Re: Review Request 71484: RANGER-2393: Document level authorization support for solr

Sun, 29 Sep 2019 12:37:27 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71484/#review217796
-----------------------------------------------------------




plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 341 (patched)
<https://reviews.apache.org/r/71484/#comment305398>

    if 'allRolesToken' is specified, shouldn't documents having this value be 
returned for all users - even if no roles are assigned to the user?



plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
Lines 531 (patched)
<https://reviews.apache.org/r/71484/#comment305397>

    roles will not be null/empty here, due to pre-checks before the call at 
#326. I suggest to remove this 'if' ; also the caller doesn't handle null 
return from here - #541. It  will be cleaner if this method doesn't return null.


- Madhan Neethiraj


On Sept. 17, 2019, 9:02 p.m., Sailaja Polavarapu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71484/
> -----------------------------------------------------------
> 
> (Updated Sept. 17, 2019, 9:02 p.m.)
> 
> 
> Review request for ranger, Abhay Kulkarni, Ramesh Mani, and Velmurugan 
> Periasamy.
> 
> 
> Bugs: RANGER-2393
>     https://issues.apache.org/jira/browse/RANGER-2393
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Implemented Document level authorization support for Solr based on user roles.
> 
> 
> Diffs
> -----
> 
>   
> plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  48d4fb74c 
>   
> ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
>  4cfa7e188 
>   security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java 
> 28b2c1108 
>   security-admin/src/main/java/org/apache/ranger/db/XXServiceDefDao.java 
> 835e5fea1 
>   security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3c3d1dec1 
> 
> 
> Diff: https://reviews.apache.org/r/71484/diff/3/
> 
> 
> Testing
> -------
> 
> 1. Patched cluster with the changes and verified basic functionality is 
> working fine.
> 2. Also verified few negative cases on authorization to solr.
> 
> 
> Thanks,
> 
> Sailaja Polavarapu
> 
>

Reply via email to