You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2016/12/14 17:08:03 UTC
[2/2] incubator-ranger git commit: RANGER-1254 : HiveAuthorizer
should deny access to URI operations if there are any exceptions - fix PMD
error with previous commit
RANGER-1254 : HiveAuthorizer should deny access to URI operations if there are any exceptions - fix PMD error with previous commit
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/043daf31
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/043daf31
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/043daf31
Branch: refs/heads/ranger-0.6
Commit: 043daf31b3310d7a2f7bab1f81cfbeb99232bb35
Parents: 200dd5a
Author: rmani <rm...@hortonworks.com>
Authored: Tue Dec 13 15:18:59 2016 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Wed Dec 14 09:07:41 2016 -0800
----------------------------------------------------------------------
.../authorization/hive/authorizer/RangerHiveAuthorizer.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/043daf31/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 92e8c87..7dd4c90 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -1015,9 +1015,10 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
if (FileUtils.isOwnerOfFileHierarchy(fs, file, userName) ||
FileUtils.isActionPermittedForFileHierarchy(fs, file, userName, action)) {
continue;
+ } else {
+ isDenied = true;
+ break;
}
- isDenied = true;
- break;
}
ret = !isDenied;
} else { // if given path does not exist then check for parent