[geode] branch support/1.12 updated: GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809)

Fri, 04 Dec 2020 09:22:44 -0800 

This is an automated email from the ASF dual-hosted git repository.

zhouxj pushed a commit to branch support/1.12
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/support/1.12 by this push:
     new d298595  GEODE-8764: Lucene Functions should request data read 
permission only on the specified region (#5809)
d298595 is described below

commit d2985950faf15a29d3f0f7a384dab27ca043a1f1
Author: Xiaojian Zhou <[email protected]>
AuthorDate: Thu Dec 3 22:41:01 2020 -0800

    GEODE-8764: Lucene Functions should request data read permission only on 
the specified region (#5809)
    
    
    (cherry picked from commit 9ccef088ed5df32afaae1ceb7725be561544716d)
---
 .../geode/cache/lucene/test/LuceneFunctionSecurityTest.java       | 8 ++++++--
 .../lucene/internal/distributed/IndexingInProgressFunction.java   | 4 ++--
 .../cache/lucene/internal/distributed/LuceneQueryFunction.java    | 4 ++--
 .../lucene/internal/distributed/WaitUntilFlushedFunction.java     | 4 ++--
 .../cache/lucene/internal/results/LuceneGetPageFunction.java      | 4 ++--
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git 
a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
 
b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
index a0448cf..39630de 100644
--- 
a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
+++ 
b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
@@ -86,8 +86,12 @@ public class LuceneFunctionSecurityTest {
     for (Function function : functions) {
       Collection<ResourcePermission> permissions = function
           .getRequiredPermissions(REGION_NAME);
-      if (permissions.contains(ResourcePermissions.DATA_READ)) {
-        functionsWithDataRead.add(function);
+      for (ResourcePermission permission : permissions) {
+        if (permission.getResource().equals(ResourcePermission.Resource.DATA)
+            && 
permission.getOperation().equals(ResourcePermission.Operation.READ)) {
+          functionsWithDataRead.add(function);
+          break;
+        }
       }
     }
   }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
index 33f1973..c1ba4abd 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
@@ -27,7 +27,6 @@ import org.apache.geode.cache.lucene.LuceneIndex;
 import org.apache.geode.cache.lucene.LuceneService;
 import org.apache.geode.cache.lucene.LuceneServiceProvider;
 import org.apache.geode.internal.cache.execute.InternalFunction;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 public class IndexingInProgressFunction implements InternalFunction<Object> {
@@ -68,6 +67,7 @@ public class IndexingInProgressFunction implements 
InternalFunction<Object> {
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
index 3f87599..a414604 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
@@ -52,7 +52,6 @@ import 
org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetE
 import 
org.apache.geode.internal.cache.execute.PartitionedRegionFunctionResultSender;
 import org.apache.geode.internal.serialization.Version;
 import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 /**
@@ -234,6 +233,7 @@ public class LuceneQueryFunction implements 
InternalFunction<LuceneFunctionConte
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
index 7d8281c..4d2146c 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
@@ -27,7 +27,6 @@ import org.apache.geode.cache.execute.RegionFunctionContext;
 import org.apache.geode.cache.execute.ResultSender;
 import org.apache.geode.cache.lucene.internal.LuceneServiceImpl;
 import org.apache.geode.internal.cache.execute.InternalFunction;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 /**
@@ -85,6 +84,7 @@ public class WaitUntilFlushedFunction implements 
InternalFunction<Object> {
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
index d05c0ac..4ce7046 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
@@ -33,7 +33,6 @@ import org.apache.geode.internal.cache.Token;
 import org.apache.geode.internal.cache.execute.InternalFunction;
 import 
org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException;
 import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 /**
@@ -93,6 +92,7 @@ public class LuceneGetPageFunction implements 
InternalFunction<Object> {
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }

Reply via email to