----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72601/#review221046 -----------------------------------------------------------
Fix it, then Ship it! webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java Lines 809 (patched) <https://reviews.apache.org/r/72601/#comment309827> I suggest to add a comment here, to clarify why this call us needed: // following call enforces authorization for entity-read entitiesStore.getHeaderById(guid); - Madhan Neethiraj On June 22, 2020, 2:49 p.m., chaitali wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72601/ > ----------------------------------------------------------- > > (Updated June 22, 2020, 2:49 p.m.) > > > Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, > and Sarath Subramanian. > > > Bugs: ATLAS-3845 > https://issues.apache.org/jira/browse/ATLAS-3845 > > > Repository: atlas > > > Description > ------- > > Audit api was returning all entities details even after blocking the rights > for read entity in Ranger policy-This patch handles the issue by adding > verify access check. > > > Diffs > ----- > > webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f > > > Diff: https://reviews.apache.org/r/72601/diff/2/ > > > Testing > ------- > > Tested by adding deny policy for read/create entity in Ranger > > > Thanks, > > chaitali > >
