ATLAS-3950 : Authorize for Read Type for Classification, Business metadata ,…

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasAbstractDefStoreV2.java

@@ -20,16 +20,23 @@ package org.apache.atlas.repository.store.graph.v2;
 import org.apache.atlas.ApplicationProperties;
 import org.apache.atlas.AtlasErrorCode;
 import org.apache.atlas.AtlasException;
+import org.apache.atlas.authorize.AtlasAuthorizationUtils;
+import org.apache.atlas.authorize.AtlasPrivilege;
+import org.apache.atlas.authorize.AtlasTypeAccessRequest;
 import org.apache.atlas.exception.AtlasBaseException;
 import org.apache.atlas.model.typedef.AtlasBaseTypeDef;
 import org.apache.atlas.model.typedef.AtlasStructDef;
 import org.apache.atlas.query.AtlasDSL;
 import org.apache.atlas.repository.graphdb.AtlasVertex;
 import org.apache.atlas.repository.store.graph.AtlasDefStore;
+import org.apache.atlas.type.AtlasType;
 import org.apache.atlas.type.AtlasTypeRegistry;
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.util.Collection;
 import java.util.List;
 import java.util.regex.Pattern;
 
@@ -54,6 +61,48 @@ import java.util.regex.Pattern;
         this.typeRegistry = typeRegistry;
     }
 
+    public void verifyTypesReadAccess(Collection<? extends AtlasType> types) throws AtlasBaseException {
+        if (CollectionUtils.isNotEmpty(types)) {
+            for (AtlasType type : types) {
+                AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type.getTypeName());
+                if (def != null) {
+                    AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName());
+                }
+            }
+        }
+    }
+
+    public void verifyTypeReadAccess(Collection<String> types) throws AtlasBaseException {
+        if (CollectionUtils.isNotEmpty(types)) {
+            for (String type : types) {
+                AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type);
+                if (def != null) {
+                    AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName());
+                }
+            }
+        }
+    }
+
+    public void verifyTypeReadAccess(String type) throws AtlasBaseException {
+        if (StringUtils.isNotEmpty(type)) {
+                AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type);
+                if (def != null) {
+                    AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName());
+                }
+        }
+    }
+
+    public void verifyAttributeTypeReadAccess(Collection<AtlasStructDef.AtlasAttributeDef> types) throws AtlasBaseException {
+        if (CollectionUtils.isNotEmpty(types)) {
+            for (AtlasStructDef.AtlasAttributeDef attributeDef : types) {
+                AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(attributeDef.getTypeName());
+                if (def != null) {
+                    AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category ", def.getCategory(), " ", def.getName());
+                }
+            }
+        }
+    }
+
     public void validateType(AtlasBaseTypeDef typeDef) throws AtlasBaseException {
         if (!isValidName(typeDef.getName())) {
             throw new AtlasBaseException(AtlasErrorCode.TYPE_NAME_INVALID_FORMAT, typeDef.getName(), typeDef.getCategory().name());

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasBusinessMetadataDefStoreV2.java

@@ -29,6 +29,7 @@ import org.apache.atlas.model.typedef.AtlasStructDef;
 import org.apache.atlas.repository.Constants;
 import org.apache.atlas.repository.graphdb.AtlasVertex;
 import org.apache.atlas.type.AtlasBusinessMetadataType;
+import org.apache.atlas.type.AtlasStructType;
 import org.apache.atlas.type.AtlasType;
 import org.apache.atlas.type.AtlasTypeRegistry;
 import org.apache.atlas.typesystem.types.DataTypes;
@@ -104,6 +105,16 @@ public class AtlasBusinessMetadataDefStoreV2 extends AtlasAbstractDefStoreV2<Atl
             LOG.debug("==> AtlasBusinessMetadataDefStoreV2.create({}, {})", businessMetadataDef, preCreateResult);
         }
 
+        verifyAttributeTypeReadAccess(businessMetadataDef.getAttributeDefs());
+
+        if (CollectionUtils.isNotEmpty(businessMetadataDef.getAttributeDefs())) {
+            AtlasBusinessMetadataType businessMetadataType = typeRegistry.getBusinessMetadataTypeByName(businessMetadataDef.getName());
+            for (AtlasStructType.AtlasAttribute attribute : businessMetadataType.getAllAttributes().values()) {
+                AtlasBusinessMetadataType.AtlasBusinessAttribute bmAttribute = (AtlasBusinessMetadataType.AtlasBusinessAttribute) attribute;
+                verifyTypesReadAccess(bmAttribute.getApplicableEntityTypes());
+            }
+        }
+
         AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, businessMetadataDef), "create businessMetadata-def ", businessMetadataDef.getName());
 
         AtlasVertex vertex = (preCreateResult == null) ? preCreate(businessMetadataDef) : preCreateResult;
@@ -186,6 +197,16 @@ public class AtlasBusinessMetadataDefStoreV2 extends AtlasAbstractDefStoreV2<Atl
             LOG.debug("==> AtlasBusinessMetadataDefStoreV2.update({})", typeDef);
         }
 
+        verifyAttributeTypeReadAccess(typeDef.getAttributeDefs());
+
+        if (CollectionUtils.isNotEmpty(typeDef.getAttributeDefs())) {
+            AtlasBusinessMetadataType businessMetadataType = typeRegistry.getBusinessMetadataTypeByName(typeDef.getName());
+            for (AtlasStructType.AtlasAttribute attribute : businessMetadataType.getAllAttributes().values()) {
+                AtlasBusinessMetadataType.AtlasBusinessAttribute bmAttribute = (AtlasBusinessMetadataType.AtlasBusinessAttribute) attribute;
+                verifyTypesReadAccess(bmAttribute.getApplicableEntityTypes());
+            }
+        }
+
         validateType(typeDef);
 
         AtlasBusinessMetadataDef ret = StringUtils.isNotBlank(typeDef.getGuid()) ? updateByGuid(typeDef.getGuid(), typeDef)

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasClassificationDefStoreV2.java

@@ -23,16 +23,13 @@ import org.apache.atlas.authorize.AtlasPrivilege;
 import org.apache.atlas.authorize.AtlasAuthorizationUtils;
 import org.apache.atlas.authorize.AtlasTypeAccessRequest;
 import org.apache.atlas.exception.AtlasBaseException;
-import org.apache.atlas.model.typedef.AtlasBaseTypeDef;
 import org.apache.atlas.model.typedef.AtlasClassificationDef;
-import org.apache.atlas.model.typedef.AtlasEntityDef;
 import org.apache.atlas.repository.Constants;
 import org.apache.atlas.repository.graphdb.AtlasVertex;
 import org.apache.atlas.type.AtlasClassificationType;
 import org.apache.atlas.type.AtlasType;
 import org.apache.atlas.type.AtlasTypeRegistry;
 import org.apache.atlas.typesystem.types.DataTypes.TypeCategory;
-import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -181,6 +178,9 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif
             LOG.debug("==> AtlasClassificationDefStoreV1.update({})", classifiDef);
         }
 
+        verifyTypeReadAccess(classifiDef.getSuperTypes());
+        verifyTypeReadAccess(classifiDef.getEntityTypes());
+
         validateType(classifiDef);
 
         AtlasClassificationDef ret = StringUtils.isNotBlank(classifiDef.getGuid())
@@ -367,15 +367,4 @@ class AtlasClassificationDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasClassif
 
         return m.matches();
     }
-
-    private void verifyTypeReadAccess(Set<String> types) throws AtlasBaseException {
-        if (CollectionUtils.isNotEmpty(types)) {
-            for (String type : types) {
-                AtlasBaseTypeDef def = typeRegistry.getTypeDefByName(type);
-                if (def != null) {
-                    AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_READ, def), "read type-def of category", def.getCategory(), def.getName());
-                }
-            }
-        }
-    }
 }

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityDefStoreV2.java

@@ -88,6 +88,8 @@ public class AtlasEntityDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasEntityDe
             LOG.debug("==> AtlasEntityDefStoreV1.create({}, {})", entityDef, preCreateResult);
         }
 
+        verifyAttributeTypeReadAccess(entityDef.getAttributeDefs());
+
         AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, entityDef), "create entity-def ", entityDef.getName());
 
         AtlasVertex vertex = (preCreateResult == null) ? preCreate(entityDef) : preCreateResult;
@@ -173,6 +175,8 @@ public class AtlasEntityDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasEntityDe
             LOG.debug("==> AtlasEntityDefStoreV1.update({})", entityDef);
         }
 
+        verifyAttributeTypeReadAccess(entityDef.getAttributeDefs());
+
         validateType(entityDef);
 
         AtlasEntityDef ret = StringUtils.isNotBlank(entityDef.getGuid()) ? updateByGuid(entityDef.getGuid(), entityDef)

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasRelationshipDefStoreV2.java

@@ -133,6 +133,9 @@ public class AtlasRelationshipDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasRe
             LOG.debug("==> AtlasRelationshipDefStoreV1.create({}, {})", relationshipDef, preCreateResult);
         }
 
+        verifyTypeReadAccess(relationshipDef.getEndDef1().getType());
+        verifyTypeReadAccess(relationshipDef.getEndDef2().getType());
+
         AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, relationshipDef), "create relationship-def ", relationshipDef.getName());
 
         AtlasVertex vertex = (preCreateResult == null) ? preCreate(relationshipDef) : preCreateResult;
@@ -216,6 +219,9 @@ public class AtlasRelationshipDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasRe
             LOG.debug("==> AtlasRelationshipDefStoreV1.update({})", relationshipDef);
         }
 
+        verifyTypeReadAccess(relationshipDef.getEndDef1().getType());
+        verifyTypeReadAccess(relationshipDef.getEndDef2().getType());
+
         validateType(relationshipDef);
 
         AtlasRelationshipDef ret = StringUtils.isNotBlank(relationshipDef.getGuid())

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasStructDefStoreV2.java

@@ -98,6 +98,8 @@ public class AtlasStructDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasStructDe
             LOG.debug("==> AtlasStructDefStoreV1.create({}, {})", structDef, preCreateResult);
         }
 
+        verifyAttributeTypeReadAccess(structDef.getAttributeDefs());
+
         AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, structDef), "create struct-def ", structDef.getName());
 
         if (CollectionUtils.isEmpty(structDef.getAttributeDefs())) {
@@ -186,6 +188,9 @@ public class AtlasStructDefStoreV2 extends AtlasAbstractDefStoreV2<AtlasStructDe
             LOG.debug("==> AtlasStructDefStoreV1.update({})", structDef);
         }
 
+        verifyAttributeTypeReadAccess(structDef.getAttributeDefs());
+
+
         validateType(structDef);
 
         AtlasStructDef ret = StringUtils.isNotBlank(structDef.getGuid()) ? updateByGuid(structDef.getGuid(), structDef)