> On March 13, 2017, 10:50 a.m., Colm O hEigeartaigh wrote: > > Looks good, but please submit the patch using "git commit" and then "git > > format-patch -n HEAD~"
Done, thanks. - Yan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57519/#review168749 ----------------------------------------------------------- On March 13, 2017, 3:26 p.m., Yan Zhou wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/57519/ > ----------------------------------------------------------- > > (Updated March 13, 2017, 3:26 p.m.) > > > Review request for ranger and Colm O hEigeartaigh. > > > Repository: ranger > > > Description > ------- > > The fix of Ranger-1095 set the initial value of "denied" to "true" from the > previous "false". One impact of this change is that, when > context.getCollectionRequests() is empty which could be the case in many > invocations Solr makes to Ranger on authorization per client request, the > permission is plainly denied without going to Ranger policy engine. So the > fix changed the default behavior related to "denied". > A proper fix of Ranger-1095 IMO should be just to set the "denied" to "true" > in the catch block without changing the initial value of the variable. > > > Diffs > ----- > > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > 6160438 > > > Diff: https://reviews.apache.org/r/57519/diff/2/ > > > Testing > ------- > > manual unit > > > Thanks, > > Yan Zhou > >
