zeppelin icon indicating copy to clipboard operation
zeppelin copied to clipboard
verified publisher icon apache

[ZEPPELIN-5934] Check notebook folder permissions before allowing to rename, remove or restore it

Open idzikovsky opened this issue 2 years ago • 3 comments

What is this PR for?

Users who are able to see notes in some directory can rename, move to trash and remove from trash that directory without being owner or having write permissions for notes in that directory. This is resolved in first commit.

Secondly, after renaming directory to the name of already existing directory, old notes in target directory become unaccessible (in fact those notes are removed in file system, but still visible in UI as they are present in NoteManager registry). This addresses 2nd point in ZEPPELIN-5333. Fixed in 2nd commit.

What type of PR is it?

Improvement

What is the Jira issue?

How should this be tested?

  • I've tested this manually by creating some note in directory, giving read permission to it for some other user, and checking whether that user can move to trash, remove, rename or restore directory with that note.
  • I've checked and it does not seem like there are available infrastructure in NotebookServiceTest or in NoteManagerTest to cover multi-user scenarios.

idzikovsky avatar Jun 22 '23 14:06 idzikovsky

Sorry, I made this PR on top of 0.10.1 version, and it seems like something has been changed in this filed in master branch since then. Now I have local fix of this issue for master branch. I'll update the PR as soon as I have successful run of tests.

idzikovsky avatar Jun 23 '23 22:06 idzikovsky

Issues in my last comment were resolved in the latest commit.

idzikovsky avatar Jun 27 '23 09:06 idzikovsky

BTW, there are no tests for the features. Could you please add tests for your feature?

jongyoul avatar Jun 28 '23 00:06 jongyoul