/** set note authorization information */
  @PUT
  @Path("{noteId}/permissions")
  @ZeppelinApi
  public Response putNotePermissions(@PathParam("noteId") String noteId, String req)
      throws IOException {
    HashMap<String, HashSet> permMap =
        gson.fromJson(req, new TypeToken<HashMap<String, HashSet>>() {}.getType());
    Note note = notebook.getNote(noteId);
    String principal = SecurityUtils.getPrincipal();
    HashSet<String> roles = SecurityUtils.getRoles();
    LOG.info(
        "Set permissions {} {} {} {} {}",
        noteId,
        principal,
        permMap.get("owners"),
        permMap.get("readers"),
        permMap.get("writers"));

    HashSet<String> userAndRoles = new HashSet<String>();
    userAndRoles.add(principal);
    userAndRoles.addAll(roles);
    if (!notebookAuthorization.isOwner(noteId, userAndRoles)) {
      return new JsonResponse<>(
              Status.FORBIDDEN,
              ownerPermissionError(userAndRoles, notebookAuthorization.getOwners(noteId)))
          .build();
    }

    HashSet readers = permMap.get("readers");
    HashSet owners = permMap.get("owners");
    HashSet writers = permMap.get("writers");
    // Set readers, if writers and owners is empty -> set to user requesting the change
    if (readers != null && !readers.isEmpty()) {
      if (writers.isEmpty()) {
        writers = Sets.newHashSet(SecurityUtils.getPrincipal());
      }
      if (owners.isEmpty()) {
        owners = Sets.newHashSet(SecurityUtils.getPrincipal());
      }
    }
    // Set writers, if owners is empty -> set to user requesting the change
    if (writers != null && !writers.isEmpty()) {
      if (owners.isEmpty()) {
        owners = Sets.newHashSet(SecurityUtils.getPrincipal());
      }
    }

    notebookAuthorization.setReaders(noteId, readers);
    notebookAuthorization.setWriters(noteId, writers);
    notebookAuthorization.setOwners(noteId, owners);
    LOG.debug(
        "After set permissions {} {} {}",
        notebookAuthorization.getOwners(noteId),
        notebookAuthorization.getReaders(noteId),
        notebookAuthorization.getWriters(noteId));
    AuthenticationInfo subject = new AuthenticationInfo(SecurityUtils.getPrincipal());
    note.persist(subject);
    notebookServer.broadcastNote(note);
    return new JsonResponse<>(Status.OK).build();
  }
示例#2
0
 /** get note authorization information */
 @GET
 @Path("{noteId}/permissions")
 @ZeppelinApi
 public Response getNotePermissions(@PathParam("noteId") String noteId) {
   HashMap<String, Set<String>> permissionsMap = new HashMap<>();
   permissionsMap.put("owners", notebookAuthorization.getOwners(noteId));
   permissionsMap.put("readers", notebookAuthorization.getReaders(noteId));
   permissionsMap.put("writers", notebookAuthorization.getWriters(noteId));
   return new JsonResponse<>(Status.OK, "", permissionsMap).build();
 }