yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-11 16:58:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

issue-18099: Edit Lineage Operation not working with isOwner() condition (#19070)

Browse Source
This commit is contained in:
Sriharsha Chintalapani 2024-12-19 20:01:04 -08:00 committed by Pablo Takara
parent 9cec8c5190
commit f641788c81
No known key found for this signature in database
GPG Key ID: 63381DDFBB2BF725
2 changed files with 38 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
openmetadata-service/src/main/java/org/openmetadata/service/resources/lineage/LineageResource.java
View File

@ -60,6 +60,7 @@ import org.openmetadata.service.jdbi3.LineageRepository;
import org.openmetadata.service.resources.Collection;
import org.openmetadata.service.security.Authorizer;
import org.openmetadata.service.security.policyevaluator.OperationContext;
import org.openmetadata.service.security.policyevaluator.ResourceContext;
import org.openmetadata.service.security.policyevaluator.ResourceContextInterface;
import org.openmetadata.service.util.AsyncService;
import org.openmetadata.service.util.CSVExportMessage;
@ -349,8 +350,20 @@ public class LineageResource {
@Valid AddLineage addLineage) {
authorizer.authorize(
securityContext,
new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE),
new LineageResourceContext());
new OperationContext(
addLineage.getEdge().getFromEntity().getType(), MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(
addLineage.getEdge().getFromEntity().getType(),
addLineage.getEdge().getFromEntity().getId(),
addLineage.getEdge().getFromEntity().getName()));
authorizer.authorize(
securityContext,
new OperationContext(
addLineage.getEdge().getToEntity().getType(), MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(
addLineage.getEdge().getToEntity().getType(),
addLineage.getEdge().getToEntity().getId(),
addLineage.getEdge().getToEntity().getName()));
dao.addLineage(addLineage);
return Response.status(Status.OK).build();
}
@ -426,8 +439,12 @@ public class LineageResource {
JsonPatch patch) {
authorizer.authorize(
securityContext,
new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE),
new LineageResourceContext());
new OperationContext(fromEntity, MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(fromEntity, fromId, null));
authorizer.authorize(
securityContext,
new OperationContext(toEntity, MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(toEntity, toId, null));
return dao.patchLineageEdge(fromEntity, fromId, toEntity, toId, patch);
}
@ -467,8 +484,12 @@ public class LineageResource {
String toId) {
authorizer.authorize(
securityContext,
new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE),
new LineageResourceContext());
new OperationContext(fromEntity, MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(fromEntity, UUID.fromString(fromId), null));
authorizer.authorize(
securityContext,
new OperationContext(toEntity, MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(toEntity, UUID.fromString(toId), null));
boolean deleted = dao.deleteLineage(fromEntity, fromId, toEntity, toId);
if (!deleted) {

20
openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/RuleEvaluator.java
View File

@ -144,15 +144,17 @@ public class RuleEvaluator {
return false;
}
List<TagLabel> tags = resourceContext.getTags();
LOG.debug(
"matchAnyTag {} resourceTags {}",
Arrays.toString(tagFQNs),
Arrays.toString(tags.toArray()));
for (String tagFQN : tagFQNs) {
TagLabel found =
tags.stream().filter(t -> t.getTagFQN().equals(tagFQN)).findAny().orElse(null);
if (found != null) {
return true;
if (!nullOrEmpty(tags)) {
LOG.debug(
"matchAnyTag {} resourceTags {}",
Arrays.toString(tagFQNs),
Arrays.toString(tags.toArray()));
for (String tagFQN : tagFQNs) {
TagLabel found =
tags.stream().filter(t -> t.getTagFQN().equals(tagFQN)).findAny().orElse(null);
if (found != null) {
return true;
}
}
}
return false;