/** * Drop any role related to the requested privilege and its children privileges */ public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } /* * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { /* * force to load all roles related this privilege * avoid the lazy-loading */ pm.retrieve(mPrivilege); Set<MSentryRole> roles = mPrivilege.getRoles(); for (MSentryRole role : roles) { revokeRolePartial(requestPrivilege, mPrivilege, role, pm); } } }
/** * Drop any role related to the requested privilege and its children privileges */ public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } /** * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { /** * force to load all roles related this privilege * avoid the lazy-loading */ pm.retrieve(mPrivilege); Set<MSentryRole> roles = mPrivilege.getRoles(); for (MSentryRole role : roles) { revokeRolePartial(requestPrivilege, mPrivilege, role, pm); } } }
throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue());
throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue());
grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { grantPrivilege.setAction(allAction.getValue()); MSentryGMPrivilege allPrivilege = getPrivilege(grantPrivilege, pm); if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) { grantPrivilege.setAction(action.getValue());
grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { grantPrivilege.setAction(allAction.getValue()); MSentryGMPrivilege allPrivilege = getPrivilege(grantPrivilege, pm); if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) { grantPrivilege.setAction(action.getValue());
@Test public void testSearchImpliesAction() throws Exception { /** * action is equal */ MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SolrConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SolrConstants.QUERY, false); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal */ fieldPrivilege2.setAction(SolrConstants.UPDATE); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal,but the persistent privilege has the ALL action */ fieldPrivilege1.setAction(SolrConstants.ALL); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); } }
@Test public void testSearchImpliesAction() throws Exception { /** * action is equal */ MSentryGMPrivilege fieldPrivilege1 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SearchConstants.QUERY, false); MSentryGMPrivilege fieldPrivilege2 = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f2")), SearchConstants.QUERY, false); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal */ fieldPrivilege2.setAction(SearchConstants.UPDATE); assertFalse(fieldPrivilege1.implies(fieldPrivilege2)); /** * action isn't equal,but the persistent privilege has the ALL action */ fieldPrivilege1.setAction(SearchConstants.ALL); assertTrue(fieldPrivilege1.implies(fieldPrivilege2)); } }
@Test public void testImpliesWithServerScope() throws Exception { //The persistent privilege is server scope MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", "service1", null,SolrConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(collectionPrivilege)); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SolrConstants.QUERY, false); assertTrue(serverPrivilege.implies(fieldPrivilege)); assertTrue(collectionPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SolrConstants.UPDATE); assertFalse(serverPrivilege.implies(collectionPrivilege)); assertFalse(serverPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SolrConstants.ALL); assertTrue(serverPrivilege.implies(collectionPrivilege)); assertTrue(serverPrivilege.implies(fieldPrivilege)); } /**
@Test public void testImpliesWithServerScope() throws Exception { //The persistent privilege is server scope MSentryGMPrivilege serverPrivilege = new MSentryGMPrivilege("solr", "service1", null,SearchConstants.QUERY, false); MSentryGMPrivilege collectionPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1")), SearchConstants.QUERY, false); assertTrue(serverPrivilege.implies(collectionPrivilege)); MSentryGMPrivilege fieldPrivilege = new MSentryGMPrivilege("solr", "service1", Arrays.asList(new Collection("c1"), new Field("f1")), SearchConstants.QUERY, false); assertTrue(serverPrivilege.implies(fieldPrivilege)); assertTrue(collectionPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SearchConstants.UPDATE); assertFalse(serverPrivilege.implies(collectionPrivilege)); assertFalse(serverPrivilege.implies(fieldPrivilege)); serverPrivilege.setAction(SearchConstants.ALL); assertTrue(serverPrivilege.implies(collectionPrivilege)); assertTrue(serverPrivilege.implies(fieldPrivilege)); } /**
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
tmpPriv.setAction(ac.getValue()); MSentryGMPrivilege leftPersistedPriv = getPrivilege(tmpPriv, pm); if (leftPersistedPriv == null) {
tmpPriv.setAction(ac.getValue()); MSentryGMPrivilege leftPersistedPriv = getPrivilege(tmpPriv, pm); if (leftPersistedPriv == null) {
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);
solrPrivilege.setServiceName("solr.server1"); solrPrivilege.setAuthorizables(Arrays.asList(new Collection("c1"))); solrPrivilege.setAction("query"); solrPrivilege.setGrantOption(true);