Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-22 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/#review221047
---


Ship it!




Ship It!

- Madhan Neethiraj


On June 22, 2020, 5:15 p.m., chaitali wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72601/
> ---
> 
> (Updated June 22, 2020, 5:15 p.m.)
> 
> 
> Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
> and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-3845
> https://issues.apache.org/jira/browse/ATLAS-3845
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Audit api was returning all entities details even after blocking the rights 
> for read entity in Ranger policy-This patch handles the issue by adding 
> verify access check.
> 
> 
> Diffs
> -
> 
>   webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 
> 
> 
> Diff: https://reviews.apache.org/r/72601/diff/3/
> 
> 
> Testing
> ---
> 
> Tested by adding deny policy for read/create entity in Ranger
> 
> 
> Thanks,
> 
> chaitali
> 
>

Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-22 Thread chaitali 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/
---

(Updated June 22, 2020, 5:15 p.m.)


Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
and Sarath Subramanian.


Bugs: ATLAS-3845
https://issues.apache.org/jira/browse/ATLAS-3845


Repository: atlas


Description
---

Audit api was returning all entities details even after blocking the rights for 
read entity in Ranger policy-This patch handles the issue by adding verify 
access check.


Diffs (updated)
-

  webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 


Diff: https://reviews.apache.org/r/72601/diff/3/

Changes: https://reviews.apache.org/r/72601/diff/2-3/


Testing
---

Tested by adding deny policy for read/create entity in Ranger


Thanks,

chaitali

Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-22 Thread Madhan Neethiraj 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/#review221046
---


Fix it, then Ship it!





webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java
Lines 809 (patched)


I suggest to add a comment here, to clarify why this call us needed:
 // following call enforces authorization for entity-read
 entitiesStore.getHeaderById(guid);


- Madhan Neethiraj


On June 22, 2020, 2:49 p.m., chaitali wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72601/
> ---
> 
> (Updated June 22, 2020, 2:49 p.m.)
> 
> 
> Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
> and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-3845
> https://issues.apache.org/jira/browse/ATLAS-3845
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Audit api was returning all entities details even after blocking the rights 
> for read entity in Ranger policy-This patch handles the issue by adding 
> verify access check.
> 
> 
> Diffs
> -
> 
>   webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 
> 
> 
> Diff: https://reviews.apache.org/r/72601/diff/2/
> 
> 
> Testing
> ---
> 
> Tested by adding deny policy for read/create entity in Ranger
> 
> 
> Thanks,
> 
> chaitali
> 
>

Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-22 Thread Sarath Subramanian 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/#review221045
---


Ship it!




Ship It!

- Sarath Subramanian


On June 22, 2020, 7:49 a.m., chaitali wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72601/
> ---
> 
> (Updated June 22, 2020, 7:49 a.m.)
> 
> 
> Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
> and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-3845
> https://issues.apache.org/jira/browse/ATLAS-3845
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Audit api was returning all entities details even after blocking the rights 
> for read entity in Ranger policy-This patch handles the issue by adding 
> verify access check.
> 
> 
> Diffs
> -
> 
>   webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 
> 
> 
> Diff: https://reviews.apache.org/r/72601/diff/2/
> 
> 
> Testing
> ---
> 
> Tested by adding deny policy for read/create entity in Ranger
> 
> 
> Thanks,
> 
> chaitali
> 
>

Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-22 Thread chaitali 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/
---

(Updated June 22, 2020, 2:49 p.m.)


Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
and Sarath Subramanian.


Bugs: ATLAS-3845
https://issues.apache.org/jira/browse/ATLAS-3845


Repository: atlas


Description
---

Audit api was returning all entities details even after blocking the rights for 
read entity in Ranger policy-This patch handles the issue by adding verify 
access check.


Diffs (updated)
-

  webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 


Diff: https://reviews.apache.org/r/72601/diff/2/

Changes: https://reviews.apache.org/r/72601/diff/1-2/


Testing
---

Tested by adding deny policy for read/create entity in Ranger


Thanks,

chaitali

Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-18 Thread Sarath Subramanian 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/#review221031
---




webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java
Line 808 (original), 811 (patched)


consider replacing 811 and 812 with:

entitiesStore.getHeaderById(guid);

this internally checks for authorization.


- Sarath Subramanian


On June 17, 2020, 7:48 a.m., chaitali wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/72601/
> ---
> 
> (Updated June 17, 2020, 7:48 a.m.)
> 
> 
> Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
> and Sarath Subramanian.
> 
> 
> Bugs: ATLAS-3845
> https://issues.apache.org/jira/browse/ATLAS-3845
> 
> 
> Repository: atlas
> 
> 
> Description
> ---
> 
> Audit api was returning all entities details even after blocking the rights 
> for read entity in Ranger policy-This patch handles the issue by adding 
> verify access check.
> 
> 
> Diffs
> -
> 
>   webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 
> 
> 
> Diff: https://reviews.apache.org/r/72601/diff/1/
> 
> 
> Testing
> ---
> 
> Tested by adding deny policy for read/create entity in Ranger
> 
> 
> Thanks,
> 
> chaitali
> 
>

Re: Review Request 72601: ATLAS-3845 : Audit API returns the audit information for an unauthorised entity

2020-06-17 Thread chaitali 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/72601/
---

(Updated June 17, 2020, 2:48 p.m.)


Review request for atlas, Jayendra Parab, Madhan Neethiraj, Nixon Rodrigues, 
and Sarath Subramanian.


Bugs: ATLAS-3845
https://issues.apache.org/jira/browse/ATLAS-3845


Repository: atlas


Description
---

Audit api was returning all entities details even after blocking the rights for 
read entity in Ranger policy-This patch handles the issue by adding verify 
access check.


Diffs
-

  webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b1055605f 


Diff: https://reviews.apache.org/r/72601/diff/1/


Testing
---

Tested by adding deny policy for read/create entity in Ranger


Thanks,

chaitali