Note Permission: If userName does not exist in the shiro.ini file, can't be saved!

zeppelin-server/src/main/java/org/apache/zeppelin/rest/NotebookRestApi.java

@@ -50,6 +50,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.collect.Sets;
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
 import com.google.gson.GsonBuilder;
@@ -119,6 +120,16 @@ public Response putNotePermissions(@PathParam("noteId") String noteId, String re
             permMap.get("readers"),
             permMap.get("writers")
     );
+
+    String noExistUser = checkUser(permMap);
+
+    if (!"".equals(noExistUser)) {
+
+      String message = "User： " + noExistUser + " not Exists，Please Check ！";
+
+      return new JsonResponse<>(Status.FORBIDDEN, message).build();
+
+    }
 
     HashSet<String> userAndRoles = new HashSet<String>();
     userAndRoles.add(principal);
@@ -127,9 +138,27 @@ public Response putNotePermissions(@PathParam("noteId") String noteId, String re
       return new JsonResponse<>(Status.FORBIDDEN, ownerPermissionError(userAndRoles,
               notebookAuthorization.getOwners(noteId))).build();
     }
-    notebookAuthorization.setOwners(noteId, permMap.get("owners"));
-    notebookAuthorization.setReaders(noteId, permMap.get("readers"));
-    notebookAuthorization.setWriters(noteId, permMap.get("writers"));
+
+    HashSet readers = permMap.get("readers");
+    HashSet owners = permMap.get("owners");
+    HashSet writers = permMap.get("writers");
+    String princial = SecurityUtils.getPrincipal();
+    if (!"anonymous".equals(princial)) {
+      if (owners.isEmpty()) {
+        owners = Sets.newHashSet(principal);
+      }
+      // Set writers, if owners is empty -> set to user requesting the change
+      if (readers != null && !readers.isEmpty()) {
+        if (writers.isEmpty()) {
+          writers = Sets.newHashSet(principal);
+        }
+      }
+    }  
+
+
+    notebookAuthorization.setReaders(noteId, readers);
+    notebookAuthorization.setWriters(noteId, writers);
+    notebookAuthorization.setOwners(noteId, owners);
     LOG.debug("After set permissions {} {} {}",
             notebookAuthorization.getOwners(noteId),
             notebookAuthorization.getReaders(noteId),
@@ -138,6 +167,35 @@ public Response putNotePermissions(@PathParam("noteId") String noteId, String re
     notebookServer.broadcastNote(note);
     return new JsonResponse<>(Status.OK).build();
   }
+
+  private static String checkUser(HashMap<String, HashSet> permMap) {
+
+    String userName = "";
+
+    HashSet<String> owners = permMap.get("owners");
+    HashSet<String> readers = permMap.get("readers");
+    HashSet<String> writers = permMap.get("writers");
+
+    HashSet<String> users = new HashSet<String>();
+    users.addAll(owners);
+    users.addAll(readers);
+    users.addAll(writers);
+
+    for (String tmpUser : users) {
+
+      if (!org.apache.zeppelin.utils.SecurityUtils.hasUser(tmpUser)) {
+
+        userName = tmpUser;
+
+        break;
+
+      }
+
+    }
+
+    return userName;
+
+  }
 
   /**
    * bind a setting to note
@@ -650,8 +708,21 @@ public Response getCronJob(@PathParam("notebookId") String notebookId) throws
   @Path("search")
   public Response search(@QueryParam("q") String queryTerm) {
     LOG.info("Searching notebooks for: {}", queryTerm);
+    String principal = SecurityUtils.getPrincipal();
+    HashSet<String> roles = SecurityUtils.getRoles();
+    HashSet<String> userAndRoles = new HashSet<String>();
+    userAndRoles.add(principal);
+    userAndRoles.addAll(roles);
     List<Map<String, String>> notebooksFound = notebookIndex.query(queryTerm);
-    LOG.info("{} notbooks found", notebooksFound.size());
+    for (int i = 0; i < notebooksFound.size(); i++) {
+      String[] Id = notebooksFound.get(i).get("id").split("/", 2);
+      String noteId = Id[0];
+      if (!notebookAuthorization.checkNoteUser(noteId, userAndRoles)) {
+        notebooksFound.remove(i);
+        i--;
+      }
+    }
+    LOG.info("{} notebooks found", notebooksFound.size());
     return new JsonResponse<>(Status.OK, notebooksFound).build();
   }
 

zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java

@@ -17,6 +17,10 @@
 package org.apache.zeppelin.utils;
 
 import org.apache.shiro.subject.Subject;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.realm.SimpleAccountRealm;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
 import org.apache.zeppelin.conf.ZeppelinConfiguration;
 
 import java.net.InetAddress;
@@ -25,6 +29,8 @@
 import java.net.UnknownHostException;
 import java.util.Arrays;
 import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
 
 /**
  * Tools for securing Zeppelin
@@ -83,5 +89,51 @@ public static HashSet<String> getRoles() {
     }
     return roles;
   }
+
+  public static boolean hasUser(String userName) {
+
+    boolean state = false;
+
+    SecurityManager sm = (SecurityManager) org.apache.shiro.SecurityUtils.getSecurityManager();
+
+    DefaultSecurityManager defSecurityManager = null;
+    if (sm instanceof DefaultSecurityManager) {
+
+      defSecurityManager = (DefaultSecurityManager) sm;
+
+    } else {
+
+      return true;
+
+    }
+
+    List realms = (List) defSecurityManager.getRealms();
+
+    org.apache.shiro.realm.SimpleAccountRealm simpleRealm = null;
+    Iterator iter = realms.iterator();
+
+    while (iter.hasNext()) {
+
+      Realm realm = (Realm) iter.next();
+
+      if (realm instanceof SimpleAccountRealm) {
+
+        simpleRealm = (SimpleAccountRealm) realm;
+
+        break;
+
+      }
+
+    }
+
+    if (simpleRealm != null) {
+
+      state = simpleRealm.accountExists(userName);
+
+    }
+
+    return state;
+
+  }
 
 }

zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/NotebookAuthorization.java

@@ -110,16 +110,10 @@ public void setOwners(String noteId, Set<String> entities) {
       noteAuthInfo.put("owners", new LinkedHashSet(entities));
       noteAuthInfo.put("readers", new LinkedHashSet());
       noteAuthInfo.put("writers", new LinkedHashSet());
-      authInfo.put(noteId, noteAuthInfo);
     } else {
-      Set<String> existingEntities = noteAuthInfo.get("owners");
-      if (existingEntities == null) {
-        noteAuthInfo.put("owners", new LinkedHashSet(entities));
-      } else {
-        existingEntities.clear();
-        existingEntities.addAll(entities);
-      }
+      noteAuthInfo.put("owners", new LinkedHashSet(entities));
     }
+    authInfo.put(noteId, noteAuthInfo);
     saveToFile();
   }
 
@@ -130,16 +124,10 @@ public void setReaders(String noteId, Set<String> entities) {
       noteAuthInfo.put("owners", new LinkedHashSet());
       noteAuthInfo.put("readers", new LinkedHashSet(entities));
       noteAuthInfo.put("writers", new LinkedHashSet());
-      authInfo.put(noteId, noteAuthInfo);
     } else {
-      Set<String> existingEntities = noteAuthInfo.get("readers");
-      if (existingEntities == null) {
-        noteAuthInfo.put("readers", new LinkedHashSet(entities));
-      } else {
-        existingEntities.clear();
-        existingEntities.addAll(entities);
-      }
+      noteAuthInfo.put("readers", new LinkedHashSet(entities));
     }
+    authInfo.put(noteId, noteAuthInfo);
     saveToFile();
   }
 
@@ -150,18 +138,31 @@ public void setWriters(String noteId, Set<String> entities) {
       noteAuthInfo.put("owners", new LinkedHashSet());
       noteAuthInfo.put("readers", new LinkedHashSet());
       noteAuthInfo.put("writers", new LinkedHashSet(entities));
-      authInfo.put(noteId, noteAuthInfo);
     } else {
-      Set<String> existingEntities = noteAuthInfo.get("writers");
-      if (existingEntities == null) {
-        noteAuthInfo.put("writers", new LinkedHashSet(entities));
-      } else {
-        existingEntities.clear();
-        existingEntities.addAll(entities);
-      }
+      noteAuthInfo.put("writers", new LinkedHashSet(entities));
     }
+    authInfo.put(noteId, noteAuthInfo);
     saveToFile();
   }
+
+  public boolean checkNoteUser(String noteId, HashSet<String> userAndRoles) {
+    boolean state = true;
+    Map<String, Set<String>> noteAuthInfo = authInfo.get(noteId);
+    Set<String> entities = null;
+    if (noteAuthInfo == null) {
+      entities = new HashSet<String>();
+    } else {
+      entities.addAll(noteAuthInfo.get("owners"));
+      entities.addAll(noteAuthInfo.get("readers"));
+      entities.addAll(noteAuthInfo.get("writers"));
+    }
+
+    if (!entities.isEmpty()) {
+      state = isReader(noteId, entities);
+    }
+
+    return state;
+  }
 
   public Set<String> getOwners(String noteId) {
     Map<String, Set<String>> noteAuthInfo = authInfo.get(noteId);