You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2017/02/10 23:45:36 UTC

ranger git commit: RANGER-1320:Ranger Hive Plugin Exception message correction

Repository: ranger
Updated Branches:
  refs/heads/master e4122919c -> 239cc55e1


RANGER-1320:Ranger Hive Plugin Exception message correction


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/239cc55e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/239cc55e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/239cc55e

Branch: refs/heads/master
Commit: 239cc55e11b5fc46761d6cde49a5c908938fb111
Parents: e412291
Author: rmani <rm...@hortonworks.com>
Authored: Fri Feb 10 15:44:43 2017 -0800
Committer: rmani <rm...@hortonworks.com>
Committed: Fri Feb 10 15:45:27 2017 -0800

----------------------------------------------------------------------
 .../hive/authorizer/RangerHiveAuthorizer.java   | 26 +++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/239cc55e/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index d468aeb..cb94f19 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -406,9 +406,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 
 				if(result != null && !result.getIsAllowed()) {
 					String path = resource.getAsString();
-					if (hiveOpType == HiveOperationType.DESCTABLE) {
-						path = path + "/*";
-					}
+					path = buildPathForException(path,hiveOpType);
 					throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
 														 user, request.getHiveAccessType().name(), path));
 				}
@@ -1022,6 +1020,28 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 		return accessType;
 	}
 
+	private String buildPathForException(String path, HiveOperationType hiveOpType) {
+		String ret  	= path;
+		int endIndex 	= 0;
+		switch(hiveOpType) {
+			case DESCTABLE:
+				ret = path + "/*";
+				break;
+			case QUERY:
+				try {
+					endIndex = StringUtils.ordinalIndexOf(path, "/", 2);
+					ret = path.substring(0,endIndex) + "/*";
+				} catch( Exception e) {
+					//omit and return the path.Log error only in debug.
+					if(LOG.isDebugEnabled()) {
+						LOG.debug("RangerHiveAuthorizer.buildPathForException(): Error while creating exception message ", e);
+					}
+				}
+				break;
+		}
+		return ret;
+	}
+
     private boolean isURIAccessAllowed(String userName, FsAction action, String uri, HiveConf conf) {
         boolean ret = false;