Skip to content

Commit 5071809

Browse files
nikhilbonte21nikhilbonte21
authored
Merge pull request #2266 from atlanhq/nb/1245
GOV-1245 Fix: member user deleting a collection
2 parents e74ebfe + e526ea3 commit 5071809

File tree

3 files changed

+19
-0
lines changed

3 files changed

+19
-0
lines changed

common/src/main/java/org/apache/atlas/repository/Constants.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -414,6 +414,7 @@ public enum SupportedFileExtensions { XLSX, XLS, CSV }
414414
public static final Set<String> SKIP_DELETE_AUTH_CHECK_TYPES = new HashSet<String>() {{
415415
add(README_ENTITY_TYPE);
416416
add(LINK_ENTITY_TYPE);
417+
add(POLICY_ENTITY_TYPE);
417418
}};
418419

419420
private Constants() {

repository/src/main/java/org/apache/atlas/repository/store/graph/v2/preprocessor/AuthPolicyPreProcessor.java

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,13 @@
2121
import org.apache.atlas.AtlasErrorCode;
2222
import org.apache.atlas.RequestContext;
2323
import org.apache.atlas.authorize.AtlasAuthorizationUtils;
24+
import org.apache.atlas.authorize.AtlasEntityAccessRequest;
25+
import org.apache.atlas.authorize.AtlasPrivilege;
2426
import org.apache.atlas.exception.AtlasBaseException;
2527
import org.apache.atlas.featureflag.FeatureFlagStore;
2628
import org.apache.atlas.model.instance.AtlasEntity;
2729
import org.apache.atlas.model.instance.AtlasEntity.AtlasEntityWithExtInfo;
30+
import org.apache.atlas.model.instance.AtlasEntityHeader;
2831
import org.apache.atlas.model.instance.AtlasObjectId;
2932
import org.apache.atlas.model.instance.AtlasStruct;
3033
import org.apache.atlas.model.instance.EntityMutations.EntityOperation;
@@ -52,6 +55,7 @@
5255
import static org.apache.atlas.AtlasErrorCode.RESOURCE_NOT_FOUND;
5356
import static org.apache.atlas.AtlasErrorCode.UNAUTHORIZED_CONNECTION_ADMIN;
5457
import static org.apache.atlas.authorize.AtlasAuthorizationUtils.getCurrentUserName;
58+
import static org.apache.atlas.authorize.AtlasAuthorizationUtils.verifyAccess;
5559
import static org.apache.atlas.model.instance.EntityMutations.EntityOperation.CREATE;
5660
import static org.apache.atlas.model.instance.EntityMutations.EntityOperation.UPDATE;
5761
import static org.apache.atlas.repository.Constants.ATTR_ADMIN_ROLES;
@@ -223,6 +227,8 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
223227
try {
224228
AtlasEntity policy = entityRetriever.toAtlasEntity(vertex);
225229

230+
authorizeDeleteAuthPolicy(policy);
231+
226232
if(!policy.getStatus().equals(AtlasEntity.Status.ACTIVE)) {
227233
LOG.info("Policy with guid {} is already deleted/purged", policy.getGuid());
228234
return;
@@ -238,6 +244,16 @@ public void processDelete(AtlasVertex vertex) throws AtlasBaseException {
238244
}
239245
}
240246

247+
private void authorizeDeleteAuthPolicy(AtlasEntity policy) throws AtlasBaseException {
248+
if (getPolicyCategory(policy).equals(POLICY_CATEGORY_BOOTSTRAP) && getPolicySubCategory(policy).equals(POLICY_SUB_CATEGORY_COLLECTION)) {
249+
//skip auth check for collection bootstrap policies
250+
//refer - https://linear.app/atlanproduct/issue/GOV-1245/collection-delete-is-failing-for-member-as-they-dont-have-authpolicy
251+
} else {
252+
AtlasEntityAccessRequest request = new AtlasEntityAccessRequest(typeRegistry, AtlasPrivilege.ENTITY_DELETE, new AtlasEntityHeader(policy));
253+
verifyAccess(request, "delete entity: guid=" + policy.getGuid());
254+
}
255+
}
256+
241257
private void validateConnectionAdmin(AtlasEntity policy) throws AtlasBaseException {
242258
String subCategory = getPolicySubCategory(policy);
243259
if (POLICY_SUB_CATEGORY_METADATA.equals(subCategory) || POLICY_SUB_CATEGORY_DATA.equals(subCategory)) {

repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,8 @@ public final class AccessControlUtils {
100100
public static final String POLICY_CATEGORY_PURPOSE = "purpose";
101101
public static final String POLICY_CATEGORY_BOOTSTRAP = "bootstrap";
102102

103+
public static final String POLICY_SUB_CATEGORY_COLLECTION = "collection";
104+
103105
public static final String POLICY_RESOURCE_CATEGORY_PERSONA_CUSTOM = "CUSTOM";
104106
public static final String POLICY_RESOURCE_CATEGORY_PERSONA_ENTITY = "ENTITY";
105107
public static final String POLICY_RESOURCE_CATEGORY_PURPOSE = "TAG";

0 commit comments

Comments
 (0)