incubator-ranger git commit: BUG-31949: In hive plugin TABLE policy restriction for all tables {{*}} fails when UDF policy for all functions {{*}} is maintained for a database

Fri, 20 Feb 2015 14:26:18 -0800 

Repository: incubator-ranger
Updated Branches:
  refs/heads/ranger-0.4 da80d02f8 -> 9c0c5d953


BUG-31949: In hive plugin TABLE policy restriction for all tables {{*}} fails 
when UDF policy for all functions {{*}} is maintained for a database


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9c0c5d95
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9c0c5d95
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9c0c5d95

Branch: refs/heads/ranger-0.4
Commit: 9c0c5d953d4821c5311c2d6389c8c3f3f98e8927
Parents: da80d02
Author: rmani <[email protected]>
Authored: Fri Feb 20 14:24:33 2015 -0800
Committer: rmani <[email protected]>
Committed: Fri Feb 20 14:24:33 2015 -0800

----------------------------------------------------------------------
 .../src/main/java/com/xasecure/pdp/hive/HiveAuthDB.java      | 8 ++++++++
 1 file changed, 8 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9c0c5d95/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthDB.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthDB.java 
b/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthDB.java
index e64c3e9..5550183 100644
--- a/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthDB.java
+++ b/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthDB.java
@@ -218,6 +218,10 @@ public class HiveAuthDB {
                boolean ret = false;
 
                for (HiveAuthRule rule : allRuleList) {
+                       if(rule.isUdf()) {
+                               continue;
+                       }
+
                        ret = rule.isMatched(database, ugi.getShortUserName(), 
ugi.getGroupNames(), accessType);
 
                        if(ret) {
@@ -236,6 +240,10 @@ public class HiveAuthDB {
                boolean ret = false;
 
                for (HiveAuthRule rule : tblRuleList) {
+                       if(rule.isUdf()) {
+                               continue;
+                       }
+
                        ret = rule.isMatched(database, tableOrView, 
ugi.getShortUserName(), ugi.getGroupNames(), accessType);
 
                        if(ret) {

Reply via email to