You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by rm...@apache.org on 2017/02/10 06:28:27 UTC

ranger git commit: RANGER-1361:RangerHDFSPlugin audits for Ancestor, Sub level and parent access doesn't have the correct accessType

Repository: ranger
Updated Branches:
  refs/heads/master 4a1e4928a -> 254ebf156


RANGER-1361:RangerHDFSPlugin audits for Ancestor, Sub level and parent access doesn't have the correct accessType


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/254ebf15
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/254ebf15
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/254ebf15

Branch: refs/heads/master
Commit: 254ebf1569de4ef4792033d21c321e93592ebd14
Parents: 4a1e492
Author: rmani <rm...@hortonworks.com>
Authored: Thu Feb 9 22:28:06 2017 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Thu Feb 9 22:28:06 2017 -0800

----------------------------------------------------------------------
 .../ranger/authorization/hadoop/RangerHdfsAuthorizer.java   | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/254ebf15/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index d92bf12..324551d 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
@@ -386,7 +386,6 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
 						if(auditHandler != null) {
 							INode    nodeChecked = inode;
 							FsAction action      = access;
-
 							if(isTraverseOnlyCheck) {
 								if(nodeChecked == null || nodeChecked.isFile()) {
 									if(parent != null) {
@@ -397,14 +396,14 @@ public class RangerHdfsAuthorizer extends INodeAttributeProvider {
 								}
 
 								action = FsAction.EXECUTE;
-							} else if(action == null) {
-								if(parentAccess != null) {
+							} else if(action == null || action == FsAction.NONE)  {
+								if(parentAccess != null && parentAccess != FsAction.NONE ) {
 									nodeChecked = parent;
 									action      = parentAccess;
-								} else if(ancestorAccess != null) {
+								} else if(ancestorAccess != null  && ancestorAccess != FsAction.NONE ) {
 									nodeChecked = ancestor;
 									action      = ancestorAccess;
-								} else if(subAccess != null) {
+								} else if(subAccess != null && subAccess != FsAction.NONE ) {
 									action = subAccess;
 								}
 							}