From e3ba1e9eb0f49a2da43ad3e70e93cb57aa7260f0 Mon Sep 17 00:00:00 2001 From: dlpzx Date: Wed, 27 Nov 2024 10:42:23 +0100 Subject: [PATCH] Disable upVote for non admins. Implement BE checks in upvote --- .../dataall/modules/dashboards/__init__.py | 3 ++- .../modules/redshift_datasets/__init__.py | 3 ++- .../dataall/modules/s3_datasets/__init__.py | 2 +- .../modules/vote/services/vote_service.py | 20 ++++++++++++++----- .../modules/Dashboards/views/DashboardView.js | 13 ++++++------ .../Redshift_Datasets/views/RSDatasetView.js | 11 +++++----- .../modules/S3_Datasets/views/DatasetView.js | 11 +++++----- 7 files changed, 38 insertions(+), 25 deletions(-) diff --git a/backend/dataall/modules/dashboards/__init__.py b/backend/dataall/modules/dashboards/__init__.py index ffbc8e92d..eca274c9e 100644 --- a/backend/dataall/modules/dashboards/__init__.py +++ b/backend/dataall/modules/dashboards/__init__.py @@ -33,6 +33,7 @@ def __init__(self): from dataall.modules.catalog.indexers.registry import GlossaryRegistry, GlossaryDefinition from dataall.modules.vote.services.vote_service import add_vote_type from dataall.modules.dashboards.indexers.dashboard_indexer import DashboardIndexer + from dataall.modules.dashboards.services.dashboard_permissions import GET_DASHBOARD FeedRegistry.register(FeedDefinition('Dashboard', Dashboard)) @@ -42,7 +43,7 @@ def __init__(self): ) ) - add_vote_type('dashboard', DashboardIndexer) + add_vote_type('dashboard', DashboardIndexer, GET_DASHBOARD) EnvironmentResourceManager.register(DashboardRepository()) log.info('Dashboard API has been loaded') diff --git a/backend/dataall/modules/redshift_datasets/__init__.py b/backend/dataall/modules/redshift_datasets/__init__.py index cd9e73f68..edcf675b2 100644 --- a/backend/dataall/modules/redshift_datasets/__init__.py +++ b/backend/dataall/modules/redshift_datasets/__init__.py @@ -53,6 +53,7 @@ def __init__(self): ) import dataall.modules.redshift_datasets.api + from dataall.modules.redshift_datasets.services.redshift_dataset_permissions import GET_REDSHIFT_DATASET FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_TABLE_NAME, RedshiftTable)) FeedRegistry.register(FeedDefinition(FEED_REDSHIFT_DATASET_NAME, RedshiftDataset)) @@ -75,7 +76,7 @@ def __init__(self): ) ) - add_vote_type(VOTE_REDSHIFT_DATASET_NAME, DatasetIndexer) + add_vote_type(VOTE_REDSHIFT_DATASET_NAME, DatasetIndexer, GET_REDSHIFT_DATASET) EnvironmentResourceManager.register(RedshiftDatasetEnvironmentResource()) EnvironmentResourceManager.register(RedshiftConnectionEnvironmentResource()) diff --git a/backend/dataall/modules/s3_datasets/__init__.py b/backend/dataall/modules/s3_datasets/__init__.py index dbd4f458c..2307607fa 100644 --- a/backend/dataall/modules/s3_datasets/__init__.py +++ b/backend/dataall/modules/s3_datasets/__init__.py @@ -75,7 +75,7 @@ def __init__(self): ) ) - add_vote_type('dataset', DatasetIndexer) + add_vote_type('dataset', DatasetIndexer, GET_DATASET) TargetType('dataset', GET_DATASET, UPDATE_DATASET, MANAGE_DATASETS) diff --git a/backend/dataall/modules/vote/services/vote_service.py b/backend/dataall/modules/vote/services/vote_service.py index 380d9728d..7cf6914b9 100644 --- a/backend/dataall/modules/vote/services/vote_service.py +++ b/backend/dataall/modules/vote/services/vote_service.py @@ -7,12 +7,13 @@ from dataall.base.context import get_context from dataall.modules.catalog.indexers.base_indexer import BaseIndexer from dataall.modules.vote.db.vote_repositories import VoteRepository +from dataall.core.permissions.services.resource_policy_service import ResourcePolicyService -_VOTE_TYPES: Dict[str, Type[BaseIndexer]] = {} +_VOTE_TYPES: Dict[str, Dict[Type[BaseIndexer], str]] = {} -def add_vote_type(target_type: str, indexer: Type[BaseIndexer]): - _VOTE_TYPES[target_type] = indexer +def add_vote_type(target_type: str, indexer: Type[BaseIndexer], permission: str): + _VOTE_TYPES[target_type] = {'indexer': indexer, 'permission': permission} def _session(): @@ -26,9 +27,18 @@ class VoteService: @staticmethod def upvote(targetUri: str, targetType: str, upvote: bool): - with _session() as session: + context = get_context() + target_type = _VOTE_TYPES[targetType] + with context.db_engine.scoped_session() as session: + ResourcePolicyService.check_user_resource_permission( + session=session, + username=context.username, + groups=context.groups, + resource_uri=targetUri, + permission_name=target_type.get('permission'), + ) vote = VoteRepository.upvote(session=session, targetUri=targetUri, targetType=targetType, upvote=upvote) - _VOTE_TYPES[vote.targetType].upsert(session, vote.targetUri) + target_type.get('indexer').upsert(session, vote.targetUri) return vote @staticmethod diff --git a/frontend/src/modules/Dashboards/views/DashboardView.js b/frontend/src/modules/Dashboards/views/DashboardView.js index e82270af4..260de952e 100644 --- a/frontend/src/modules/Dashboards/views/DashboardView.js +++ b/frontend/src/modules/Dashboards/views/DashboardView.js @@ -222,13 +222,12 @@ const DashboardView = () => { - {isAdmin && ( - upVoteDashboard(dashboard.dashboardUri)} - upVotes={upVotes || 0} - /> - )} + upVoteDashboard(dashboard.dashboardUri)} + upVotes={upVotes || 0} + />