add test

LakshSingla · Sep 12, 2023 · 9c19058 · 9c19058
1 parent 27e69b6
commit 9c19058
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 6 deletions.
diff --git a/...ti-stage-query/src/main/java/org/apache/druid/msq/sql/resources/SqlStatementResource.java b/...ti-stage-query/src/main/java/org/apache/druid/msq/sql/resources/SqlStatementResource.java
@@ -656,7 +656,6 @@ private MSQControllerTask getMSQControllerTaskAndCheckPermission(
 
     String currentUser = authenticationResult.getIdentity();
 
-
     if (currentUser != null && currentUser.equals(queryUser)) {
       return msqControllerTask;
     }
@@ -672,10 +671,9 @@ private MSQControllerTask getMSQControllerTaskAndCheckPermission(
     }
 
     throw new ForbiddenException(StringUtils.format(
-        "The current user[%s] cannot view query id[%s] since the query is owned by user[%s]",
+        "The current user[%s] cannot view query id[%s] since the query is owned by another user",
         currentUser,
-        queryId,
-        queryUser
+        queryId
     ));
   }
 

diff --git a/...tage-query/src/test/java/org/apache/druid/msq/sql/resources/SqlStatementResourceTest.java b/...tage-query/src/test/java/org/apache/druid/msq/sql/resources/SqlStatementResourceTest.java
@@ -319,8 +319,6 @@ public class SqlStatementResourceTest extends MSQTestBase
       )
   );
   private static final DateTime QUEUE_INSERTION_TIME = DateTimes.of("2023-05-31T12:01Z");
-  private static final Map<String, Object> ROW1 = ImmutableMap.of("_time", 123, "alias", "foo", "market", "bar");
-  private static final Map<String, Object> ROW2 = ImmutableMap.of("_time", 234, "alias", "foo1", "market", "bar1");
   public static final ImmutableList<ColumnNameAndTypes> COL_NAME_AND_TYPES = ImmutableList.of(
       new ColumnNameAndTypes(
           "_time",
@@ -944,6 +942,37 @@ public void testAPIBehaviourWithSuperUsers()
     );
   }
 
+  @Test
+  public void testAPIBehaviourWithForbiddenUser()
+  {
+    AuthenticationResult differentUserAuthResult = new AuthenticationResult(
+        "differentUser", AuthConfig.ALLOW_ALL_NAME, null, null
+    );
+    Assert.assertEquals(
+        Response.Status.FORBIDDEN.getStatusCode(),
+        resource.doGetStatus(
+            RUNNING_SELECT_MSQ_QUERY,
+            makeExpectedReq(differentUserAuthResult)
+        ).getStatus()
+    );
+    Assert.assertEquals(
+        Response.Status.FORBIDDEN.getStatusCode(),
+        resource.doGetResults(
+            RUNNING_SELECT_MSQ_QUERY,
+            1L,
+            null,
+            makeExpectedReq(differentUserAuthResult)
+        ).getStatus()
+    );
+    Assert.assertEquals(
+        Response.Status.FORBIDDEN.getStatusCode(),
+        resource.deleteQuery(
+            RUNNING_SELECT_MSQ_QUERY,
+            makeExpectedReq(differentUserAuthResult)
+        ).getStatus()
+    );
+  }
+
   @Test
   public void testTaskIdNotFound()
   {