Skip to content

Commit

Permalink
ES auth Create permission
Browse files Browse the repository at this point in the history
  • Loading branch information
nikhilbonte21 committed Dec 4, 2023
1 parent e4e22f0 commit 25f7c05
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.atlas.AtlasErrorCode;
import org.apache.atlas.RequestContext;
import org.apache.atlas.authorize.AtlasPrivilege;
import org.apache.atlas.exception.AtlasBaseException;
//import org.apache.atlas.model.audit.AuditSearchParams;
//import org.apache.atlas.model.audit.EntityAuditSearchResult;
Expand Down Expand Up @@ -112,6 +113,18 @@ public static void verifyAccess(String guid, String action) throws AtlasBaseExce
}
}

public static void verifyAccess(AtlasEntity entity, AtlasPrivilege action, String message) throws AtlasBaseException {
try {
if (AtlasPrivilege.ENTITY_CREATE == action) {
if (!isCreateAccessAllowed(entity, AtlasPrivilege.ENTITY_CREATE.getType())){
throw new AtlasBaseException(AtlasErrorCode.UNAUTHORIZED_ACCESS, message);
}
}
} catch (AtlasBaseException e) {
throw e;
}
}

private static boolean isAccessAllowed(String guid, String action) throws AtlasBaseException {
if (guid == null) {
return false;
Expand Down Expand Up @@ -438,6 +451,7 @@ private static List<RangerPolicy> getRelevantPolicies(String persona, String pur
}

String user = RequestContext.getCurrentUser();
LOG.info("Getting relevant policies for user: {}", user);

RangerUserStore userStore = usersGroupsRolesStore.getUserStore();
List<String> groups = getGroupsForUser(user, userStore);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -519,7 +519,10 @@ public EntityMutationResponse updateByUniqueAttributes(AtlasEntityType entityTyp

entity.setGuid(guid);

AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, new AtlasEntityHeader(entity), "update entity ByUniqueAttributes");
//AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, new AtlasEntityHeader(entity), "update entity ByUniqueAttributes");
if (!SKIP_UPDATE_AUTH_CHECK_TYPES.contains(entity.getTypeName())) {
verifyAccess(entity.getGuid(), AtlasPrivilege.ENTITY_UPDATE.getType());
}

return createOrUpdate(new AtlasEntityStream(updatedEntityInfo), true, false, false, false);
}
Expand All @@ -536,7 +539,10 @@ public EntityMutationResponse updateEntityAttributeByGuid(String guid, String at
AtlasEntityType entityType = (AtlasEntityType) typeRegistry.getType(entity.getTypeName());
AtlasAttribute attr = entityType.getAttribute(attrName);

AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, entity, "update entity ByUniqueAttributes : guid=" + guid);
//AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, entity, "update entity ByUniqueAttributes : guid=" + guid);
if (!SKIP_UPDATE_AUTH_CHECK_TYPES.contains(entity.getTypeName())) {
verifyAccess(entity.getGuid(), AtlasPrivilege.ENTITY_UPDATE.getType());
}

if (attr == null) {
attr = entityType.getRelationshipAttribute(attrName, AtlasEntityUtil.getRelationshipType(attrValue));
Expand Down Expand Up @@ -1489,9 +1495,7 @@ private EntityMutationResponse createOrUpdate(EntityStream entityStream, boolean
/*AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)),
"create entity: type=", entity.getTypeName());*/

if (!isCreateAccessAllowed(entity, AtlasPrivilege.ENTITY_CREATE.getType())){
throw new AtlasBaseException(AtlasErrorCode.UNAUTHORIZED_ACCESS, "nikhil", "create entity:");
}
verifyAccess(entity, AtlasPrivilege.ENTITY_CREATE, "create entity: type=" + entity.getTypeName());
}
}
}
Expand Down Expand Up @@ -1557,7 +1561,10 @@ private EntityMutationResponse createOrUpdate(EntityStream entityStream, boolean
if (skipAuthBaseConditions && (skipAuthMeaningsUpdate || skipAuthStarredDetailsUpdate)) {
//do nothing, only diff is relationshipAttributes.meanings or starred, allow update
} else {
AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, entityHeader,"update entity: type=" + entity.getTypeName());
//AtlasAuthorizationUtils.verifyUpdateEntityAccess(typeRegistry, entityHeader,"update entity: type=" + entity.getTypeName());
if (!SKIP_UPDATE_AUTH_CHECK_TYPES.contains(entity.getTypeName())) {
verifyAccess(entity.getGuid(), AtlasPrivilege.ENTITY_UPDATE.getType());
}
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -229,15 +229,16 @@ protected void isAuthorized(AtlasEntityHeader sourceGlossary, AtlasEntityHeader

// source -> CREATE + UPDATE + DELETE
// AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, sourceGlossary),
// "create on source Glossary: ", sourceGlossary.getAttribute(NAME));
// );
//
// AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_UPDATE, sourceGlossary),
// "update on source Glossary: ", sourceGlossary.getAttribute(NAME));
//
// AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, sourceGlossary),
// "delete on source Glossary: ", sourceGlossary.getAttribute(NAME));

verifyAccess(sourceGlossary.getGuid(), AtlasPrivilege.ENTITY_CREATE.getType());
verifyAccess(new AtlasEntity(sourceGlossary), AtlasPrivilege.ENTITY_CREATE,
"create on source Glossary: " + sourceGlossary.getAttribute(NAME));
verifyAccess(sourceGlossary.getGuid(), AtlasPrivilege.ENTITY_UPDATE.getType());
verifyAccess(sourceGlossary.getGuid(), AtlasPrivilege.ENTITY_DELETE.getType());

Expand All @@ -252,7 +253,8 @@ protected void isAuthorized(AtlasEntityHeader sourceGlossary, AtlasEntityHeader
// AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, targetGlossary),
// "delete on source Glossary: ", targetGlossary.getAttribute(NAME));

verifyAccess(targetGlossary.getGuid(), AtlasPrivilege.ENTITY_CREATE.getType());
verifyAccess(new AtlasEntity(targetGlossary), AtlasPrivilege.ENTITY_CREATE,
"create on source Glossary: " + targetGlossary.getAttribute(NAME));
verifyAccess(targetGlossary.getGuid(), AtlasPrivilege.ENTITY_UPDATE.getType());
verifyAccess(targetGlossary.getGuid(), AtlasPrivilege.ENTITY_DELETE.getType());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,8 @@ private void processCreateCategory(AtlasEntity entity, AtlasVertex vertex) throw
entity.setAttribute(QUALIFIED_NAME, createQualifiedName(vertex));
// AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)),
// "create entity: type=", entity.getTypeName());
verifyAccess(entity.getTypeName(), (String) entity.getAttribute(QUALIFIED_NAME), AtlasPrivilege.ENTITY_CREATE.getType());
//verifyAccess(entity.getTypeName(), (String) entity.getAttribute(QUALIFIED_NAME), AtlasPrivilege.ENTITY_CREATE.getType());
verifyAccess(entity, AtlasPrivilege.ENTITY_CREATE, "create entity: type=" + entity.getTypeName());

validateChildren(entity, null);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ private void processCreateTerm(AtlasEntity entity, AtlasVertex vertex) throws At
entity.setAttribute(QUALIFIED_NAME, createQualifiedName());
// AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE, new AtlasEntityHeader(entity)),
// "create entity: type=", entity.getTypeName());
verifyAccess(entity.getTypeName(), (String) entity.getAttribute(QUALIFIED_NAME), AtlasPrivilege.ENTITY_CREATE.getType());
//verifyAccess(entity.getTypeName(), (String) entity.getAttribute(QUALIFIED_NAME), AtlasPrivilege.ENTITY_CREATE.getType());
verifyAccess(entity, AtlasPrivilege.ENTITY_CREATE, "create entity: type=" + entity.getTypeName());

RequestContext.get().endMetricRecord(metricRecorder);
}
Expand Down

0 comments on commit 25f7c05

Please sign in to comment.