ranger git commit: RANGER-1943 : Ranger Solr authorization is skipped when collection is empty or null

Fri, 22 Dec 2017 10:32:04 -0800 

Repository: ranger
Updated Branches:
  refs/heads/master 4ef52b46b -> a1c14e350


RANGER-1943 : Ranger Solr authorization is skipped when collection is empty or 
null

Signed-off-by: rmani <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a1c14e35
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a1c14e35
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a1c14e35

Branch: refs/heads/master
Commit: a1c14e3507981968e366924667fa47079208dfda
Parents: 4ef52b4
Author: rmani <[email protected]>
Authored: Thu Dec 21 16:22:51 2017 -0800
Committer: rmani <[email protected]>
Committed: Fri Dec 22 10:31:42 2017 -0800

----------------------------------------------------------------------
 .../solr/authorizer/RangerSolrAuthorizer.java   | 53 ++++++++++++--------
 1 file changed, 33 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a1c14e35/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git 
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
 
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 0f7182d..97aa204 100644
--- 
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ 
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -28,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.audit.provider.AuditProviderFactory;
@@ -196,19 +197,37 @@ public class RangerSolrAuthorizer implements 
AuthorizationPlugin {
                        // broken
                        // into a request
                        List<RangerAccessRequestImpl> rangerRequests = new 
ArrayList<RangerAccessRequestImpl>();
-                       for (CollectionRequest collectionRequest : context
-                                       .getCollectionRequests()) {
+                       List<CollectionRequest>   collectionRequests = 
context.getCollectionRequests();
 
+                       if (CollectionUtils.isEmpty(collectionRequests)) {
+                               // if Collection is empty we set the collection 
to *. This happens when LIST is done.
                                RangerAccessRequestImpl requestForCollection = 
createRequest(
                                                userName, userGroups, ip, 
eventTime, context,
-                                               collectionRequest);
+                                               null);
                                if (requestForCollection != null) {
                                        
rangerRequests.add(requestForCollection);
                                }
+                       } else {
+                               // Create the list of requests for access 
check. Each field is
+                               // broken
+                               // into a request
+                               for (CollectionRequest collectionRequest : 
context
+                                               .getCollectionRequests()) {
+
+                                       RangerAccessRequestImpl 
requestForCollection = createRequest(
+                                                       userName, userGroups, 
ip, eventTime, context,
+                                                       collectionRequest);
+                                       if (requestForCollection != null) {
+                                               
rangerRequests.add(requestForCollection);
+                                       }
+                               }
+
                        }
+
                        if (logger.isDebugEnabled()) {
                                logger.debug("rangerRequests.size()=" + 
rangerRequests.size());
                        }
+
                        try {
                                // Let's check the access for each 
request/resource
                                for (RangerAccessRequestImpl rangerRequest : 
rangerRequests) {
@@ -333,25 +352,19 @@ public class RangerSolrAuthorizer implements 
AuthorizationPlugin {
 
                String accessType = mapToRangerAccessType(context);
                String action = accessType;
-
-               if (collectionRequest.collectionName != null) {
-                       RangerAccessRequestImpl rangerRequest = 
createBaseRequest(userName,
-                                       userGroups, ip, eventTime);
-                       RangerAccessResourceImpl rangerResource = new 
RangerAccessResourceImpl();
-                       rangerResource.setValue(KEY_COLLECTION,
-                                       collectionRequest.collectionName);
-                       rangerRequest.setResource(rangerResource);
-                       rangerRequest.setAccessType(accessType);
-                       rangerRequest.setAction(action);
-
-                       return rangerRequest;
+               RangerAccessRequestImpl rangerRequest = 
createBaseRequest(userName,
+                               userGroups, ip, eventTime);
+               RangerAccessResourceImpl rangerResource = new 
RangerAccessResourceImpl();
+               if (collectionRequest == null) {
+                       rangerResource.setValue(KEY_COLLECTION, "*");
+               } else {
+                       rangerResource.setValue(KEY_COLLECTION, 
collectionRequest.collectionName);
                }
-               
-               logger.fatal("Can't create RangerRequest object. userName="
-                               + userName + ", accessType=" + accessType + ", 
ip=" + ip
-                               + ", collectionRequest=" + collectionRequest);
+               rangerRequest.setResource(rangerResource);
+               rangerRequest.setAccessType(accessType);
+               rangerRequest.setAction(action);
 
-               return null;
+               return rangerRequest;
        }
 
        private RangerAccessRequestImpl createBaseRequest(String userName,

Reply via email to