[KYUUBI apache#4622][UI] Session api use admin api for security

### _Why are the changes needed?_ Close apache#4622 Currently, we don't have a login for the UI, so we can't differentiate between users. So, we currently maintain a cautious attitude towards the kyuubi ui open API(especially the ability to delete resources) and choose `AdminResource`, which helps us filter non-Admin requests (although the current strategy is not perfect, it is a safe and quick step). Change api `api/v1/XXX` => `api/v1/admin/XXX` ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [ ] [Run test](https://kyuubi.readthedocs.io/en/master/develop_tools/testing.html#running-tests) locally before make a pull request Closes apache#4631 from zwangsheng/KYUUBI_4622. Closes apache#4622 3a61189 [zwangsheng] [KYUUBI apache#4622][UI] Session api use admin resource for security Authored-by: zwangsheng <2213335496@qq.com> Signed-off-by: Cheng Pan <chengpan@apache.org>
phyyou · Apr 4, 2023 · 0c6ba94 · 0c6ba94
1 parent f0796ec
commit 0c6ba94
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/kyuubi-server/web-ui/src/api/session/index.ts b/kyuubi-server/web-ui/src/api/session/index.ts
@@ -19,14 +19,14 @@ import request from '@/utils/request'
 
 export function getAllSessions() {
   return request({
-    url: 'api/v1/sessions',
+    url: 'api/v1/admin/sessions',
     method: 'get'
   })
 }
 
 export function deleteSession(sessionId: string) {
   return request({
-    url: `api/v1/sessions/${sessionId}`,
+    url: `api/v1/admin/sessions/${sessionId}`,
     method: 'delete'
   })
 }