Repository: sentry Updated Branches: refs/heads/master 9aeb2e236 -> cfd1036fe
SENTRY-2281: list_privileges_by_user() fails with a JDODetachedFieldAccessException (Arjun Mishra, reviewed by Sergio Pena, Na Li) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/cfd1036f Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/cfd1036f Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/cfd1036f Branch: refs/heads/master Commit: cfd1036fea2d66d39c29587e22d44861aadcba1f Parents: 9aeb2e2 Author: Sergio Pena <[email protected]> Authored: Tue Jun 26 15:21:31 2018 -0500 Committer: Sergio Pena <[email protected]> Committed: Tue Jun 26 15:22:03 2018 -0500 ---------------------------------------------------------------------- .../db/service/persistent/SentryStore.java | 15 ++++++++--- .../db/service/persistent/TestSentryStore.java | 28 ++++++++++++++++++++ 2 files changed, 40 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/cfd1036f/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java index 29c2176..d8ab1fc 100644 --- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java +++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java @@ -1907,6 +1907,7 @@ public class SentryStore implements SentryStoreInterface { pm -> { Query query = pm.newQuery(MSentryPrivilege.class); QueryParamBuilder paramBuilder = QueryParamBuilder.newQueryParamBuilder(); + if (entityNames == null || entityNames.isEmpty()) { if (entityType == SentryEntityType.ROLE) { paramBuilder.addString("!roles.isEmpty()"); @@ -1945,9 +1946,17 @@ public class SentryStore implements SentryStoreInterface { // if no server, then return empty result return Collections.emptyList(); } - FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole"); - grp.addMember("roles"); - pm.getFetchPlan().addGroup("fetchRole"); + + if (entityType == SentryEntityType.ROLE) { + FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchRole"); + grp.addMember("roles"); + pm.getFetchPlan().addGroup("fetchRole"); + } else if(entityType == SentryEntityType.USER) { + FetchGroup grp = pm.getFetchGroup(MSentryPrivilege.class, "fetchUser"); + grp.addMember("users"); + pm.getFetchPlan().addGroup("fetchUser"); + } + query.setFilter(paramBuilder.toString()); @SuppressWarnings("unchecked") List<MSentryPrivilege> result = (List<MSentryPrivilege>)query. http://git-wip-us.apache.org/repos/asf/sentry/blob/cfd1036f/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java ---------------------------------------------------------------------- diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java index 5849e7d..52ce72c 100644 --- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java +++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java @@ -44,6 +44,7 @@ import org.apache.hadoop.security.alias.CredentialProvider; import org.apache.hadoop.security.alias.CredentialProviderFactory; import org.apache.hadoop.security.alias.UserProvider; import org.apache.sentry.SentryOwnerInfo; +import org.apache.sentry.api.service.thrift.TSentryPrivilegeMap; import org.apache.sentry.core.common.exception.SentryAccessDeniedException; import org.apache.sentry.core.common.exception.SentryInvalidInputException; import org.apache.sentry.core.common.utils.SentryConstants; @@ -4190,6 +4191,33 @@ public class TestSentryStore extends org.junit.Assert { } @Test + public void testListSentryPrivilegesByAuthorizableForUser() throws Exception { + String userName1 = "list-privs-user1"; + String grantor = "g1"; + sentryStore.createSentryUser(userName1); + + TSentryPrivilege privilege1 = new TSentryPrivilege(); + privilege1.setPrivilegeScope("TABLE"); + privilege1.setServerName("server1"); + privilege1.setDbName("db1"); + privilege1.setTableName("tbl1"); + privilege1.setAction("SELECT"); + privilege1.setCreateTime(System.currentTimeMillis()); + sentryStore.alterSentryGrantPrivilege(grantor, SentryEntityType.USER, userName1, privilege1, null); + + TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable(); + tSentryAuthorizable.setServer("server1"); + tSentryAuthorizable.setDb("db1"); + tSentryAuthorizable.setTable("tbl1"); + + TSentryPrivilegeMap map = sentryStore.listSentryPrivilegesByAuthorizableForUser( + Sets.newHashSet(userName1), + tSentryAuthorizable,false); + assertEquals(1, map.getPrivilegeMapSize()); + assertEquals(Sets.newHashSet(userName1), map.getPrivilegeMap().keySet()); + } + + @Test public void testGrantRevokePrivilegeMultipleTimesForRole() throws Exception { String roleName = "test-privilege"; String grantor = "g1";
