Examples with AtlasEntityAccessRequest org.apache.atlas.authorize.AtlasEntityAccessRequest used on opensource projects

Example 6 with AtlasEntityAccessRequest

use of org.apache.atlas.authorize.AtlasEntityAccessRequest in project atlas by apache.

the class AtlasEntityStoreV1 method deleteById.

@Override
@GraphTransaction
public EntityMutationResponse deleteById(final String guid) throws AtlasBaseException {
    if (StringUtils.isEmpty(guid)) {
        throw new AtlasBaseException(AtlasErrorCode.INSTANCE_GUID_NOT_FOUND, guid);
    }
    Collection<AtlasVertex> deletionCandidates = new ArrayList<>();
    AtlasVertex vertex = AtlasGraphUtilsV1.findByGuid(guid);
    if (vertex != null) {
        AtlasEntityHeader entityHeader = entityRetriever.toAtlasEntityHeaderWithClassifications(vertex);
        AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, entityHeader), "delete entity: guid=", guid);
        deletionCandidates.add(vertex);
    } else {
        if (LOG.isDebugEnabled()) {
            // Entity does not exist - treat as non-error, since the caller
            // wanted to delete the entity and it's already gone.
            LOG.debug("Deletion request ignored for non-existent entity with guid " + guid);
        }
    }
    EntityMutationResponse ret = deleteVertices(deletionCandidates);
    // Notify the change listeners
    entityChangeNotifier.onEntitiesMutated(ret, false);
    return ret;
}

Example 7 with AtlasEntityAccessRequest

use of org.apache.atlas.authorize.AtlasEntityAccessRequest in project atlas by apache.

the class AtlasEntityStoreV1 method getClassifications.

@Override
@GraphTransaction
public List<AtlasClassification> getClassifications(String guid) throws AtlasBaseException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("Getting classifications for entity={}", guid);
    }
    AtlasEntityHeader entityHeader = entityRetriever.toAtlasEntityHeaderWithClassifications(guid);
    AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_READ_CLASSIFICATION, entityHeader), "get classifications: guid=", guid);
    return entityHeader.getClassifications();
}

Example 8 with AtlasEntityAccessRequest

use of org.apache.atlas.authorize.AtlasEntityAccessRequest in project atlas by apache.

the class EntityLineageService method getSchemaForHiveTableByGuid.

@Override
@GraphTransaction
public SchemaDetails getSchemaForHiveTableByGuid(final String guid) throws AtlasBaseException {
    if (StringUtils.isEmpty(guid)) {
        throw new AtlasBaseException(AtlasErrorCode.BAD_REQUEST);
    }
    SchemaDetails ret = new SchemaDetails();
    AtlasEntityType hive_column = atlasTypeRegistry.getEntityTypeByName("hive_column");
    ret.setDataType(AtlasTypeUtil.toClassTypeDefinition(hive_column));
    AtlasEntityWithExtInfo entityWithExtInfo = entityRetriever.toAtlasEntityWithExtInfo(guid);
    AtlasEntity entity = entityWithExtInfo.getEntity();
    AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(atlasTypeRegistry, AtlasPrivilege.ENTITY_READ, new AtlasEntityHeader(entity)), "read entity schema: guid=", guid);
    Map<String, AtlasEntity> referredEntities = entityWithExtInfo.getReferredEntities();
    List<String> columnIds = getColumnIds(entity);
    if (MapUtils.isNotEmpty(referredEntities)) {
        List<Map<String, Object>> rows = referredEntities.entrySet().stream().filter(e -> isColumn(columnIds, e)).map(e -> AtlasTypeUtil.toMap(e.getValue())).collect(Collectors.toList());
        ret.setRows(rows);
    }
    return ret;
}

Example 9 with AtlasEntityAccessRequest

use of org.apache.atlas.authorize.AtlasEntityAccessRequest in project atlas by apache.

the class EntityLineageService method getAtlasLineageInfo.

@Override
@GraphTransaction
public AtlasLineageInfo getAtlasLineageInfo(String guid, LineageDirection direction, int depth) throws AtlasBaseException {
    AtlasLineageInfo lineageInfo;
    AtlasEntityHeader entity = entityRetriever.toAtlasEntityHeaderWithClassifications(guid);
    AtlasAuthorizationUtils.verifyAccess(new AtlasEntityAccessRequest(atlasTypeRegistry, AtlasPrivilege.ENTITY_READ, entity), "read entity lineage: guid=", guid);
    AtlasEntityType entityType = atlasTypeRegistry.getEntityTypeByName(entity.getTypeName());
    if (entityType == null || !entityType.getTypeAndAllSuperTypes().contains(AtlasClient.DATA_SET_SUPER_TYPE)) {
        throw new AtlasBaseException(AtlasErrorCode.INSTANCE_GUID_NOT_DATASET, guid);
    }
    if (direction != null) {
        if (direction.equals(LineageDirection.INPUT)) {
            lineageInfo = getLineageInfo(guid, LineageDirection.INPUT, depth);
        } else if (direction.equals(LineageDirection.OUTPUT)) {
            lineageInfo = getLineageInfo(guid, LineageDirection.OUTPUT, depth);
        } else if (direction.equals(LineageDirection.BOTH)) {
            lineageInfo = getBothLineageInfo(guid, depth);
        } else {
            throw new AtlasBaseException(AtlasErrorCode.INSTANCE_LINEAGE_INVALID_PARAMS, "direction", direction.toString());
        }
    } else {
        throw new AtlasBaseException(AtlasErrorCode.INSTANCE_LINEAGE_INVALID_PARAMS, "direction", null);
    }
    return lineageInfo;
}

Example 10 with AtlasEntityAccessRequest

use of org.apache.atlas.authorize.AtlasEntityAccessRequest in project atlas by apache.

the class AdminResource method getUserProfile.

@GET
@Path("session")
@Produces(Servlets.JSON_MEDIA_TYPE)
public Response getUserProfile() {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> AdminResource.getUserProfile()");
    }
    Response response;
    boolean isEntityUpdateAccessAllowed = false;
    boolean isEntityCreateAccessAllowed = false;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    String userName = null;
    Set<String> groups = new HashSet<>();
    if (auth != null) {
        userName = auth.getName();
        Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
        for (GrantedAuthority c : authorities) {
            groups.add(c.getAuthority());
        }
        isEntityUpdateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_UPDATE));
        isEntityCreateAccessAllowed = AtlasAuthorizationUtils.isAccessAllowed(new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_CREATE));
    }
    Map<String, Object> responseData = new HashMap<>();
    responseData.put(isCSRF_ENABLED, AtlasCSRFPreventionFilter.isCSRF_ENABLED);
    responseData.put(BROWSER_USER_AGENT_PARAM, AtlasCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT);
    responseData.put(CUSTOM_METHODS_TO_IGNORE_PARAM, AtlasCSRFPreventionFilter.METHODS_TO_IGNORE_DEFAULT);
    responseData.put(CUSTOM_HEADER_PARAM, AtlasCSRFPreventionFilter.HEADER_DEFAULT);
    responseData.put(isEntityUpdateAllowed, isEntityUpdateAccessAllowed);
    responseData.put(isEntityCreateAllowed, isEntityCreateAccessAllowed);
    responseData.put(editableEntityTypes, getEditableEntityTypes(atlasProperties));
    responseData.put("userName", userName);
    responseData.put("groups", groups);
    response = Response.ok(AtlasJson.toV1Json(responseData)).build();
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== AdminResource.getUserProfile()");
    }
    return response;
}