> On Sept. 18, 2023, 9:55 p.m., Madhan Neethiraj wrote: > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java > > Lines 1783 (patched) > > <https://reviews.apache.org/r/74609/diff/3/?file=2279798#file2279798line1783> > > > > Can this validation/rewrite be moved out of RangerPolicy class i.e., > > outside of org.apache.ranger.plugin.model package contents. Classes in this > > package are used in REST API serialization/deserialization, hence prefer to > > only have simple get/set methods. > > > > Also, given "[[...]]" is handled in > > RangerRequestScriptEvaluator.evaluateScript(), are these updates in > > RangerPolicy necessary? > > Barbara Eckman wrote: > In my experience, with row filters, using > RangerRequestScriptEvaluator.evaluateScript() alone strips out part of the > policy condition. I'm happy to move it out of RangerPolicy class,though. > Perhaps we can have a call to discuss.
Please ignore the request for a call. More depth of explanation: RangerRequestScriptEvaluator.evaluateScript() understands the script as "USER.partner", and returns the condition as "[["comcast,xglobal,cox"]].includes(jsonAttr.partner)". I can't call replaceDoubleBrackets() in my RecordFilterJavaScript class because by this time the delimiter is part of what needs to be matched, and comma isn't allowed by the regex. I've moved the hasDoubleBrackets() handling for row filters to RangerDefaultRowFilterPolicyItemEvaluator(). It works great now, and this should be a more reasonable place than in the model. Policy Condition: "RangerRequestScriptEvaluator.evaluateScript() - Barbara ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74609/#review225769 ----------------------------------------------------------- On Sept. 18, 2023, 8:36 p.m., Barbara Eckman wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74609/ > ----------------------------------------------------------- > > (Updated Sept. 18, 2023, 8:36 p.m.) > > > Review request for ranger and madhan. > > > Repository: ranger > > > Description > ------- > > RANGER-4234: Eliminate need for splitting delimited strings into arrays in > policy conditions > > > Diffs > ----- > > agents-common/dev-support/spotbugsIncludeFile.xml PRE-CREATION > agents-common/pom.xml b753c1368 > > agents-common/src/main/java/org/apache/ranger/plugin/model/RangerPolicy.java > 9e5a94b1a > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerRequestScriptEvaluator.java > 7ac20764f > > agents-common/src/main/java/org/apache/ranger/plugin/util/JavaScriptEdits.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/74609/diff/3/ > > > Testing > ------- > > > File Attachments > ---------------- > > 0001-doubleBracketsReplace-stuff.patch > > https://reviews.apache.org/media/uploaded/files/2023/09/18/fe38eef9-22e6-4c91-85a0-46fe337ba87b__0001-doubleBracketsReplace-stuff.patch > 0001-doubleBracketsReplace-stuff.patch > > https://reviews.apache.org/media/uploaded/files/2023/09/18/062f1050-96d7-4ed0-9008-fd65311ea7b0__0001-doubleBracketsReplace-stuff.patch > > > Thanks, > > Barbara Eckman > >
