-
Notifications
You must be signed in to change notification settings - Fork 3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' of github.com:linkedin/datahub into disable-ci-…
…telemetry
- Loading branch information
Showing
143 changed files
with
24,522 additions
and
1,018 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
53 changes: 53 additions & 0 deletions
53
...main/java/com/linkedin/datahub/graphql/resolvers/policy/GetGrantedPrivilegesResolver.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package com.linkedin.datahub.graphql.resolvers.policy; | ||
|
||
import com.datahub.authorization.AuthorizationManager; | ||
import com.datahub.authorization.ResourceSpec; | ||
import com.linkedin.datahub.graphql.QueryContext; | ||
import com.linkedin.datahub.graphql.exception.AuthorizationException; | ||
import com.linkedin.datahub.graphql.generated.GetGrantedPrivilegesInput; | ||
import com.linkedin.datahub.graphql.generated.Privileges; | ||
import com.linkedin.datahub.graphql.resolvers.EntityTypeMapper; | ||
import graphql.schema.DataFetcher; | ||
import graphql.schema.DataFetchingEnvironment; | ||
import java.util.List; | ||
import java.util.Optional; | ||
import java.util.concurrent.CompletableFuture; | ||
|
||
import static com.linkedin.datahub.graphql.resolvers.ResolverUtils.bindArgument; | ||
|
||
|
||
/** | ||
* Resolver to support the getGrantedPrivileges end point | ||
* Fetches all privileges that are granted for the given actor for the given resource (optional) | ||
*/ | ||
public class GetGrantedPrivilegesResolver implements DataFetcher<CompletableFuture<Privileges>> { | ||
|
||
@Override | ||
public CompletableFuture<Privileges> get(final DataFetchingEnvironment environment) throws Exception { | ||
|
||
final QueryContext context = environment.getContext(); | ||
final GetGrantedPrivilegesInput input = | ||
bindArgument(environment.getArgument("input"), GetGrantedPrivilegesInput.class); | ||
final String actor = input.getActorUrn(); | ||
if (!isAuthorized(context, actor)) { | ||
throw new AuthorizationException("Unauthorized to get privileges for the given author."); | ||
} | ||
final Optional<ResourceSpec> resourceSpec = Optional.ofNullable(input.getResourceSpec()) | ||
.map(spec -> new ResourceSpec(EntityTypeMapper.getName(spec.getResourceType()), spec.getResourceUrn())); | ||
|
||
if (context.getAuthorizer() instanceof AuthorizationManager) { | ||
AuthorizationManager authorizationManager = (AuthorizationManager) context.getAuthorizer(); | ||
List<String> privileges = authorizationManager.getGrantedPrivileges(actor, resourceSpec); | ||
return CompletableFuture.supplyAsync(() -> Privileges.builder() | ||
.setPrivileges(privileges) | ||
.build()); | ||
} | ||
throw new UnsupportedOperationException( | ||
String.format("GetGrantedPrivileges function is not supported on authorizer of type %s", | ||
context.getAuthorizer().getClass().getSimpleName())); | ||
} | ||
|
||
private boolean isAuthorized(final QueryContext context, final String actor) { | ||
return actor.equals(context.getActorUrn()); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.