Repository: sqoop Updated Branches: refs/heads/sqoop2 615265db2 -> 3ba34e250
SQOOP-2256: Sqoop2: Creator should have access to its entities (Richard Zhou via Abraham Elmahrek) Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/3ba34e25 Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/3ba34e25 Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/3ba34e25 Branch: refs/heads/sqoop2 Commit: 3ba34e250d595d89d51367179be8934be51b133d Parents: 615265d Author: Abraham Elmahrek <[email protected]> Authored: Fri Mar 27 18:50:23 2015 -0700 Committer: Abraham Elmahrek <[email protected]> Committed: Fri Mar 27 18:50:23 2015 -0700 ---------------------------------------------------------------------- .../Authorization/AuthorizationEngine.java | 25 ++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sqoop/blob/3ba34e25/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java index 333919d..8c718e3 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java @@ -32,7 +32,6 @@ import org.apache.sqoop.security.AuthorizationHandler; import org.apache.sqoop.security.AuthorizationManager; import java.util.ArrayList; -import java.util.Arrays; import java.util.Collection; import java.util.List; @@ -169,6 +168,28 @@ public class AuthorizationEngine { UserGroupInformation user = HttpUserGroupInformation.get(); String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName(); MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER); - handler.checkPrivileges(principal, Arrays.asList(privileges)); + + // SQOOP-2256: Hack code, do not check privilege when the user is the creator + // If the user is the owner/creator of this resource, then privilege will + // not be checked. It is a hack code for the time being. The concept of + // "Owner" will be added in the future and this code will be removed. + ArrayList<MPrivilege> privilegesNeedCheck = new ArrayList<MPrivilege>(); + for (MPrivilege privilege : privileges) { + Repository repository = RepositoryManager.getInstance().getRepository(); + if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) { + MLink link = repository.findLink(Long.valueOf(privilege.getResource().getName())); + if (!user_name.equals(link.getCreationUser())) { + privilegesNeedCheck.add(privilege); + } + } + if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) { + MJob job = repository.findJob(Long.valueOf(privilege.getResource().getName())); + if (!user_name.equals(job.getCreationUser())) { + privilegesNeedCheck.add(privilege); + } + } + } + + handler.checkPrivileges(principal, privilegesNeedCheck); } } \ No newline at end of file
