-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72615/
-----------------------------------------------------------
(Updated July 7, 2020, 11:02 a.m.)
Review request for atlas, Jayendra Parab, Nikhil Bonte, Nixon Rodrigues, and
Sarath Subramanian.
Bugs: ATLAS-3855
https://issues.apache.org/jira/browse/ATLAS-3855
Repository: atlas
Description
-------
API : /api/atlas/v2/entity/bulk/classification & v2/entity/bulk : if some guids
belong to entities on which user is unauthorized other guids belong to entities
on which user is authorized This APIs fail with 403 error without returning the
authorized entities.
1.Unauthorized guids are filtered with this patch for both the APIs.
2.Added ignoreUnauthorisedGuids flag for /bulk/classification API as it doesn't
return any object
2.Also added unauthorized guids in return object of /bulk in response for
user's reference.
Diffs (updated)
-----
repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java
bf1629cb3
server-api/src/main/java/org/apache/atlas/RequestContext.java 282a66f1d
webapp/src/main/java/org/apache/atlas/web/filters/AuditFilter.java c663b00c9
Diff: https://reviews.apache.org/r/72615/diff/8/
Changes: https://reviews.apache.org/r/72615/diff/7-8/
Testing
-------
Tested with ranger policies:
For /bulk api following policy were applied:
1.Added hive_column entity as entity type.
2.Included admin as user and prohibited access for read entity all this under
deny policy.
For /bulk/classification following policy were applied:
1.Added hive_column entity as entity type.
2.Gave all the access to admin but kwpt hive_column entity type in excluded
state.
Thanks,
chaitali
