Make admin role to bypass auth logic

woowahan-jaehoon · Nov 1, 2017 · 26b818c · 26b818c
1 parent afd2bca
commit 26b818c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 9 deletions.
diff --git a/conf/zeppelin-site.xml.template b/conf/zeppelin-site.xml.template
@@ -393,6 +393,12 @@
   <description>Anonymous user allowed by default</description>
 </property>
 
+<property>
+  <name>zeppelin.owner.role</name>
+  <value>admin</value>
+  <description>Set owner role by default in private mode</description>
+</property>
+
 <property>
   <name>zeppelin.notebook.public</name>
   <value>true</value>

diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
@@ -711,7 +711,8 @@ public static enum ConfVars {
     ZEPPELIN_INTERPRETER_LIFECYCLE_MANAGER_TIMEOUT_CHECK_INTERVAL(
         "zeppelin.interpreter.lifecyclemanager.timeout.checkinterval", 6000L),
     ZEPPELIN_INTERPRETER_LIFECYCLE_MANAGER_TIMEOUT_THRESHOLD(
-        "zeppelin.interpreter.lifecyclemanager.timeout.threshold", 3600000L);
+        "zeppelin.interpreter.lifecyclemanager.timeout.threshold", 3600000L),
+    ZEPPELIN_OWNER_ROLE("zeppelin.owner.role", "admin");
 
     private String varName;
     @SuppressWarnings("rawtypes")

diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorization.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorization.java
@@ -24,7 +24,6 @@
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStreamWriter;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
@@ -35,6 +34,7 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.zeppelin.conf.ZeppelinConfiguration;
+import org.apache.zeppelin.conf.ZeppelinConfiguration.ConfVars;
 import org.apache.zeppelin.user.AuthenticationInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -293,24 +293,32 @@ public Set<String> getWriters(String noteId) {
   }
 
   public boolean isOwner(String noteId, Set<String> entities) {
-    return isMember(entities, getOwners(noteId));
+    return isMember(entities, getOwners(noteId)) || isAdmin(entities);
   }
 
   public boolean isWriter(String noteId, Set<String> entities) {
-    return isMember(entities, getWriters(noteId)) || isMember(entities, getOwners(noteId));
+    return isMember(entities, getWriters(noteId)) ||
+           isMember(entities, getOwners(noteId)) ||
+           isAdmin(entities);
   }
 
   public boolean isReader(String noteId, Set<String> entities) {
     return isMember(entities, getReaders(noteId)) ||
-            isMember(entities, getOwners(noteId)) ||
-            isMember(entities, getWriters(noteId)) ||
-            isMember(entities, getRunners(noteId));
+           isMember(entities, getOwners(noteId)) ||
+           isMember(entities, getWriters(noteId)) ||
+           isMember(entities, getRunners(noteId)) ||
+           isAdmin(entities);
   }
 
   public boolean isRunner(String noteId, Set<String> entities) {
     return isMember(entities, getRunners(noteId)) ||
-            isMember(entities, getWriters(noteId)) ||
-            isMember(entities, getOwners(noteId));
+           isMember(entities, getWriters(noteId)) ||
+           isMember(entities, getOwners(noteId)) ||
+           isAdmin(entities);
+  }
+
+  private boolean isAdmin(Set<String> entities) {
+    return entities.contains(conf.getString(ConfVars.ZEPPELIN_OWNER_ROLE));
   }
 
   // return true if b is empty or if (a intersection b) is non-empty