/** * Grant option check * @throws SentryUserException */ private void grantOptionCheck(PrivilegeObject requestPrivilege, String grantorPrincipal,PersistenceManager pm) throws SentryUserException { if (Strings.isNullOrEmpty(grantorPrincipal)) { throw new SentryInvalidInputException("grantorPrincipal should not be null or empty"); } Set<String> groups = getRequestorGroups(grantorPrincipal); if (groups == null || groups.isEmpty()) { throw new SentryGrantDeniedException(grantorPrincipal + " has no grant!"); } //admin group check if (!Sets.intersection(adminGroups, toTrimmed(groups)).isEmpty()) { return; } //privilege grant option check Set<MSentryRole> mRoles = delegate.getRolesForGroups(pm, groups); if (!privilegeOperator.checkPrivilegeOption(mRoles, requestPrivilege, pm)) { throw new SentryGrantDeniedException(grantorPrincipal + " has no grant!"); } }
/** * Grant option check * @param component * @param pm * @param privilegeReader * @throws SentryUserException */ private void grantOptionCheck(PrivilegeObject requestPrivilege, String grantorPrincipal,PersistenceManager pm) throws SentryUserException { if (Strings.isNullOrEmpty(grantorPrincipal)) { throw new SentryInvalidInputException("grantorPrincipal should not be null or empty"); } Set<String> groups = getRequestorGroups(grantorPrincipal); if (groups == null || groups.isEmpty()) { throw new SentryGrantDeniedException(grantorPrincipal + " has no grant!"); } //admin group check if (!Sets.intersection(adminGroups, toTrimmed(groups)).isEmpty()) { return; } //privilege grant option check Set<MSentryRole> mRoles = delegate.getRolesForGroups(pm, groups); if (!privilegeOperator.checkPrivilegeOption(mRoles, requestPrivilege, pm)) { throw new SentryGrantDeniedException(grantorPrincipal + " has no grant!"); } }