> On Sept. 12, 2023, 9:47 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > > Line 251 (original), 251 (patched) > > <https://reviews.apache.org/r/74598/diff/1/?file=2279563#file2279563line251> > > > > User having only LIST permission should not be returned the entire > > dataset details. They should only be able to view following fields: > > - name > > - description > > - termsOfUse
Updated to return only above fields if gdsPermission in query-param is LIST > On Sept. 12, 2023, 9:47 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java > > Lines 220 (patched) > > <https://reviews.apache.org/r/74598/diff/1/?file=2279565#file2279565line220> > > > > with this update, gdsPermission becomes a mandatory search filter > > (query-param). This shouldn't be the case. Filtering should be performed > > only when gdsPermission is specified. Made gdsPermission in query-param optional - Subhrat ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74598/#review225739 ----------------------------------------------------------- On Sept. 13, 2023, 12:33 a.m., Subhrat Chaudhary wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74598/ > ----------------------------------------------------------- > > (Updated Sept. 13, 2023, 12:33 a.m.) > > > Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, > Monika Kachhadiya, Prashant Satam, and Siddhesh Phatak. > > > Bugs: https://issues.apache.org/jira/browse/RANGER-4324 > > https://issues.apache.org/jira/browse/https://issues.apache.org/jira/browse/RANGER-4324 > > > Repository: ranger > > > Description > ------- > > First patch added in RANGER-4324, support only view permission. Adding this > patch to receive permission as query param, and return datasets based on the > ACLs for the dataset and the permission that the logged in user has. > > > Diffs > ----- > > agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java > 440bb4c24 > security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java > d2bd0789d > security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java > 059954b46 > security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java 653e397d4 > > > Diff: https://reviews.apache.org/r/74598/diff/2/ > > > Testing > ------- > > Updated API validated locally: > 1. 3 datasets created with the user mark having ADMIN, VIEW and LIST > permissions respcetively. > 2. Tested /service/gds/dataset with query param gdsPermission={permission}. > 3. For gdsPermission=LIST, all 3 datasets are returned. Following is the > details received if LIST permission is passed in query-param: > { > "isEnabled": true, > "description": "This is GDS description", > "name": "Dataset1", > "termsOfUse": "Gds Terms of Use" > } > 4. For gdsPermission=VIEW, all 2 datasets are returned, where the user mark > has ADMIN or VIEW permissions. > 5. For gdsPermission=ADMIN, only 1 dataset is returned, where the user mark > has ADMIN permissions. > 6. If gdsPermission is not passed in query-param or if value of gdsPermission > is invalid, all the datasets are returned even to which the current logged in > user does not have ACL permission. > > > Thanks, > > Subhrat Chaudhary > >
