You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Alexander Kolbasov (JIRA)" <ji...@apache.org> on 2016/11/20 20:50:58 UTC
[jira] [Updated] (SENTRY-1540)
SentryStore.isMultiActionsSupported() is always true
[ https://issues.apache.org/jira/browse/SENTRY-1540?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Kolbasov updated SENTRY-1540:
---------------------------------------
Priority: Minor (was: Major)
> SentryStore.isMultiActionsSupported() is always true
> ----------------------------------------------------
>
> Key: SENTRY-1540
> URL: https://issues.apache.org/jira/browse/SENTRY-1540
> Project: Sentry
> Issue Type: Improvement
> Components: Sentry
> Affects Versions: 1.8.0, sentry-ha-redesign
> Reporter: Alexander Kolbasov
> Priority: Minor
> Labels: bite-sized
>
> The SentryStore.isMultiActionsSupported() function:
> {code}
> // Currently INSERT/SELECT/ALL are supported for Table and DB level privileges
> private boolean isMultiActionsSupported(TSentryPrivilege tPrivilege) {
> return tPrivilege.getDbName() != null;
> }
> {code}
> It is called in two places - in drop_privileges():
> {code}
> TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
> try {
> if (isMultiActionsSupported(tPrivilege)) {
> ...
> {code}
> The toSentryPrivilege() function:
> {code}
> private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
> throws SentryInvalidInputException {
> TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
> tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
> tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
> tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
> tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn()));
> tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
> ...
> {code}
> So all fields are initialized to an emoty string which means that isMultiActionsSupported is always true.
> The same is true for the second usage in renamePrivilege().
> So currently the function is meaningless. So it should be either removed or changed to verify that dbName is non-empty and not "__NULL__".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)