You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Alexander Kolbasov (JIRA)" <ji...@apache.org> on 2016/11/20 21:13:58 UTC

[jira] [Created] (SENTRY-1543) dropOrRenamePrivilegeForAllRoles() has confusing code

Alexander Kolbasov created SENTRY-1543:
------------------------------------------

             Summary: dropOrRenamePrivilegeForAllRoles() has confusing code
                 Key: SENTRY-1543
                 URL: https://issues.apache.org/jira/browse/SENTRY-1543
             Project: Sentry
          Issue Type: Improvement
          Components: Sentry
    Affects Versions: 1.8.0, sentry-ha-redesign
            Reporter: Alexander Kolbasov
            Priority: Minor


{code}
  private void dropOrRenamePrivilegeForAllRoles(PersistenceManager pm,
      TSentryPrivilege tPrivilege,
      TSentryPrivilege newTPrivilege) throws SentryNoSuchObjectException,
      SentryInvalidInputException {
    HashSet<MSentryRole> roleSet = Sets.newHashSet();

    List<MSentryPrivilege> mPrivileges = getMSentryPrivileges(tPrivilege, pm);
    if (mPrivileges != null && !mPrivileges.isEmpty()) {
      for (MSentryPrivilege mPrivilege : mPrivileges) {
        roleSet.addAll(ImmutableSet.copyOf(mPrivilege.getRoles()));
      }
    }

    MSentryPrivilege parent = getMSentryPrivilege(tPrivilege, pm);
    ...
}
{code}

Note that first we do getMSentryPrivileges(tPrivilege) and then getMSentryPrivilege(tPrivilege). In the first case the list of multiple entries is returned, in the second only a single element is returned. 

The two calls construct query a bit differently - the getMSentryPrivilege() unconditionally adds filters for all components.

So the intent here is rather confusing and it would be good to clarify in the comments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)