feat(access): Improve external role retrieval (#10160)

Co-authored-by: Chris Collins <[email protected]>

Author: filipe-caetano-ovo

datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/GmsGraphQLEngine.java

@@ -130,6 +130,7 @@
 import com.linkedin.datahub.graphql.resolvers.dataproduct.UpdateDataProductResolver;
 import com.linkedin.datahub.graphql.resolvers.dataset.DatasetStatsSummaryResolver;
 import com.linkedin.datahub.graphql.resolvers.dataset.DatasetUsageStatsResolver;
+import com.linkedin.datahub.graphql.resolvers.dataset.IsAssignedToMeResolver;
 import com.linkedin.datahub.graphql.resolvers.deprecation.UpdateDeprecationResolver;
 import com.linkedin.datahub.graphql.resolvers.domain.CreateDomainResolver;
 import com.linkedin.datahub.graphql.resolvers.domain.DeleteDomainResolver;
@@ -389,7 +390,7 @@
 import org.dataloader.DataLoaderOptions;
 
 /**
- * A {@link GraphQLEngine} configured to provide access to the entities and aspects on the the GMS
+ * A {@link GraphQLEngine} configured to provide access to the entities and aspects on the GMS
  * graph.
  */
 @Slf4j
@@ -716,7 +717,7 @@ public void configureRuntimeWiring(final RuntimeWiring.Builder builder) {
     configureVersionedDatasetResolvers(builder);
     configureAccessAccessTokenMetadataResolvers(builder);
     configureTestResultResolvers(builder);
-    configureRoleResolvers(builder);
+    configureDataHubRoleResolvers(builder);
     configureSchemaFieldResolvers(builder);
     configureERModelRelationshipResolvers(builder);
     configureEntityPathResolvers(builder);
@@ -729,6 +730,7 @@ public void configureRuntimeWiring(final RuntimeWiring.Builder builder) {
     configureFormResolvers(builder);
     configureIncidentResolvers(builder);
     configureRestrictedResolvers(builder);
+    configureRoleResolvers(builder);
   }
 
   private void configureOrganisationRoleResolvers(RuntimeWiring.Builder builder) {
@@ -2690,7 +2692,7 @@ private void configurePolicyResolvers(final RuntimeWiring.Builder builder) {
                         })));
   }
 
-  private void configureRoleResolvers(final RuntimeWiring.Builder builder) {
+  private void configureDataHubRoleResolvers(final RuntimeWiring.Builder builder) {
     builder.type(
         "DataHubRole",
         typeWiring ->
@@ -2925,4 +2927,10 @@ private void configureRestrictedResolvers(final RuntimeWiring.Builder builder) {
                         siblingGraphService, restrictedService, this.authorizationConfiguration))
                 .dataFetcher("relationships", new EntityRelationshipsResultResolver(graphClient)));
   }
+
+  private void configureRoleResolvers(final RuntimeWiring.Builder builder) {
+    builder.type(
+        "Role",
+        typeWiring -> typeWiring.dataFetcher("isAssignedToMe", new IsAssignedToMeResolver()));
+  }
 }

datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/dataset/IsAssignedToMeResolver.java

@@ -0,0 +1,40 @@
+package com.linkedin.datahub.graphql.resolvers.dataset;
+
+import com.linkedin.datahub.graphql.QueryContext;
+import com.linkedin.datahub.graphql.generated.CorpUser;
+import com.linkedin.datahub.graphql.generated.Role;
+import com.linkedin.datahub.graphql.generated.RoleUser;
+import graphql.schema.DataFetcher;
+import graphql.schema.DataFetchingEnvironment;
+import java.util.Collections;
+import java.util.Set;
+import java.util.concurrent.CompletableFuture;
+import java.util.stream.Collectors;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class IsAssignedToMeResolver implements DataFetcher<CompletableFuture<Boolean>> {
+
+  @Override
+  public CompletableFuture<Boolean> get(final DataFetchingEnvironment environment)
+      throws Exception {
+    final QueryContext context = environment.getContext();
+    final Role role = environment.getSource();
+    return CompletableFuture.supplyAsync(
+        () -> {
+          try {
+            final Set<String> assignedUserUrns =
+                role.getActors() != null && role.getActors().getUsers() != null
+                    ? role.getActors().getUsers().stream()
+                        .map(RoleUser::getUser)
+                        .map(CorpUser::getUrn)
+                        .collect(Collectors.toSet())
+                    : Collections.emptySet();
+            return assignedUserUrns.contains(context.getActorUrn());
+          } catch (Exception e) {
+            throw new RuntimeException(
+                "Failed to determine if current user is assigned to Role", e);
+          }
+        });
+  }
+}

datahub-graphql-core/src/main/resources/entity.graphql

@@ -1720,6 +1720,7 @@ type Role implements Entity {
     """
     actors: Actor
 
+    isAssignedToMe: Boolean!
 
 }
 

datahub-graphql-core/src/test/java/com/linkedin/datahub/graphql/resolvers/role/IsAssignedToMeResolverTest.java

@@ -0,0 +1,81 @@
+package com.linkedin.datahub.graphql.resolvers.role;
+
+import static com.linkedin.datahub.graphql.TestUtils.getMockAllowContext;
+import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertTrue;
+
+import com.linkedin.common.urn.Urn;
+import com.linkedin.common.urn.UrnUtils;
+import com.linkedin.datahub.graphql.QueryContext;
+import com.linkedin.datahub.graphql.generated.*;
+import com.linkedin.datahub.graphql.resolvers.dataset.IsAssignedToMeResolver;
+import graphql.schema.DataFetchingEnvironment;
+import java.util.ArrayList;
+import org.mockito.Mockito;
+import org.testng.annotations.Test;
+
+public class IsAssignedToMeResolverTest {
+
+  private static final Urn TEST_CORP_USER_URN_1 = UrnUtils.getUrn("urn:li:corpuser:test-user-1");
+  private static final Urn TEST_CORP_USER_URN_2 = UrnUtils.getUrn("urn:li:corpuser:test-user-2");
+  private static final Urn TEST_CORP_USER_URN_3 = UrnUtils.getUrn("urn:li:corpuser:test-user-3");
+
+  @Test
+  public void testReturnsTrueIfCurrentUserIsAssignedToRole() throws Exception {
+
+    CorpUser corpUser1 = new CorpUser();
+    corpUser1.setUrn(TEST_CORP_USER_URN_1.toString());
+    CorpUser corpUser2 = new CorpUser();
+    corpUser2.setUrn(TEST_CORP_USER_URN_2.toString());
+    CorpUser corpUser3 = new CorpUser();
+    corpUser3.setUrn(TEST_CORP_USER_URN_3.toString());
+
+    ArrayList<RoleUser> roleUsers = new ArrayList<>();
+    roleUsers.add(new RoleUser(corpUser1));
+    roleUsers.add(new RoleUser(corpUser2));
+    roleUsers.add(new RoleUser(corpUser3));
+
+    Actor actor = new Actor();
+    actor.setUsers(roleUsers);
+    Role role = new Role();
+    role.setUrn("urn:li:role:fake-role");
+    role.setActors(actor);
+
+    QueryContext mockContext = getMockAllowContext(TEST_CORP_USER_URN_1.toString());
+    DataFetchingEnvironment mockEnv = Mockito.mock(DataFetchingEnvironment.class);
+    Mockito.when(mockEnv.getContext()).thenReturn(mockContext);
+    Mockito.when(mockEnv.getSource()).thenReturn(role);
+
+    IsAssignedToMeResolver resolver = new IsAssignedToMeResolver();
+    assertTrue(resolver.get(mockEnv).get());
+  }
+
+  @Test
+  public void testReturnsFalseIfCurrentUserIsNotAssignedToRole() throws Exception {
+
+    CorpUser corpUser1 = new CorpUser();
+    corpUser1.setUrn(TEST_CORP_USER_URN_1.toString());
+    CorpUser corpUser2 = new CorpUser();
+    corpUser2.setUrn(TEST_CORP_USER_URN_2.toString());
+    CorpUser corpUser3 = new CorpUser();
+    corpUser3.setUrn(TEST_CORP_USER_URN_3.toString());
+
+    ArrayList<RoleUser> roleUsers = new ArrayList<>();
+    roleUsers.add(new RoleUser(corpUser2));
+    roleUsers.add(new RoleUser(corpUser3));
+
+    Actor actor = new Actor();
+    actor.setUsers(roleUsers);
+    Role role = new Role();
+    role.setUrn("urn:li:role:fake-role");
+    role.setActors(actor);
+
+    QueryContext mockContext = getMockAllowContext(TEST_CORP_USER_URN_1.toString());
+    DataFetchingEnvironment mockEnv = Mockito.mock(DataFetchingEnvironment.class);
+    Mockito.when(mockEnv.getContext()).thenReturn(mockContext);
+    Mockito.when(mockEnv.getSource()).thenReturn(role);
+
+    IsAssignedToMeResolver resolver = new IsAssignedToMeResolver();
+    assertFalse(resolver.get(mockEnv).get());
+  }
+}

datahub-web-react/src/app/entity/shared/tabs/Dataset/AccessManagement/AccessManagement.tsx

@@ -5,7 +5,6 @@ import { SpinProps } from 'antd/es/spin';
 import { LoadingOutlined } from '@ant-design/icons';
 import { useBaseEntity } from '../../../EntityContext';
 import { GetDatasetQuery, useGetExternalRolesQuery } from '../../../../../../graphql/dataset.generated';
-import { useGetMeQuery } from '../../../../../../graphql/me.generated';
 import { handleAccessRoles } from './utils';
 import AccessManagerDescription from './AccessManagerDescription';
 
@@ -59,10 +58,10 @@ const AccessButton = styled(Button)`
 `;
 
 export default function AccessManagement() {
-    const { data: loggedInUser } = useGetMeQuery({ fetchPolicy: 'cache-first' });
     const baseEntity = useBaseEntity<GetDatasetQuery>();
+
     const { data: externalRoles, loading: isLoading } = useGetExternalRolesQuery({
-        variables: { urn: baseEntity?.dataset?.urn as string },
+        variables: { urn: baseEntity?.dataset?.urn as string, },
         skip: !baseEntity?.dataset?.urn,
     });
 
@@ -114,7 +113,7 @@ export default function AccessManagement() {
     return (
         <StyledTable
             loading={isLoading ? spinProps : false}
-            dataSource={handleAccessRoles(externalRoles, loggedInUser)}
+            dataSource={handleAccessRoles(externalRoles)}
             columns={columns} pagination={false}
         />
     )