yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-12 18:47:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(auth): admin role missing privileges (#13337)

Browse Source
This commit is contained in:
Aseem Bansal 2025-04-28 11:42:41 +05:30 committed by GitHub
parent 894655622d
commit 1de63cc817
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/scripts/check_policies.py vendored
View File

@ -13,10 +13,22 @@ without_info = []
metadata_privileges = set()
platform_privileges = set()
root_user_platform_policy_privileges = set()
root_user_all_privileges = set()
admin_role_platform_privileges = set()
admin_role_all_privileges = set()
for policy in all_policies:
urn = policy["urn"]
if urn == "urn:li:dataHubPolicy:0":
root_user_platform_policy_privileges = policy["info"]["privileges"]
root_user_all_privileges.update(set(root_user_platform_policy_privileges))
elif urn == "urn:li:dataHubPolicy:1":
root_user_all_privileges.update(set(policy["info"]["privileges"]))
elif urn == "urn:li:dataHubPolicy:admin-platform-policy":
admin_role_platform_privileges = policy["info"]["privileges"]
admin_role_all_privileges.update(set(admin_role_platform_privileges))
elif urn == "urn:li:dataHubPolicy:admin-metadata-policy":
admin_role_all_privileges.update(set(policy["info"]["privileges"]))
elif urn == "urn:li:dataHubPolicy:editor-platform-policy":
editor_platform_policy_privileges = policy["info"]["privileges"]
elif urn == "urn:li:dataHubPolicy:7":
@ -54,6 +66,16 @@ diff_policies = set(platform_privileges).difference(
)
assert len(diff_policies) == 0, f"Missing privileges for root user are {diff_policies}"
diff_root_user_admin_role = set(
root_user_platform_policy_privileges
).difference(set(admin_role_platform_privileges))
assert len(diff_root_user_admin_role) == 0, f"Missing privileges for admin role are {diff_root_user_admin_role}"
diff_root_user_admin_role_all = set(
root_user_all_privileges
).difference(set(admin_role_all_privileges))
assert len(diff_root_user_admin_role_all) == 0, f"Missing privileges for admin role are {diff_root_user_admin_role_all}"
# All users privileges checks
assert "MANAGE_POLICIES" not in all_user_platform_policy_privileges
assert "MANAGE_USERS_AND_GROUPS" not in all_user_platform_policy_privileges

4
metadata-service/war/src/main/resources/boot/policies.json
View File

@ -193,7 +193,9 @@
"MANAGE_STRUCTURED_PROPERTIES",
"VIEW_STRUCTURED_PROPERTIES_PAGE",
"MANAGE_DOCUMENTATION_FORMS",
"MANAGE_FEATURES"
"MANAGE_FEATURES",
"MANAGE_SYSTEM_OPERATIONS",
"GET_PLATFORM_EVENTS"
],
"displayName": "Admins - Platform Policy",
"description": "Admins have all platform privileges.",