diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java index 2cb2b47..3dab120 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java @@ -20,16 +20,23 @@ package org.apache.atlas.repository.store.graph.v2; import org.apache.atlas.ApplicationProperties; import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.AtlasException; +import org.apache.atlas.authorize.AtlasAuthorizationUtils; +import org.apache.atlas.authorize.AtlasPrivilege; +import org.apache.atlas.authorize.AtlasTypeAccessRequest; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.model.typedef.AtlasBaseTypeDef; import org.apache.atlas.model.typedef.AtlasStructDef; import org.apache.atlas.query.AtlasDSL; import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.repository.store.graph.AtlasDefStore; +import org.apache.atlas.type.AtlasType; import org.apache.atlas.type.AtlasTypeRegistry; +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.Collection; import java.util.List; import java.util.regex.Pattern; @@ -54,6 +61,48 @@ import java.util.regex.Pattern; this.typeRegistry = typeRegistry; } + public void verifyTypesReadAccess(Collection<? extends AtlasType> types) throws AtlasBaseException { + if (CollectionUtils.isNotEmpty(types)) { + for (AtlasType type : types) { + AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type.getTypeName()); + if (def != null) { + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName()); + } + } + } + } + + public void verifyTypeReadAccess(Collection<String> types) throws AtlasBaseException { + if (CollectionUtils.isNotEmpty(types)) { + for (String type : types) { + AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type); + if (def != null) { + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName()); + } + } + } + } + + public void verifyTypeReadAccess(String type) throws AtlasBaseException { + if (StringUtils.isNotEmpty(type)) { + AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type); + if (def != null) { + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName()); + } + } + } + + public void verifyAttributeTypeReadAccess(Collection<AtlasStructDef.AtlasAttributeDef> types) throws AtlasBaseException { + if (CollectionUtils.isNotEmpty(types)) { + for (AtlasStructDef.AtlasAttributeDef attributeDef : types) { + AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(attributeDef.getTypeName()); + if (def != null) { + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName()); + } + } + } + } + public void validateType(AtlasBaseTypeDef typeDef) throws AtlasBaseException { if (!isValidName(typeDef.getName())) { throw new AtlasBaseException(AtlasErrorCode.TYPE_NAME_INVALID_FORMAT, typeDef.getName(), typeDef.getCategory().name()); diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java index 6b4fa65..23964f4 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java @@ -29,6 +29,7 @@ import org.apache.atlas.model.typedef.AtlasStructDef; import org.apache.atlas.repository.Constants; import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.type.AtlasBusinessMetadataType; +import org.apache.atlas.type.AtlasStructType; import org.apache.atlas.type.AtlasType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.typesystem.types.DataTypes; @@ -104,6 +105,16 @@ public class AtlasBusinessMetadataDefStoreV2 extends AtlasAbstractDefStoreV2<Atl LOG.debug("==> AtlasBusinessMetadataDefStoreV2.create({}, {})", businessMetadataDef, preCreateResult); } + verifyAttributeTypeReadAccess(businessMetadataDef.getAttributeDefs()); + + if (CollectionUtils.isNotEmpty(businessMetadataDef.getAttributeDefs())) { + AtlasBusinessMetadataType businessMetadataType = typeRegistry.getBusinessMetadataTypeByName(businessMetadataDef.getName()); + for (AtlasStructType.AtlasAttribute attribute : businessMetadataType.getAllAttributes().values()) { + AtlasBusinessMetadataType.AtlasBusinessAttribute bmAttribute = (AtlasBusinessMetadataType.AtlasBusinessAttribute) attribute; + verifyTypesReadAccess(bmAttribute.getApplicableEntityTypes()); + } + } + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, businessMetadataDef), "create businessMetadata-def ", businessMetadataDef.getName()); AtlasVertex vertex = (preCreateResult == null) ? preCreate(businessMetadataDef) : preCreateResult; @@ -186,6 +197,16 @@ public class AtlasBusinessMetadataDefStoreV2 extends AtlasAbstractDefStoreV2<Atl LOG.debug("==> AtlasBusinessMetadataDefStoreV2.update({})", typeDef); } + verifyAttributeTypeReadAccess(typeDef.getAttributeDefs()); + + if (CollectionUtils.isNotEmpty(typeDef.getAttributeDefs())) { + AtlasBusinessMetadataType businessMetadataType = typeRegistry.getBusinessMetadataTypeByName(typeDef.getName()); + for (AtlasStructType.AtlasAttribute attribute : businessMetadataType.getAllAttributes().values()) { + AtlasBusinessMetadataType.AtlasBusinessAttribute bmAttribute = (AtlasBusinessMetadataType.AtlasBusinessAttribute) attribute; + verifyTypesReadAccess(bmAttribute.getApplicableEntityTypes()); + } + } + validateType(typeDef); AtlasBusinessMetadataDef ret = StringUtils.isNotBlank(typeDef.getGuid()) ? updateByGuid(typeDef.getGuid(), typeDef) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java index 93e7012..f460cd1 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java @@ -23,16 +23,13 @@ import org.apache.atlas.authorize.AtlasPrivilege; import org.apache.atlas.authorize.AtlasAuthorizationUtils; import org.apache.atlas.authorize.AtlasTypeAccessRequest; import org.apache.atlas.exception.AtlasBaseException; -import org.apache.atlas.model.typedef.AtlasBaseTypeDef; import org.apache.atlas.model.typedef.AtlasClassificationDef; -import org.apache.atlas.model.typedef.AtlasEntityDef; import org.apache.atlas.repository.Constants; import org.apache.atlas.repository.graphdb.AtlasVertex; import org.apache.atlas.type.AtlasClassificationType; import org.apache.atlas.type.AtlasType; import org.apache.atlas.type.AtlasTypeRegistry; import org.apache.atlas.typesystem.types.DataTypes.TypeCategory; -import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -181,6 +178,9 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif LOG.debug("==> AtlasClassificationDefStoreV1.update({})", classifiDef); } + verifyTypeReadAccess(classifiDef.getSuperTypes()); + verifyTypeReadAccess(classifiDef.getEntityTypes()); + validateType(classifiDef); AtlasClassificationDef ret = StringUtils.isNotBlank(classifiDef.getGuid()) @@ -367,15 +367,4 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif return m.matches(); } - - private void verifyTypeReadAccess(Set<String> types) throws AtlasBaseException { - if (CollectionUtils.isNotEmpty(types)) { - for (String type : types) { - AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type); - if (def != null) { - AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category", def.getCategory(), def.getName()); - } - } - } - } } diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java index e5153de..b86cd91 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java @@ -88,6 +88,8 @@ public class AtlasEntityDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasEntityDe LOG.debug("==> AtlasEntityDefStoreV1.create({}, {})", entityDef, preCreateResult); } + verifyAttributeTypeReadAccess(entityDef.getAttributeDefs()); + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, entityDef), "create entity-def ", entityDef.getName()); AtlasVertex vertex = (preCreateResult == null) ? preCreate(entityDef) : preCreateResult; @@ -173,6 +175,8 @@ public class AtlasEntityDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasEntityDe LOG.debug("==> AtlasEntityDefStoreV1.update({})", entityDef); } + verifyAttributeTypeReadAccess(entityDef.getAttributeDefs()); + validateType(entityDef); AtlasEntityDef ret = StringUtils.isNotBlank(entityDef.getGuid()) ? updateByGuid(entityDef.getGuid(), entityDef) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java index 64ef18b..cf316ea 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java @@ -133,6 +133,9 @@ public class AtlasRelationshipDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasRe LOG.debug("==> AtlasRelationshipDefStoreV1.create({}, {})", relationshipDef, preCreateResult); } + verifyTypeReadAccess(relationshipDef.getEndDef1().getType()); + verifyTypeReadAccess(relationshipDef.getEndDef2().getType()); + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, relationshipDef), "create relationship-def ", relationshipDef.getName()); AtlasVertex vertex = (preCreateResult == null) ? preCreate(relationshipDef) : preCreateResult; @@ -216,6 +219,9 @@ public class AtlasRelationshipDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasRe LOG.debug("==> AtlasRelationshipDefStoreV1.update({})", relationshipDef); } + verifyTypeReadAccess(relationshipDef.getEndDef1().getType()); + verifyTypeReadAccess(relationshipDef.getEndDef2().getType()); + validateType(relationshipDef); AtlasRelationshipDef ret = StringUtils.isNotBlank(relationshipDef.getGuid()) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java index 9a45f00..0c13a78 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java @@ -98,6 +98,8 @@ public class AtlasStructDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasStructDe LOG.debug("==> AtlasStructDefStoreV1.create({}, {})", structDef, preCreateResult); } + verifyAttributeTypeReadAccess(structDef.getAttributeDefs()); + AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, structDef), "create struct-def ", structDef.getName()); if (CollectionUtils.isEmpty(structDef.getAttributeDefs())) { @@ -186,6 +188,9 @@ public class AtlasStructDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasStructDe LOG.debug("==> AtlasStructDefStoreV1.update({})", structDef); } + verifyAttributeTypeReadAccess(structDef.getAttributeDefs()); + + validateType(structDef); AtlasStructDef ret = StringUtils.isNotBlank(structDef.getGuid()) ? updateByGuid(structDef.getGuid(), structDef)