Re: Review Request 74850: RANGER-4669: checking users nested in roles and groups to get datasets shared with users

Tue, 23 Jan 2024 21:51:27 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74850/#review226171
-----------------------------------------------------------


Ship it!




Ship It!

- Madhan Neethiraj


On Jan. 23, 2024, 7:45 a.m., Subhrat Chaudhary wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/74850/
> -----------------------------------------------------------
> 
> (Updated Jan. 23, 2024, 7:45 a.m.)
> 
> 
> Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, 
> Monika Kachhadiya, Prashant Satam, and Siddhesh Phatak.
> 
> 
> Bugs: RANGER-4669
>     https://issues.apache.org/jira/browse/RANGER-4669
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> When dataset is shared with a user nested in a role i.e. user < group < role, 
> and the user calls get dataset API with sharedWithMe=true, the dataset is not 
> returned in response. To fix this, we are getting the roles associated with 
> the groups associated with the calling user and updating the list of roles 
> associated with a user, before the list of role is checked with roles in the 
> policy item.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 
> 69b43f2dc 
>   security-admin/src/main/java/org/apache/ranger/biz/GdsPolicyAdminCache.java 
> 97d4b2579 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java
>  30d231797 
>   
> security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java
>  2c8721e1e 
> 
> 
> Diff: https://reviews.apache.org/r/74850/diff/1/
> 
> 
> Testing
> -------
> 
> Validated following cases for get dataset API - 
> /gds/dataset?sharedWithMe=true:
> 1. Dataset shared with group (associated with calling user) is returned in 
> response.
> 2. Dataset shared with role (associated with calling group in case 1) is 
> returned in response.
> 3. Dataset shared with public group (not directly shared with user/group/role 
> of the calling user) is returned in response.
> 
> Validated all junits are passing.
> 
> 
> Thanks,
> 
> Subhrat Chaudhary
> 
>

Reply via email to