You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/26 20:22:15 UTC
sentry git commit: SENTRY-2281: list_privileges_by_user() fails with
a JDODetachedFieldAccessException (Arjun Mishra, reviewed by Sergio Pena,
Na Li)
Repository: sentry
Updated Branches:
refs/heads/master 9aeb2e236 -> cfd1036fe
SENTRY-2281: list_privileges_by_user() fails with a JDODetachedFieldAccessException (Arjun Mishra, reviewed by Sergio Pena, Na Li)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/cfd1036f
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/cfd1036f
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/cfd1036f
Branch: refs/heads/master
Commit: cfd1036fea2d66d39c29587e22d44861aadcba1f
Parents: 9aeb2e2
Author: Sergio Pena <se...@cloudera.com>
Authored: Tue Jun 26 15:21:31 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Tue Jun 26 15:22:03 2018 -0500
----------------------------------------------------------------------
.../db/service/persistent/SentryStore.java | 15 ++++++++---
.../db/service/persistent/TestSentryStore.java | 28 ++++++++++++++++++++
2 files changed, 40 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/cfd1036f/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 29c2176..d8ab1fc 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -1907,6 +1907,7 @@ public class SentryStore implements SentryStoreInterface {
pm -> {
Query query = pm.newQuery(MSentryPrivilege.class);
QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder();
+
if (entityNames == null || entityNames.isEmpty()) {
if (entityType == SentryEntityType.ROLE) {
paramBuilder.addString("!roles.isEmpty()");
@@ -1945,9 +1946,17 @@ public class SentryStore implements SentryStoreInterface {
// if no server, then return empty result
return Collections.emptyList();
}
- FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole");
- grp.addMember("roles");
- pm.getFetchPlan().addGroup("fetchRole");
+
+ if (entityType == SentryEntityType.ROLE) {
+ FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole");
+ grp.addMember("roles");
+ pm.getFetchPlan().addGroup("fetchRole");
+ } else if(entityType == SentryEntityType.USER) {
+ FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchUser");
+ grp.addMember("users");
+ pm.getFetchPlan().addGroup("fetchUser");
+ }
+
query.setFilter(paramBuilder.toString());
@SuppressWarnings("unchecked")
List<MSentryPrivilege> result = (List<MSentryPrivilege>)query.
http://git-wip-us.apache.org/repos/asf/sentry/blob/cfd1036f/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 5849e7d..52ce72c 100644
--- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -44,6 +44,7 @@ import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.alias.UserProvider;
import org.apache.sentry.SentryOwnerInfo;
+import org.apache.sentry.api.service.thrift.TSentryPrivilegeMap;
import org.apache.sentry.core.common.exception.SentryAccessDeniedException;
import org.apache.sentry.core.common.exception.SentryInvalidInputException;
import org.apache.sentry.core.common.utils.SentryConstants;
@@ -4190,6 +4191,33 @@ public class TestSentryStore extends org.junit.Assert {
}
@Test
+ public void testListSentryPrivilegesByAuthorizableForUser() throws Exception {
+ String userName1 = "list-privs-user1";
+ String grantor = "g1";
+ sentryStore.createSentryUser(userName1);
+
+ TSentryPrivilege privilege1 = new TSentryPrivilege();
+ privilege1.setPrivilegeScope("TABLE");
+ privilege1.setServerName("server1");
+ privilege1.setDbName("db1");
+ privilege1.setTableName("tbl1");
+ privilege1.setAction("SELECT");
+ privilege1.setCreateTime(System.currentTimeMillis());
+ sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege1, null);
+
+ TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
+ tSentryAuthorizable.setServer("server1");
+ tSentryAuthorizable.setDb("db1");
+ tSentryAuthorizable.setTable("tbl1");
+
+ TSentryPrivilegeMap map = sentryStore.listSentryPrivilegesByAuthorizableForUser(
+ Sets.newHashSet(userName1),
+ tSentryAuthorizable,false);
+ assertEquals(1, map.getPrivilegeMapSize());
+ assertEquals(Sets.newHashSet(userName1), map.getPrivilegeMap().keySet());
+ }
+
+ @Test
public void testGrantRevokePrivilegeMultipleTimesForRole() throws Exception {
String roleName = "test-privilege";
String grantor = "g1";