From eba53c0830212eb584e517528eee4709232302e1 Mon Sep 17 00:00:00 2001 From: ksrinath Date: Tue, 30 Apr 2024 16:37:18 +0530 Subject: [PATCH 1/4] feat(auth): add viewTests platform privilege --- .../com/linkedin/datahub/graphql/resolvers/MeResolver.java | 7 +++++++ .../datahub/graphql/resolvers/test/ListTestsResolver.java | 2 +- .../linkedin/datahub/graphql/resolvers/test/TestUtils.java | 6 ++++++ datahub-graphql-core/src/main/resources/app.graphql | 5 +++++ datahub-web-react/src/graphql/me.graphql | 1 + .../linkedin/metadata/authorization/PoliciesConfig.java | 4 ++++ 6 files changed, 24 insertions(+), 1 deletion(-) diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java index a2ef87b1ce98b..f7dbb73d14842 100644 --- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java +++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java @@ -75,6 +75,7 @@ public CompletableFuture get(DataFetchingEnvironment environm platformPrivileges.setManageIngestion(canManageIngestion(context)); platformPrivileges.setManageSecrets(canManageSecrets(context)); platformPrivileges.setManageTokens(canManageTokens(context)); + platformPrivileges.setViewTests(canViewTests(context)); platformPrivileges.setManageTests(canManageTests(context)); platformPrivileges.setManageGlossaries(canManageGlossaries(context)); platformPrivileges.setManageUserCredentials(canManageUserCredentials(context)); @@ -130,6 +131,12 @@ private boolean canGeneratePersonalAccessToken(final QueryContext context) { PoliciesConfig.GENERATE_PERSONAL_ACCESS_TOKENS_PRIVILEGE); } + /** Returns true if the authenticated user has privileges to view tests. */ + private boolean canViewTests(final QueryContext context) { + return isAuthorized( + context.getAuthorizer(), context.getActorUrn(), PoliciesConfig.VIEW_TESTS_PRIVILEGE); + } + /** Returns true if the authenticated user has privileges to manage (add or remove) tests. */ private boolean canManageTests(final QueryContext context) { return isAuthorized( diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java index 3f4a0367af05a..22c3b87712a34 100644 --- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java +++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java @@ -45,7 +45,7 @@ public CompletableFuture get(final DataFetchingEnvironment envi return CompletableFuture.supplyAsync( () -> { - if (canManageTests(context)) { + if (canManageTests(context) || canViewTests(context)) { final ListTestsInput input = bindArgument(environment.getArgument("input"), ListTestsInput.class); final Integer start = input.getStart() == null ? DEFAULT_START : input.getStart(); diff --git a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java index ae23e963cebb9..020064ed643c8 100644 --- a/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java +++ b/datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java @@ -19,6 +19,12 @@ public class TestUtils { + /** Returns true if the authenticated user is able to view tests. */ + public static boolean canViewTests(@Nonnull QueryContext context) { + return AuthUtil.isAuthorized( + context.getAuthorizer(), context.getActorUrn(), PoliciesConfig.VIEW_TESTS_PRIVILEGE); + } + /** Returns true if the authenticated user is able to manage tests. */ public static boolean canManageTests(@Nonnull QueryContext context) { return AuthUtil.isAuthorized( diff --git a/datahub-graphql-core/src/main/resources/app.graphql b/datahub-graphql-core/src/main/resources/app.graphql index c8fb2dedd5928..e75cc164356b3 100644 --- a/datahub-graphql-core/src/main/resources/app.graphql +++ b/datahub-graphql-core/src/main/resources/app.graphql @@ -91,6 +91,11 @@ type PlatformPrivileges { """ manageTokens: Boolean! + """ + Whether the user is able to manage Tests + """ + viewTests: Boolean! + """ Whether the user is able to manage Tests """ diff --git a/datahub-web-react/src/graphql/me.graphql b/datahub-web-react/src/graphql/me.graphql index 7a2c0e562be6b..9a1fb89a249eb 100644 --- a/datahub-web-react/src/graphql/me.graphql +++ b/datahub-web-react/src/graphql/me.graphql @@ -39,6 +39,7 @@ query getMe { manageSecrets manageTokens manageDomains + viewTests manageTests manageGlossaries manageUserCredentials diff --git a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java index 6788f6e87fc0d..376e446ae83c6 100644 --- a/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java +++ b/metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java @@ -90,6 +90,9 @@ public class PoliciesConfig { "Manage Home Page Posts", "Create and delete home page posts"); + public static final Privilege VIEW_TESTS_PRIVILEGE = + Privilege.of("VIEW_TESTS", "View Tests", "View Asset Tests."); + public static final Privilege MANAGE_TESTS_PRIVILEGE = Privilege.of("MANAGE_TESTS", "Manage Tests", "Create and remove Asset Tests."); @@ -154,6 +157,7 @@ public class PoliciesConfig { MANAGE_SECRETS_PRIVILEGE, GENERATE_PERSONAL_ACCESS_TOKENS_PRIVILEGE, MANAGE_ACCESS_TOKENS, + VIEW_TESTS_PRIVILEGE, MANAGE_TESTS_PRIVILEGE, MANAGE_GLOSSARIES_PRIVILEGE, MANAGE_USER_CREDENTIALS_PRIVILEGE, From d0539b0d2c59cd592b33f2c88dfddb87b4a7501d Mon Sep 17 00:00:00 2001 From: ksrinath Date: Thu, 2 May 2024 10:29:57 +0530 Subject: [PATCH 2/4] misc. comments fix --- datahub-graphql-core/src/main/resources/app.graphql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datahub-graphql-core/src/main/resources/app.graphql b/datahub-graphql-core/src/main/resources/app.graphql index e75cc164356b3..d84a86a3bedd3 100644 --- a/datahub-graphql-core/src/main/resources/app.graphql +++ b/datahub-graphql-core/src/main/resources/app.graphql @@ -92,7 +92,7 @@ type PlatformPrivileges { manageTokens: Boolean! """ - Whether the user is able to manage Tests + Whether the user is able to view Tests """ viewTests: Boolean! From 927c458a448d7b85e66420085ce3d169411cbd56 Mon Sep 17 00:00:00 2001 From: ksrinath Date: Thu, 2 May 2024 13:56:36 +0530 Subject: [PATCH 3/4] add viewTests field in UI Mocks.tsx --- datahub-web-react/src/Mocks.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/datahub-web-react/src/Mocks.tsx b/datahub-web-react/src/Mocks.tsx index c7e0a89ab38ea..040894fff5956 100644 --- a/datahub-web-react/src/Mocks.tsx +++ b/datahub-web-react/src/Mocks.tsx @@ -3892,6 +3892,7 @@ export const platformPrivileges: PlatformPrivileges = { manageIngestion: true, manageSecrets: true, manageTokens: true, + viewTests: false, manageTests: true, manageGlossaries: true, manageUserCredentials: true, From e46dd3e98eeaff51e73fb289953581e29f58c124 Mon Sep 17 00:00:00 2001 From: ksrinath Date: Thu, 2 May 2024 15:11:12 +0530 Subject: [PATCH 4/4] add viewTests field in UI Mocks.tsx --- datahub-web-react/src/Mocks.tsx | 1 + 1 file changed, 1 insertion(+) diff --git a/datahub-web-react/src/Mocks.tsx b/datahub-web-react/src/Mocks.tsx index 040894fff5956..9f9107865aac4 100644 --- a/datahub-web-react/src/Mocks.tsx +++ b/datahub-web-react/src/Mocks.tsx @@ -3617,6 +3617,7 @@ export const mocks = [ createTags: true, manageUserCredentials: true, manageGlossaries: true, + viewTests: false, manageTests: true, manageTokens: true, manageSecrets: true,