yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-09-26 17:34:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #8401 Remove lingering authorizeAdmin in TagResource (#8403)

Browse Source
This commit is contained in:
Suresh Srinivas 2022-10-27 15:37:44 -07:00 committed by GitHub
parent 6efe6df96b
commit a6438c6347
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 40 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java
View File

@ -2,7 +2,7 @@ package org.openmetadata.service.resources;
import static org.openmetadata.common.utils.CommonUtil.listOrEmpty; import static org.openmetadata.common.utils.CommonUtil.listOrEmpty;
import static org.openmetadata.schema.type.MetadataOperation.CREATE; import static org.openmetadata.schema.type.MetadataOperation.CREATE;
import static org.openmetadata.schema.type.MetadataOperation.EDIT_ALL; import static org.openmetadata.service.util.EntityUtil.createOrUpdateOperation;
import java.io.IOException; import java.io.IOException;
import java.util.List; import java.util.List;
@ -196,9 +196,7 @@ public abstract class EntityResource<T extends EntityInterface, K extends Entity
// If entity does not exist, this is a create operation, else update operation // If entity does not exist, this is a create operation, else update operation
ResourceContext resourceContext = getResourceContextByName(entity.getFullyQualifiedName()); ResourceContext resourceContext = getResourceContextByName(entity.getFullyQualifiedName());
MetadataOperation operation = resourceContext.getEntity() == null ? CREATE : EDIT_ALL; OperationContext operationContext = new OperationContext(entityType, createOrUpdateOperation(resourceContext));
OperationContext operationContext = new OperationContext(entityType, operation);
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
PutResponse<T> response = dao.createOrUpdate(uriInfo, entity); PutResponse<T> response = dao.createOrUpdate(uriInfo, entity);
addHref(uriInfo, response.getEntity()); addHref(uriInfo, response.getEntity());

52
openmetadata-service/src/main/java/org/openmetadata/service/resources/tags/TagResource.java
View File

@ -15,6 +15,9 @@ package org.openmetadata.service.resources.tags;
import static org.openmetadata.common.utils.CommonUtil.listOrEmpty; import static org.openmetadata.common.utils.CommonUtil.listOrEmpty;
import static org.openmetadata.service.Entity.ADMIN_USER_NAME; import static org.openmetadata.service.Entity.ADMIN_USER_NAME;
import static org.openmetadata.service.Entity.TAG;
import static org.openmetadata.service.Entity.TAG_CATEGORY;
import static org.openmetadata.service.util.EntityUtil.createOrUpdateOperation;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
@ -94,7 +97,7 @@ public class TagResource {
public void initialize(OpenMetadataApplicationConfig config) throws IOException { public void initialize(OpenMetadataApplicationConfig config) throws IOException {
// Find tag definitions and load tag categories from the json file, if necessary // Find tag definitions and load tag categories from the json file, if necessary
List<TagCategory> tagCategories = List<TagCategory> tagCategories =
dao.getEntitiesFromSeedData(Entity.TAG_CATEGORY, ".*json/data/tags/.*\\.json$", TagCategory.class); dao.getEntitiesFromSeedData(TAG_CATEGORY, ".*json/data/tags/.*\\.json$", TagCategory.class);
for (TagCategory tagCategory : tagCategories) { for (TagCategory tagCategory : tagCategories) {
long now = System.currentTimeMillis(); long now = System.currentTimeMillis();
tagCategory.withId(UUID.randomUUID()).withUpdatedBy(ADMIN_USER_NAME).withUpdatedAt(now); tagCategory.withId(UUID.randomUUID()).withUpdatedBy(ADMIN_USER_NAME).withUpdatedAt(now);
@ -279,8 +282,8 @@ public class TagResource {
public Response createCategory( public Response createCategory(
@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreateTagCategory create) @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreateTagCategory create)
throws IOException { throws IOException {
OperationContext operationContext = new OperationContext(Entity.TAG_CATEGORY, MetadataOperation.CREATE); OperationContext operationContext = new OperationContext(TAG_CATEGORY, MetadataOperation.CREATE);
ResourceContext resourceContext = EntityResource.getResourceContext(Entity.TAG_CATEGORY, daoCategory).build(); ResourceContext resourceContext = EntityResource.getResourceContext(TAG_CATEGORY, daoCategory).build();
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
TagCategory category = getTagCategory(securityContext, create); TagCategory category = getTagCategory(securityContext, create);
category = addHref(uriInfo, daoCategory.create(uriInfo, category)); category = addHref(uriInfo, daoCategory.create(uriInfo, category));
@ -308,8 +311,8 @@ public class TagResource {
String category, String category,
@Valid CreateTag create) @Valid CreateTag create)
throws IOException { throws IOException {
OperationContext operationContext = new OperationContext(Entity.TAG, MetadataOperation.CREATE); OperationContext operationContext = new OperationContext(TAG, MetadataOperation.CREATE);
ResourceContext resourceContext = EntityResource.getResourceContext(Entity.TAG, dao).build(); ResourceContext resourceContext = EntityResource.getResourceContext(TAG, dao).build();
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
Tag tag = getTag(securityContext, create, FullyQualifiedName.build(category)); Tag tag = getTag(securityContext, create, FullyQualifiedName.build(category));
URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, category); URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, category);
@ -346,8 +349,8 @@ public class TagResource {
String primaryTag, String primaryTag,
@Valid CreateTag create) @Valid CreateTag create)
throws IOException { throws IOException {
OperationContext operationContext = new OperationContext(Entity.TAG, MetadataOperation.CREATE); OperationContext operationContext = new OperationContext(TAG, MetadataOperation.CREATE);
ResourceContext resourceContext = EntityResource.getResourceContext(Entity.TAG, dao).build(); ResourceContext resourceContext = EntityResource.getResourceContext(TAG, dao).build();
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
Tag tag = getTag(securityContext, create, FullyQualifiedName.build(category, primaryTag)); Tag tag = getTag(securityContext, create, FullyQualifiedName.build(category, primaryTag));
URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, category); URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, category);
@ -370,11 +373,12 @@ public class TagResource {
String categoryName, String categoryName,
@Valid CreateTagCategory create) @Valid CreateTagCategory create)
throws IOException { throws IOException {
OperationContext operationContext = new OperationContext(Entity.TAG_CATEGORY, MetadataOperation.EDIT_ALL);
ResourceContext resourceContext =
EntityResource.getResourceContext(Entity.TAG_CATEGORY, daoCategory).name(categoryName).build();
authorizer.authorize(securityContext, operationContext, resourceContext);
TagCategory category = getTagCategory(securityContext, create); TagCategory category = getTagCategory(securityContext, create);
ResourceContext resourceContext =
EntityResource.getResourceContext(TAG_CATEGORY, daoCategory).name(categoryName).build();
OperationContext operationContext = new OperationContext(TAG_CATEGORY, createOrUpdateOperation(resourceContext));
authorizer.authorize(securityContext, operationContext, resourceContext);
// TODO clean this up // TODO clean this up
if (categoryName.equals(create.getName())) { // Not changing the name if (categoryName.equals(create.getName())) { // Not changing the name
category = addHref(uriInfo, daoCategory.createOrUpdate(uriInfo, category).getEntity()); category = addHref(uriInfo, daoCategory.createOrUpdate(uriInfo, category).getEntity());
@ -409,8 +413,8 @@ public class TagResource {
throws IOException { throws IOException {
Tag tag = getTag(securityContext, create, FullyQualifiedName.build(categoryName)); Tag tag = getTag(securityContext, create, FullyQualifiedName.build(categoryName));
OperationContext operationContext = new OperationContext(Entity.TAG, MetadataOperation.EDIT_ALL); ResourceContext resourceContext = EntityResource.getResourceContext(TAG, dao).name(categoryName).build();
ResourceContext resourceContext = EntityResource.getResourceContext(Entity.TAG, dao).name(categoryName).build(); OperationContext operationContext = new OperationContext(TAG, createOrUpdateOperation(resourceContext));
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, categoryName); URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, categoryName);
@ -455,10 +459,14 @@ public class TagResource {
String secondaryTag, String secondaryTag,
@Valid CreateTag create) @Valid CreateTag create)
throws IOException { throws IOException {
authorizer.authorizeAdmin(securityContext);
Tag tag = getTag(securityContext, create, FullyQualifiedName.build(categoryName, primaryTag)); Tag tag = getTag(securityContext, create, FullyQualifiedName.build(categoryName, primaryTag));
URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, categoryName);
URI parentHRef = RestUtil.getHref(categoryHref, primaryTag); // If entity does not exist, this is a create operation, else update operation
ResourceContext resourceContext =
EntityResource.getResourceContext(TAG, dao).name(tag.getFullyQualifiedName()).build();
OperationContext operationContext = new OperationContext(TAG, createOrUpdateOperation(resourceContext));
authorizer.authorize(securityContext, operationContext, resourceContext);
RestUtil.PutResponse<?> response; RestUtil.PutResponse<?> response;
// TODO clean this up // TODO clean this up
if (secondaryTag.equals(create.getName())) { // Not changing the name if (secondaryTag.equals(create.getName())) { // Not changing the name
@ -468,6 +476,9 @@ public class TagResource {
getTag(securityContext, create, FullyQualifiedName.build(categoryName, primaryTag)).withName(secondaryTag); getTag(securityContext, create, FullyQualifiedName.build(categoryName, primaryTag)).withName(secondaryTag);
response = dao.createOrUpdate(uriInfo, origTag, tag); response = dao.createOrUpdate(uriInfo, origTag, tag);
} }
URI categoryHref = RestUtil.getHref(uriInfo, TAG_COLLECTION_PATH, categoryName);
URI parentHRef = RestUtil.getHref(categoryHref, primaryTag);
addHref(parentHRef, (Tag) response.getEntity()); addHref(parentHRef, (Tag) response.getEntity());
return response.toResponse(); return response.toResponse();
} }
@ -484,9 +495,8 @@ public class TagResource {
@Context SecurityContext securityContext, @Context SecurityContext securityContext,
@Parameter(description = "Tag category id", schema = @Schema(type = "UUID")) @PathParam("id") UUID id) @Parameter(description = "Tag category id", schema = @Schema(type = "UUID")) @PathParam("id") UUID id)
throws IOException { throws IOException {
OperationContext operationContext = new OperationContext(Entity.TAG_CATEGORY, MetadataOperation.EDIT_ALL); OperationContext operationContext = new OperationContext(TAG_CATEGORY, MetadataOperation.DELETE);
ResourceContext resourceContext = ResourceContext resourceContext = EntityResource.getResourceContext(TAG_CATEGORY, daoCategory).id(id).build();
EntityResource.getResourceContext(Entity.TAG_CATEGORY, daoCategory).id(id).build();
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
TagCategory tagCategory = daoCategory.delete(uriInfo, id); TagCategory tagCategory = daoCategory.delete(uriInfo, id);
addHref(uriInfo, tagCategory); addHref(uriInfo, tagCategory);
@ -506,8 +516,8 @@ public class TagResource {
@Parameter(description = "Tag id", schema = @Schema(type = "string")) @PathParam("category") String category, @Parameter(description = "Tag id", schema = @Schema(type = "string")) @PathParam("category") String category,
@Parameter(description = "Tag id", schema = @Schema(type = "UUID")) @PathParam("id") UUID id) @Parameter(description = "Tag id", schema = @Schema(type = "UUID")) @PathParam("id") UUID id)
throws IOException { throws IOException {
OperationContext operationContext = new OperationContext(Entity.TAG, MetadataOperation.EDIT_ALL); OperationContext operationContext = new OperationContext(TAG, MetadataOperation.DELETE);
ResourceContext resourceContext = EntityResource.getResourceContext(Entity.TAG, dao).id(id).build(); ResourceContext resourceContext = EntityResource.getResourceContext(TAG, dao).id(id).build();
authorizer.authorize(securityContext, operationContext, resourceContext); authorizer.authorize(securityContext, operationContext, resourceContext);
Tag tag = dao.delete(uriInfo, id); Tag tag = dao.delete(uriInfo, id);

6
openmetadata-service/src/main/java/org/openmetadata/service/resources/teams/UserResource.java
View File

@ -19,8 +19,6 @@ import static org.openmetadata.schema.api.teams.CreateUser.CreatePasswordType.AD
import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.SELF; import static org.openmetadata.schema.auth.ChangePasswordRequest.RequestType.SELF;
import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.BASIC; import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.BASIC;
import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.JWT; import static org.openmetadata.schema.entity.teams.AuthenticationMechanism.AuthType.JWT;
import static org.openmetadata.schema.type.MetadataOperation.CREATE;
import static org.openmetadata.schema.type.MetadataOperation.EDIT_ALL;
import static org.openmetadata.service.exception.CatalogExceptionMessage.EMAIL_SENDING_ISSUE; import static org.openmetadata.service.exception.CatalogExceptionMessage.EMAIL_SENDING_ISSUE;
import at.favre.lib.crypto.bcrypt.BCrypt; import at.favre.lib.crypto.bcrypt.BCrypt;
@ -522,7 +520,6 @@ public class UserResource extends EntityResource<User, UserRepository> {
// If entity does not exist, this is a create operation, else update operation // If entity does not exist, this is a create operation, else update operation
ResourceContext resourceContext = getResourceContextByName(user.getFullyQualifiedName()); ResourceContext resourceContext = getResourceContextByName(user.getFullyQualifiedName());
MetadataOperation operation = resourceContext.getEntity() == null ? CREATE : EDIT_ALL;
dao.prepare(user); dao.prepare(user);
if (Boolean.TRUE.equals(create.getIsAdmin()) || Boolean.TRUE.equals(create.getIsBot())) { if (Boolean.TRUE.equals(create.getIsAdmin()) || Boolean.TRUE.equals(create.getIsBot())) {
@ -530,7 +527,8 @@ public class UserResource extends EntityResource<User, UserRepository> {
} else if (!securityContext.getUserPrincipal().getName().equals(user.getName())) { } else if (!securityContext.getUserPrincipal().getName().equals(user.getName())) {
// doing authorization check outside of authorizer here. We are checking if the logged-in user same as the user // doing authorization check outside of authorizer here. We are checking if the logged-in user same as the user
// we are trying to update. One option is to set users.owner as user, however that is not supported for User. // we are trying to update. One option is to set users.owner as user, however that is not supported for User.
OperationContext createOperationContext = new OperationContext(entityType, operation); OperationContext createOperationContext =
new OperationContext(entityType, EntityUtil.createOrUpdateOperation(resourceContext));
authorizer.authorize(securityContext, createOperationContext, resourceContext); authorizer.authorize(securityContext, createOperationContext, resourceContext);
} }
if (Boolean.TRUE.equals(create.getIsBot())) { // TODO expect bot to be created separately if (Boolean.TRUE.equals(create.getIsBot())) { // TODO expect bot to be created separately

5
openmetadata-service/src/main/java/org/openmetadata/service/util/EntityUtil.java
View File

@ -70,6 +70,7 @@ import org.openmetadata.service.jdbi3.CollectionDAO.EntityRelationshipRecord;
import org.openmetadata.service.jdbi3.CollectionDAO.EntityVersionPair; import org.openmetadata.service.jdbi3.CollectionDAO.EntityVersionPair;
import org.openmetadata.service.jdbi3.CollectionDAO.UsageDAO; import org.openmetadata.service.jdbi3.CollectionDAO.UsageDAO;
import org.openmetadata.service.resources.feeds.MessageParser.EntityLink; import org.openmetadata.service.resources.feeds.MessageParser.EntityLink;
import org.openmetadata.service.security.policyevaluator.ResourceContext;
@Slf4j @Slf4j
public final class EntityUtil { public final class EntityUtil {
@ -461,4 +462,8 @@ public final class EntityUtil {
FieldChange fieldChange = new FieldChange().withName(fieldName).withOldValue(oldValue).withNewValue(newValue); FieldChange fieldChange = new FieldChange().withName(fieldName).withOldValue(oldValue).withNewValue(newValue);
change.getFieldsUpdated().add(fieldChange); change.getFieldsUpdated().add(fieldChange);
} }
public static MetadataOperation createOrUpdateOperation(ResourceContext resourceContext) throws IOException {
return resourceContext.getEntity() == null ? MetadataOperation.CREATE : MetadataOperation.EDIT_ALL;
}
} }