public void revokePrivilege(PrivilegeObject privilege,MSentryRole role, PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege mPrivilege = getPrivilege(convertToPrivilege(privilege), pm); if (mPrivilege == null) { mPrivilege = convertToPrivilege(privilege); } else { mPrivilege = (MSentryGMPrivilege) pm.detachCopy(mPrivilege); } Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(Sets.newHashSet(role), mPrivilege, pm)); /** * Get the privilege graph * populateIncludePrivileges will get the privileges that needed revoke */ for (MSentryGMPrivilege persistedPriv : privilegeGraph) { /** * force to load all roles related this privilege * avoid the lazy-loading risk,such as: * if the roles field of privilege aren't loaded, then the roles is a empty set * privilege.removeRole(role) and pm.makePersistent(privilege) * will remove other roles that shouldn't been removed */ revokeRolePartial(mPrivilege, persistedPriv, role, pm); } pm.makePersistent(role); }
public void revokePrivilege(PrivilegeObject privilege,MSentryRole role, PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege mPrivilege = getPrivilege(convertToPrivilege(privilege), pm); if (mPrivilege == null) { mPrivilege = convertToPrivilege(privilege); } else { mPrivilege = pm.detachCopy(mPrivilege); } Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(Sets.newHashSet(role), mPrivilege, pm)); /* * Get the privilege graph * populateIncludePrivileges will get the privileges that needed revoke */ for (MSentryGMPrivilege persistedPriv : privilegeGraph) { /* * force to load all roles related this privilege * avoid the lazy-loading risk,such as: * if the roles field of privilege aren't loaded, then the roles is a empty set * privilege.removeRole(role) and pm.makePersistent(privilege) * will remove other roles that shouldn't been removed */ revokeRolePartial(mPrivilege, persistedPriv, role, pm); } pm.makePersistent(role); }
/** * Drop any role related to the requested privilege and its children privileges */ public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } /* * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { /* * force to load all roles related this privilege * avoid the lazy-loading */ pm.retrieve(mPrivilege); Set<MSentryRole> roles = mPrivilege.getRoles(); for (MSentryRole role : roles) { revokeRolePartial(requestPrivilege, mPrivilege, role, pm); } } }
revokeRolePartial(oldPrivilege, dropPrivilege, role, pm); grantRolePartial(newPrivilge, role, pm);
revokeRolePartial(oldPrivilege, dropPrivilege, role, pm); grantRolePartial(newPrivilge, role, pm);
/** * Drop any role related to the requested privilege and its children privileges */ public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } /** * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { /** * force to load all roles related this privilege * avoid the lazy-loading */ pm.retrieve(mPrivilege); Set<MSentryRole> roles = mPrivilege.getRoles(); for (MSentryRole role : roles) { revokeRolePartial(requestPrivilege, mPrivilege, role, pm); } } }