Skip to content

Commit fe0f616

Browse files
yoonjs2yoonjs2
committed
2 parents 10f339d + 848f4fb commit fe0f616

File tree

14 files changed

+387
-133
lines changed

14 files changed

+387
-133
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ conf/zeppelin-site.xml
2121
conf/keystore
2222
conf/truststore
2323
conf/interpreter.json
24+
conf/notebook-authorization.json
2425

2526
# other generated files
2627
spark/dependency-reduced-pom.xml

pom.xml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -477,6 +477,7 @@
477477
<exclude>**/licenses/**</exclude>
478478
<exclude>**/zeppelin-distribution/src/bin_license/**</exclude>
479479
<exclude>conf/interpreter.json</exclude>
480+
<exclude>conf/notebook-authorization.json</exclude>
480481
<exclude>conf/zeppelin-env.sh</exclude>
481482
<exclude>spark-*-bin*/**</exclude>
482483

zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,7 @@
1818
package org.apache.zeppelin.rest;
1919

2020
import java.io.IOException;
21-
import java.util.HashMap;
22-
import java.util.HashSet;
23-
import java.util.LinkedList;
24-
import java.util.List;
25-
import java.util.Map;
21+
import java.util.*;
2622

2723
import javax.ws.rs.DELETE;
2824
import javax.ws.rs.GET;
@@ -39,6 +35,7 @@
3935
import org.apache.zeppelin.interpreter.InterpreterSetting;
4036
import org.apache.zeppelin.notebook.Note;
4137
import org.apache.zeppelin.notebook.Notebook;
38+
import org.apache.zeppelin.notebook.NotebookAuthorization;
4239
import org.apache.zeppelin.notebook.Paragraph;
4340
import org.apache.zeppelin.rest.message.CronRequest;
4441
import org.apache.zeppelin.rest.message.InterpreterSettingListForNoteBind;
@@ -69,31 +66,33 @@ public class NotebookRestApi {
6966
private Notebook notebook;
7067
private NotebookServer notebookServer;
7168
private SearchService notebookIndex;
69+
private NotebookAuthorization notebookAuthorization;
7270

7371
public NotebookRestApi() {}
7472

7573
public NotebookRestApi(Notebook notebook, NotebookServer notebookServer, SearchService search) {
7674
this.notebook = notebook;
7775
this.notebookServer = notebookServer;
7876
this.notebookIndex = search;
77+
this.notebookAuthorization = notebook.getNotebookAuthorization();
7978
}
8079

8180
/**
82-
* list note owners
81+
* get note authorization information
8382
*/
8483
@GET
8584
@Path("{noteId}/permissions")
8685
public Response getNotePermissions(@PathParam("noteId") String noteId) {
8786
Note note = notebook.getNote(noteId);
88-
HashMap<String, HashSet> permissionsMap = new HashMap<String, HashSet>();
89-
permissionsMap.put("owners", note.getOwners());
90-
permissionsMap.put("readers", note.getReaders());
91-
permissionsMap.put("writers", note.getWriters());
87+
HashMap<String, Set<String>> permissionsMap = new HashMap();
88+
permissionsMap.put("owners", notebookAuthorization.getOwners(noteId));
89+
permissionsMap.put("readers", notebookAuthorization.getReaders(noteId));
90+
permissionsMap.put("writers", notebookAuthorization.getWriters(noteId));
9291
return new JsonResponse<>(Status.OK, "", permissionsMap).build();
9392
}
9493

95-
String ownerPermissionError(HashSet<String> current,
96-
HashSet<String> allowed) throws IOException {
94+
String ownerPermissionError(Set<String> current,
95+
Set<String> allowed) throws IOException {
9796
LOG.info("Cannot change permissions. Connection owners {}. Allowed owners {}",
9897
current.toString(), allowed.toString());
9998
return "Insufficient privileges to change permissions.\n\n" +
@@ -102,7 +101,7 @@ String ownerPermissionError(HashSet<String> current,
102101
}
103102

104103
/**
105-
* Set note owners
104+
* set note authorization information
106105
*/
107106
@PUT
108107
@Path("{noteId}/permissions")
@@ -124,15 +123,17 @@ public Response putNotePermissions(@PathParam("noteId") String noteId, String re
124123
HashSet<String> userAndRoles = new HashSet<String>();
125124
userAndRoles.add(principal);
126125
userAndRoles.addAll(roles);
127-
if (!note.isOwner(userAndRoles)) {
126+
if (!notebookAuthorization.isOwner(noteId, userAndRoles)) {
128127
return new JsonResponse<>(Status.FORBIDDEN, ownerPermissionError(userAndRoles,
129-
note.getOwners())).build();
128+
notebookAuthorization.getOwners(noteId))).build();
130129
}
131-
note.setOwners(permMap.get("owners"));
132-
note.setReaders(permMap.get("readers"));
133-
note.setWriters(permMap.get("writers"));
134-
LOG.debug("After set permissions {} {} {}", note.getOwners(), note.getReaders(),
135-
note.getWriters());
130+
notebookAuthorization.setOwners(noteId, permMap.get("owners"));
131+
notebookAuthorization.setReaders(noteId, permMap.get("readers"));
132+
notebookAuthorization.setWriters(noteId, permMap.get("writers"));
133+
LOG.debug("After set permissions {} {} {}",
134+
notebookAuthorization.getOwners(noteId),
135+
notebookAuthorization.getReaders(noteId),
136+
notebookAuthorization.getWriters(noteId));
136137
note.persist();
137138
notebookServer.broadcastNote(note);
138139
return new JsonResponse<>(Status.OK).build();

zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@
3333
import org.apache.zeppelin.dep.DependencyResolver;
3434
import org.apache.zeppelin.interpreter.InterpreterFactory;
3535
import org.apache.zeppelin.notebook.Notebook;
36+
import org.apache.zeppelin.notebook.NotebookAuthorization;
3637
import org.apache.zeppelin.notebook.repo.NotebookRepo;
3738
import org.apache.zeppelin.notebook.repo.NotebookRepoSync;
3839
import org.apache.zeppelin.rest.*;
@@ -71,6 +72,7 @@ public class ZeppelinServer extends Application {
7172
private InterpreterFactory replFactory;
7273
private NotebookRepo notebookRepo;
7374
private SearchService notebookIndex;
75+
private NotebookAuthorization notebookAuthorization;
7476
private DependencyResolver depResolver;
7577

7678
public ZeppelinServer() throws Exception {
@@ -83,9 +85,10 @@ public ZeppelinServer() throws Exception {
8385
notebookWsServer, depResolver);
8486
this.notebookRepo = new NotebookRepoSync(conf);
8587
this.notebookIndex = new LuceneSearch();
86-
88+
this.notebookAuthorization = new NotebookAuthorization(conf);
8789
notebook = new Notebook(conf,
88-
notebookRepo, schedulerFactory, replFactory, notebookWsServer, notebookIndex);
90+
notebookRepo, schedulerFactory, replFactory, notebookWsServer,
91+
notebookIndex, notebookAuthorization);
8992
}
9093

9194
public static void main(String[] args) throws InterruptedException {

zeppelin-server/src/main/java/org/apache/zeppelin/socket/NotebookServer.java

Lines changed: 46 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -371,8 +371,8 @@ public void broadcastReloadedNoteList() {
371371
broadcastAll(new Message(OP.NOTES_INFO).put("notes", notesInfo));
372372
}
373373

374-
void permissionError(NotebookSocket conn, String op, HashSet<String> current,
375-
HashSet<String> allowed) throws IOException {
374+
void permissionError(NotebookSocket conn, String op, Set<String> current,
375+
Set<String> allowed) throws IOException {
376376
LOG.info("Cannot {}. Connection readers {}. Allowed readers {}",
377377
op, current, allowed);
378378
conn.send(serializeMessage(new Message(OP.AUTH_INFO).put("info",
@@ -395,9 +395,10 @@ private void sendNote(NotebookSocket conn, HashSet<String> userAndRoles, Noteboo
395395
}
396396

397397
Note note = notebook.getNote(noteId);
398+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
398399
if (note != null) {
399-
if (!note.isReader(userAndRoles)) {
400-
permissionError(conn, "read", userAndRoles, note.getReaders());
400+
if (!notebookAuthorization.isReader(noteId, userAndRoles)) {
401+
permissionError(conn, "read", userAndRoles, notebookAuthorization.getReaders(noteId));
401402
broadcastNoteList();
402403
return;
403404
}
@@ -417,8 +418,9 @@ private void sendHomeNote(NotebookSocket conn, HashSet<String> userAndRoles,
417418
}
418419

419420
if (note != null) {
420-
if (!note.isReader(userAndRoles)) {
421-
permissionError(conn, "read", userAndRoles, note.getReaders());
421+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
422+
if (!notebookAuthorization.isReader(noteId, userAndRoles)) {
423+
permissionError(conn, "read", userAndRoles, notebookAuthorization.getReaders(noteId));
422424
broadcastNoteList();
423425
return;
424426
}
@@ -502,9 +504,9 @@ private void removeNote(NotebookSocket conn, HashSet<String> userAndRoles,
502504
}
503505

504506
Note note = notebook.getNote(noteId);
505-
506-
if (!note.isOwner(userAndRoles)) {
507-
permissionError(conn, "remove", userAndRoles, note.getOwners());
507+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
508+
if (!notebookAuthorization.isOwner(noteId, userAndRoles)) {
509+
permissionError(conn, "remove", userAndRoles, notebookAuthorization.getOwners(noteId));
508510
return;
509511
}
510512

@@ -524,10 +526,11 @@ private void updateParagraph(NotebookSocket conn, HashSet<String> userAndRoles,
524526
.get("params");
525527
Map<String, Object> config = (Map<String, Object>) fromMessage
526528
.get("config");
527-
final Note note = notebook.getNote(getOpenNoteId(conn));
528-
529-
if (!note.isWriter(userAndRoles)) {
530-
permissionError(conn, "write", userAndRoles, note.getWriters());
529+
String noteId = getOpenNoteId(conn);
530+
final Note note = notebook.getNote(noteId);
531+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
532+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
533+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
531534
return;
532535
}
533536

@@ -572,11 +575,11 @@ private void removeParagraph(NotebookSocket conn, HashSet<String> userAndRoles,
572575
if (paragraphId == null) {
573576
return;
574577
}
575-
576-
final Note note = notebook.getNote(getOpenNoteId(conn));
577-
578-
if (!note.isWriter(userAndRoles)) {
579-
permissionError(conn, "write", userAndRoles, note.getWriters());
578+
String noteId = getOpenNoteId(conn);
579+
final Note note = notebook.getNote(noteId);
580+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
581+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
582+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
580583
return;
581584
}
582585

@@ -594,11 +597,11 @@ private void clearParagraphOutput(NotebookSocket conn, HashSet<String> userAndRo
594597
if (paragraphId == null) {
595598
return;
596599
}
597-
598-
final Note note = notebook.getNote(getOpenNoteId(conn));
599-
600-
if (!note.isWriter(userAndRoles)) {
601-
permissionError(conn, "write", userAndRoles, note.getWriters());
600+
String noteId = getOpenNoteId(conn);
601+
final Note note = notebook.getNote(noteId);
602+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
603+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
604+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
602605
return;
603606
}
604607

@@ -722,10 +725,11 @@ private void moveParagraph(NotebookSocket conn, HashSet<String> userAndRoles, No
722725

723726
final int newIndex = (int) Double.parseDouble(fromMessage.get("index")
724727
.toString());
725-
final Note note = notebook.getNote(getOpenNoteId(conn));
726-
727-
if (!note.isWriter(userAndRoles)) {
728-
permissionError(conn, "write", userAndRoles, note.getWriters());
728+
String noteId = getOpenNoteId(conn);
729+
final Note note = notebook.getNote(noteId);
730+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
731+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
732+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
729733
return;
730734
}
731735

@@ -738,10 +742,11 @@ private void insertParagraph(NotebookSocket conn, HashSet<String> userAndRoles,
738742
Notebook notebook, Message fromMessage) throws IOException {
739743
final int index = (int) Double.parseDouble(fromMessage.get("index")
740744
.toString());
741-
final Note note = notebook.getNote(getOpenNoteId(conn));
742-
743-
if (!note.isWriter(userAndRoles)) {
744-
permissionError(conn, "write", userAndRoles, note.getWriters());
745+
String noteId = getOpenNoteId(conn);
746+
final Note note = notebook.getNote(noteId);
747+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
748+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
749+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
745750
return;
746751
}
747752

@@ -757,10 +762,11 @@ private void cancelParagraph(NotebookSocket conn, HashSet<String> userAndRoles,
757762
return;
758763
}
759764

760-
final Note note = notebook.getNote(getOpenNoteId(conn));
761-
762-
if (!note.isWriter(userAndRoles)) {
763-
permissionError(conn, "write", userAndRoles, note.getWriters());
765+
String noteId = getOpenNoteId(conn);
766+
final Note note = notebook.getNote(noteId);
767+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
768+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
769+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
764770
return;
765771
}
766772

@@ -775,10 +781,11 @@ private void runParagraph(NotebookSocket conn, HashSet<String> userAndRoles, Not
775781
return;
776782
}
777783

778-
final Note note = notebook.getNote(getOpenNoteId(conn));
779-
780-
if (!note.isWriter(userAndRoles)) {
781-
permissionError(conn, "write", userAndRoles, note.getWriters());
784+
String noteId = getOpenNoteId(conn);
785+
final Note note = notebook.getNote(noteId);
786+
NotebookAuthorization notebookAuthorization = notebook.getNotebookAuthorization();
787+
if (!notebookAuthorization.isWriter(noteId, userAndRoles)) {
788+
permissionError(conn, "write", userAndRoles, notebookAuthorization.getWriters(noteId));
782789
return;
783790
}
784791

zeppelin-server/src/test/java/org/apache/zeppelin/WebDriverManager.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -106,8 +106,8 @@ public static WebDriver getWebDriver() {
106106
}
107107

108108
String url;
109-
if (System.getProperty("url") != null) {
110-
url = System.getProperty("url");
109+
if (System.getenv("url") != null) {
110+
url = System.getenv("url");
111111
} else {
112112
url = "http://localhost:8080";
113113
}

zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,10 @@ public String getInterpreterSettingPath() {
342342
return getRelativeDir(String.format("%s/interpreter.json", getConfDir()));
343343
}
344344

345+
public String getNotebookAuthorizationPath() {
346+
return getRelativeDir(String.format("%s/notebook-authorization.json", getConfDir()));
347+
}
348+
345349
public String getInterpreterRemoteRunnerPath() {
346350
return getRelativeDir(ConfVars.ZEPPELIN_INTERPRETER_REMOTE_RUNNER);
347351
}

zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Note.java

Lines changed: 0 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -59,9 +59,6 @@ public class Note implements Serializable, JobListener {
5959

6060
private String name = "";
6161
private String id;
62-
private HashSet<String> owners = new HashSet<String>();
63-
private HashSet<String> readers = new HashSet<String>();
64-
private HashSet<String> writers = new HashSet<String>();
6562

6663
@SuppressWarnings("rawtypes")
6764
Map<String, List<AngularObject>> angularObjects = new HashMap<>();
@@ -118,51 +115,6 @@ public void setName(String name) {
118115
this.name = name;
119116
}
120117

121-
public HashSet<String> getOwners() {
122-
return (new HashSet<String>(owners));
123-
}
124-
125-
public void setOwners(HashSet<String> owners) {
126-
this.owners = new HashSet<String>(owners);
127-
}
128-
129-
public HashSet<String> getReaders() {
130-
return (new HashSet<String>(readers));
131-
}
132-
133-
public void setReaders(HashSet<String> readers) {
134-
this.readers = new HashSet<String>(readers);
135-
}
136-
137-
public HashSet<String> getWriters() {
138-
return (new HashSet<String>(writers));
139-
}
140-
141-
public void setWriters(HashSet<String> writers) {
142-
this.writers = new HashSet<String>(writers);
143-
}
144-
145-
public boolean isOwner(HashSet<String> entities) {
146-
return isMember(entities, this.owners);
147-
}
148-
149-
public boolean isWriter(HashSet<String> entities) {
150-
return isMember(entities, this.writers) || isMember(entities, this.owners);
151-
}
152-
153-
public boolean isReader(HashSet<String> entities) {
154-
return isMember(entities, this.readers) ||
155-
isMember(entities, this.owners) ||
156-
isMember(entities, this.writers);
157-
}
158-
159-
// return true if b is empty or if (a intersection b) is non-empty
160-
private boolean isMember(HashSet<String> a, HashSet<String> b) {
161-
Set<String> intersection = new HashSet<String>(b);
162-
intersection.retainAll(a);
163-
return (b.isEmpty() || (intersection.size() > 0));
164-
}
165-
166118
public NoteInterpreterLoader getNoteReplLoader() {
167119
return replLoader;
168120
}

0 commit comments

Comments
 (0)