[GitHub] phoenix pull request #283: PHOENIX-672 Add GRANT and REVOKE commands using H...

Wed, 22 Nov 2017 10:20:30 -0800 

Github user karanmehta93 commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/283#discussion_r152644103
  
    --- Diff: 
phoenix-core/src/main/java/org/apache/phoenix/schema/MetaDataClient.java ---
    @@ -4168,4 +4176,197 @@ public MutationState useSchema(UseSchemaStatement 
useSchemaStatement) throws SQL
             }
             return new MutationState(0, 0, connection);
         }
    +
    +    public MutationState grantPermission(GrantStatement grantStatement) 
throws SQLException {
    +
    +        StringBuffer grantPermLog = new StringBuffer();
    +        grantPermLog.append("Grant Permissions requested for user/group: " 
+ grantStatement.getName());
    +        if (grantStatement.getSchemaName() != null) {
    +            grantPermLog.append(" for Schema: " + 
grantStatement.getSchemaName());
    +        } else if (grantStatement.getTableName() != null) {
    +            grantPermLog.append(" for Table: " + 
grantStatement.getTableName());
    +        }
    +        grantPermLog.append(" Permissions: " + 
Arrays.toString(grantStatement.getPermsList()));
    +        logger.info(grantPermLog.toString());
    +
    +        HConnection hConnection = 
connection.getQueryServices().getAdmin().getConnection();
    +
    +        try {
    +            if (grantStatement.getSchemaName() != null) {
    +                // SYSTEM.CATALOG doesn't have any entry for "default" 
HBase namespace, hence we will bypass the check
    +                
if(!grantStatement.getSchemaName().equals(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME))
 {
    +                    
FromCompiler.getResolverForSchema(grantStatement.getSchemaName(), connection);
    +                }
    +                grantPermissionsToSchema(hConnection, grantStatement);
    +
    +            } else if (grantStatement.getTableName() != null) {
    +                PTable inputTable = PhoenixRuntime.getTable(connection,
    +                        
SchemaUtil.normalizeFullTableName(grantStatement.getTableName().toString()));
    +                if (!(PTableType.TABLE.equals(inputTable.getType()) || 
PTableType.SYSTEM.equals(inputTable.getType()))) {
    +                    throw new AccessDeniedException("Cannot GRANT 
permissions on INDEX TABLES or VIEWS");
    +                }
    +                grantPermissionsToTables(hConnection, grantStatement, 
inputTable);
    +
    +            } else {
    +                grantPermissionsToUser(hConnection, grantStatement);
    --- End diff --
    
    Yes, I have been working on it. Will commit it here soon. Current approach 
is to log an error message for all the tables whose permission assignment has 
failed. Does that seem fine?


---

Reply via email to