From 54cc4b935920834e7949aeeffbdd6ed4ad038461 Mon Sep 17 00:00:00 2001
From: sanjulian <julian.pan@hotmail.com>
Date: Thu, 7 Dec 2017 18:52:37 +0800
Subject: [PATCH] KYLIN-2964 AclEntity operation issue

---
 .../org/apache/kylin/rest/service/AccessService.java    |  3 +++
 .../java/org/apache/kylin/rest/service/AclService.java  | 17 +++++++++++------
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java b/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java
index 5b2e33c..4827389 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java
@@ -126,6 +126,7 @@ public class AccessService {
             acl.insertAce(acl.getEntries().size(), permission, sid, true);
         }
 
+        aclService.checkUserName(acl);
         acl = aclService.updateAcl(acl);
 
         return acl;
@@ -160,6 +161,7 @@ public class AccessService {
 
             try {
                 acl.updateAce(indexOfAce, newPermission);
+                aclService.checkUserName(acl);
                 acl = aclService.updateAcl(acl);
             } catch (NotFoundException e) {
                 //do nothing?
@@ -275,6 +277,7 @@ public class AccessService {
 
         acl.setEntriesInheriting(true);
         acl.setParent(parentAcl);
+        aclService.checkUserName(acl);
         aclService.updateAcl(acl);
     }
 
diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/AclService.java b/server-base/src/main/java/org/apache/kylin/rest/service/AclService.java
index 00bda7f..4dbb19e 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/AclService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/AclService.java
@@ -242,12 +242,6 @@ public class AclService implements MutableAclService {
             Map<String, AceInfo> allAceInfo = record.getAllAceInfo();
             allAceInfo.clear();
             for (AccessControlEntry ace : mutableAcl.getEntries()) {
-                if (ace.getSid() instanceof PrincipalSid) {
-                    PrincipalSid psid = (PrincipalSid) ace.getSid();
-                    String userName = psid.getPrincipal();
-                    if (!userService.userExists(userName))
-                        throw new BadRequestException(String.format(msg.getUSER_NOT_EXIST(), userName));
-                }
                 AceInfo aceInfo = new AceInfo(ace);
                 allAceInfo.put(String.valueOf(aceInfo.getSidInfo().getSid()), aceInfo);
             }
@@ -307,6 +301,17 @@ public class AclService implements MutableAclService {
     public static String getQueryKeyById(String id) {
         return DIR_PREFIX + id;
     }
+
+    protected void checkUserName(MutableAcl mutableAcl) {
+        for (AccessControlEntry ace : mutableAcl.getEntries()) {
+            if (ace.getSid() instanceof PrincipalSid) {
+                PrincipalSid psid = (PrincipalSid) ace.getSid();
+                String userName = psid.getPrincipal();
+                if (!userService.userExists(userName))
+                    throw new BadRequestException(String.format(MsgPicker.getMsg().getUSER_NOT_EXIST(), userName));
+            }
+        }
+    }
 }
 
 @SuppressWarnings("serial")
-- 
2.8.1