You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by th...@apache.org on 2014/08/16 01:49:51 UTC
svn commit: r1618293 - in /hive/trunk:
itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
Author: thejas
Date: Fri Aug 15 23:49:50 2014
New Revision: 1618293
URL: http://svn.apache.org/r1618293
Log:
HIVE-6093 : table creation should fail when user does not have permissions on db (Thiruvel Thirumoolan via Thejas Nair)
Modified:
hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
Modified: hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java
URL: http://svn.apache.org/viewvc/hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java?rev=1618293&r1=1618292&r2=1618293&view=diff
==============================================================================
--- hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java (original)
+++ hive/trunk/itests/hive-unit/src/test/java/org/apache/hadoop/hive/ql/security/TestMetastoreAuthorizationProvider.java Fri Aug 15 23:49:50 2014
@@ -24,6 +24,7 @@ import java.util.List;
import junit.framework.TestCase;
+import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hive.cli.CliSessionState;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.metastore.HiveMetaStoreClient;
@@ -172,6 +173,17 @@ public class TestMetastoreAuthorizationP
String.format("create table %s (a string) partitioned by (b string)", tblName));
assertEquals(1,ret.getResponseCode());
+
+ // Even if table location is specified table creation should fail
+ String tblNameLoc = tblName + "_loc";
+ String tblLocation = new Path(dbLocn).getParent().toUri() + "/" + tblNameLoc;
+
+ driver.run("use " + dbName);
+ ret = driver.run(
+ String.format("create table %s (a string) partitioned by (b string) location '" +
+ tblLocation + "'", tblNameLoc));
+ assertEquals(1, ret.getResponseCode());
+
// failure from not having permissions to create table
ArrayList<FieldSchema> fields = new ArrayList<FieldSchema>(2);
@@ -215,6 +227,15 @@ public class TestMetastoreAuthorizationP
validateCreateTable(tbl,tblName, dbName);
+ // Table creation should succeed even if location is specified
+ driver.run("use " + dbName);
+ ret = driver.run(
+ String.format("create table %s (a string) partitioned by (b string) location '" +
+ tblLocation + "'", tblNameLoc));
+ assertEquals(0, ret.getResponseCode());
+ Table tblLoc = msc.getTable(dbName, tblNameLoc);
+ validateCreateTable(tblLoc, tblNameLoc, dbName);
+
String fakeUser = "mal";
List<String> fakeGroupNames = new ArrayList<String>();
fakeGroupNames.add("groupygroup");
Modified: hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java
URL: http://svn.apache.org/viewvc/hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java?rev=1618293&r1=1618292&r2=1618293&view=diff
==============================================================================
--- hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java (original)
+++ hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/StorageBasedAuthorizationProvider.java Fri Aug 15 23:49:50 2014
@@ -148,22 +148,19 @@ public class StorageBasedAuthorizationPr
public void authorize(Table table, Privilege[] readRequiredPriv, Privilege[] writeRequiredPriv)
throws HiveException, AuthorizationException {
- // Table path can be null in the case of a new create table - in this case,
- // we try to determine what the path would be after the create table is issued.
- Path path = null;
+ // To create/drop/alter a table, the owner should have WRITE permission on the database directory
+ authorize(hive_db.getDatabase(table.getDbName()), readRequiredPriv, writeRequiredPriv);
+
+ // If the user has specified a location - external or not, check if the user has the
try {
initWh();
String location = table.getTTable().getSd().getLocation();
- if (location == null || location.isEmpty()) {
- path = wh.getTablePath(hive_db.getDatabase(table.getDbName()), table.getTableName());
- } else {
- path = new Path(location);
+ if (location != null && !location.isEmpty()) {
+ authorize(new Path(location), readRequiredPriv, writeRequiredPriv);
}
} catch (MetaException ex) {
throw hiveException(ex);
}
-
- authorize(path, readRequiredPriv, writeRequiredPriv);
}
@Override