[server] prepare AnomalyResource workspace isolation (#1383)

startreedata · Apr 5, 2024 · 87d5323 · 87d5323
1 parent 68a2779
commit 87d5323
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/thirdeye-server/src/main/java/ai/startree/thirdeye/service/AnomalyService.java b/thirdeye-server/src/main/java/ai/startree/thirdeye/service/AnomalyService.java
@@ -107,6 +107,8 @@ protected AnomalyApi toApi(final AnomalyDTO dto, final RequestCache cache) {
   public void setFeedback(final ThirdEyeServerPrincipal principal, final Long id,
       final AnomalyFeedbackApi api) {
     final AnomalyDTO dto = getDto(id);
+    // todo cyril review authz - only require read right to add a feedback to an anomaly - to avoid feedback frictions for the moment
+    authorizationManager.ensureCanRead(principal, dto);
     final AnomalyFeedbackDTO feedbackDTO = ApiBeanMapper.toAnomalyFeedbackDTO(api);
     feedbackDTO.setUpdatedBy(principal.getName());
     dto.setFeedback(feedbackDTO);
@@ -122,7 +124,6 @@ public void setFeedback(final ThirdEyeServerPrincipal principal, final Long id,
   }
 
   public AnomalyStatsApi stats(final ThirdEyePrincipal principal, final Long startTime, final Long endTime) {
-    // FIXME CYRIL add authz layer
     final List<Predicate> predicates = new ArrayList<>();
     optional(startTime)
         .ifPresent(start -> predicates.add(Predicate.GE("startTime", startTime)));

diff --git a/thirdeye-server/src/main/java/ai/startree/thirdeye/service/package-info.java b/thirdeye-server/src/main/java/ai/startree/thirdeye/service/package-info.java
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2024 StarTree Inc
+ *
+ * Licensed under the StarTree Community License (the "License"); you may not use
+ * this file except in compliance with the License. You may obtain a copy of the
+ * License at http://www.startree.ai/legal/startree-community-license
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OF ANY KIND,
+ * either express or implied.
+ * See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+/**
+ * The  Service package and subpackages contains the Service logical layer.
+ * The Service layer is responsible for performing authorization.
+ * The Service package and subpackages are subject to architecture test.
+ * In most cases any change breaking the assumptions should be caught by the architecture tests, 
+ * but be sure to understand the implications before moving classes outside of this package.
+ * */
+package ai.startree.thirdeye.service;