[geode] branch develop updated: GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809)

zhouxj Thu, 03 Dec 2020 22:42:08 -0800

This is an automated email from the ASF dual-hosted git repository.

zhouxj pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git



The following commit(s) were added to refs/heads/develop by this push:
     new 9ccef08  GEODE-8764: Lucene Functions should request data read 
permission only on the specified region (#5809)
9ccef08 is described below

commit 9ccef088ed5df32afaae1ceb7725be561544716d
Author: Xiaojian Zhou <gesterz...@users.noreply.github.com>
AuthorDate: Thu Dec 3 22:41:01 2020 -0800

    GEODE-8764: Lucene Functions should request data read permission only on 
the specified region (#5809)
---
 .../geode/cache/lucene/test/LuceneFunctionSecurityTest.java       | 8 ++++++--
 .../lucene/internal/distributed/IndexingInProgressFunction.java   | 4 ++--
 .../cache/lucene/internal/distributed/LuceneQueryFunction.java    | 4 ++--
 .../lucene/internal/distributed/WaitUntilFlushedFunction.java     | 4 ++--
 .../cache/lucene/internal/results/LuceneGetPageFunction.java      | 4 ++--
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git 
a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
 
b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
index a0448cf..39630de 100644
--- 
a/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
+++ 
b/geode-lucene/src/integrationTest/java/org/apache/geode/cache/lucene/test/LuceneFunctionSecurityTest.java
@@ -86,8 +86,12 @@ public class LuceneFunctionSecurityTest {
     for (Function function : functions) {
       Collection<ResourcePermission> permissions = function
           .getRequiredPermissions(REGION_NAME);
-      if (permissions.contains(ResourcePermissions.DATA_READ)) {
-        functionsWithDataRead.add(function);
+      for (ResourcePermission permission : permissions) {
+        if (permission.getResource().equals(ResourcePermission.Resource.DATA)
+            && 
permission.getOperation().equals(ResourcePermission.Operation.READ)) {
+          functionsWithDataRead.add(function);
+          break;
+        }
       }
     }
   }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
index 33f1973..c1ba4abd 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/IndexingInProgressFunction.java
@@ -27,7 +27,6 @@ import org.apache.geode.cache.lucene.LuceneIndex;
 import org.apache.geode.cache.lucene.LuceneService;
 import org.apache.geode.cache.lucene.LuceneServiceProvider;
 import org.apache.geode.internal.cache.execute.InternalFunction;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 public class IndexingInProgressFunction implements InternalFunction<Object> {
@@ -68,6 +67,7 @@ public class IndexingInProgressFunction implements 
InternalFunction<Object> {
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
index 590034b..8fdf881 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/LuceneQueryFunction.java
@@ -53,7 +53,6 @@ import 
org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetE
 import 
org.apache.geode.internal.cache.execute.PartitionedRegionFunctionResultSender;
 import org.apache.geode.internal.serialization.KnownVersion;
 import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 /**
@@ -235,6 +234,7 @@ public class LuceneQueryFunction implements 
InternalFunction<LuceneFunctionConte
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
index 7d8281c..4d2146c 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/distributed/WaitUntilFlushedFunction.java
@@ -27,7 +27,6 @@ import org.apache.geode.cache.execute.RegionFunctionContext;
 import org.apache.geode.cache.execute.ResultSender;
 import org.apache.geode.cache.lucene.internal.LuceneServiceImpl;
 import org.apache.geode.internal.cache.execute.InternalFunction;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 /**
@@ -85,6 +84,7 @@ public class WaitUntilFlushedFunction implements 
InternalFunction<Object> {
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }
diff --git 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
index d05c0ac..4ce7046 100644
--- 
a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
+++ 
b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/results/LuceneGetPageFunction.java
@@ -33,7 +33,6 @@ import org.apache.geode.internal.cache.Token;
 import org.apache.geode.internal.cache.execute.InternalFunction;
 import 
org.apache.geode.internal.cache.execute.InternalFunctionInvocationTargetException;
 import org.apache.geode.logging.internal.log4j.api.LogService;
-import org.apache.geode.management.internal.security.ResourcePermissions;
 import org.apache.geode.security.ResourcePermission;
 
 /**
@@ -93,6 +92,7 @@ public class LuceneGetPageFunction implements 
InternalFunction<Object> {
 
   @Override
   public Collection<ResourcePermission> getRequiredPermissions(String 
regionName) {
-    return Collections.singletonList(ResourcePermissions.DATA_READ);
+    return Collections.singletonList(new 
ResourcePermission(ResourcePermission.Resource.DATA,
+        ResourcePermission.Operation.READ, regionName));
   }
 }

[geode] branch develop updated: GEODE-8764: Lucene Functions should request data read permission only on the specified region (#5809)

Reply via email to