Re: [PR] RANGER-4670: RANGER-4977: hbase plugin: SELF_AND_ALL_DESCENDANTS Reso… [ranger]

Wed, 06 Nov 2024 14:51:28 -0800 


fateh288 commented on code in PR #410:
URL: https://github.com/apache/ranger/pull/410#discussion_r1831811821


##########
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java:
##########
@@ -1512,4 +1504,27 @@ private List<RangerConditionEvaluator> 
createPolicyConditionEvaluators(RangerPol
                return ret;
        }
 
+       private static boolean isMatchForResourceMatchingScope(final 
RangerAccessRequest.ResourceMatchingScope scope, final 
RangerPolicyResourceMatcher.MatchType matchType, boolean isAnyMatch) {
+               boolean ret = false;
+               if (isAnyMatch){
+                       ret = matchType !=  
RangerPolicyResourceMatcher.MatchType.NONE;
+               }
+               else if (scope!=null) {
+                               switch (scope) {
+                                               case SELF_OR_DESCENDANTS: {
+                                                       ret = matchType != 
RangerPolicyResourceMatcher.MatchType.NONE;
+                                                       break;
+                                               }
+                                               case SELF_AND_ALL_DESCENDANTS: {
+                                                       ret = matchType != 
RangerPolicyResourceMatcher.MatchType.NONE;
+                                                       break;
+                                               }
+                                               default: {
+                                                       ret = matchType == 
RangerPolicyResourceMatcher.MatchType.SELF || matchType == 
RangerPolicyResourceMatcher.MatchType.SELF_AND_ALL_DESCENDANTS;
+                                                       break;
+                                               }
+                               }
+               }

Review Comment:
   scope!=null always as per current implementation of RangerAccessRequestImpl .
   `private ResourceMatchingScope resourceMatchingScope = 
ResourceMatchingScope.SELF;`
   The default value is always SELF. But I see it can be somehow null if 
interface is implemented differently (I think we should prevent this)
   Can there (or is there currently ) be a use case of null 
ResourceMatchingScope ?
   However, I think a check for not null would be required for current 
refactoring logic as we cannot have null in switch case and we should return 
isMatched=False in this case unless there is an explicit use case for the same 
   (if ResourceMatchingScope is null then I think isMatched should be false as 
matchType seems irrelevant).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to