WHBANG opened a new pull request, #1518: URL: https://github.com/apache/incubator-pegasus/pull/1518
### What problem does this PR solve? <!--add issue link with summary if exists--> https://github.com/apache/incubator-pegasus/issues/1054 ### What is changed and how does it work? This patch fixes the judgment logic when ranger matches policies: 1. Traverse all resource policies 1.1. If the current policy matches deny_condition 1.1.1. does not match any deny_exclude, returns kDenied, and the traversal ends 1.1.2. A deny_exclude is matched, return kPending, and continue to the next policy judgment 1.2. No policy is matched or the return value is kPending, enter 2 2. Traverse all resource policies again 2.1. If the current policy matches allow_condition 2.1.1. does not match any allow_exclude, returns kAllowed, and the traversal ends 2.1.2. An allow_exclude is matched, return kPending, and continue to the next policy judgment 2.2 If the return value is kPending, it will return kDenied 3. dose not match any policy, return kDenied  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
