yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-25 08:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adds missing permissions on alerts (#20387)

Browse Source
This commit is contained in:
Mohit Yadav 2025-03-24 11:19:04 +05:30 committed by GitHub
parent 71927cc30b
commit 07cedb9d65
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java
View File

@ -78,7 +78,6 @@ import org.openmetadata.service.apps.bundles.changeEvent.AlertFactory;
import org.openmetadata.service.apps.bundles.changeEvent.Destination;
import org.openmetadata.service.events.errors.EventPublisherException;
import org.openmetadata.service.events.scheduled.EventSubscriptionScheduler;
import org.openmetadata.service.events.subscription.AlertUtil;
import org.openmetadata.service.events.subscription.EventsSubscriptionRegistry;
import org.openmetadata.service.exception.EntityNotFoundException;
import org.openmetadata.service.jdbi3.CollectionDAO;
@ -479,6 +478,8 @@ public class EventSubscriptionResource
@PathParam("id")
UUID id)
throws SchedulerException {
OperationContext operationContext = new OperationContext(entityType, MetadataOperation.DELETE);
authorizer.authorize(securityContext, operationContext, getResourceContextById(id));
EventSubscription eventSubscription = repository.get(null, id, repository.getFields("id"));
EventSubscriptionScheduler.getInstance().deleteEventSubscriptionPublisher(eventSubscription);
EventSubscriptionScheduler.getInstance().deleteSuccessfulAndFailedEventsRecordByAlert(id);
@ -509,6 +510,8 @@ public class EventSubscriptionResource
@PathParam("id")
UUID id)
throws SchedulerException {
OperationContext operationContext = new OperationContext(entityType, MetadataOperation.DELETE);
authorizer.authorize(securityContext, operationContext, getResourceContextById(id));
EventSubscription eventSubscription = repository.get(null, id, repository.getFields("id"));
EventSubscriptionScheduler.getInstance().deleteEventSubscriptionPublisher(eventSubscription);
EventSubscriptionScheduler.getInstance().deleteSuccessfulAndFailedEventsRecordByAlert(id);
@ -532,6 +535,8 @@ public class EventSubscriptionResource
@PathParam("name")
String name)
throws SchedulerException {
OperationContext operationContext = new OperationContext(entityType, MetadataOperation.DELETE);
authorizer.authorize(securityContext, operationContext, getResourceContextByName(name));
EventSubscription eventSubscription =
repository.getByName(null, name, repository.getFields("id"));
EventSubscriptionScheduler.getInstance().deleteEventSubscriptionPublisher(eventSubscription);
@ -621,7 +626,9 @@ public class EventSubscriptionResource
@Parameter(description = "AlertType", schema = @Schema(type = "string"))
@PathParam("alertType")
CreateEventSubscription.AlertType alertType) {
OperationContext operationContext =
new OperationContext(entityType, MetadataOperation.VIEW_ALL);
authorizer.authorize(securityContext, operationContext, getResourceContext());
if (alertType.equals(NOTIFICATION)) {
return new ResultList<>(EventsSubscriptionRegistry.listEntityNotificationDescriptors());
} else {
@ -629,26 +636,6 @@ public class EventSubscriptionResource
}
}
@GET
@Path("/validation/condition/{expression}")
@Operation(
operationId = "validateCondition",
summary = "Validate a given condition",
description = "Validate a given condition expression used in filtering rules.",
responses = {
@ApiResponse(responseCode = "204", description = "No value is returned"),
@ApiResponse(responseCode = "400", description = "Invalid expression")
})
public void validateCondition(
@Context UriInfo uriInfo,
@Context SecurityContext securityContext,
@Parameter(description = "Expression to validate", schema = @Schema(type = "string"))
@PathParam("expression")
String expression) {
authorizer.authorizeAdmin(securityContext);
AlertUtil.validateExpression(expression, Boolean.class);
}
@GET
@Path("/{id}/processedEvents")
@Operation(
@ -671,6 +658,9 @@ public class EventSubscriptionResource
@Parameter(description = "Id of the Event Subscription", schema = @Schema(type = "UUID"))
@PathParam("id")
UUID id) {
OperationContext operationContext =
new OperationContext(entityType, MetadataOperation.VIEW_ALL);
authorizer.authorize(securityContext, operationContext, getResourceContextById(id));
return Response.ok()
.entity(EventSubscriptionScheduler.getInstance().checkIfPublisherPublishedAllEvents(id))
.build();