incubator-sentry git commit: SENTRY-962: Fix SentryStore getPrivileges when column require some (Dapeng Sun, reviewed by Guoquan Shen)

Tue, 17 Nov 2015 21:12:07 -0800 

Repository: incubator-sentry
Updated Branches:
  refs/heads/master e6e7d7311 -> 439d5f29a


SENTRY-962: Fix SentryStore getPrivileges when column require some (Dapeng Sun, 
reviewed by Guoquan Shen)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/439d5f29
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/439d5f29
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/439d5f29

Branch: refs/heads/master
Commit: 439d5f29a51021f6b02af04b2539908133f3f92c
Parents: e6e7d73
Author: Sun Dapeng <s...@apache.org>
Authored: Wed Nov 18 13:02:18 2015 +0800
Committer: Sun Dapeng <s...@apache.org>
Committed: Wed Nov 18 13:02:18 2015 +0800

----------------------------------------------------------------------
 .../db/service/persistent/SentryStore.java      |  7 ++--
 .../db/service/persistent/TestSentryStore.java  | 41 ++++++++++++++++++++
 2 files changed, 45 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/439d5f29/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 8c9401c..6798f2f 100644
--- 
a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ 
b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -980,9 +980,10 @@ public class SentryStore {
               filters.append(" && ((tableName == \"" + 
authHierarchy.getTable().toLowerCase() + "\") || (tableName == \"__NULL__\")) 
&& (URI == \"__NULL__\")");
             }
             if ((authHierarchy.getColumn() != null)
-                && !AccessConstants.ALL
-                    .equalsIgnoreCase(authHierarchy.getColumn())) {
-              filters.append(" && ((columnName == \"" + 
authHierarchy.getColumn().toLowerCase() + "\") || (columnName == \"__NULL__\")) 
&& (URI == \"__NULL__\")");
+                && 
!AccessConstants.ALL.equalsIgnoreCase(authHierarchy.getColumn())) {
+              if 
(!AccessConstants.SOME.equalsIgnoreCase(authHierarchy.getColumn())) {
+                filters.append(" && ((columnName == \"" + 
authHierarchy.getColumn().toLowerCase() + "\") || (columnName == \"__NULL__\")) 
&& (URI == \"__NULL__\")");
+              }
             }
           }
         }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/439d5f29/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index a7bfc02..56c05c2 100644
--- 
a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ 
b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -1697,6 +1697,47 @@ public class TestSentryStore {
 
   }
 
+
+  @Test
+  public void testSentryColumnPrivilegeSome() throws Exception {
+    String roleName = "test-column-privilege-some";
+    String grantor = "g1";
+    String dbName = "db1";
+    String table = "tb1";
+    String column = "col1";
+    sentryStore.createSentryRole(roleName);
+    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("TABLE", 
"server1", "ALL");
+    tSentryPrivilege.setDbName(dbName);
+    tSentryPrivilege.setTableName(table);
+    tSentryPrivilege.setColumnName(column);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, 
tSentryPrivilege);
+
+    TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
+    tSentryAuthorizable.setDb(dbName);
+    tSentryAuthorizable.setTable(table);
+    tSentryAuthorizable.setColumn(AccessConstants.SOME);
+    tSentryAuthorizable.setServer("server1");
+
+    Set<TSentryPrivilege> privileges =
+        sentryStore.getTSentryPrivileges(new 
HashSet<String>(Arrays.asList(roleName)), tSentryAuthorizable);
+
+    assertTrue(privileges.size() == 1);
+
+    Set<TSentryGroup> tSentryGroups = new HashSet<TSentryGroup>();
+    tSentryGroups.add(new TSentryGroup("group1"));
+    sentryStore.alterSentryRoleAddGroups(grantor, roleName, tSentryGroups);
+
+    TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(true, new 
HashSet<String>(Arrays.asList(roleName)));
+
+    Set<String> privs =
+        sentryStore.listSentryPrivilegesForProvider(new 
HashSet<String>(Arrays.asList("group1")), thriftRoleSet, tSentryAuthorizable);
+
+    assertTrue(privs.size() == 1);
+    assertTrue(privs.contains("server=server1->db=" + dbName + "->table=" + 
table + "->column="
+        + column + "->action=all"));
+
+  }
+
   protected static void addGroupsToUser(String user, String... groupNames) {
     policyFile.addGroupsToUser(user, groupNames);
   }

Reply via email to