ATLAS-2503: authorization of create/update/delete of enumDef and relationshipDef

Signed-off-by: Madhan Neethiraj <madhan@apache.org>

ATLAS-2503: authorization of create/update/delete of enumDef and relationshipDef
dee8a2da · nixonrodrigues · Madhan Neethiraj · b161859e · dee8a2da · dee8a2da
Commit dee8a2da authored Mar 16, 2018 by nixonrodrigues Committed by Madhan Neethiraj Mar 17, 2018
Showing with 42 additions and 2 deletions

AtlasEnumDefStoreV1.java .../atlas/repository/store/graph/v1/AtlasEnumDefStoreV1.java +21 -1

AtlasRelationshipDefStoreV1.java ...epository/store/graph/v1/AtlasRelationshipDefStoreV1.java +21 -1

No files found.
--- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEnumDefStoreV1.java
+++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasEnumDefStoreV1.java
@@ -29,7 +29,9 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
+import org.apache.atlas.authorize.AtlasPrivilege;
+import org.apache.atlas.authorize.AtlasTypeAccessRequest;
+import org.apache.atlas.authorize.AtlasAuthorizationUtils;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
@@ -75,6 +77,8 @@ class AtlasEnumDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasEnumDef> {
          LOG.debug("==> AtlasEnumDefStoreV1.create({}, {})", enumDef, preCreateResult);
        }

+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, enumDef), "create enum-def ", enumDef.getName());
+
        AtlasVertex vertex = (preCreateResult == null) ? preCreate(enumDef) : preCreateResult;

        AtlasEnumDef ret = toEnumDef(vertex);
@@ -174,6 +178,10 @@ class AtlasEnumDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasEnumDef> {
            LOG.debug("==> AtlasEnumDefStoreV1.updateByName({}, {})", name, enumDef);
        }

+        AtlasEnumDef existingDef = typeRegistry.getEnumDefByName(name);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_UPDATE, existingDef), "update enum-def ", name);
+
        validateType(enumDef);

        AtlasVertex vertex = typeDefStore.findTypeVertexByNameAndCategory(name, TypeCategory.ENUM);
@@ -201,6 +209,10 @@ class AtlasEnumDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasEnumDef> {
            LOG.debug("==> AtlasEnumDefStoreV1.updateByGuid({})", guid);
        }

+        AtlasEnumDef existingDef = typeRegistry.getEnumDefByGuid(guid);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_UPDATE, existingDef), "update enum-def ", (existingDef != null ? existingDef.getName() : guid));
+
        validateType(enumDef);

        AtlasVertex vertex = typeDefStore.findTypeVertexByGuidAndCategory(guid, TypeCategory.ENUM);
@@ -230,6 +242,10 @@ class AtlasEnumDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasEnumDef> {
            throw new AtlasBaseException(AtlasErrorCode.TYPE_NAME_NOT_FOUND, name);
        }

+        AtlasEnumDef existingDef = typeRegistry.getEnumDefByName(name);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_DELETE, existingDef), "delete enum-def ", (existingDef != null ? existingDef.getName() : name));
+
        return vertex;
    }

@@ -241,6 +257,10 @@ class AtlasEnumDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasEnumDef> {
            throw new AtlasBaseException(AtlasErrorCode.TYPE_GUID_NOT_FOUND, guid);
        }

+        AtlasEnumDef existingDef = typeRegistry.getEnumDefByGuid(guid);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_DELETE, existingDef), "delete enum-def ", (existingDef != null ? existingDef.getName() : guid));
+
        return vertex;
    }


--- a/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasRelationshipDefStoreV1.java
+++ b/repository/src/main/java/org/apache/atlas/repository/store/graph/v1/AtlasRelationshipDefStoreV1.java
@@ -36,7 +36,9 @@ import org.apache.atlas.typesystem.types.DataTypes.TypeCategory;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
+import org.apache.atlas.authorize.AtlasPrivilege;
+import org.apache.atlas.authorize.AtlasTypeAccessRequest;
+import org.apache.atlas.authorize.AtlasAuthorizationUtils;
 import javax.inject.Inject;
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -129,6 +131,8 @@ public class AtlasRelationshipDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasRe
            LOG.debug("==> AtlasRelationshipDefStoreV1.create({}, {})", relationshipDef, preCreateResult);
        }

+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, relationshipDef), "create relationship-def ", relationshipDef.getName());
+
        AtlasVertex vertex = (preCreateResult == null) ? preCreate(relationshipDef) : preCreateResult;

        AtlasRelationshipDef ret = toRelationshipDef(vertex);
@@ -230,6 +234,10 @@ public class AtlasRelationshipDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasRe
            LOG.debug("==> AtlasRelationshipDefStoreV1.updateByName({}, {})", name, relationshipDef);
        }

+        AtlasRelationshipDef existingDef = typeRegistry.getRelationshipDefByName(name);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_UPDATE, existingDef), "update relationship-def ", name);
+
        validateType(relationshipDef);

        AtlasType type = typeRegistry.getType(relationshipDef.getName());
@@ -262,6 +270,10 @@ public class AtlasRelationshipDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasRe
            LOG.debug("==> AtlasRelationshipDefStoreV1.updateByGuid({})", guid);
        }

+        AtlasRelationshipDef existingDef = typeRegistry.getRelationshipDefByGuid(guid);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_UPDATE, existingDef), "update relationship-Def ", (existingDef != null ? existingDef.getName() : guid));
+
        validateType(relationshipDef);

        AtlasType type = typeRegistry.getTypeByGuid(guid);
@@ -294,6 +306,10 @@ public class AtlasRelationshipDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasRe
            LOG.debug("==> AtlasRelationshipDefStoreV1.preDeleteByName({})", name);
        }

+        AtlasRelationshipDef existingDef = typeRegistry.getRelationshipDefByName(name);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_DELETE, existingDef), "delete relationship-def ", name);
+
        AtlasVertex ret = typeDefStore.findTypeVertexByNameAndCategory(name, TypeCategory.RELATIONSHIP);

        if (ret == null) {
@@ -319,6 +335,10 @@ public class AtlasRelationshipDefStoreV1 extends AtlasAbstractDefStoreV1<AtlasRe
            LOG.debug("==> AtlasRelationshipDefStoreV1.preDeleteByGuid({})", guid);
        }

+        AtlasRelationshipDef existingDef = typeRegistry.getRelationshipDefByGuid(guid);
+
+        AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_DELETE, existingDef), "delete relationship-def ", (existingDef != null ? existingDef.getName() : guid));
+
        AtlasVertex ret = typeDefStore.findTypeVertexByGuidAndCategory(guid, TypeCategory.RELATIONSHIP);

        if (ret == null) {