessService.getAcl(ae);
         if (acl != null && acl.getEntries() != null) {
             for (AccessControlEntry ace : acl.getEntries()) {
                 allSids.add(ace.getSid());
             }
         }
         return allSids;
     }

     public void validateTable(String project, String table) throws IOException {
         List<TableDesc> tableDescs = tableService.getTableDescByProject(project, false);
         Set<String> tables = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
         for (TableDesc tableDesc : tableDescs) {
             tables.add(tableDesc.getDatabase() + "." + tableDesc.getName());
         }

         if (!tables.contains(table)) {
             throw new RuntimeException("Operation failed, table:" + table + " not exists");
         }
     }

     public void validateColumn(String project, String table, Collection<String> columns) throws IOException {
         Preconditions.checkState(columns != null && !columns.isEmpty());
         Set<String> cols = getAllColumns(project, table);
         for (String c : columns) {
             if (!cols.contains(c)) {
                 throw new RuntimeException("Operation failed, column:" + c + " not exists");
             }
         }
     }

     public void validateArgs(String... args) {
         for (String arg : args) {
             Preconditions.checkState(!StringUtils.isEmpty(arg));
         }
     }

     private Set<String> getAllColumns(String project, String table) throws IOException {
         List<TableDesc> tableDescByProject = tableService.getTableDescByProject(project, true);
         Set<String> cols = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);

         for (TableDesc tableDesc : tableDescByProject) {
             String tbl = tableDesc.getDatabase() + "." + tableDesc.getName();
             if (tbl.equalsIgnoreCase(table)) {
                 for (ColumnDesc column : tableDesc.getColumns()) {
                     cols.add(column.getName());
                 }
                 break;
             }
         }
         return cols;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.kylin.rest.util;

	import java.io.IOException;
	import java.util.ArrayList;
	import java.util.Collection;
	import java.util.List;
	import java.util.Set;
	import java.util.TreeSet;
	import java.util.regex.Pattern;

	import org.apache.commons.lang.StringUtils;
	import org.apache.kylin.common.persistence.AclEntity;
	import org.apache.kylin.metadata.MetadataConstants;
	import org.apache.kylin.metadata.model.ColumnDesc;
	import org.apache.kylin.metadata.model.TableDesc;
	import org.apache.kylin.metadata.project.ProjectInstance;
	import org.apache.kylin.rest.service.AccessService;
	import org.apache.kylin.rest.service.IUserGroupService;
	import org.apache.kylin.rest.service.ProjectService;
	import org.apache.kylin.rest.service.TableService;
	import org.apache.kylin.rest.service.UserService;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.beans.factory.annotation.Qualifier;
	import org.springframework.security.acls.domain.GrantedAuthoritySid;
	import org.springframework.security.acls.domain.PrincipalSid;
	import org.springframework.security.acls.model.AccessControlEntry;
	import org.springframework.security.acls.model.Acl;
	import org.springframework.security.acls.model.Sid;
	import org.springframework.stereotype.Component;

	import org.apache.kylin.shaded.com.google.common.base.Preconditions;

	@Component("validateUtil")
	public class ValidateUtil {
	private final static Pattern alphaNumUnderscorePattern = Pattern.compile("[a-zA-Z0-9_]+");

	@Autowired
	@Qualifier("tableService")
	private TableService tableService;

	@Autowired
	@Qualifier("projectService")
	private ProjectService projectService;

	@Autowired
	@Qualifier("accessService")
	private AccessService accessService;

	@Autowired
	@Qualifier("userService")
	private UserService userService;

	@Autowired
	@Qualifier("userGroupService")
	private IUserGroupService userGroupService;

	public static boolean isAlphanumericUnderscore(String toCheck) {
	return toCheck != null && alphaNumUnderscorePattern.matcher(toCheck).matches();
	}

	public static String convertStringToBeAlphanumericUnderscore(String toBeConverted) {
	return toBeConverted.replaceAll("[^a-zA-Z0-9_]", "");
	}

	public void checkIdentifiersExists(String name, boolean isPrincipal) throws IOException {
	if (isPrincipal && !userService.userExists(name)) {
	throw new RuntimeException("Operation failed, user:" + name + " not exists, please add first.");
	}
	if (!isPrincipal && !userGroupService.exists(name)) {
	throw new RuntimeException("Operation failed, group:" + name + " not exists, please add first.");
	}
	}

	//Identifiers may be user or user authority(you may call role or group)
	public void validateIdentifiers(String prj, String name, String type) throws IOException {
	Set<String> allIdentifiers = getAllIdentifiersInPrj(prj, type);
	if (!allIdentifiers.contains(name)) {
	throw new RuntimeException("Operation failed, " + type + ":" + name + " not exists in project.");
	}
	}

	//get all users/user authorities that has permission in the project
	public Set<String> getAllIdentifiersInPrj(String project, String type) throws IOException {
	List<Sid> allSids = getAllSids(project);
	if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER)) {
	return getUsersInPrj(allSids);
	} else {
	return getAuthoritiesInPrj(allSids);
	}
	}

	private Set<String> getAuthoritiesInPrj(List<Sid> allSids) {
	Set<String> allAuthorities = new TreeSet<>();
	for (Sid sid : allSids) {
	if (sid instanceof GrantedAuthoritySid) {
	allAuthorities.add(((GrantedAuthoritySid) sid).getGrantedAuthority());
	}
	}
	return allAuthorities;
	}

	private Set<String> getUsersInPrj(List<Sid> allSids) throws IOException {
	Set<String> allUsers = new TreeSet<>();
	for (Sid sid : allSids) {
	if (sid instanceof PrincipalSid) {
	allUsers.add(((PrincipalSid) sid).getPrincipal());
	}
	}
	return allUsers;
	}

	private List<Sid> getAllSids(String project) {
	List<Sid> allSids = new ArrayList<>();
	ProjectInstance prj = projectService.getProjectManager().getProject(project);
	AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid());
	Acl acl = accessService.getAcl(ae);
	if (acl != null && acl.getEntries() != null) {
	for (AccessControlEntry ace : acl.getEntries()) {
	allSids.add(ace.getSid());
	}
	}
	return allSids;
	}

	public void validateTable(String project, String table) throws IOException {
	List<TableDesc> tableDescs = tableService.getTableDescByProject(project, false);
	Set<String> tables = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
	for (TableDesc tableDesc : tableDescs) {
	tables.add(tableDesc.getDatabase() + "." + tableDesc.getName());
	}

	if (!tables.contains(table)) {
	throw new RuntimeException("Operation failed, table:" + table + " not exists");
	}
	}

	public void validateColumn(String project, String table, Collection<String> columns) throws IOException {
	Preconditions.checkState(columns != null && !columns.isEmpty());
	Set<String> cols = getAllColumns(project, table);
	for (String c : columns) {
	if (!cols.contains(c)) {
	throw new RuntimeException("Operation failed, column:" + c + " not exists");
	}
	}
	}

	public void validateArgs(String... args) {
	for (String arg : args) {
	Preconditions.checkState(!StringUtils.isEmpty(arg));
	}
	}

	private Set<String> getAllColumns(String project, String table) throws IOException {
	List<TableDesc> tableDescByProject = tableService.getTableDescByProject(project, true);
	Set<String> cols = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);

	for (TableDesc tableDesc : tableDescByProject) {
	String tbl = tableDesc.getDatabase() + "." + tableDesc.getName();
	if (tbl.equalsIgnoreCase(table)) {
	for (ColumnDesc column : tableDesc.getColumns()) {
	cols.add(column.getName());
	}
	break;
	}
	}
	return cols;
	}
	}