/** * creates a new user exception builder . * * @see org.apache.drill.exec.proto.UserBitShared.DrillPBError.ErrorType#PERMISSION * @return user exception builder */ public static Builder permissionError() { return permissionError(null); }
@Override public List<String> getDatabases(boolean ignoreAuthzErrors) throws TException { try { authorizer.authorizeShowDatabases(); } catch (final HiveAccessControlException e) { if (ignoreAuthzErrors) { return Collections.emptyList(); } throw UserException.permissionError(e).build(logger); } try { return databases.get("databases"); } catch (final ExecutionException e) { throw new TException(e); } }
@Override public List<String> getTableNames(final String dbName, boolean ignoreAuthzErrors) throws TException { try { authorizer.authorizeShowTables(dbName); } catch (final HiveAccessControlException e) { if (ignoreAuthzErrors) { return Collections.emptyList(); } throw UserException.permissionError(e).build(logger); } try { return tableNameLoader.get(dbName); } catch (final ExecutionException e) { throw new TException(e); } }
@Override public HiveReadEntry getHiveReadEntry(final String dbName, final String tableName, boolean ignoreAuthzErrors) throws TException { try { authorizer.authorizeReadTable(dbName, tableName); } catch (final HiveAccessControlException e) { if (!ignoreAuthzErrors) { throw UserException.permissionError(e).build(logger); } } try { return tableLoaders.get(TableName.table(dbName,tableName)); } catch (final ExecutionException e) { throw new TException(e); } }
/** * creates a new user exception builder . * * @see org.apache.drill.exec.proto.UserBitShared.DrillPBError.ErrorType#PERMISSION * @return user exception builder */ public static Builder permissionError() { return permissionError(null); }
private static void checkOptionPermissions(String name, OptionValue.AccessibleScopes type, OptionValue.OptionScope scope) { if (!type.inScopeOf(scope)) { throw UserException.permissionError() .message(String.format("Cannot change option %s in scope %s", name, scope)) .build(logger); } }
private void checkOrThrowQueryCancelAuthorization(final String queryUser, final String queryId) { if (!principal.canManageQueryOf(queryUser)) { throw UserException.permissionError() .message("Not authorized to cancel the query '%s'", queryId) .build(logger); } } }
} catch (AccessControlException e) { throw UserException .permissionError(e) .message("Unauthorized to drop table") .build(logger);
"maximum allowed number of user hops (%d) in chained impersonation.", maxChainedUserHops); logger.error(errMsg); throw UserException.permissionError().message(errMsg).build(logger);
private void checkOrThrowProfileViewAuthorization(final QueryProfile profile) { if (!principal.canManageProfileOf(profile.getUser())) { throw UserException.permissionError() .message("Not authorized to view the profile of query '%s'", profile.getId()) .build(logger); } }
if (!schemaConfig.getIgnoreAuthErrors()) { logger.debug(e.getMessage()); throw UserException.permissionError(e) .message("Not authorized to list or query tables in schema [%s]", getFullSchemaName()) .build(logger);
private Set<String> getViews() { Set<String> viewSet = Sets.newHashSet(); // Look for files with ".view.drill" extension. List<DotDrillFile> files; try { files = DotDrillUtil.getDotDrills(getFS(), new Path(config.getLocation()), DotDrillType.VIEW); for (DotDrillFile f : files) { viewSet.add(f.getBaseName()); } } catch (UnsupportedOperationException e) { logger.debug("The filesystem for this workspace does not support this operation.", e); } catch (AccessControlException e) { if (!schemaConfig.getIgnoreAuthErrors()) { logger.debug(e.getMessage()); throw UserException .permissionError(e) .message("Not authorized to list view tables in schema [%s]", getFullSchemaName()) .build(logger); } } catch (Exception e) { logger.warn("Failure while trying to list .view.drill files in workspace [{}]", getFullSchemaName(), e); } return viewSet; }
throw UserException.permissionError() .message("Not authorized to cancel the query '%s'", queryIdString) .build(logger);
if (!schemaConfig.getIgnoreAuthErrors()) { logger.debug(e.getMessage()); throw UserException.permissionError(e) .message("Not authorized to list or query tables in schema [%s]", getFullSchemaName()) .build(logger); if (!schemaConfig.getIgnoreAuthErrors()) { logger.debug(e.getMessage()); throw UserException.permissionError(e) .message("Not authorized to read view [%s] in schema [%s]", tableName, getFullSchemaName()) .build(logger);
throw UserException.permissionError() .message("Proxy user '%s' is not authorized to impersonate target user '%s'.", proxyName, targetName) .build(logger);
/** * Converts sql query string into query physical plan. * Catches various exceptions and converts them into user exception when possible. * * @param context query context * @param sql sql query * @param textPlan text plan * @return query physical plan */ public static PhysicalPlan getPlan(QueryContext context, String sql, Pointer<String> textPlan) throws ForemanSetupException { try { return convertPlan(context, sql, textPlan); } catch (ValidationException e) { String errorMessage = e.getCause() != null ? e.getCause().getMessage() : e.getMessage(); throw UserException.validationError(e) .message(errorMessage) .build(logger); } catch (AccessControlException e) { throw UserException.permissionError(e) .build(logger); } catch (SqlUnsupportedException e) { throw UserException.unsupportedError(e) .build(logger); } catch (IOException | RelConversionException e) { throw new QueryInputException("Failure handling SQL.", e); } }
if (!schemaConfig.getIgnoreAuthErrors()) { logger.debug(e.getMessage()); throw UserException.permissionError(e) .message("Not authorized to read table [%s] in schema [%s]", key, getFullSchemaName()) .build(logger);
ExecConstants.ADMIN_USERS_VALIDATOR.getAdminUsers(options), ExecConstants.ADMIN_USER_GROUPS_VALIDATOR.getAdminUserGroups(options))) { throw UserException.permissionError() .message("Not authorized to change SYSTEM options.") .build(logger);