You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sd...@apache.org on 2015/11/12 02:47:44 UTC
incubator-sentry git commit: SENTRY-923: Fix SentryStore
getPrivileges when table require some (Dapeng Sun, reviewed by Guoquan Shen)
Repository: incubator-sentry
Updated Branches:
refs/heads/master d3793ed21 -> 25d0fefb4
SENTRY-923: Fix SentryStore getPrivileges when table require some (Dapeng Sun, reviewed by Guoquan Shen)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/25d0fefb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/25d0fefb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/25d0fefb
Branch: refs/heads/master
Commit: 25d0fefb4161ce886459d816caff576415fc2a3f
Parents: d3793ed
Author: Sun Dapeng <sd...@apache.org>
Authored: Thu Nov 12 09:34:25 2015 +0800
Committer: Sun Dapeng <sd...@apache.org>
Committed: Thu Nov 12 09:39:15 2015 +0800
----------------------------------------------------------------------
.../db/service/persistent/SentryStore.java | 7 ++--
.../db/service/persistent/TestSentryStore.java | 36 ++++++++++++++++++++
2 files changed, 40 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25d0fefb/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index fbb611e..8c9401c 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -975,9 +975,10 @@ public class SentryStore {
if (authHierarchy.getDb() != null) {
filters.append(" && ((dbName == \"" + authHierarchy.getDb().toLowerCase() + "\") || (dbName == \"__NULL__\")) && (URI == \"__NULL__\")");
if ((authHierarchy.getTable() != null)
- && !AccessConstants.ALL
- .equalsIgnoreCase(authHierarchy.getTable())) {
- filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
+ && !AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getTable())) {
+ if (!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getTable())) {
+ filters.append(" && ((tableName == \"" + authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) && (URI == \"__NULL__\")");
+ }
if ((authHierarchy.getColumn() != null)
&& !AccessConstants.ALL
.equalsIgnoreCase(authHierarchy.getColumn())) {
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/25d0fefb/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index be19468..a7bfc02 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -1661,6 +1661,42 @@ public class TestSentryStore {
assertEquals(1, privilegeSet.size());
}
+ @Test
+ public void testSentryTablePrivilegeSome() throws Exception {
+ String roleName = "test-table-privilege-some";
+ String grantor = "g1";
+ String dbName = "db1";
+ String table = "tb1";
+ sentryStore.createSentryRole(roleName);
+ TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", "server1", "ALL");
+ tSentryPrivilege.setDbName(dbName);
+ tSentryPrivilege.setTableName(table);
+ sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);
+
+ TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
+ tSentryAuthorizable.setDb(dbName);
+ tSentryAuthorizable.setTable(AccessConstants.SOME);
+ tSentryAuthorizable.setServer("server1");
+
+ Set<TSentryPrivilege> privileges =
+ sentryStore.getTSentryPrivileges(new HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable);
+
+ assertTrue(privileges.size() == 1);
+
+ Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>();
+ tSentryGroups.add(new TSentryGroup("group1"));
+ sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups);
+
+ TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new HashSet<String>(Arrays.asList(roleName)));
+
+ Set<String> privs =
+ sentryStore.listSentryPrivilegesForProvider(new HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable);
+
+ assertTrue(privs.size()==1);
+ assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + table + "->action=all"));
+
+ }
+
protected static void addGroupsToUser(String user, String... groupNames) {
policyFile.addGroupsToUser(user, groupNames);
}