private boolean impliesAction(String policyValue, String requestValue, BitFieldActionFactory bitFieldActionFactory) { BitFieldAction currentAction; BitFieldAction requestAction; try { currentAction = bitFieldActionFactory.getActionByName(policyValue); requestAction = bitFieldActionFactory.getActionByName(requestValue); } catch (SentryUserException e) { return false; } // the action in privilege is not supported if (currentAction == null || requestAction == null) { return false; } return currentAction.implies(requestAction); }
public BitFieldAction getActionByName(String name) { for (ActionType action : ActionType.values()) { if (action.name.equalsIgnoreCase(name)) { return new BitFieldAction(action.getName(), action.getCode()); } } return null; }
BitFieldAction allAction = getAction(component, Action.ALL); if (revokeaction.implies(allAction)) { if (persistedAction.implies(allAction)) { pm.makePersistent(persistedPriv); List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode()); for (BitFieldAction ac: actions) { if (ac.getActionCode() != revokeaction.getActionCode()) { tmpPriv.setAction(ac.getValue()); MSentryGMPrivilege leftPersistedPriv = getPrivilege(tmpPriv, pm); if (leftPersistedPriv == null) { } else if (revokeaction.implies(persistedAction)) {
/** * Drop any role related to the requested privilege and its children privileges */ public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) throws SentryUserException { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } /* * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { /* * force to load all roles related this privilege * avoid the lazy-loading */ pm.retrieve(mPrivilege); Set<MSentryRole> roles = mPrivilege.getRoles(); for (MSentryRole role : roles) { revokeRolePartial(requestPrivilege, mPrivilege, role, pm); } } }
BitFieldAction allAction = getAction(component, Action.ALL); if (revokeaction.implies(allAction)) { if (persistedAction.implies(allAction)) { pm.makePersistent(persistedPriv); List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode()); for (BitFieldAction ac: actions) { if (ac.getActionCode() != revokeaction.getActionCode()) { tmpPriv.setAction(ac.getValue()); MSentryGMPrivilege leftPersistedPriv = getPrivilege(tmpPriv, pm); if (leftPersistedPriv == null) { } else if (revokeaction.implies(persistedAction)) {
/** * Drop any role related to the requested privilege and its children privileges */ public void dropPrivilege(PrivilegeObject privilege,PersistenceManager pm) { MSentryGMPrivilege requestPrivilege = convertToPrivilege(privilege); if (Strings.isNullOrEmpty(privilege.getAction())) { requestPrivilege.setAction(getAction(privilege.getComponent(), Action.ALL).getValue()); } /** * Get the privilege graph * populateIncludePrivileges will get the privileges that need dropped, */ Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet(); privilegeGraph.addAll(populateIncludePrivileges(null, requestPrivilege, pm)); for (MSentryGMPrivilege mPrivilege : privilegeGraph) { /** * force to load all roles related this privilege * avoid the lazy-loading */ pm.retrieve(mPrivilege); Set<MSentryRole> roles = mPrivilege.getRoles(); for (MSentryRole role : roles) { revokeRolePartial(requestPrivilege, mPrivilege, role, pm); } } }
BitFieldAction allAction = getAction(component, Action.ALL); if (action.implies(allAction)) { List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode()); for (BitFieldAction ac : actions) { grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { grantPrivilege.setAction(allAction.getValue()); MSentryGMPrivilege allPrivilege = getPrivilege(grantPrivilege, pm); if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) { grantPrivilege.setAction(action.getValue());
throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue());
BitFieldAction allAction = getAction(component, Action.ALL); if (action.implies(allAction)) { List<? extends BitFieldAction> actions = getActionFactory(component).getActionsByCode(allAction.getActionCode()); for (BitFieldAction ac : actions) { grantPrivilege.setAction(ac.getValue()); MSentryGMPrivilege existPriv = getPrivilege(grantPrivilege, pm); if (existPriv != null && role.getGmPrivileges().contains(existPriv)) { grantPrivilege.setAction(allAction.getValue()); MSentryGMPrivilege allPrivilege = getPrivilege(grantPrivilege, pm); if (allPrivilege != null && role.getGmPrivileges().contains(allPrivilege)) { grantPrivilege.setAction(action.getValue());
throws SentryUserException { MSentryGMPrivilege oldPrivilege = new MSentryGMPrivilege(component, service, oldAuthorizables, null, null); oldPrivilege.setAction(getAction(component,Action.ALL).getValue());