atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Madhan Neethiraj <mad...@apache.org>
Subject Review Request 67716: ATLAS-2765: updated authorization model to scrub search-result (clear entity-attributes, classifications) for entities the user doesn't have read access to
Date Sun, 24 Jun 2018 04:34:58 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67716/
-----------------------------------------------------------

Review request for atlas, Abhishek Kadam, Apoorv Naik, Ashutosh Mestry, keval bhatt, Nixon
Rodrigues, and Sarath Subramanian.


Bugs: ATLAS-2765
    https://issues.apache.org/jira/browse/ATLAS-2765


Repository: atlas


Description
-------

- updated authorization model to scrub search-result (clear entity-attributes, classifications)
for entities the user doesn't have read access to
- updated APIs that retrieve entity classifications to require entity-read permission, instead
of entity-read-classification permission.


Diffs
-----

  authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java cc5db2ff9

  authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java 285e0f6a0 
  authorization/src/main/java/org/apache/atlas/authorize/AtlasNoneAuthorizer.java 06ae6004b

  authorization/src/main/java/org/apache/atlas/authorize/AtlasSearchResultScrubRequest.java
PRE-CREATION 
  authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasSimpleAuthorizer.java
fd5885898 
  repository/src/main/java/org/apache/atlas/discovery/EntityDiscoveryService.java 9d0cc9dc7

  repository/src/main/java/org/apache/atlas/glossary/GlossaryService.java fb26598b2 
  repository/src/main/java/org/apache/atlas/repository/store/graph/v2/AtlasEntityStoreV2.java
40593be76 


Diff: https://reviews.apache.org/r/67716/diff/1/


Testing
-------

- verified that entity-attributes and classifications in the search-result are cleared for
entities the user doesn't have read access to


Thanks,

Madhan Neethiraj


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message