Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ZEPPELIN-2647] Bypass auth logic when a user logins as admin role #2585

Closed
wants to merge 7 commits into from
Closed

[ZEPPELIN-2647] Bypass auth logic when a user logins as admin role #2585

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
26b818c
Make admin role to bypass auth logic
yu74n Aug 10, 2017
98a9de0
Rename property name
yu74n Sep 26, 2017
532a49f
Set blank as default.owner.username default value
yu74n Nov 6, 2017
0170b3f
Check if admin role is valid or not
yu74n Nov 9, 2017
c6e1382
Disable admin role by default
yu74n Nov 9, 2017
f6c6345
Remove description mentioned about private mode
yu74n Nov 9, 2017
c706302
Use StringUtils isBlank()
yu74n Nov 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 6 additions & 0 deletions conf/zeppelin-site.xml.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,6 +393,12 @@
<description>Anonymous user allowed by default</description>
</property>

<property>
<name>zeppelin.notebook.default.owner.username</name>
<value></value>
<description>Set owner role by default</description>
</property>

<property>
<name>zeppelin.notebook.public</name>
<value>true</value>
Expand Down
5 changes: 4 additions & 1 deletion zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -711,7 +711,10 @@ public static enum ConfVars {
ZEPPELIN_INTERPRETER_LIFECYCLE_MANAGER_TIMEOUT_CHECK_INTERVAL(
"zeppelin.interpreter.lifecyclemanager.timeout.checkinterval", 6000L),
ZEPPELIN_INTERPRETER_LIFECYCLE_MANAGER_TIMEOUT_THRESHOLD(
"zeppelin.interpreter.lifecyclemanager.timeout.threshold", 3600000L);
"zeppelin.interpreter.lifecyclemanager.timeout.threshold", 3600000L),

ZEPPELIN_OWNER_ROLE("zeppelin.notebook.default.owner.username", "");


private String varName;
@SuppressWarnings("rawtypes")
Expand Down
28 changes: 20 additions & 8 deletions zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorization.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashMap;
Expand All @@ -35,6 +34,7 @@

import org.apache.commons.lang.StringUtils;
import org.apache.zeppelin.conf.ZeppelinConfiguration;
import org.apache.zeppelin.conf.ZeppelinConfiguration.ConfVars;
import org.apache.zeppelin.user.AuthenticationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -293,24 +293,36 @@ public Set<String> getWriters(String noteId) {
}

public boolean isOwner(String noteId, Set<String> entities) {
return isMember(entities, getOwners(noteId));
return isMember(entities, getOwners(noteId)) || isAdmin(entities);
}

public boolean isWriter(String noteId, Set<String> entities) {
return isMember(entities, getWriters(noteId)) || isMember(entities, getOwners(noteId));
return isMember(entities, getWriters(noteId)) ||
isMember(entities, getOwners(noteId)) ||
isAdmin(entities);
}

public boolean isReader(String noteId, Set<String> entities) {
return isMember(entities, getReaders(noteId)) ||
isMember(entities, getOwners(noteId)) ||
isMember(entities, getWriters(noteId)) ||
isMember(entities, getRunners(noteId));
isMember(entities, getOwners(noteId)) ||
isMember(entities, getWriters(noteId)) ||
isMember(entities, getRunners(noteId)) ||
isAdmin(entities);
}

public boolean isRunner(String noteId, Set<String> entities) {
return isMember(entities, getRunners(noteId)) ||
isMember(entities, getWriters(noteId)) ||
isMember(entities, getOwners(noteId));
isMember(entities, getWriters(noteId)) ||
isMember(entities, getOwners(noteId)) ||
isAdmin(entities);
}

private boolean isAdmin(Set<String> entities) {
String adminRole = conf.getString(ConfVars.ZEPPELIN_OWNER_ROLE);
if (StringUtils.isBlank(adminRole)) {
return false;
}
return entities.contains(adminRole);
}

// return true if b is empty or if (a intersection b) is non-empty
Expand Down