----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/57519/ -----------------------------------------------------------
Review request for ranger and Colm O hEigeartaigh. Repository: ranger Description ------- The fix of Ranger-1095 set the initial value of "denied" to "true" from the previous "false". One impact of this change is that, when context.getCollectionRequests() is empty which could be the case in many invocations Solr makes to Ranger on authorization per client request, the permission is plainly denied without going to Ranger policy engine. So the fix changed the default behavior related to "denied". A proper fix of Ranger-1095 IMO should be just to set the "denied" to "true" in the catch block without changing the initial value of the variable. Diffs ----- plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java 6160438 Diff: https://reviews.apache.org/r/57519/diff/1/ Testing ------- manual unit Thanks, Yan Zhou