-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/#review221031
-----------------------------------------------------------




webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java
Line 808 (original), 811 (patched)
<https://reviews.apache.org/r/72601/#comment309813>

    consider replacing 811 and 812 with:
    
    entitiesStore.getHeaderById(guid);
    
    this internally checks for authorization.


- Sarath Subramanian


On June 17, 2020, 7:48 a.m., chaitali wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72601/
> -----------------------------------------------------------
> 
> (Updated June 17, 2020, 7:48 a.m.)
> 
> 
> Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
> and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-3845
>     https://issues.apache.org/jira/browse/ATLAS-3845
> 
> 
> Repository: atlas
> 
> 
> Description
> -------
> 
> Audit api was returning all entities details even after blocking the rights 
> for read entity in Ranger policy-This patch handles the issue by adding 
> verify access check.
> 
> 
> Diffs
> -----
> 
>   webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 
> 
> 
> Diff: https://reviews.apache.org/r/72601/diff/1/
> 
> 
> Testing
> -------
> 
> Tested by adding deny policy for read/create entity in Ranger
> 
> 
> Thanks,
> 
> chaitali
> 
>

Reply via email to