From 9757892d7d440a0d3dac1a16f2beefebbe06aea1 Mon Sep 17 00:00:00 2001 From: 10069681 Date: Mon, 15 May 2017 20:31:26 +0800 Subject: [PATCH 1/1] KYLIN-2621 The user of the LDAP group named admin always has ROLE_ADMIN permission --- .../kylin/rest/security/AuthoritiesPopulator.java | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java b/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java index 2b290ce8f..592791cdf 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java +++ b/server-base/src/main/java/org/apache/kylin/rest/security/AuthoritiesPopulator.java @@ -52,8 +52,11 @@ public class AuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator { this.adminRoleAsAuthority = new SimpleGrantedAuthority(adminRole); String[] defaultRoles = StringUtils.split(defaultRole, ","); - if (ArrayUtils.contains(defaultRoles, Constant.ROLE_MODELER)) + if (ArrayUtils.contains(defaultRoles, Constant.ROLE_MODELER)) { this.defaultAuthorities.add(modelerAuthority); + this.defaultAuthorities.add(analystAuthority); + } + if (ArrayUtils.contains(defaultRoles, Constant.ROLE_ANALYST)) this.defaultAuthorities.add(analystAuthority); } @@ -62,19 +65,16 @@ public class AuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator { public Set getGroupMembershipRoles(String userDn, String username) { Set authorities = super.getGroupMembershipRoles(userDn, username); - authorities.addAll(defaultAuthorities); + Set userAuthorities = new HashSet(); + userAuthorities.addAll(defaultAuthorities); if (authorities.contains(adminRoleAsAuthority)) { - authorities.add(adminAuthority); - authorities.add(modelerAuthority); - authorities.add(analystAuthority); - } - - if (authorities.contains(modelerAuthority)) { - authorities.add(analystAuthority); + userAuthorities.add(adminAuthority); + userAuthorities.add(modelerAuthority); + userAuthorities.add(analystAuthority); } - return authorities; + return userAuthorities; } } -- 2.11.0.windows.1