diff --git a/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java b/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java index 820e4e2f67..c3c4512eed 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/hooks/Entity.java @@ -76,6 +76,11 @@ private String stringObject; /** + * The class name for a function + */ + private String className; + + /** * This is derived from t and p, but we need to serialize this field to make * sure Entity.hashCode() does not need to recursively read into t and p. */ @@ -139,6 +144,14 @@ public void setD(Path d) { this.d = d; } + public String getClassName() { + return this.className; + } + + public void setClassName(String className) { + this.className = className; + } + public String getFunctionName() { if (typ == Type.FUNCTION) { return stringObject; @@ -254,15 +267,17 @@ public Entity(Path d, boolean islocal, boolean complete) { * Create an entity representing a object with given name, database namespace and type * @param database - database namespace * @param strObj - object name as string + * @param className - function class name * @param type - the entity type. this constructor only supports FUNCTION type currently */ - public Entity(Database database, String strObj, Type type) { + public Entity(Database database, String strObj, String className, Type type) { if (type != Type.FUNCTION) { throw new IllegalArgumentException("This constructor is supported only for type:" + Type.FUNCTION); } this.database = database; this.stringObject = strObj; + this.className = className; this.typ = type; this.complete = true; name = computeName(); diff --git a/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java b/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java index 4707c4d1bb..a0eae96c0a 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/hooks/WriteEntity.java @@ -87,11 +87,12 @@ public WriteEntity(Table t, WriteType type, boolean complete) { * Currently applicable only for function names. * @param db * @param objName + * @param className * @param type * @param writeType */ - public WriteEntity(Database db, String objName, Type type, WriteType writeType) { - super(db, objName, type); + public WriteEntity(Database db, String objName, String className, Type type, WriteType writeType) { + super(db, objName, className, type); this.writeType = writeType; } diff --git a/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java b/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java index c5380750f2..6c03cbfa48 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/parse/FunctionSemanticAnalyzer.java @@ -20,7 +20,6 @@ import java.util.ArrayList; import java.util.List; -import org.apache.parquet.Log; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.apache.hadoop.hive.conf.HiveConf; @@ -89,7 +88,7 @@ private void analyzeCreateFunction(ASTNode ast) throws SemanticException { new CreateFunctionDesc(functionName, isTemporaryFunction, className, resources, null); rootTasks.add(TaskFactory.get(new FunctionWork(desc), conf)); - addEntities(functionName, isTemporaryFunction, resources); + addEntities(functionName, className, isTemporaryFunction, resources); } private void analyzeDropFunction(ASTNode ast) throws SemanticException { @@ -117,7 +116,7 @@ private void analyzeDropFunction(ASTNode ast) throws SemanticException { DropFunctionDesc desc = new DropFunctionDesc(functionName, isTemporaryFunction, null); rootTasks.add(TaskFactory.get(new FunctionWork(desc), conf)); - addEntities(functionName, isTemporaryFunction, null); + addEntities(functionName, info.getClassName(), isTemporaryFunction, null); } private ResourceType getResourceType(ASTNode token) throws SemanticException { @@ -163,7 +162,7 @@ private ResourceType getResourceType(ASTNode token) throws SemanticException { /** * Add write entities to the semantic analyzer to restrict function creation to privileged users. */ - private void addEntities(String functionName, boolean isTemporaryFunction, + private void addEntities(String functionName, String className, boolean isTemporaryFunction, List resources) throws SemanticException { // If the function is being added under a database 'namespace', then add an entity representing // the database (only applicable to permanent/metastore functions). @@ -192,7 +191,7 @@ private void addEntities(String functionName, boolean isTemporaryFunction, } // Add the function name as a WriteEntity - outputs.add(new WriteEntity(database, functionName, Type.FUNCTION, + outputs.add(new WriteEntity(database, functionName, className, Type.FUNCTION, WriteEntity.WriteType.DDL_NO_LOCK)); if (resources != null) { diff --git a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java index 570571b274..bf8603482e 100644 --- a/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java +++ b/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveAuthorizerImpl.java @@ -84,6 +84,10 @@ public void revokeRole(List hivePrincipals, List roles, public void checkPrivileges(HiveOperationType hiveOpType, List inputHObjs, List outputHObjs, HiveAuthzContext context) throws HiveAuthzPluginException, HiveAccessControlException { + if (inputHObjs.isEmpty() && outputHObjs.isEmpty()) { + return; + } + authValidator.checkPrivileges(hiveOpType, inputHObjs, outputHObjs, context); }