diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java index a2ef87b1ce98b..f7dbb73d14842 100644 --- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java +++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java @@ -75,6 +75,7 @@ public CompletableFuture get(DataFetchingEnvironment environm platformPrivileges.setManageIngestion(canManageIngestion(context)); platformPrivileges.setManageSecrets(canManageSecrets(context)); platformPrivileges.setManageTokens(canManageTokens(context)); + platformPrivileges.setViewTests(canViewTests(context)); platformPrivileges.setManageTests(canManageTests(context)); platformPrivileges.setManageGlossaries(canManageGlossaries(context)); platformPrivileges.setManageUserCredentials(canManageUserCredentials(context)); @@ -130,6 +131,12 @@ private boolean canGeneratePersonalAccessToken(final QueryContext context) { PoliciesConfig.GENERATE_PERSONAL_ACCESS_TOKENS_PRIVILEGE); } + /** Returns true if the authenticated user has privileges to view tests. */ + private boolean canViewTests(final QueryContext context) { + return isAuthorized( + context.getAuthorizer(), context.getActorUrn(), PoliciesConfig.VIEW_TESTS_PRIVILEGE); + } + /** Returns true if the authenticated user has privileges to manage (add or remove) tests. */ private boolean canManageTests(final QueryContext context) { return isAuthorized( diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java index 3f4a0367af05a..22c3b87712a34 100644 --- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java +++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java @@ -45,7 +45,7 @@ public CompletableFuture get(final DataFetchingEnvironment envi return CompletableFuture.supplyAsync( () -> { - if (canManageTests(context)) { + if (canManageTests(context) || canViewTests(context)) { final ListTestsInput input = bindArgument(environment.getArgument("input"), ListTestsInput.class); final Integer start = input.getStart() == null ? DEFAULT_START : input.getStart(); diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java index ae23e963cebb9..020064ed643c8 100644 --- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java +++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java @@ -19,6 +19,12 @@ public class TestUtils { + /** Returns true if the authenticated user is able to view tests. */ + public static boolean canViewTests(@Nonnull QueryContext context) { + return AuthUtil.isAuthorized( + context.getAuthorizer(), context.getActorUrn(), PoliciesConfig.VIEW_TESTS_PRIVILEGE); + } + /** Returns true if the authenticated user is able to manage tests. */ public static boolean canManageTests(@Nonnull QueryContext context) { return AuthUtil.isAuthorized( diff --git a/datahub-graphql-core/src/main/resources/app.graphql b/datahub-graphql-core/src/main/resources/app.graphql index c8fb2dedd5928..d84a86a3bedd3 100644 --- a/datahub-graphql-core/src/main/resources/app.graphql +++ b/datahub-graphql-core/src/main/resources/app.graphql @@ -91,6 +91,11 @@ type PlatformPrivileges { """ manageTokens: Boolean! + """ + Whether the user is able to view Tests + """ + viewTests: Boolean! + """ Whether the user is able to manage Tests """ diff --git a/datahub-web-react/src/Mocks.tsx b/datahub-web-react/src/Mocks.tsx index c7e0a89ab38ea..9f9107865aac4 100644 --- a/datahub-web-react/src/Mocks.tsx +++ b/datahub-web-react/src/Mocks.tsx @@ -3617,6 +3617,7 @@ export const mocks = [ createTags: true, manageUserCredentials: true, manageGlossaries: true, + viewTests: false, manageTests: true, manageTokens: true, manageSecrets: true, @@ -3892,6 +3893,7 @@ export const platformPrivileges: PlatformPrivileges = { manageIngestion: true, manageSecrets: true, manageTokens: true, + viewTests: false, manageTests: true, manageGlossaries: true, manageUserCredentials: true, diff --git a/datahub-web-react/src/graphql/me.graphql b/datahub-web-react/src/graphql/me.graphql index 7a2c0e562be6b..9a1fb89a249eb 100644 --- a/datahub-web-react/src/graphql/me.graphql +++ b/datahub-web-react/src/graphql/me.graphql @@ -39,6 +39,7 @@ query getMe { manageSecrets manageTokens manageDomains + viewTests manageTests manageGlossaries manageUserCredentials diff --git a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java index ea8f52925b5b3..ff740a4dfc0e0 100644 --- a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java +++ b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java @@ -90,6 +90,9 @@ public class PoliciesConfig { "Manage Home Page Posts", "Create and delete home page posts"); + public static final Privilege VIEW_TESTS_PRIVILEGE = + Privilege.of("VIEW_TESTS", "View Tests", "View Asset Tests."); + public static final Privilege MANAGE_TESTS_PRIVILEGE = Privilege.of("MANAGE_TESTS", "Manage Tests", "Create and remove Asset Tests."); @@ -158,6 +161,7 @@ public class PoliciesConfig { MANAGE_SECRETS_PRIVILEGE, GENERATE_PERSONAL_ACCESS_TOKENS_PRIVILEGE, MANAGE_ACCESS_TOKENS, + VIEW_TESTS_PRIVILEGE, MANAGE_TESTS_PRIVILEGE, MANAGE_GLOSSARIES_PRIVILEGE, MANAGE_USER_CREDENTIALS_PRIVILEGE,