From 05217a7b355d9a789bdb262d577d785c0369b95a Mon Sep 17 00:00:00 2001 From: qiumingming Date: Mon, 17 Jul 2017 15:25:20 +0800 Subject: [PATCH] KYLIN-2720 Should not allow user to access to all tables' metadata of a project --- .../apache/kylin/rest/service/QueryService.java | 56 +++++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java index f3402ef..9b13600 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/QueryService.java @@ -142,6 +142,10 @@ public class QueryService extends BasicService { private ModelService modelService; @Autowired + @Qualifier("cubeMgmtService") + private CubeService cubeService; + + @Autowired private AclUtil aclUtil; public QueryService() { @@ -508,6 +512,32 @@ public class QueryService extends BasicService { } protected List getMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException { + //list all tableMetas first + List tableMetas = listAllMetadata(cubeMgr, project, cubedOnly); + + //get cubes that current user can access to in this project, then get all tables of these cubes. + List cubeInstances = cubeService.listAllCubes(null, project, null, true); + Set tableRefs = new HashSet(); + for (CubeInstance cube : cubeInstances) { + tableRefs.addAll(cube.getDescriptor().getModel().getAllTables()); + } + + //filter out tableMetas that current user should not access to + List filterTableMetas = new ArrayList(); + for (TableMeta tableMeta : tableMetas) { + String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME(); + for (TableRef t : tableRefs) { + if (t.getTableIdentity().equals(fullTableName)) { + filterTableMetas.add(tableMeta); + break; + } + } + } + + return filterTableMetas; + } + + protected List listAllMetadata(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException { Connection conn = null; ResultSet columnMeta = null; @@ -575,11 +605,33 @@ public class QueryService extends BasicService { } public List getMetadataV2(String project) throws SQLException, IOException { - return getMetadataV2(getCubeManager(), project, true); + //list all tableMetas first + List tableMetas = listAllMetadataV2(getCubeManager(), project, true); + + //get cubes that current user can access to in this project, then get all tables of these cubes. + List cubeInstances = cubeService.listAllCubes(null, project, null, true); + Set tableRefs = new HashSet(); + for (CubeInstance cube : cubeInstances) { + tableRefs.addAll(cube.getDescriptor().getModel().getAllTables()); + } + + //filter out tableMetas that current user should not access to + List filterTableMetas = new ArrayList(); + for (TableMetaWithType tableMeta : tableMetas) { + String fullTableName = tableMeta.getTABLE_SCHEM() + "." + tableMeta.getTABLE_NAME(); + for (TableRef t : tableRefs) { + if (t.getTableIdentity().equals(fullTableName)) { + filterTableMetas.add(tableMeta); + break; + } + } + } + + return filterTableMetas; } @SuppressWarnings("checkstyle:methodlength") - protected List getMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly) + protected List listAllMetadataV2(CubeManager cubeMgr, String project, boolean cubedOnly) throws SQLException, IOException { //Message msg = MsgPicker.getMsg(); -- 2.10.1