sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-2256: Sqoop2: Creator should have access to its entities
Date Sat, 28 Mar 2015 01:52:02 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 615265db2 -> 3ba34e250


SQOOP-2256: Sqoop2: Creator should have access to its entities

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/3ba34e25
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/3ba34e25
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/3ba34e25

Branch: refs/heads/sqoop2
Commit: 3ba34e250d595d89d51367179be8934be51b133d
Parents: 615265d
Author: Abraham Elmahrek <abe@apache.org>
Authored: Fri Mar 27 18:50:23 2015 -0700
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Fri Mar 27 18:50:23 2015 -0700

----------------------------------------------------------------------
 .../Authorization/AuthorizationEngine.java      | 25 ++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/3ba34e25/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
index 333919d..8c718e3 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
@@ -32,7 +32,6 @@ import org.apache.sqoop.security.AuthorizationHandler;
 import org.apache.sqoop.security.AuthorizationManager;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 
@@ -169,6 +168,28 @@ public class AuthorizationEngine {
     UserGroupInformation user = HttpUserGroupInformation.get();
     String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName();
     MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER);
-    handler.checkPrivileges(principal, Arrays.asList(privileges));
+
+    // SQOOP-2256: Hack code, do not check privilege when the user is the creator
+    // If the user is the owner/creator of this resource, then privilege will
+    // not be checked. It is a hack code for the time being. The concept of
+    // "Owner" will be added in the future and this code will be removed.
+    ArrayList<MPrivilege> privilegesNeedCheck = new ArrayList<MPrivilege>();
+    for (MPrivilege privilege : privileges) {
+      Repository repository = RepositoryManager.getInstance().getRepository();
+      if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType()))
{
+        MLink link = repository.findLink(Long.valueOf(privilege.getResource().getName()));
+        if (!user_name.equals(link.getCreationUser())) {
+          privilegesNeedCheck.add(privilege);
+        }
+      }
+      if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType()))
{
+        MJob job = repository.findJob(Long.valueOf(privilege.getResource().getName()));
+        if (!user_name.equals(job.getCreationUser())) {
+          privilegesNeedCheck.add(privilege);
+        }
+      }
+    }
+
+    handler.checkPrivileges(principal, privilegesNeedCheck);
   }
 }
\ No newline at end of file


Mime
View raw message