yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-11-16 03:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add new permission for managing asset summary (#14627)

Browse Source 
Co-authored-by: Chris Collins <chriscollins3456@gmail.com>
This commit is contained in:
purnimagarg1 2025-09-04 19:51:01 +05:30 committed by GitHub
parent fe655cc255
commit 94c56decdc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 42 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/authorization/AuthorizationUtils.java
View File

@ -419,5 +419,17 @@ public class AuthorizationUtils {
new EntitySpec(resourceUrn.getEntityType(), resourceUrn.toString())); new EntitySpec(resourceUrn.getEntityType(), resourceUrn.toString()));
} }
public static boolean canManageAssetSummary(@Nonnull QueryContext context, @Nonnull Urn urn) {
final DisjunctivePrivilegeGroup orPrivilegeGroups =
new DisjunctivePrivilegeGroup(
ImmutableList.of(
ALL_PRIVILEGES_GROUP,
new ConjunctivePrivilegeGroup(
ImmutableList.of(PoliciesConfig.MANAGE_ASSET_SUMMARY_PRIVILEGE.getType()))));
return AuthorizationUtils.isAuthorized(
context, urn.getEntityType(), urn.toString(), orPrivilegeGroups);
}
private AuthorizationUtils() {} private AuthorizationUtils() {}
} }

1
datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/entity/EntityPrivilegesResolver.java
View File

@ -181,5 +181,6 @@ public class EntityPrivilegesResolver implements DataFetcher<CompletableFuture<E
result.setCanEditOwners(OwnerUtils.isAuthorizedToUpdateOwners(context, urn)); result.setCanEditOwners(OwnerUtils.isAuthorizedToUpdateOwners(context, urn));
result.setCanEditDescription(DescriptionUtils.isAuthorizedToUpdateDescription(context, urn)); result.setCanEditDescription(DescriptionUtils.isAuthorizedToUpdateDescription(context, urn));
result.setCanEditLinks(LinkUtils.isAuthorizedToUpdateLinks(context, urn)); result.setCanEditLinks(LinkUtils.isAuthorizedToUpdateLinks(context, urn));
result.setCanManageAssetSummary(AuthorizationUtils.canManageAssetSummary(context, urn));
} }
} }

5
datahub-graphql-core/src/main/resources/auth.graphql
View File

@ -363,6 +363,11 @@ type EntityPrivileges {
Whether the user can view dataset operations Whether the user can view dataset operations
""" """
canViewDatasetOperations: Boolean canViewDatasetOperations: Boolean
"""
Whether the user can manage asset summary
"""
canManageAssetSummary: Boolean
} }
""" """

1
datahub-web-react/src/Mocks.tsx
View File

@ -85,6 +85,7 @@ export const entityPrivileges: EntityPrivileges = {
canViewDatasetUsage: true, canViewDatasetUsage: true,
canViewDatasetProfile: true, canViewDatasetProfile: true,
canViewDatasetOperations: true, canViewDatasetOperations: true,
canManageAssetSummary: true,
__typename: 'EntityPrivileges', __typename: 'EntityPrivileges',
}; };

6
datahub-web-react/src/app/entityV2/summary/properties/PropertiesHeader.tsx
View File

@ -1,11 +1,13 @@
import React from 'react'; import React from 'react';
import { useEntityData } from '@app/entity/shared/EntityContext';
import PropertiesWithDividerWrapper from '@app/entityV2/summary/properties/PropertiesWithDividerWrapper'; import PropertiesWithDividerWrapper from '@app/entityV2/summary/properties/PropertiesWithDividerWrapper';
import AssetPropertiesProvider from '@app/entityV2/summary/properties/context/AssetPropertiesProvider'; import AssetPropertiesProvider from '@app/entityV2/summary/properties/context/AssetPropertiesProvider';
export default function PropertiesHeader() { export default function PropertiesHeader() {
// TODO: use permissions const { entityData } = useEntityData();
const editable = true;
const editable = !!entityData?.privileges?.canManageAssetSummary;
return ( return (
<AssetPropertiesProvider editable={editable}> <AssetPropertiesProvider editable={editable}>

1
datahub-web-react/src/graphql/fragments.graphql
View File

@ -1795,6 +1795,7 @@ fragment entityPrivileges on EntityPrivileges {
canViewDatasetUsage canViewDatasetUsage
canViewDatasetProfile canViewDatasetProfile
canViewDatasetOperations canViewDatasetOperations
canManageAssetSummary
} }
fragment businessAttribute on BusinessAttributeAssociation { fragment businessAttribute on BusinessAttributeAssociation {

14
metadata-service/war/src/main/resources/boot/policies.json
View File

@ -80,7 +80,8 @@
"MANAGE_GLOBAL_OWNERSHIP_TYPES", "MANAGE_GLOBAL_OWNERSHIP_TYPES",
"DELETE_ENTITY", "DELETE_ENTITY",
"ES_EXPLAIN_QUERY_PRIVILEGE", "ES_EXPLAIN_QUERY_PRIVILEGE",
"EXECUTE_ENTITY" "EXECUTE_ENTITY",
"MANAGE_ASSET_SUMMARY"
], ],
"displayName": "Root User - Edit and View All Resources", "displayName": "Root User - Edit and View All Resources",
"description": "Grants all edit and view privileges for all resources to root user.", "description": "Grants all edit and view privileges for all resources to root user.",
@ -259,7 +260,9 @@
"DELETE_ENTITY", "DELETE_ENTITY",
"ES_EXPLAIN_QUERY_PRIVILEGE", "ES_EXPLAIN_QUERY_PRIVILEGE",
"EDIT_ENTITY_PROPERTIES", "EDIT_ENTITY_PROPERTIES",
"EXECUTE_ENTITY" "EXECUTE_ENTITY",
"MANAGE_ASSET_SUMMARY"
], ],
"displayName": "Admins - Metadata Policy", "displayName": "Admins - Metadata Policy",
"description": "Admins have all metadata privileges.", "description": "Admins have all metadata privileges.",
@ -344,7 +347,9 @@
"MANAGE_DATA_PRODUCTS", "MANAGE_DATA_PRODUCTS",
"ES_EXPLAIN_QUERY_PRIVILEGE", "ES_EXPLAIN_QUERY_PRIVILEGE",
"EDIT_ENTITY_PROPERTIES", "EDIT_ENTITY_PROPERTIES",
"VIEW_STRUCTURED_PROPERTIES_PAGE" "VIEW_STRUCTURED_PROPERTIES_PAGE",
"MANAGE_ASSET_SUMMARY"
], ],
"displayName": "Editors - Metadata Policy", "displayName": "Editors - Metadata Policy",
"description": "Editors have all metadata privileges.", "description": "Editors have all metadata privileges.",
@ -499,7 +504,8 @@
"GET_COUNTS_PRIVILEGE", "GET_COUNTS_PRIVILEGE",
"MANAGE_DATA_PRODUCTS", "MANAGE_DATA_PRODUCTS",
"ES_EXPLAIN_QUERY_PRIVILEGE", "ES_EXPLAIN_QUERY_PRIVILEGE",
"EDIT_ENTITY_PROPERTIES" "EDIT_ENTITY_PROPERTIES",
"MANAGE_ASSET_SUMMARY"
], ],
"displayName": "Asset Owners - Metadata Policy", "displayName": "Asset Owners - Metadata Policy",
"description": "Asset Owners have all metadata privileges ONLY for assets they own.", "description": "Asset Owners have all metadata privileges ONLY for assets they own.",

9
metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java
View File

@ -388,6 +388,12 @@ public class PoliciesConfig {
"Create erModelRelationship", "Create erModelRelationship",
"The ability to add erModelRelationship on a dataset."); "The ability to add erModelRelationship on a dataset.");
public static final Privilege MANAGE_ASSET_SUMMARY_PRIVILEGE =
Privilege.of(
"MANAGE_ASSET_SUMMARY",
"Manage Asset Summary",
"The ability to manage the asset summary tab for an entity.");
public static final List<Privilege> COMMON_ENTITY_PRIVILEGES = public static final List<Privilege> COMMON_ENTITY_PRIVILEGES =
ImmutableList.of( ImmutableList.of(
VIEW_ENTITY_PAGE_PRIVILEGE, VIEW_ENTITY_PAGE_PRIVILEGE,
@ -406,7 +412,8 @@ public class PoliciesConfig {
EDIT_ENTITY_PROPERTIES_PRIVILEGE, EDIT_ENTITY_PROPERTIES_PRIVILEGE,
EDIT_ENTITY_INCIDENTS_PRIVILEGE, EDIT_ENTITY_INCIDENTS_PRIVILEGE,
CREATE_ENTITY_PRIVILEGE, CREATE_ENTITY_PRIVILEGE,
EXISTS_ENTITY_PRIVILEGE); EXISTS_ENTITY_PRIVILEGE,
MANAGE_ASSET_SUMMARY_PRIVILEGE);
// Dataset Privileges // Dataset Privileges
public static final Privilege EDIT_DATASET_COL_TAGS_PRIVILEGE = public static final Privilege EDIT_DATASET_COL_TAGS_PRIVILEGE =