trafodion-codereview mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertamarton <...@git.apache.org>
Subject [GitHub] incubator-trafodion pull request #660: TRAFODION [2137] Improve metadata acc...
Date Thu, 18 Aug 2016 15:22:45 GMT
Github user robertamarton commented on a diff in the pull request:

    https://github.com/apache/incubator-trafodion/pull/660#discussion_r75329351
  
    --- Diff: core/sql/common/ComSecurityKey.cpp ---
    @@ -73,6 +74,59 @@ NABoolean qiCheckForInvalidObject (const Int32 numInvalidationKeys,
       return found;
     }
     
    +// ****************************************************************************
    +// Function that builds query invalidation keys for privileges. A separate
    +// invalidation key is added for each granted DML privilege. 
    +// ****************************************************************************
    +bool buildSecurityKeySet(PrivMgrUserPrivs *privInfo,
    +                         Int64 objectUID,
    +                         ComSecurityKeySet &secKeySet)
    +{
    +  Int32 granteeID = ComUser::getCurrentUser();
    +
    +  // Build security keys for object privileges
    +  for ( Int32 i = FIRST_DML_PRIV; i <= LAST_DML_PRIV; i++ )
    +  {
    +    if ( privInfo->hasObjectPriv((PrivType)i) )
    +      {
    +        ComSecurityKey key(granteeID,
    +                           objectUID,
    +                           PrivType(i),
    +                           ComSecurityKey::OBJECT_IS_OBJECT);
    +        if (!key.isValid())
    +          return false;
    +        secKeySet.insert(key);
    --- End diff --
    
    There is similar code in Privilege Manager and it handles issues in the same manner. 
However, looking at the code, if the key is invalid, then an invalid parameter was sent to
the constructor. In this case, we should probably assert. We should not run into this issue
today but if we happen to add another DML like privilege, this could fail and not report an
error.  I wrote JIRA 2167 to handle errors better here and elsewhere. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message