This is an automated email from the ASF dual-hosted git repository. zhouxj pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push: new 9ccef08 GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809) 9ccef08 is described below commit 9ccef088ed5df32afaae1ceb7725be561544716d Author: Xiaojian Zhou <gesterz...@users.noreply.github.com> AuthorDate: Thu Dec 3 22:41:01 2020 -0800 GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809) --- .../geode/cache/lucene/test/LuceneFunctionSecurityTest.java | 8 ++++++-- .../lucene/internal/distributed/IndexingInProgressFunction.java | 4 ++-- .../cache/lucene/internal/distributed/LuceneQueryFunction.java | 4 ++-- .../lucene/internal/distributed/WaitUntilFlushedFunction.java | 4 ++-- .../cache/lucene/internal/results/LuceneGetPageFunction.java | 4 ++-- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java index a0448cf..39630de 100644 --- a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java +++ b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java @@ -86,8 +86,12 @@ public class LuceneFunctionSecurityTest { for (Function function : functions) { Collection<ResourcePermission> permissions = function .getRequiredPermissions(REGION_NAME); - if (permissions.contains(ResourcePermissions.DATA_READ)) { - functionsWithDataRead.add(function); + for (ResourcePermission permission : permissions) { + if (permission.getResource().equals(ResourcePermission.Resource.DATA) + && permission.getOperation().equals(ResourcePermission.Operation.READ)) { + functionsWithDataRead.add(function); + break; + } } } } diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java index 33f1973..c1ba4abd 100644 --- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java +++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java @@ -27,7 +27,6 @@ import org.apache.geode.cache.lucene.LuceneIndex; import org.apache.geode.cache.lucene.LuceneService; import org.apache.geode.cache.lucene.LuceneServiceProvider; import org.apache.geode.internal.cache.execute.InternalFunction; -import org.apache.geode.management.internal.security.ResourcePermissions; import org.apache.geode.security.ResourcePermission; public class IndexingInProgressFunction implements InternalFunction<Object> { @@ -68,6 +67,7 @@ public class IndexingInProgressFunction implements InternalFunction<Object> { @Override public Collection<ResourcePermission> getRequiredPermissions(String regionName) { - return Collections.singletonList(ResourcePermissions.DATA_READ); + return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ, regionName)); } } diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java index 590034b..8fdf881 100644 --- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java +++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java @@ -53,7 +53,6 @@ import org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetE import org.apache.geode.internal.cache.execute.PartitionedRegionFunctionResultSender; import org.apache.geode.internal.serialization.KnownVersion; import org.apache.geode.logging.internal.log4j.api.LogService; -import org.apache.geode.management.internal.security.ResourcePermissions; import org.apache.geode.security.ResourcePermission; /** @@ -235,6 +234,7 @@ public class LuceneQueryFunction implements InternalFunction<LuceneFunctionConte @Override public Collection<ResourcePermission> getRequiredPermissions(String regionName) { - return Collections.singletonList(ResourcePermissions.DATA_READ); + return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ, regionName)); } } diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java index 7d8281c..4d2146c 100644 --- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java +++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java @@ -27,7 +27,6 @@ import org.apache.geode.cache.execute.RegionFunctionContext; import org.apache.geode.cache.execute.ResultSender; import org.apache.geode.cache.lucene.internal.LuceneServiceImpl; import org.apache.geode.internal.cache.execute.InternalFunction; -import org.apache.geode.management.internal.security.ResourcePermissions; import org.apache.geode.security.ResourcePermission; /** @@ -85,6 +84,7 @@ public class WaitUntilFlushedFunction implements InternalFunction<Object> { @Override public Collection<ResourcePermission> getRequiredPermissions(String regionName) { - return Collections.singletonList(ResourcePermissions.DATA_READ); + return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ, regionName)); } } diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java index d05c0ac..4ce7046 100644 --- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java +++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java @@ -33,7 +33,6 @@ import org.apache.geode.internal.cache.Token; import org.apache.geode.internal.cache.execute.InternalFunction; import org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException; import org.apache.geode.logging.internal.log4j.api.LogService; -import org.apache.geode.management.internal.security.ResourcePermissions; import org.apache.geode.security.ResourcePermission; /** @@ -93,6 +92,7 @@ public class LuceneGetPageFunction implements InternalFunction<Object> { @Override public Collection<ResourcePermission> getRequiredPermissions(String regionName) { - return Collections.singletonList(ResourcePermissions.DATA_READ); + return Collections.singletonList(new ResourcePermission(ResourcePermission.Resource.DATA, + ResourcePermission.Operation.READ, regionName)); } }