yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-12 17:26:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

issue-18099: Edit Lineage Operation not working with isOwner() condition (#19070)

Browse Source
This commit is contained in:
Sriharsha Chintalapani 2024-12-19 20:01:04 -08:00 committed by Pablo Takara
parent 9cec8c5190
commit f641788c81
No known key found for this signature in database
GPG Key ID: 63381DDFBB2BF725
2 changed files with 38 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
openmetadata-service/src/main/java/org/openmetadata/service/resources/lineage/LineageResource.java
View File

@ -60,6 +60,7 @@ import org.openmetadata.service.jdbi3.LineageRepository;
import org.openmetadata.service.resources.Collection; import org.openmetadata.service.resources.Collection;
import org.openmetadata.service.security.Authorizer; import org.openmetadata.service.security.Authorizer;
import org.openmetadata.service.security.policyevaluator.OperationContext; import org.openmetadata.service.security.policyevaluator.OperationContext;
import org.openmetadata.service.security.policyevaluator.ResourceContext;
import org.openmetadata.service.security.policyevaluator.ResourceContextInterface; import org.openmetadata.service.security.policyevaluator.ResourceContextInterface;
import org.openmetadata.service.util.AsyncService; import org.openmetadata.service.util.AsyncService;
import org.openmetadata.service.util.CSVExportMessage; import org.openmetadata.service.util.CSVExportMessage;
@ -349,8 +350,20 @@ public class LineageResource {
@Valid AddLineage addLineage) { @Valid AddLineage addLineage) {
authorizer.authorize( authorizer.authorize(
securityContext, securityContext,
new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE), new OperationContext(
new LineageResourceContext()); addLineage.getEdge().getFromEntity().getType(), MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(
addLineage.getEdge().getFromEntity().getType(),
addLineage.getEdge().getFromEntity().getId(),
addLineage.getEdge().getFromEntity().getName()));
authorizer.authorize(
securityContext,
new OperationContext(
addLineage.getEdge().getToEntity().getType(), MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(
addLineage.getEdge().getToEntity().getType(),
addLineage.getEdge().getToEntity().getId(),
addLineage.getEdge().getToEntity().getName()));
dao.addLineage(addLineage); dao.addLineage(addLineage);
return Response.status(Status.OK).build(); return Response.status(Status.OK).build();
} }
@ -426,8 +439,12 @@ public class LineageResource {
JsonPatch patch) { JsonPatch patch) {
authorizer.authorize( authorizer.authorize(
securityContext, securityContext,
new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE), new OperationContext(fromEntity, MetadataOperation.EDIT_LINEAGE),
new LineageResourceContext()); new ResourceContext<>(fromEntity, fromId, null));
authorizer.authorize(
securityContext,
new OperationContext(toEntity, MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(toEntity, toId, null));
return dao.patchLineageEdge(fromEntity, fromId, toEntity, toId, patch); return dao.patchLineageEdge(fromEntity, fromId, toEntity, toId, patch);
} }
@ -467,8 +484,12 @@ public class LineageResource {
String toId) { String toId) {
authorizer.authorize( authorizer.authorize(
securityContext, securityContext,
new OperationContext(LINEAGE_FIELD, MetadataOperation.EDIT_LINEAGE), new OperationContext(fromEntity, MetadataOperation.EDIT_LINEAGE),
new LineageResourceContext()); new ResourceContext<>(fromEntity, UUID.fromString(fromId), null));
authorizer.authorize(
securityContext,
new OperationContext(toEntity, MetadataOperation.EDIT_LINEAGE),
new ResourceContext<>(toEntity, UUID.fromString(toId), null));
boolean deleted = dao.deleteLineage(fromEntity, fromId, toEntity, toId); boolean deleted = dao.deleteLineage(fromEntity, fromId, toEntity, toId);
if (!deleted) { if (!deleted) {

20
openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/RuleEvaluator.java
View File

@ -144,15 +144,17 @@ public class RuleEvaluator {
return false; return false;
} }
List<TagLabel> tags = resourceContext.getTags(); List<TagLabel> tags = resourceContext.getTags();
LOG.debug( if (!nullOrEmpty(tags)) {
"matchAnyTag {} resourceTags {}", LOG.debug(
Arrays.toString(tagFQNs), "matchAnyTag {} resourceTags {}",
Arrays.toString(tags.toArray())); Arrays.toString(tagFQNs),
for (String tagFQN : tagFQNs) { Arrays.toString(tags.toArray()));
TagLabel found = for (String tagFQN : tagFQNs) {
tags.stream().filter(t -> t.getTagFQN().equals(tagFQN)).findAny().orElse(null); TagLabel found =
if (found != null) { tags.stream().filter(t -> t.getTagFQN().equals(tagFQN)).findAny().orElse(null);
return true; if (found != null) {
return true;
}
} }
} }
return false; return false;