diff --git a/repository/src/main/java/org/apache/atlas/authorizer/AuthorizerCommon.java b/repository/src/main/java/org/apache/atlas/authorizer/AuthorizerCommon.java index 990d81ea99..ef9ed5f8b0 100644 --- a/repository/src/main/java/org/apache/atlas/authorizer/AuthorizerCommon.java +++ b/repository/src/main/java/org/apache/atlas/authorizer/AuthorizerCommon.java @@ -52,6 +52,15 @@ public static boolean listStartsWith(String value, List list) { return false; } + public static boolean listMatchesWith(String value, List list) { + for (String item : list){ + if (item.matches(value.replace("*", ".*"))) { + return true; + } + } + return false; + } + public static boolean listEndsWith(String value, List list) { for (String item : list){ if (item.endsWith(value)) { diff --git a/repository/src/main/java/org/apache/atlas/authorizer/EntityAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/EntityAuthorizer.java index 06cb135892..e210fc2435 100644 --- a/repository/src/main/java/org/apache/atlas/authorizer/EntityAuthorizer.java +++ b/repository/src/main/java/org/apache/atlas/authorizer/EntityAuthorizer.java @@ -186,31 +186,49 @@ private static boolean validateResourcesForCreateEntityInMemory(List assetTypes = AuthorizerCommon.getTypeAndSupertypesList(entity.getTypeName()); - boolean result = true; - if (condition.equals("OR")) { - result = false; - } for (JsonNode crit : criterion) { + result = true; + if (condition.equals("OR")) { + result = false; + } boolean evaluation = false; if (crit.has("condition")) { evaluation = validateFilterCriteriaWithEntity(crit, entity); + } else { + evaluation = evaluateFilterCriteria(crit, entity, assetTypes); + } + if (condition.equals("AND")) { + if (!evaluation) { + return false; + } + result = true; } else { - String operator = crit.get("operator").asText(); - String attributeName = crit.get("attributeName").asText(); - String attributeValue = crit.get("attributeValue").asText(); + result = result || evaluation; + } + } + + RequestContext.get().endMetricRecord(convertJsonToQueryMetrics); + return result; + } + + private static boolean evaluateFilterCriteria(JsonNode crit, AtlasEntity entity, Set assetTypes) { + String operator = crit.get("operator").asText(); + String attributeName = crit.get("attributeName").asText(); + String attributeValue = crit.get("attributeValue").asText(); // List attributeValues = new ArrayList<>(); // if (operator.equals("IN") || operator.equals("NOT_IN")) { @@ -226,83 +244,95 @@ public static boolean validateFilterCriteriaWithEntity(JsonNode data, AtlasEntit // } // } + if (attributeName.endsWith(".text")) { + attributeName = attributeName.replace(".text", ""); + } else if (attributeName.endsWith(".keyword")) { + attributeName = attributeName.replace(".keyword", ""); + } - if (attributeName.endsWith(".text")) { - attributeName.replace(".text", ""); - } else if (attributeName.endsWith(".keyword")) { - attributeName.replace(".keyword", ""); - } - - List entityAttributeValues = new ArrayList<>(); + List entityAttributeValues = new ArrayList<>(); - if (attributeName.equals("__superTypeNames")) { - entityAttributeValues.addAll(assetTypes); + switch (attributeName) { + case "__superTypeNames": + entityAttributeValues.addAll(assetTypes); - } if (attributeName.equals("__typeName")) { - entityAttributeValues.add(entity.getTypeName()); + break; + case "__typeName": + entityAttributeValues.add(entity.getTypeName()); - } if (attributeName.equals("__guid")) { - entityAttributeValues.add(entity.getGuid()); + break; + case "__guid": + entityAttributeValues.add(entity.getGuid()); - } else if (attributeName.equals("__traitNames")) { - List atlasClassifications = entity.getClassifications(); - if (atlasClassifications != null && !atlasClassifications.isEmpty()) { - for (AtlasClassification atlasClassification : atlasClassifications) { - entityAttributeValues.add(atlasClassification.getTypeName()); - } - } - } else if (attributeName.equals("__meaningNames")) { - List atlasMeanings = entity.getMeanings(); - for (AtlasTermAssignmentHeader atlasMeaning : atlasMeanings) { - entityAttributeValues.add(atlasMeaning.getDisplayText()); - } - } else { - String typeName = entity.getTypeName(); - boolean isArrayOfPrimitiveType = false; - boolean isArrayOfEnum = false; - AtlasEntityType entityType = AuthorizerCommon.getEntityTypeByName(typeName); - AtlasStructType.AtlasAttribute atlasAttribute = entityType.getAttribute(attributeName); - if (atlasAttribute.getAttributeType().getTypeCategory().equals(ARRAY)) { - AtlasArrayType attributeType = (AtlasArrayType) atlasAttribute.getAttributeType(); - AtlasType elementType = attributeType.getElementType(); - isArrayOfPrimitiveType = elementType.getTypeCategory().equals(TypeCategory.PRIMITIVE); - isArrayOfEnum = elementType.getTypeCategory().equals(TypeCategory.ENUM); + break; + case "__traitNames": + List atlasClassifications = entity.getClassifications(); + if (atlasClassifications != null && !atlasClassifications.isEmpty()) { + for (AtlasClassification atlasClassification : atlasClassifications) { + entityAttributeValues.add(atlasClassification.getTypeName()); } + } + break; + case "__meaningNames": + List atlasMeanings = entity.getMeanings(); + for (AtlasTermAssignmentHeader atlasMeaning : atlasMeanings) { + entityAttributeValues.add(atlasMeaning.getDisplayText()); + } + break; + default: + String typeName = entity.getTypeName(); + boolean isArrayOfPrimitiveType = false; + boolean isArrayOfEnum = false; + AtlasEntityType entityType = AuthorizerCommon.getEntityTypeByName(typeName); + AtlasStructType.AtlasAttribute atlasAttribute = entityType.getAttribute(attributeName); + if (atlasAttribute.getAttributeType().getTypeCategory().equals(ARRAY)) { + AtlasArrayType attributeType = (AtlasArrayType) atlasAttribute.getAttributeType(); + AtlasType elementType = attributeType.getElementType(); + isArrayOfPrimitiveType = elementType.getTypeCategory().equals(TypeCategory.PRIMITIVE); + isArrayOfEnum = elementType.getTypeCategory().equals(TypeCategory.ENUM); + } - if (entity.getAttribute(attributeName) != null) { - if (isArrayOfEnum || isArrayOfPrimitiveType) { - entityAttributeValues.addAll((Collection) entity.getAttribute(attributeName)); - } else { - entityAttributeValues.add((String) entity.getAttribute(attributeName)); - } + if (entity.getAttribute(attributeName) != null) { + if (isArrayOfEnum || isArrayOfPrimitiveType) { + entityAttributeValues.addAll((Collection) entity.getAttribute(attributeName)); + } else { + entityAttributeValues.add((String) entity.getAttribute(attributeName)); } } + break; + } - if (operator.equals("EQUALS") && entityAttributeValues.contains(attributeValue)) { - evaluation = true; + switch (operator) { + case "EQUALS": + if (entityAttributeValues.contains(attributeValue)) { + return true; } - if ((operator.equals("STARTS_WITH") && AuthorizerCommon.listStartsWith(attributeValue, entityAttributeValues))) { - evaluation = true; + break; + case "STARTS_WITH": + if (AuthorizerCommon.listStartsWith(attributeValue, entityAttributeValues)) { + return true; } - if ((operator.equals("ENDS_WITH") && AuthorizerCommon.listEndsWith(attributeValue, entityAttributeValues))) { - evaluation = true; + break; + case "LIKE": + if (AuthorizerCommon.listMatchesWith(attributeValue, entityAttributeValues)) { + return true; } - if ((operator.equals("NOT_EQUALS") && !entityAttributeValues.contains(attributeValue))) { - evaluation = true; + break; + case "ENDS_WITH": + if (AuthorizerCommon.listEndsWith(attributeValue, entityAttributeValues)) { + return true; } - } - - + break; + case "NOT_EQUALS": + if (!entityAttributeValues.contains(attributeValue)) { + return true; + } + break; - if (condition.equals("AND")) { - result = result && evaluation; - } else { - result = result || evaluation; - } + default: LOG.warn("Found unknown operator {}", operator); } - RequestContext.get().endMetricRecord(convertJsonToQueryMetrics); - return result; + return false; } public static boolean isAccessAllowed(String guid, String action) throws AtlasBaseException {