----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71484/#review217796 -----------------------------------------------------------
plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java Lines 341 (patched) <https://reviews.apache.org/r/71484/#comment305398> if 'allRolesToken' is specified, shouldn't documents having this value be returned for all users - even if no roles are assigned to the user? plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java Lines 531 (patched) <https://reviews.apache.org/r/71484/#comment305397> roles will not be null/empty here, due to pre-checks before the call at #326. I suggest to remove this 'if' ; also the caller doesn't handle null return from here - #541. It will be cleaner if this method doesn't return null. - Madhan Neethiraj On Sept. 17, 2019, 9:02 p.m., Sailaja Polavarapu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71484/ > ----------------------------------------------------------- > > (Updated Sept. 17, 2019, 9:02 p.m.) > > > Review request for ranger, Abhay Kulkarni, Ramesh Mani, and Velmurugan > Periasamy. > > > Bugs: RANGER-2393 > https://issues.apache.org/jira/browse/RANGER-2393 > > > Repository: ranger > > > Description > ------- > > Implemented Document level authorization support for Solr based on user roles. > > > Diffs > ----- > > > plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > 48d4fb74c > > ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java > 4cfa7e188 > security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java > 28b2c1108 > security-admin/src/main/java/org/apache/ranger/db/XXServiceDefDao.java > 835e5fea1 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 3c3d1dec1 > > > Diff: https://reviews.apache.org/r/71484/diff/3/ > > > Testing > ------- > > 1. Patched cluster with the changes and verified basic functionality is > working fine. > 2. Also verified few negative cases on authorization to solr. > > > Thanks, > > Sailaja Polavarapu > >