private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) { List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef( (ASTNode) ast.getChild(0)); //check if admin option has been specified int rolesStartPos = 1; ASTNode wAdminOption = (ASTNode) ast.getChild(1); boolean isAdmin = false; if((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)){ rolesStartPos = 2; //start reading role names from next position isAdmin = true; } List<String> roles = new ArrayList<String>(); for (int i = rolesStartPos; i < ast.getChildCount(); i++) { roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText())); } String roleOwnerName = SessionState.getUserFromAuthenticator(); //until change is made to use the admin option. Default to false with V2 authorization GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, roles, principalDesc, roleOwnerName, PrincipalType.USER, isAdmin); return TaskFactory.get(new DDLWork(inputs, outputs, grantRevokeRoleDDL)); }
private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) { List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef( (ASTNode) ast.getChild(0)); //check if admin option has been specified int rolesStartPos = 1; ASTNode wAdminOption = (ASTNode) ast.getChild(1); boolean isAdmin = false; if((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)){ rolesStartPos = 2; //start reading role names from next position isAdmin = true; } List<String> roles = new ArrayList<String>(); for (int i = rolesStartPos; i < ast.getChildCount(); i++) { roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText())); } String roleOwnerName = SessionState.getUserFromAuthenticator(); //until change is made to use the admin option. Default to false with V2 authorization GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, roles, principalDesc, roleOwnerName, PrincipalType.USER, isAdmin); return TaskFactory.get(new DDLWork(inputs, outputs, grantRevokeRoleDDL), conf); }
private void analyzeGrantRevokeRole(boolean grant, ASTNode ast) { List<PrincipalDesc> principalDesc = analyzePrincipalListDef( (ASTNode) ast.getChild(0)); List<String> roles = new ArrayList<String>(); for (int i = 1; i < ast.getChildCount(); i++) { roles.add(unescapeIdentifier(ast.getChild(i).getText())); } String roleOwnerName = ""; if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) { roleOwnerName = SessionState.get().getAuthenticator().getUserName(); } GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(grant, roles, principalDesc, roleOwnerName, PrincipalType.USER, true); rootTasks.add(TaskFactory.get(new DDLWork(getInputs(), getOutputs(), grantRevokeRoleDDL), conf)); }
private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) { List<PrincipalDesc> principalDesc = AuthorizationParseUtils.analyzePrincipalListDef( (ASTNode) ast.getChild(0)); //check if admin option has been specified int rolesStartPos = 1; ASTNode wAdminOption = (ASTNode) ast.getChild(1); boolean isAdmin = false; if((isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_GRANT_WITH_ADMIN_OPTION) || (!isGrant && wAdminOption.getToken().getType() == HiveParser.TOK_ADMIN_OPTION_FOR)){ rolesStartPos = 2; //start reading role names from next position isAdmin = true; } List<String> roles = new ArrayList<String>(); for (int i = rolesStartPos; i < ast.getChildCount(); i++) { roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText())); } String roleOwnerName = SessionState.getUserFromAuthenticator(); //until change is made to use the admin option. Default to false with V2 authorization GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, roles, principalDesc, roleOwnerName, PrincipalType.USER, isAdmin); return TaskFactory.get(new DDLWork(inputs, outputs, grantRevokeRoleDDL), conf); }
private Task<? extends Serializable> analyzeGrantRevokeRole(boolean isGrant, ASTNode ast, HashSet<ReadEntity> inputs, HashSet<WriteEntity> outputs) throws SemanticException { List<PrincipalDesc> principalDesc = analyzePrincipalListDef( (ASTNode) ast.getChild(0)); List<String> roles = new ArrayList<String>(); for (int i = 1; i < ast.getChildCount(); i++) { roles.add(BaseSemanticAnalyzer.unescapeIdentifier(ast.getChild(i).getText())); } String roleOwnerName = ""; if (SessionState.get() != null && SessionState.get().getAuthenticator() != null) { roleOwnerName = SessionState.get().getAuthenticator().getUserName(); } for (PrincipalDesc princ : principalDesc) { if (princ.getType() != PrincipalType.GROUP) { String msg = SentryHiveConstants.GRANT_REVOKE_NOT_SUPPORTED_ON_OBJECT + princ.getType(); throw new SemanticException(msg); } } GrantRevokeRoleDDL grantRevokeRoleDDL = new GrantRevokeRoleDDL(isGrant, roles, principalDesc, roleOwnerName, PrincipalType.USER, false); return createTask(new DDLWork(inputs, outputs, grantRevokeRoleDDL)); }