/** * Explore Privilege graph and collect privileges that are belong to the specific privilege */ @SuppressWarnings("unchecked") private Set<MSentryGMPrivilege> populateIncludePrivileges(Set<MSentryRole> roles, MSentryGMPrivilege parent, PersistenceManager pm) { Set<MSentryGMPrivilege> childrens = Sets.newHashSet(); Query query = pm.newQuery(MSentryGMPrivilege.class); StringBuilder filters = new StringBuilder(); //add populateIncludePrivilegesQuery filters.append(MSentryGMPrivilege.populateIncludePrivilegesQuery(parent)); // add filter for role names if (roles != null && roles.size() > 0) { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { rolesFiler.add("role.roleName == \"" + role.getRoleName() + "\" "); } filters.append("&& roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")"); } query.setFilter(filters.toString()); List<MSentryGMPrivilege> privileges = (List<MSentryGMPrivilege>)query.execute(); childrens.addAll(privileges); return childrens; }
private boolean hasAnyServerPrivileges(Set<String> roleNames, String serverName) { if (roleNames == null || roleNames.isEmpty()) { return false; } boolean rollbackTransaction = true; PersistenceManager pm = null; try { pm = openTransaction(); Query query = pm.newQuery(MSentryPrivilege.class); query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (String rName : roleNames) { rolesFiler.add("role.roleName == \"" + rName.trim().toLowerCase() + "\""); } StringBuilder filters = new StringBuilder("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ") "); filters.append("&& serverName == \"" + serverName.trim().toLowerCase() + "\""); query.setFilter(filters.toString()); query.setResult("count(this)"); Long numPrivs = (Long) query.execute(); rollbackTransaction = false; commitTransaction(pm); return numPrivs > 0; } finally { if (rollbackTransaction) { rollbackTransaction(pm); } } }
query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (String role : roles) {
public boolean checkPrivilegeOption(Set<MSentryRole> roles, PrivilegeObject privilege, PersistenceManager pm) { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); boolean hasGrant = false; //get persistent privileges by roles Query query = pm.newQuery(MSentryGMPrivilege.class); StringBuilder filters = new StringBuilder(); if (roles != null && roles.size() > 0) { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) { rolesFiler.add("role.roleName == \"" + role.getRoleName() + "\" "); } filters.append("roles.contains(role) " + "&& (" + Joiner.on(" || ").join(rolesFiler) + ")"); } query.setFilter(filters.toString()); List<MSentryGMPrivilege> tPrivileges = (List<MSentryGMPrivilege>)query.execute(); for (MSentryGMPrivilege tPrivilege : tPrivileges) { if (tPrivilege.getGrantOption() && tPrivilege.implies(requestPrivilege)) { hasGrant = true; break; } } return hasGrant; } public void grantPrivilege(PrivilegeObject privilege,MSentryRole role, PersistenceManager pm) throws SentryUserException {
/** * Add common filter for set of Sentry roles. This is used to simplify creating filters for * privileges belonging to the specified set of roles. * @param query Query used for search * @param paramBuilder paramBuilder for parameters * @param roleNames set of role names * @return paramBuilder supplied or a new one if the supplied one is null. */ public static QueryParamBuilder addRolesFilter(Query query, QueryParamBuilder paramBuilder, Set<String> roleNames) { query.declareVariables(MSentryRole.class.getName() + " role"); if (paramBuilder == null) { paramBuilder = new QueryParamBuilder(); } if (roleNames == null || roleNames.isEmpty()) { return paramBuilder; } paramBuilder.newChild().addSet("role.roleName == ", roleNames, true); paramBuilder.addString("roles.contains(role)"); return paramBuilder; }
/** * Add common filter for set of Sentry users. This is used to simplify creating filters for * privileges belonging to the specified set of users. * @param query Query used for search * @param paramBuilder paramBuilder for parameters * @param userNames set of user names * @return paramBuilder supplied or a new one if the supplied one is null. */ public static QueryParamBuilder addUsersFilter(Query query, QueryParamBuilder paramBuilder, Set<String> userNames) { query.declareVariables(MSentryUser.class.getName() + " user"); if (paramBuilder == null) { paramBuilder = new QueryParamBuilder(); } if (userNames == null || userNames.isEmpty()) { return paramBuilder; } paramBuilder.newChild().addSet("user.userName == ", userNames, false); paramBuilder.addString("users.contains(user)"); return paramBuilder; }
filters.append(" !roles.isEmpty() "); } else { query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (String rName : roleNames) {
pm = openTransaction(); Query query = pm.newQuery(MSentryPrivilege.class); query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (String rName : roleNames) {
query.declareVariables( "BuildDefinition buildDef" );
query.declareVariables( "BuildDefinition buildDef" );
query.declareVariables( "BuildDefinition buildDef" );
StringBuilder filters = new StringBuilder(); query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (MSentryRole role : roles) {
query.declareVariables( "BuildDefinition buildDef" );
query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role"); List<String> rolesFiler = new LinkedList<String>(); for (String rName : roleNames) {
query.declareVariables( "BuildDefinition buildDef" );
query.declareVariables( "BuildDefinition buildDef" );
public BuildDefinition getDefaultBuildDefinitionForProject( int projectId ) throws ContinuumStoreException { PersistenceManager pm = getPersistenceManager(); Transaction tx = pm.currentTransaction(); try { tx.begin(); Extent extent = pm.getExtent( BuildDefinition.class, true ); Query query = pm.newQuery( extent ); query.declareImports( "import " + Project.class.getName() ); query.declareParameters( "int projectId" ); query.setFilter( "project.id == projectId && project.buildDefinitions.contains(this) && this.defaultForProject == true" ); query.declareVariables( "Project project" ); query.setResult( "this" ); List<BuildDefinition> result = (List<BuildDefinition>) query.execute( projectId ); result = (List<BuildDefinition>) pm.detachCopyAll( result ); tx.commit(); if ( result != null && !result.isEmpty() ) { return result.get( 0 ); } } finally { rollback( tx ); } throw new ContinuumObjectNotFoundException( "no default build definition declared for project " + projectId ); }
public List<BuildDefinition> getDefaultBuildDefinitionsForProjectGroup( int projectGroupId ) throws ContinuumStoreException { PersistenceManager pm = getPersistenceManager(); Transaction tx = pm.currentTransaction(); try { tx.begin(); Extent extent = pm.getExtent( ProjectGroup.class, true ); Query query = pm.newQuery( extent ); query.declareImports( "import " + BuildDefinition.class.getName() ); query.declareParameters( "int projectGroupId" ); query.setFilter( "this.id == projectGroupId && this.buildDefinitions.contains(buildDef) && buildDef.defaultForProject == true" ); query.declareVariables( "BuildDefinition buildDef" ); query.setResult( "buildDef" ); List<BuildDefinition> result = (List<BuildDefinition>) query.execute( projectGroupId ); result = (List<BuildDefinition>) pm.detachCopyAll( result ); tx.commit(); if ( result != null ) { return result; } } finally { rollback( tx ); } return new ArrayList<BuildDefinition>(); }
q.declareVariables("Employee e"); q.setFilter("name.startsWith('Research') && emps.contains(e)"); q.setResult("e.name");
/** * 14.10.5 Navigation through multi-valued field. * This query selects all Department instances from the candidate collection where the * collection of Employee instances contains at least one Employee instance having a salary * greater than the value passed as a parameter. */ @Test public void testQuery_14_10_5() { PersistenceManager pm = TestTools.openPM(); pm.currentTransaction().begin(); String filter = "emps.contains (emp) && emp.salary > sal"; Query q = pm.newQuery (Department.class, filter); q.declareParameters ("float sal"); q.declareVariables ("Employee emp"); Collection<?> deps = (Collection<?>) q.execute (new Float (30000.)); fail("TODO"); assertTrue(!deps.isEmpty()); // <query name="multivalue"> // [!CDATA[ // select where emps.contains(e) // && e.salary > :sal // ]] // </query> TestTools.closePM(pm); }