Skip to content

Commit

Permalink
Reorder methods in SqlStandardAccessControl
Browse files Browse the repository at this point in the history 
Extracted-From: prestodb/presto#10904
  • Loading branch information
@sopel39
Andrii Rosa authored and sopel39 committed Jan 29, 2019
1 parent 26b421a commit 31e9d26
Showing 1 changed file with 42 additions and 42 deletions.
84 changes: 42 additions & 42 deletions presto-hive/src/main/java/io/prestosql/plugin/hive/security/SqlStandardAccessControl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,20 +325,6 @@ public void checkCanSetRole(ConnectorTransactionHandle transaction, ConnectorIde
}
}

private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Set<String> roles)
{
if (isAdmin(transaction, identity)) {
return true;
}
SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
Set<RoleGrant> grants = listApplicableRoles(new PrestoPrincipal(USER, identity.getUser()), metastore::listRoleGrants);
Set<String> rolesWithGrantOption = grants.stream()
.filter(RoleGrant::isGrantable)
.map(RoleGrant::getRoleName)
.collect(toSet());
return rolesWithGrantOption.containsAll(roles);
}

@Override
public void checkCanShowRoles(ConnectorTransactionHandle transactionHandle, ConnectorIdentity identity, String catalogName)
{
Expand All @@ -357,15 +343,35 @@ public void checkCanShowRoleGrants(ConnectorTransactionHandle transactionHandle,
{
}

private boolean getGrantOptionForPrivilege(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Privilege privilege, SchemaTableName tableName)
private boolean isAdmin(ConnectorTransactionHandle transaction, ConnectorIdentity identity)
{
SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
return listApplicableTablePrivileges(
metastore,
tableName.getSchemaName(),
tableName.getTableName(),
new PrestoPrincipal(USER, identity.getUser()))
.contains(new HivePrivilegeInfo(toHivePrivilege(privilege), true));
return listApplicableRoles(metastore, new PrestoPrincipal(USER, identity.getUser())).contains(ADMIN_ROLE_NAME);
}

private boolean isDatabaseOwner(ConnectorTransactionHandle transaction, ConnectorIdentity identity, String databaseName)
{
// all users are "owners" of the default database
if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(databaseName)) {
return true;
}

SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
Optional<Database> databaseMetadata = metastore.getDatabase(databaseName);
if (!databaseMetadata.isPresent()) {
return false;
}

Database database = databaseMetadata.get();

// a database can be owned by a user or role
if (database.getOwnerType() == USER && identity.getUser().equals(database.getOwnerName())) {
return true;
}
if (database.getOwnerType() == ROLE && listApplicableRoles(metastore, new PrestoPrincipal(USER, identity.getUser())).contains(database.getOwnerName())) {
return true;
}
return false;
}

private boolean checkTablePermission(ConnectorTransactionHandle transaction, ConnectorIdentity identity, SchemaTableName tableName, HivePrivilege... requiredPrivileges)
Expand All @@ -390,34 +396,28 @@ private boolean checkTablePermission(ConnectorTransactionHandle transaction, Con
return privilegeSet.containsAll(ImmutableSet.copyOf(requiredPrivileges));
}

private boolean isAdmin(ConnectorTransactionHandle transaction, ConnectorIdentity identity)
private boolean getGrantOptionForPrivilege(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Privilege privilege, SchemaTableName tableName)
{
SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
return listApplicableRoles(metastore, new PrestoPrincipal(USER, identity.getUser())).contains(ADMIN_ROLE_NAME);
return listApplicableTablePrivileges(
metastore,
tableName.getSchemaName(),
tableName.getTableName(),
new PrestoPrincipal(USER, identity.getUser()))
.contains(new HivePrivilegeInfo(toHivePrivilege(privilege), true));
}

private boolean isDatabaseOwner(ConnectorTransactionHandle transaction, ConnectorIdentity identity, String databaseName)
private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, Set<String> roles)
{
// all users are "owners" of the default database
if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(databaseName)) {
if (isAdmin(transaction, identity)) {
return true;
}

SemiTransactionalHiveMetastore metastore = metastoreProvider.apply(((HiveTransactionHandle) transaction));
Optional<Database> databaseMetadata = metastore.getDatabase(databaseName);
if (!databaseMetadata.isPresent()) {
return false;
}

Database database = databaseMetadata.get();

// a database can be owned by a user or role
if (database.getOwnerType() == USER && identity.getUser().equals(database.getOwnerName())) {
return true;
}
if (database.getOwnerType() == ROLE && listApplicableRoles(metastore, new PrestoPrincipal(USER, identity.getUser())).contains(database.getOwnerName())) {
return true;
}
return false;
Set<RoleGrant> grants = listApplicableRoles(new PrestoPrincipal(USER, identity.getUser()), metastore::listRoleGrants);
Set<String> rolesWithGrantOption = grants.stream()
.filter(RoleGrant::isGrantable)
.map(RoleGrant::getRoleName)
.collect(toSet());
return rolesWithGrantOption.containsAll(roles);
}
}

0 comments on commit 31e9d26

Please sign in to comment.