[ranger] branch master updated: RANGER-2872: The Ranger authentication group permission of the ES does not take effect

Tue, 30 Jun 2020 04:28:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 81dd0f6  RANGER-2872: The Ranger authentication group permission of 
the ES does not take effect
81dd0f6 is described below

commit 81dd0f650eb179d29b9d62a6e435fef00e944e40
Author: pradeep <prad...@apache.org>
AuthorDate: Wed Jun 24 13:44:42 2020 +0530

    RANGER-2872: The Ranger authentication group permission of the ES does not 
take effect
---
 .../elasticsearch/authorizer/RangerElasticsearchAuthorizer.java     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git 
a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
 
b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
index f5201ce..e72a158 100644
--- 
a/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
+++ 
b/plugin-elasticsearch/src/main/java/org/apache/ranger/authorization/elasticsearch/authorizer/RangerElasticsearchAuthorizer.java
@@ -17,11 +17,13 @@
 
 package org.apache.ranger.authorization.elasticsearch.authorizer;
 
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.audit.provider.MiscUtil;
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
@@ -87,7 +89,9 @@ public class RangerElasticsearchAuthorizer implements 
RangerElasticsearchAccessC
                boolean ret = false;
 
                if (elasticsearchPlugin != null) {
-
+                       if (null == groups) {
+                               groups = new ArrayList 
<>(MiscUtil.getGroupsForRequestUser(user));
+                       }
                        String privilege = 
IndexPrivilegeUtils.getPrivilegeFromAction(action);
                        RangerElasticsearchAccessRequest request = new 
RangerElasticsearchAccessRequest(user, groups, index,
                                        privilege, clientIPAddress);

Reply via email to