Skip to content

Commit

Permalink
Disable upVote for non admins. Implement BE checks in upvote
Browse files Browse the repository at this point in the history
  • Loading branch information
@dlpzx
dlpzx committed Nov 28, 2024
1 parent 1e9a40a commit e3ba1e9
Show file tree
Hide file tree
Showing 7 changed files with 38 additions and 25 deletions.
3 changes: 2 additions & 1 deletion backend/dataall/modules/dashboards/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ def __init__(self):
from dataall.modules.catalog.indexers.registry import GlossaryRegistry, GlossaryDefinition
from dataall.modules.vote.services.vote_service import add_vote_type
from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer
from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD

FeedRegistry.register(FeedDefinition('Dashboard', Dashboard))

Expand All @@ -42,7 +43,7 @@ def __init__(self):
)
)

add_vote_type('dashboard', DashboardIndexer)
add_vote_type('dashboard', DashboardIndexer, GET_DASHBOARD)

EnvironmentResourceManager.register(DashboardRepository())
log.info('Dashboard API has been loaded')
Expand Down
3 changes: 2 additions & 1 deletion backend/dataall/modules/redshift_datasets/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ def __init__(self):
)

import dataall.modules.redshift_datasets.api
from dataall.modules.redshift_datasets.services.redshift_dataset_permissions import GET_REDSHIFT_DATASET

FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_TABLE_NAME, RedshiftTable))
FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_NAME, RedshiftDataset))
Expand All @@ -75,7 +76,7 @@ def __init__(self):
)
)

add_vote_type(VOTE_REDSHIFT_DATASET_NAME, DatasetIndexer)
add_vote_type(VOTE_REDSHIFT_DATASET_NAME, DatasetIndexer, GET_REDSHIFT_DATASET)

EnvironmentResourceManager.register(RedshiftDatasetEnvironmentResource())
EnvironmentResourceManager.register(RedshiftConnectionEnvironmentResource())
Expand Down
2 changes: 1 addition & 1 deletion backend/dataall/modules/s3_datasets/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ def __init__(self):
)
)

add_vote_type('dataset', DatasetIndexer)
add_vote_type('dataset', DatasetIndexer, GET_DATASET)

TargetType('dataset', GET_DATASET, UPDATE_DATASET, MANAGE_DATASETS)

Expand Down
20 changes: 15 additions & 5 deletions backend/dataall/modules/vote/services/vote_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,13 @@
from dataall.base.context import get_context
from dataall.modules.catalog.indexers.base_indexer import BaseIndexer
from dataall.modules.vote.db.vote_repositories import VoteRepository
from dataall.core.permissions.services.resource_policy_service import ResourcePolicyService

_VOTE_TYPES: Dict[str, Type[BaseIndexer]] = {}
_VOTE_TYPES: Dict[str, Dict[Type[BaseIndexer], str]] = {}


def add_vote_type(target_type: str, indexer: Type[BaseIndexer]):
_VOTE_TYPES[target_type] = indexer
def add_vote_type(target_type: str, indexer: Type[BaseIndexer], permission: str):
_VOTE_TYPES[target_type] = {'indexer': indexer, 'permission': permission}


def _session():
Expand All @@ -26,9 +27,18 @@ class VoteService:

@staticmethod
def upvote(targetUri: str, targetType: str, upvote: bool):
with _session() as session:
context = get_context()
target_type = _VOTE_TYPES[targetType]
with context.db_engine.scoped_session() as session:
ResourcePolicyService.check_user_resource_permission(
session=session,
username=context.username,
groups=context.groups,
resource_uri=targetUri,
permission_name=target_type.get('permission'),
)
vote = VoteRepository.upvote(session=session, targetUri=targetUri, targetType=targetType, upvote=upvote)
_VOTE_TYPES[vote.targetType].upsert(session, vote.targetUri)
target_type.get('indexer').upsert(session, vote.targetUri)
return vote

@staticmethod
Expand Down
13 changes: 6 additions & 7 deletions frontend/src/modules/Dashboards/views/DashboardView.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,13 +222,12 @@ const DashboardView = () => {
</Grid>
<Grid item>
<Box sx={{ m: -1 }}>
{isAdmin && (
<UpVoteButton
upVoted={isUpVoted}
onClick={() => upVoteDashboard(dashboard.dashboardUri)}
upVotes={upVotes || 0}
/>
)}
<UpVoteButton
upVoted={isUpVoted}
disabled={!isAdmin}
onClick={() => upVoteDashboard(dashboard.dashboardUri)}
upVotes={upVotes || 0}
/>
<Button
color="primary"
startIcon={<ForumOutlined fontSize="small" />}
Expand Down
11 changes: 6 additions & 5 deletions frontend/src/modules/Redshift_Datasets/views/RSDatasetView.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,13 +226,14 @@ const RSDatasetView = () => {
</Grid>
<Grid item>
<Box sx={{ m: -1 }}>
<UpVoteButton
upVoted={isUpVoted}
disabled={!isAdmin}
onClick={() => upVoteDataset(dataset.datasetUri)}
upVotes={upVotes}
/>
{isAdmin && (
<span>
<UpVoteButton
upVoted={isUpVoted}
onClick={() => upVoteDataset(dataset.datasetUri)}
upVotes={upVotes}
/>
<Button
color="primary"
startIcon={<ForumOutlined fontSize="small" />}
Expand Down
11 changes: 6 additions & 5 deletions frontend/src/modules/S3_Datasets/views/DatasetView.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,13 +266,14 @@ const DatasetView = () => {

<Grid item>
<Box sx={{ m: -1 }}>
<UpVoteButton
disabled={!isAdmin}
upVoted={isUpVoted}
onClick={() => upVoteDataset(dataset.datasetUri)}
upVotes={upVotes}
/>
{isAdmin && (
<span>
<UpVoteButton
upVoted={isUpVoted}
onClick={() => upVoteDataset(dataset.datasetUri)}
upVotes={upVotes}
/>
<Button
color="primary"
startIcon={<ForumOutlined fontSize="small" />}
Expand Down

0 comments on commit e3ba1e9

Please sign in to comment.