Java源码示例:org.apache.kylin.rest.security.AclPermission
示例1
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
示例2
@Test
public void testGetAndValidateIdentifiers() throws IOException {
RootPersistentEntity ae = accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b");
accessService.init(ae, AclPermission.ADMINISTRATION);
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("u1", true));
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("g1", false));
Assert.assertEquals(Lists.newArrayList("ADMIN", "u1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_USER)));
Assert.assertEquals(Lists.newArrayList("g1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_GROUP)));
validateUtil.validateIdentifiers(PROJECT, "u1", TYPE_USER);
try {
validateUtil.validateIdentifiers(PROJECT, NOT_EXISTS, TYPE_USER);
Assert.fail();
} catch (Exception e) {
Assert.assertEquals("Operation failed, user:not_exists not exists in project.", e.getMessage());
}
}
示例3
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
Message msg = MsgPicker.getMsg();
String projectName = newProject.getName();
String description = newProject.getDescription();
LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();
ProjectInstance currentProject = getProjectManager().getProject(projectName);
if (currentProject != null) {
throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
overrideProps);
accessService.init(createdProject, AclPermission.ADMINISTRATION);
logger.debug("New project created.");
return createdProject;
}
示例4
@Test
public void testBatchUpsertAce() {
switchToAdmin();
ObjectIdentity oid = oid("acl");
MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
aclService.batchUpsertAce(acl, sidToPerm);
for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
List<AccessControlEntry> e = a.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
}
示例5
@Test
public void testGetAndValidateIdentifiers() throws IOException {
RootPersistentEntity ae = accessService.getAclEntity("ProjectInstance", "1eaca32a-a33e-4b69-83dd-0bb8b1f8c91b");
accessService.init(ae, AclPermission.ADMINISTRATION);
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("u1", true));
accessService.grant(ae, AclPermission.ADMINISTRATION, accessService.getSid("g1", false));
Assert.assertEquals(Lists.newArrayList("ADMIN", "u1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_USER)));
Assert.assertEquals(Lists.newArrayList("g1"),
Lists.newArrayList(validateUtil.getAllIdentifiersInPrj(PROJECT, TYPE_GROUP)));
validateUtil.validateIdentifiers(PROJECT, "u1", TYPE_USER);
try {
validateUtil.validateIdentifiers(PROJECT, NOT_EXISTS, TYPE_USER);
Assert.fail();
} catch (Exception e) {
Assert.assertEquals("Operation failed, user:not_exists not exists in project.", e.getMessage());
}
}
示例6
@PreAuthorize(Constant.ACCESS_HAS_ROLE_ADMIN)
public ProjectInstance createProject(ProjectInstance newProject) throws IOException {
Message msg = MsgPicker.getMsg();
String projectName = newProject.getName();
String description = newProject.getDescription();
LinkedHashMap<String, String> overrideProps = newProject.getOverrideKylinProps();
ProjectInstance currentProject = getProjectManager().getProject(projectName);
if (currentProject != null) {
throw new BadRequestException(String.format(Locale.ROOT, msg.getPROJECT_ALREADY_EXIST(), projectName));
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description,
overrideProps);
accessService.init(createdProject, AclPermission.ADMINISTRATION);
logger.debug("New project created.");
return createdProject;
}
示例7
@Test
public void testRevokeProjectPermission() throws IOException {
List<ProjectInstance> projects = projectService.listProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
PrincipalSid sid = new PrincipalSid("ANALYST");
RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
示例8
@Test
public void testBatchGrant() {
AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
accessService.batchGrant(ae, sidToPerm);
MutableAclRecord acl = accessService.getAcl(ae);
List<AccessControlEntry> e = acl.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
示例9
@Ignore
@Test
public void test100000Entries() throws JsonProcessingException {
MockAclEntity ae = new MockAclEntity("100000Entries");
long time = System.currentTimeMillis();
for (int i = 0; i < 100000; i++) {
if (i % 10 == 0) {
long now = System.currentTimeMillis();
System.out.println((now - time) + " ms for last 10 entries, total " + i);
time = now;
}
Sid sid = accessService.getSid("USER" + i, true);
accessService.grant(ae, AclPermission.OPERATION, sid);
}
}
示例10
@Test
public void testRevokeProjectPermission() throws IOException {
List<ProjectInstance> projects = projectService.listProjects(10000, 0);
assertTrue(projects.size() > 0);
ProjectInstance project = projects.get(0);
PrincipalSid sid = new PrincipalSid("ANALYST");
RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid());
accessService.grant(ae, AclPermission.ADMINISTRATION, sid);
Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER);
Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
}
示例11
@Test
public void testBatchGrant() {
AclEntity ae = new AclServiceTest.MockAclEntity("batch-grant");
final Map<Sid, Permission> sidToPerm = new HashMap<>();
for (int i = 0; i < 10; i++) {
sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
}
accessService.batchGrant(ae, sidToPerm);
MutableAclRecord acl = accessService.getAcl(ae);
List<AccessControlEntry> e = acl.getEntries();
Assert.assertEquals(10, e.size());
for (int i = 0; i < e.size(); i++) {
Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
}
}
示例12
@Ignore
@Test
public void test100000Entries() throws JsonProcessingException {
MockAclEntity ae = new MockAclEntity("100000Entries");
long time = System.currentTimeMillis();
for (int i = 0; i < 100000; i++) {
if (i % 10 == 0) {
long now = System.currentTimeMillis();
System.out.println((now - time) + " ms for last 10 entries, total " + i);
time = now;
}
Sid sid = accessService.getSid("USER" + i, true);
accessService.grant(ae, AclPermission.OPERATION, sid);
}
}
示例13
public ProjectInstance createProject(CreateProjectRequest projectRequest) throws IOException {
String projectName = projectRequest.getName();
String description = projectRequest.getDescription();
ProjectInstance currentProject = getProjectManager().getProject(projectName);
if (currentProject != null) {
throw new InternalErrorException("The project named " + projectName + " already exists");
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
ProjectInstance createdProject = getProjectManager().createProject(projectName, owner, description);
accessService.init(createdProject, AclPermission.ADMINISTRATION);
logger.debug("New project created.");
return createdProject;
}
示例14
@Override
public List<Pair<String, AclPermission>> getAcl(String entityType, String entityUuid) {
// No need to implement
return null;
}
示例15
@Override
public List<Pair<String, AclPermission>> getAcl(String entityType, String entityUuid) {
// No need to implement
return null;
}
示例16
public CubeInstance createCubeAndDesc(String cubeName, String projectName, CubeDesc desc) throws IOException {
if (getCubeManager().getCube(cubeName) != null) {
throw new InternalErrorException("The cube named " + cubeName + " already exists");
}
String owner = SecurityContextHolder.getContext().getAuthentication().getName();
CubeDesc createdDesc = null;
CubeInstance createdCube = null;
boolean isNew = false;
if (getCubeDescManager().getCubeDesc(desc.getName()) == null) {
createdDesc = getCubeDescManager().createCubeDesc(desc);
isNew = true;
} else {
createdDesc = getCubeDescManager().updateCubeDesc(desc);
}
if (!createdDesc.getError().isEmpty()) {
if (isNew) {
getCubeDescManager().removeCubeDesc(createdDesc);
}
throw new InternalErrorException(createdDesc.getError().get(0));
}
try {
int cuboidCount = CuboidCLI.simulateCuboidGeneration(createdDesc);
logger.info("New cube " + cubeName + " has " + cuboidCount + " cuboids");
} catch (Exception e) {
getCubeDescManager().removeCubeDesc(createdDesc);
throw new InternalErrorException("Failed to deal with the request.", e);
}
createdCube = getCubeManager().createCube(cubeName, projectName, createdDesc, owner);
accessService.init(createdCube, AclPermission.ADMINISTRATION);
ProjectInstance project = getProjectManager().getProject(projectName);
accessService.inherit(createdCube, project);
return createdCube;
}
