phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ankitsinghal <...@git.apache.org>
Subject [GitHub] phoenix pull request #283: PHOENIX-672 Add GRANT and REVOKE commands using H...
Date Wed, 22 Nov 2017 07:10:47 GMT
Github user ankitsinghal commented on a diff in the pull request:

    https://github.com/apache/phoenix/pull/283#discussion_r152483142
  
    --- Diff: phoenix-core/src/main/java/org/apache/phoenix/schema/MetaDataClient.java ---
    @@ -4168,4 +4176,197 @@ public MutationState useSchema(UseSchemaStatement useSchemaStatement)
throws SQL
             }
             return new MutationState(0, 0, connection);
         }
    +
    +    public MutationState grantPermission(GrantStatement grantStatement) throws SQLException
{
    +
    +        StringBuffer grantPermLog = new StringBuffer();
    +        grantPermLog.append("Grant Permissions requested for user/group: " + grantStatement.getName());
    +        if (grantStatement.getSchemaName() != null) {
    +            grantPermLog.append(" for Schema: " + grantStatement.getSchemaName());
    +        } else if (grantStatement.getTableName() != null) {
    +            grantPermLog.append(" for Table: " + grantStatement.getTableName());
    +        }
    +        grantPermLog.append(" Permissions: " + Arrays.toString(grantStatement.getPermsList()));
    +        logger.info(grantPermLog.toString());
    +
    +        HConnection hConnection = connection.getQueryServices().getAdmin().getConnection();
    +
    +        try {
    +            if (grantStatement.getSchemaName() != null) {
    +                // SYSTEM.CATALOG doesn't have any entry for "default" HBase namespace,
hence we will bypass the check
    +                if(!grantStatement.getSchemaName().equals(QueryConstants.HBASE_DEFAULT_SCHEMA_NAME))
{
    +                    FromCompiler.getResolverForSchema(grantStatement.getSchemaName(),
connection);
    +                }
    +                grantPermissionsToSchema(hConnection, grantStatement);
    +
    +            } else if (grantStatement.getTableName() != null) {
    +                PTable inputTable = PhoenixRuntime.getTable(connection,
    +                        SchemaUtil.normalizeFullTableName(grantStatement.getTableName().toString()));
    +                if (!(PTableType.TABLE.equals(inputTable.getType()) || PTableType.SYSTEM.equals(inputTable.getType())))
{
    +                    throw new AccessDeniedException("Cannot GRANT permissions on INDEX
TABLES or VIEWS");
    +                }
    +                grantPermissionsToTables(hConnection, grantStatement, inputTable);
    +
    +            } else {
    +                grantPermissionsToUser(hConnection, grantStatement);
    --- End diff --
    
    If for some reason grant doesn't succeed for all the tables. so do we have plan to give
construct like "SHOW GRANTS" or something to the user to know what all grants are still there
for the user or on the table.


---

Mime
View raw message