JPA Operations Entity Level Access Control

Description

This work needs to be done in the "Kylo-198-entity-access" feature branch

Operations Manager needs to filter access to feeds and jobs based upon the users access.
A filter needs to be attached to each query to ensure the user has correct access to the feeds and jobs.
1) Create a new table to store the access to feeds
Table: FEED_ACL_INDEX
FEED_ID (binary) - FK to the FEED table
PRINCIPAL (varchar) the user/group who has access to read the feed

FEED_ID

PRINCIPAL

10

 

20

G:GROUPA

20

G:GROUPX

30

G:GROUPA

30

U:USER2

The Principal would prefix the System names to avoid a name clash of users and groups

This ticket assumes that Feed Manager will populate this table and ensure its sync'd with the correct principals.

2. Filter Ops Manager Queries
Ops Manager needs to append a filter to all queries against feeds,jobs, views unless the user is an Admin

We need to see how to best add this filter to:

  • Spring Data Repository queries

  • Spring Data QueryDSL queries

Does spring data have a way to inject the filter for each query? We may need to look into an extended Spring Data repository class, or possibly use something similar to the QueryDslPagingSupport class we wrote (that requires a different findAll call, so ideally I would like to try to make it seamless with a standard spring data repository query.

Activity

Show:
Scott Reisdorf
March 28, 2017, 10:30 PM
Done

Assignee

RuslansU

Reporter

Scott Reisdorf

Labels

None

Reviewer

None

Epic Link

Sprint

None

Fix versions

Priority

Medium