@Override public Response<Set<TSentryRole>> handle() throws Exception { validateClientVersion(request.getProtocol_version()); Set<String> groups = getRequestorGroups(conf, request.getRequestorUserName()); if (!AccessConstants.ALL.equalsIgnoreCase(request.getGroupName())) { boolean admin = inAdminGroups(groups); //Only admin users can list all roles in the system ( groupname = null) //Non admin users are only allowed to list only groups which they belong to if(!admin && (request.getGroupName() == null || !groups.contains(request.getGroupName()))) { throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName()); } groups.clear(); groups.add(request.getGroupName()); } Set<String> roleNames = store.getRolesByGroups(request.getComponent(), groups); Set<TSentryRole> tSentryRoles = Sets.newHashSet(); for (String roleName : roleNames) { Set<String> groupsForRoleName = store.getGroupsByRoles(request.getComponent(), Sets.newHashSet(roleName)); tSentryRoles.add(new TSentryRole(roleName, groupsForRoleName)); } return new Response<Set<TSentryRole>>(Status.OK(), tSentryRoles); } });
@Override public Response<Set<TSentryPrivilege>> handle() throws Exception { validateClientVersion(request.getProtocol_version()); Set<String> groups = getRequestorGroups(conf, request.getRequestorUserName()); if (!inAdminGroups(groups)) { Set<String> roleNamesForGroups = toTrimmedLower(store.getRolesByGroups(request.getComponent(), groups)); if (!roleNamesForGroups.contains(toTrimmedLower(request.getRoleName()))) { throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName()); } } Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(), request.getServiceName(), Sets.newHashSet(request.getRoleName()), null, toAuthorizables(request.getAuthorizables())); Set<TSentryPrivilege> tSentryPrivileges = Sets.newHashSet(); for (PrivilegeObject privilege : privileges) { tSentryPrivileges.add(fromPrivilegeObject(privilege)); } return new Response<Set<TSentryPrivilege>>(Status.OK(), tSentryPrivileges); } });
@Override public Response<Set<TSentryPrivilege>> handle() throws Exception { validateClientVersion(request.getProtocol_version()); Set<String> groups = getRequestorGroups(conf, request.getRequestorUserName()); if (!inAdminGroups(groups)) { Set<String> roleNamesForGroups = toTrimmedLower(store.getRolesByGroups(request.getComponent(), groups)); if (!roleNamesForGroups.contains(toTrimmedLower(request.getRoleName()))) { throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName()); } } Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(), request.getServiceName(), Sets.newHashSet(request.getRoleName()), null, toAuthorizables(request.getAuthorizables())); Set<TSentryPrivilege> tSentryPrivileges = Sets.newHashSet(); for (PrivilegeObject privilege : privileges) { tSentryPrivileges.add(fromPrivilegeObject(privilege)); } return new Response<Set<TSentryPrivilege>>(Status.OK(), tSentryPrivileges); } });
@Override public Response<Set<String>> handle() throws Exception { validateClientVersion(request.getProtocol_version()); Set<String> activeRoleNames = toTrimmedLower(request.getRoleSet().getRoles()); Set<String> roleNamesForGroups = store.getRolesByGroups(request.getComponent(), request.getGroups()); Set<String> rolesToQuery = request.getRoleSet().isAll() ? roleNamesForGroups : Sets.intersection(activeRoleNames, roleNamesForGroups); Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(), request.getServiceName(), rolesToQuery, null, toAuthorizables(request.getAuthorizables())); return new Response<Set<String>>(Status.OK(), buildPermissions(privileges)); } });
@Override public Response<Set<String>> handle() throws Exception { validateClientVersion(request.getProtocol_version()); Set<String> activeRoleNames = toTrimmedLower(request.getRoleSet().getRoles()); Set<String> roleNamesForGroups = store.getRolesByGroups(request.getComponent(), request.getGroups()); Set<String> rolesToQuery = request.getRoleSet().isAll() ? roleNamesForGroups : Sets.intersection(activeRoleNames, roleNamesForGroups); Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(), request.getServiceName(), rolesToQuery, null, toAuthorizables(request.getAuthorizables())); return new Response<Set<String>>(Status.OK(), buildPermissions(privileges)); } });
Set<String> grantedRoles = toTrimmedLower(store.getRolesByGroups(request.getComponent(), requestedGroups)); Set<String> activeRoleNames = toTrimmedLower(activeRoleSet.getRoles()); validActiveRoles.addAll(activeRoleSet.isAll() ? allRoles : Sets.intersection(activeRoleNames, allRoles)); } else { Set<String> requestedRoles = toTrimmedLower(store.getRolesByGroups(request.getComponent(), requestedGroups)); validActiveRoles.addAll(activeRoleSet.isAll() ? allRoles : Sets.intersection(activeRoleNames, requestedRoles));
Set<String> grantedRoles = toTrimmedLower(store.getRolesByGroups(request.getComponent(), requestedGroups)); requestedRoles = toTrimmedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
mSentryGMPrivilege.setRoles(Sets.newHashSet(role)); Mockito.when(mockStore.getRolesByGroups(anyString(), anySetOf(String.class))) .thenReturn(Sets.newHashSet(roleName));
mSentryGMPrivilege.setRoles(Sets.newHashSet(role)); Mockito.when(mockStore.getRolesByGroups(anyString(), anySetOf(String.class))) .thenReturn(Sets.newHashSet(roleName));