git commit: SENTRY-315: SHOW CURRENT ROLE fails if the one of the groups doesn't have any roles granted (Prasad Mujumdar via Sravya Tirukkovalur)

Fri, 27 Jun 2014 14:23:27 -0700 

Repository: incubator-sentry
Updated Branches:
  refs/heads/master 1785f0ee5 -> 1a14264fd


SENTRY-315: SHOW CURRENT ROLE fails if the one of the groups doesn't have any 
roles granted (Prasad Mujumdar via Sravya Tirukkovalur)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/1a14264f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/1a14264f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/1a14264f

Branch: refs/heads/master
Commit: 1a14264fd3014388a881f6b7928f75bcf4060f0f
Parents: 1785f0e
Author: Sravya Tirukkovalur <[email protected]>
Authored: Fri Jun 27 14:19:59 2014 -0700
Committer: Sravya Tirukkovalur <[email protected]>
Committed: Fri Jun 27 14:19:59 2014 -0700

----------------------------------------------------------------------
 .../provider/db/service/persistent/SentryStore.java    | 13 ++++++++++---
 .../db/service/thrift/SentryPolicyStoreProcessor.java  |  4 +++-
 .../db/service/persistent/TestSentryStore.java         |  9 ++++++---
 .../tests/e2e/dbprovider/TestDatabaseProvider.java     |  7 +++++++
 4 files changed, 26 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 78f41d3..5f77793 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -894,11 +894,18 @@ public class SentryStore {
    * @return : Set of thrift sentry role objects
    * @throws SentryNoSuchObjectException
    */
-  public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> groupNames)
-      throws SentryNoSuchObjectException {
+  public Set<TSentryRole> getTSentryRolesByGroupName(Set<String> groupNames,
+      boolean checkAllGroups) throws SentryNoSuchObjectException {
     Set<MSentryRole> roleSet = Sets.newHashSet();
     for (String groupName : groupNames) {
-      roleSet.addAll(getMSentryRolesByGroupName(groupName));
+      try {
+        roleSet.addAll(getMSentryRolesByGroupName(groupName));
+      } catch (SentryNoSuchObjectException e) {
+        // if we are checking for all the given groups, then continue searching
+        if (!checkAllGroups) {
+          throw e;
+        }
+      }
     }
     return convertToTSentryRoles(roleSet);
   }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index 8964a18..40ac881 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -314,16 +314,18 @@ public class SentryPolicyStoreProcessor implements 
SentryPolicyService.Iface {
     TSentryResponseStatus status;
     Set<TSentryRole> roleSet = new HashSet<TSentryRole>();
     Set<String> groups = new HashSet<String>();
+    boolean checkAllGroups = false;
     try {
       // Don't check admin permissions for listing requestor's own roles
       if (AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) {
         groups = getRequestorGroups(request.getRequestorUserName());
+        checkAllGroups = true;
       } else {
         authorize(request.getRequestorUserName(),
           getRequestorGroups(request.getRequestorUserName()));
         groups.add(request.getGroupName());
       }
-      roleSet = sentryStore.getTSentryRolesByGroupName(groups);
+      roleSet = sentryStore.getTSentryRolesByGroupName(groups, checkAllGroups);
       response.setRoles(roleSet);
       response.setStatus(Status.OK());
     } catch (SentryNoSuchObjectException e) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index acc8b3a..6613d12 100644
--- 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -349,9 +349,12 @@ public class TestSentryStore {
     sentryStore.alterSentryRoleAddGroups(grantor, roleName3,
         Sets.newHashSet(new TSentryGroup(group1), new TSentryGroup(group2)));
 
-    assertEquals(2, 
sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1)).size());
-    assertEquals(2, 
sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group2)).size());
-    assertEquals(3, 
sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1,group2)).size());
+    assertEquals(2, 
sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1), false).size());
+    assertEquals(2, 
sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group2), false).size());
+    assertEquals(3, 
sentryStore.getTSentryRolesByGroupName(Sets.newHashSet(group1,group2), 
false).size());
+    assertEquals(0,
+        sentryStore.getTSentryRolesByGroupName(Sets.newHashSet("foo"), true)
+            .size());
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/1a14264f/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
----------------------------------------------------------------------
diff --git 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
index 200ea55..83bf406 100644
--- 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
+++ 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
@@ -1651,6 +1651,13 @@ public class TestDatabaseProvider extends 
AbstractTestWithStaticConfiguration {
     statement.close();
     connection.close();
 
+    connection = context.createConnection(USER2_1);
+    statement = context.createStatement(connection);
+    resultSet = statement.executeQuery("SHOW CURRENT ROLES");
+    assertResultSize(resultSet, 0);
+    statement.close();
+    connection.close();
+
     connection = context.createConnection(USER1_1);
     statement = context.createStatement(connection);

Reply via email to