sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lsk...@apache.org
Subject incubator-sentry git commit: SENTRY-553: Privilege implies() failed if parent is server privilge and child privilge is URI privilge (Xiaomeng Huang via Lenni Kuff)
Date Mon, 01 Dec 2014 21:40:39 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 86b20eba0 -> 5d2a0ce7f


SENTRY-553: Privilege implies() failed if parent is server privilge and child privilge is
URI privilge (Xiaomeng Huang via Lenni Kuff)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/5d2a0ce7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/5d2a0ce7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/5d2a0ce7

Branch: refs/heads/master
Commit: 5d2a0ce7f19f1ba86f67f5efb9523d9edf9525b8
Parents: 86b20eb
Author: Lenni Kuff <lskuff@cloudera.com>
Authored: Mon Dec 1 13:36:44 2014 -0800
Committer: Lenni Kuff <lskuff@cloudera.com>
Committed: Mon Dec 1 13:40:20 2014 -0800

----------------------------------------------------------------------
 .../provider/db/service/model/MSentryPrivilege.java    |  4 ++--
 .../db/service/persistent/TestSentryPrivilege.java     | 13 +++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5d2a0ce7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
index 3c8777c..ed081a3 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
@@ -288,8 +288,8 @@ public class MSentryPrivilege {
           return false;
         }
       }
-      // if URI is not equals, return false
-    } else {
+      // if URI is not NULL, but other's URI is NULL, return false
+    } else if (!isNULL(URI) && isNULL(other.URI)){
       return false;
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5d2a0ce7/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
index fc62fab..31cca67 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
@@ -88,6 +88,11 @@ public class TestSentryPrivilege {
       my.setURI("file:///path");
       your.setURI("file:///path/to/some/dir");
       assertTrue(my.implies(your));
+
+      // my is SERVER level privilege, your is URI level privilege
+      my.setURI("");
+      your.setURI("file:///path");
+      assertTrue(my.implies(your));
     }
   }
 
@@ -111,6 +116,7 @@ public class TestSentryPrivilege {
     your.setAction(AccessConstants.ALL);
     assertFalse(my.implies(your));
 
+
     // bad table
     your.setTableName("tb2");
     assertFalse(my.implies(your));
@@ -181,6 +187,13 @@ public class TestSentryPrivilege {
     my.setURI("hdfs://namenode:9000/path1");
     your.setURI("hdfs://namenode:9000/path1");
     assertFalse(my.implies(your));
+
+    // bad implies
+    my.setServerName("server1");
+    my.setURI("hdfs://namenode:9000/path1");
+    your.setServerName("server1");
+    your.setURI("");
+    assertFalse(my.implies(your));
   }
 
   @Test


Mime
View raw message