-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74850/
-----------------------------------------------------------
Review request for ranger, Anand Nadar, Ankita Sinha, Madhan Neethiraj, Monika
Kachhadiya, Prashant Satam, and Siddhesh Phatak.
Bugs: RANGER-4669
https://issues.apache.org/jira/browse/RANGER-4669
Repository: ranger
Description
-------
When dataset is shared with a user nested in a role i.e. user < group < role,
and the user calls get dataset API with sharedWithMe=true, the dataset is not
returned in response. To fix this, we are getting the roles associated with the
groups associated with the calling user and updating the list of roles
associated with a user, before the list of role is checked with roles in the
policy item.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java 69b43f2dc
security-admin/src/main/java/org/apache/ranger/biz/GdsPolicyAdminCache.java
97d4b2579
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDBProvider.java
30d231797
security-admin/src/main/java/org/apache/ranger/validation/RangerGdsValidationDataProvider.java
2c8721e1e
Diff: https://reviews.apache.org/r/74850/diff/1/
Testing
-------
Validated following cases for get dataset API - /gds/dataset?sharedWithMe=true:
1. Dataset shared with group (associated with calling user) is returned in
response.
2. Dataset shared with role (associated with calling group in case 1) is
returned in response.
3. Dataset shared with public group (not directly shared with user/group/role
of the calling user) is returned in response.
Validated all junits are passing.
Thanks,
Subhrat Chaudhary
