[ranger] branch master updated: RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin

Sun, 05 Jul 2020 21:29:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 0fa35a1  RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin
0fa35a1 is described below

commit 0fa35a1d00de7899effa5a589713baf947cabd2b
Author: rujia <[email protected]>
AuthorDate: Fri Jul 3 15:05:59 2020 +0800

    RANGER-2891: Add checkCanShowColumnsMetadata for presto plugin
    
    Signed-off-by: Ramesh Mani <[email protected]>
---
 .../presto/authorizer/RangerSystemAccessControl.java           |  8 ++++++++
 .../presto/authorizer/RangerSystemAccessControl.java           | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git 
a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 
b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
index f4fc89d..b6409cf 100644
--- 
a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
+++ 
b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
@@ -639,6 +639,14 @@ public class RangerSystemAccessControl
     }
   }
 
+  @Override
+  public void checkCanShowColumnsMetadata(SystemSecurityContext context, 
CatalogSchemaTableName table) {
+    if (!hasPermission(createResource(table), context, 
PrestoAccessType.SELECT)) {
+      LOG.debug("RangerSystemAccessControl.checkCanShowColumnsMetadata(" + 
table.getSchemaTableName().getTableName() + ") denied");
+      
AccessDeniedException.denyShowColumnsMetadata(table.getSchemaTableName().getTableName());
+    }
+  }
+
   /** HELPER FUNCTIONS **/
 
   private RangerPrestoAccessRequest createAccessRequest(RangerPrestoResource 
resource, SystemSecurityContext context, PrestoAccessType accessType) {
diff --git 
a/ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 
b/ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
index 4063870..f132355 100644
--- 
a/ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
+++ 
b/ranger-presto-plugin-shim/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
@@ -526,6 +526,16 @@ public class RangerSystemAccessControl
     }
   }
 
+  @Override
+  public void checkCanShowColumnsMetadata(SystemSecurityContext 
systemSecurityContext, CatalogSchemaTableName table){
+    try {
+      activatePluginClassLoader();
+      
systemAccessControlImpl.checkCanShowColumnsMetadata(systemSecurityContext, 
table);
+    } finally {
+      deactivatePluginClassLoader();
+    }
+  }
+
   private void activatePluginClassLoader() {
     if (rangerPluginClassLoader != null) {
       rangerPluginClassLoader.activate();

Reply via email to