----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/70846/#review215904 -----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java Line 230 (original), 226 (patched) <https://reviews.apache.org/r/70846/#comment302841> change comment to be consistent sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java Lines 228 (patched) <https://reviews.apache.org/r/70846/#comment302842> do you want to change for create function as well to get true currDB? case HiveParser.TOK_CREATEFUNCTION: String udfClassName = BaseSemanticAnalyzer.unescapeSQLString(ast.getChild(1).getText()); try { CodeSource udfSrc = Class.forName(udfClassName, true, Utilities.getSessionSpecifiedClassLoader()) .getProtectionDomain().getCodeSource(); if (udfSrc == null) { throw new SemanticException("Could not resolve the jar for UDF class " + udfClassName); } String udfJar = udfSrc.getLocation().getPath(); if (udfJar == null || udfJar.isEmpty()) { throw new SemanticException("Could not find the jar for UDF class " + udfClassName + "to validate privileges"); } udfURIs.add(parseURI(udfSrc.getLocation().toString(), true)); } catch (ClassNotFoundException e) { List<String> functionJars = getFunctionJars(ast); if (functionJars.isEmpty()) { throw new SemanticException("Error retrieving udf class:" + e.getMessage(), e); } else { // Add the jars from the command "Create function using jar" to the access list // Defer to hive to check if the class is in the jars for(String jar : functionJars) { udfURIs.add(parseURI(jar, false)); } } } // create/drop function is allowed with any database currDB = Database.ALL; sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java Line 120 (original), 123 (patched) <https://reviews.apache.org/r/70846/#comment302843> can you add test case for creating function fail due to not having privilege? - Na Li On June 14, 2019, 2:58 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/70846/ > ----------------------------------------------------------- > > (Updated June 14, 2019, 2:58 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda and Na Li. > > > Bugs: SENTRY-2240 > https://issues.apache.org/jira/browse/SENTRY-2240 > > > Repository: sentry > > > Description > ------- > > User can DROP UDF function under a database that he/she has no access to. > > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java > e87d0f664fd6cf93b3b86a61b57f148827e5692f > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java > ed278c8d68c4133335198f40bed62cfa757fa5a9 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java > 1aaa9b3fcade6ebcefcea269b3bd919fb47a44f6 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java > bd0f978e86733b37cf3343c9841304fd61f9dcab > > > Diff: https://reviews.apache.org/r/70846/diff/3/ > > > Testing > ------- > > > Thanks, > > Arjun Mishra > >
