rtrivedi12 commented on code in PR #6508:
URL: https://github.com/apache/hive/pull/6508#discussion_r3321355542
##########
ql/src/java/org/apache/hadoop/hive/ql/security/authorization/command/CommandAuthorizerV2.java:
##########
@@ -180,6 +187,79 @@ private static boolean isDeferredAuthView(Table t){
return false;
}
+ /**
+ * Returns true when a PARTITION entity should not produce its own privilege
object
+ * because access is already covered by a view's TABLE_OR_VIEW object.
+ */
+ private static boolean isPartitionAccessedViaRegularView(ReadEntity
partitionEntity,
+ List<? extends Entity> allEntities) {
+ if (hasDeferredViewParent(partitionEntity)) {
+ return false;
+ }
+ if (hasRegularViewParent(partitionEntity)) {
+ return true;
+ }
+ Table partTable = partitionEntity.getTable();
+ if (partTable == null) {
+ return false;
+ }
+ for (Entity entity : allEntities) {
+ if (!(entity instanceof ReadEntity) || entity.getTyp() != Type.TABLE) {
+ continue;
+ }
+ ReadEntity tableEntity = (ReadEntity) entity;
+ if (tableEntity.isDirect() || tableEntity.getTable() == null) {
+ continue;
+ }
+ Table table = tableEntity.getTable();
+ if (!partTable.getDbName().equals(table.getDbName())
+ || !partTable.getTableName().equals(table.getTableName())) {
+ continue;
+ }
+ if (hasDeferredViewParent(tableEntity)) {
+ return false;
+ }
+ if (hasRegularViewParent(tableEntity)) {
+ return true;
+ }
+ }
Review Comment:
> Also this whole method needs a refactor to simplify it as there are too
many `continue`s and `if`s.
Thanks @soumyakanti3578 ! I will update this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
