yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-04 22:52:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(operations): fix authorizer on operations controller (#10701)

Browse Source
This commit is contained in:
david-leifker 2024-06-13 14:32:40 -05:00 committed by GitHub
parent 6329153e36
commit 50ab79e7cc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
metadata-service/openapi-servlet/src/main/java/io/datahubproject/openapi/operations/elastic/OperationsController.java
View File

@ -3,7 +3,7 @@ package io.datahubproject.openapi.operations.elastic;
import com.datahub.authentication.Authentication;
import com.datahub.authentication.AuthenticationContext;
import com.datahub.authorization.AuthUtil;
import com.datahub.plugins.auth.authorization.Authorizer;
import com.datahub.authorization.AuthorizerChain;
import com.linkedin.common.urn.UrnUtils;
import com.linkedin.metadata.authorization.PoliciesConfig;
import com.linkedin.metadata.entity.EntityService;
@ -54,7 +54,7 @@ import org.springframework.web.bind.annotation.RestController;
name = "ElasticSearchOperations",
description = "An API for managing your elasticsearch instance")
public class OperationsController {
private final Authorizer authorizerChain;
private final AuthorizerChain authorizerChain;
private final OperationContext systemOperationContext;
private final SystemMetadataService systemMetadataService;
private final TimeseriesAspectService timeseriesAspectService;
@ -66,9 +66,10 @@ public class OperationsController {
SystemMetadataService systemMetadataService,
TimeseriesAspectService timeseriesAspectService,
EntitySearchService searchService,
EntityService<?> entityService) {
EntityService<?> entityService,
AuthorizerChain authorizerChain) {
this.systemOperationContext = systemOperationContext;
this.authorizerChain = systemOperationContext.getAuthorizerContext().getAuthorizer();
this.authorizerChain = authorizerChain;
this.systemMetadataService = systemMetadataService;
this.timeseriesAspectService = timeseriesAspectService;
this.searchService = searchService;
@ -229,7 +230,7 @@ public class OperationsController {
if (!AuthUtil.isAPIAuthorized(
authentication, authorizerChain, PoliciesConfig.ES_EXPLAIN_QUERY_PRIVILEGE)) {
log.error("{} is not authorized to get timeseries index sizes", actorUrnStr);
log.error("{} is not authorized to get explain queries", actorUrnStr);
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
}
OperationContext opContext =