Fix #3067: Service Creation/Update should only be done by Bots or admins

open-metadata · Mar 2, 2022 · db2b27a · db2b27a
1 parent e822b6f
commit db2b27a
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/.../java/org/openmetadata/catalog/resources/services/dashboard/DashboardServiceResource.java b/.../java/org/openmetadata/catalog/resources/services/dashboard/DashboardServiceResource.java
@@ -314,7 +314,7 @@ public Response update(
       @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreateDashboardService update)
       throws IOException, ParseException {
     DashboardService service = getService(update, securityContext);
-    SecurityUtil.checkAdminRoleOrPermissions(authorizer, securityContext, dao.getOriginalOwner(service));
+    SecurityUtil.checkAdminOrBotRole(authorizer, securityContext);
     PutResponse<DashboardService> response = dao.createOrUpdate(uriInfo, service, true);
     addHref(uriInfo, response.getEntity());
     return response.toResponse();

diff --git a/...in/java/org/openmetadata/catalog/resources/services/database/DatabaseServiceResource.java b/...in/java/org/openmetadata/catalog/resources/services/database/DatabaseServiceResource.java
@@ -333,7 +333,7 @@ public Response update(
       @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreateDatabaseService update)
       throws IOException, ParseException {
     DatabaseService service = getService(update, securityContext);
-    SecurityUtil.checkAdminRoleOrPermissions(authorizer, securityContext, dao.getOriginalOwner(service));
+    SecurityUtil.checkAdminOrBotRole(authorizer, securityContext);
     PutResponse<DatabaseService> response = dao.createOrUpdate(uriInfo, service, true);
     addHref(uriInfo, decryptOrNullify(securityContext, response.getEntity()));
     return response.toResponse();

diff --git a/.../java/org/openmetadata/catalog/resources/services/messaging/MessagingServiceResource.java b/.../java/org/openmetadata/catalog/resources/services/messaging/MessagingServiceResource.java
@@ -321,7 +321,7 @@ public Response update(
       @Valid CreateMessagingService update)
       throws IOException, ParseException {
     MessagingService service = getService(update, securityContext);
-    SecurityUtil.checkAdminRoleOrPermissions(authorizer, securityContext, dao.getOriginalOwner(service));
+    SecurityUtil.checkAdminOrBotRole(authorizer, securityContext);
     PutResponse<MessagingService> response = dao.createOrUpdate(uriInfo, service, true);
     addHref(uriInfo, response.getEntity());
     return response.toResponse();

diff --git a/...in/java/org/openmetadata/catalog/resources/services/pipeline/PipelineServiceResource.java b/...in/java/org/openmetadata/catalog/resources/services/pipeline/PipelineServiceResource.java
@@ -317,7 +317,7 @@ public Response update(
       @Context UriInfo uriInfo, @Context SecurityContext securityContext, @Valid CreatePipelineService update)
       throws IOException, ParseException {
     PipelineService service = getService(update, securityContext);
-    SecurityUtil.checkAdminRoleOrPermissions(authorizer, securityContext, dao.getOriginalOwner(service));
+    SecurityUtil.checkAdminOrBotRole(authorizer, securityContext);
     PutResponse<PipelineService> response = dao.createOrUpdate(uriInfo, service, true);
     addHref(uriInfo, response.getEntity());
     return response.toResponse();