phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ankitsinghal <...@git.apache.org>
Subject [GitHub] phoenix pull request #283: PHOENIX-672 Add GRANT and REVOKE commands using H...
Date Wed, 22 Nov 2017 06:40:23 GMT
Github user ankitsinghal commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/283#discussion_r152479671
  
    --- Diff: phoenix-core/src/main/java/org/apache/phoenix/schema/MetaDataClient.java ---
    @@ -4168,4 +4176,197 @@ public MutationState useSchema(UseSchemaStatement useSchemaStatement)
throws SQL
             }
             return new MutationState(0, 0, connection);
         }
    +
    +    public MutationState grantPermission(GrantStatement grantStatement) throws SQLException
{
    +
    +        StringBuffer grantPermLog = new StringBuffer();
    +        grantPermLog.append("Grant Permissions requested for user/group: " + grantStatement.getName());
    +        if (grantStatement.getSchemaName() != null) {
    +            grantPermLog.append(" for Schema: " + grantStatement.getSchemaName());
    +        } else if (grantStatement.getTableName() != null) {
    +            grantPermLog.append(" for Table: " + grantStatement.getTableName());
    +        }
    +        grantPermLog.append(" Permissions: " + Arrays.toString(grantStatement.getPermsList()));
    +        logger.info(grantPermLog.toString());
    +
    +        HConnection hConnection = connection.getQueryServices().getAdmin().getConnection();
    +
    +        try {
    +            if (grantStatement.getSchemaName() != null) {
    +                // SYSTEM.CATALOG doesn't have any entry for "default" HBase namespace,
hence we will bypass the check
    +                if(!grantStatement.getSchemaName().equals(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME))
{
    +                    FromCompiler.getResolverForSchema(grantStatement.getSchemaName(),
connection);
    +                }
    +                grantPermissionsToSchema(hConnection, grantStatement);
    +
    +            } else if (grantStatement.getTableName() != null) {
    +                PTable inputTable = PhoenixRuntime.getTable(connection,
    +                        SchemaUtil.normalizeFullTableName(grantStatement.getTableName().toString()));
    +                if (!(PTableType.TABLE.equals(inputTable.getType()) || PTableType.SYSTEM.equals(inputTable.getType())))
{
    +                    throw new AccessDeniedException("Cannot GRANT permissions on INDEX
TABLES or VIEWS");
    +                }
    +                grantPermissionsToTables(hConnection, grantStatement, inputTable);
    +
    +            } else {
    +                grantPermissionsToUser(hConnection, grantStatement);
    +            }
    +
    +        } catch (SQLException e) {
    +            // Bubble up the SQL Exception
    +            throw e;
    +        } catch (Throwable throwable) {
    +            // Wrap around other exceptions to PhoenixIOException (Ex: org.apache.hadoop.hbase.security.AccessDeniedException)
    +            throw ServerUtil.parseServerException(throwable);
    +        }
    +
    +        return new MutationState(0, 0, connection);
    +    }
    +
    +    private void grantPermissionsToTables(HConnection hConnection, GrantStatement grantStatement,
PTable inputTable) throws Throwable {
    +
    +        org.apache.hadoop.hbase.TableName tableName = SchemaUtil.getPhysicalTableName
    +                (inputTable.getName().getBytes(), inputTable.isNamespaceMapped());
    +
    +        grantPermissionsToTable(hConnection, grantStatement, tableName);
    +
    +        for(PTable indexTable : inputTable.getIndexes()) {
    +            // Local Indexes don't correspond to new physical table, they are just stored
in separate CF of base table.
    +            if(indexTable.getIndexType().equals(IndexType.LOCAL)) {
    +                continue;
    +            }
    +            logger.info("Granting " + Arrays.toString(grantStatement.getPermsList())
+
    +                    " perms to IndexTable: " + indexTable.getName() + " BaseTable: "
+ inputTable.getName());
    +            if (inputTable.isNamespaceMapped() != indexTable.isNamespaceMapped()) {
    +                throw new TablesNotInSyncException(inputTable.getTableName().getString(),
    +                        indexTable.getTableName().getString(), "Namespace properties");
    +            }
    +            tableName = SchemaUtil.getPhysicalTableName(indexTable.getName().getBytes(),
indexTable.isNamespaceMapped());
    +            grantPermissionsToTable(hConnection, grantStatement, tableName);
    --- End diff --
    
    you can have a common method to give you set of physical tables on which revoke and grant
is required.


---

Mime
View raw message