You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2015/11/12 02:47:44 UTC

incubator-sentry git commit: SENTRY-923: Fix SentryStore getPrivileges when table require some (Dapeng Sun, reviewed by Guoquan Shen)

Repository: incubator-sentry
Updated Branches:
  refs/heads/master d3793ed21 -> 25d0fefb4


SENTRY-923: Fix SentryStore getPrivileges when table require some (Dapeng Sun, reviewed by Guoquan Shen)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/25d0fefb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/25d0fefb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/25d0fefb

Branch: refs/heads/master
Commit: 25d0fefb4161ce886459d816caff576415fc2a3f
Parents: d3793ed
Author: Sun Dapeng <sd...@apache.org>
Authored: Thu Nov 12 09:34:25 2015 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Thu Nov 12 09:39:15 2015 +0800

----------------------------------------------------------------------
 .../db/service/persistent/SentryStore.java      |  7 ++--
 .../db/service/persistent/TestSentryStore.java  | 36 ++++++++++++++++++++
 2 files changed, 40 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25d0fefb/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index fbb611e..8c9401c 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -975,9 +975,10 @@ public class SentryStore {
         if (authHierarchy.getDb() != null) {
           filters.append(" && ((dbName == \"" + authHierarchy.getDb().toLowerCase() + "\") || (dbName == \"__NULL__\")) && (URI == \"__NULL__\")");
           if ((authHierarchy.getTable() != null)
-              && !AccessConstants.ALL
-                  .equalsIgnoreCase(authHierarchy.getTable())) {
-            filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
+              && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getTable())) {
+            if (!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getTable())) {
+              filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
+            }
             if ((authHierarchy.getColumn() != null)
                 && !AccessConstants.ALL
                     .equalsIgnoreCase(authHierarchy.getColumn())) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25d0fefb/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index be19468..a7bfc02 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -1661,6 +1661,42 @@ public class TestSentryStore {
     assertEquals(1, privilegeSet.size());
   }
 
+  @Test
+  public void testSentryTablePrivilegeSome() throws Exception {
+    String roleName = "test-table-privilege-some";
+    String grantor = "g1";
+    String dbName = "db1";
+    String table = "tb1";
+    sentryStore.createSentryRole(roleName);
+    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
+    tSentryPrivilege.setDbName(dbName);
+    tSentryPrivilege.setTableName(table);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);
+
+    TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
+    tSentryAuthorizable.setDb(dbName);
+    tSentryAuthorizable.setTable(AccessConstants.SOME);
+    tSentryAuthorizable.setServer("server1");
+
+    Set<TSentryPrivilege> privileges =
+        sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable);
+
+    assertTrue(privileges.size() == 1);
+
+    Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>();
+    tSentryGroups.add(new TSentryGroup("group1"));
+    sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups);
+
+    TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName)));
+
+    Set<String> privs =
+        sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable);
+
+    assertTrue(privs.size()==1);
+    assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + table + "->action=all"));
+
+  }
+
   protected static void addGroupsToUser(String user, String... groupNames) {
     policyFile.addGroupsToUser(user, groupNames);
   }