Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/11754 )
Change subject: WIP authz: verify tokens on writes ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/11754/1/src/kudu/tserver/tablet_service.cc File src/kudu/tserver/tablet_service.cc: http://gerrit.cloudera.org:8080/#/c/11754/1/src/kudu/tserver/tablet_service.cc@1030 PS1, Line 1030: if (table_privilege) { : // XXX(awong): decode the write ops to get the types here? If we do it in : // the prepare phase (where it is now), we'll be doing it after taking the : // schema lock. Can we decode the op types without it at least? : context->RespondRpcFailure(rpc::ErrorStatusPB::FATAL_UNAUTHORIZED, : Status::NotAuthorized("not authorized")); : } Dan and I chatted about this offline and we should be able to get just the op types by iterating through the RowOperationsPB's direct data field, which should be roughly `[op type][fixed width row][fixed width row] ...` Also this can be done up in the same block in L954. -- To view, visit http://gerrit.cloudera.org:8080/11754 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iefa2215d528a64f525e04bec111b25f8bc17c086 Gerrit-Change-Number: 11754 Gerrit-PatchSet: 1 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Mon, 22 Oct 2018 23:17:55 +0000 Gerrit-HasComments: Yes
