Merge pull request #2807 from atlanhq/newauthz

Fix: Evaluator: CM permission always returns false
atlanhq · Jan 31, 2024 · c5de096 · c5de096
2 parents a55bf34 + 51df10d
commit c5de096
Showing 1 changed file with 16 additions and 11 deletions.
diff --git a/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java b/repository/src/main/java/org/apache/atlas/authorizer/authorizers/ListAuthorizer.java
@@ -254,19 +254,24 @@ public static List<Map<String, Object>> getDSLForResourcePoliciesPerPolicy(List<
         List<Map<String, Object>> shouldClauses = new ArrayList<>();
 
         for (RangerPolicy policy : policies) {
-            if (!policy.getResources().isEmpty() && "ENTITY".equals(policy.getPolicyResourceCategory())) {
-                List<String> entities = policy.getResources().get("entity").getValues();
-                List<String> entityTypesRaw = policy.getResources().get("entity-type").getValues();
+            if (!policy.getResources().isEmpty()) {
+                RangerPolicy.RangerPolicyResource resourceEntity = policy.getResources().get("entity");
+                RangerPolicy.RangerPolicyResource resourceTypes = policy.getResources().get("entity-type");
 
-                if (entities.contains("*") && entityTypesRaw.contains("*")) {
-                    shouldClauses.clear();
-                    shouldClauses.add(getMap("match_all", getMap("_name", policy.getGuid() + getPolicySuffix(policy))));
-                    break;
-                }
+                if (resourceEntity != null && resourceTypes != null) {
+                    List<String> entities = policy.getResources().get("entity").getValues();
+                    List<String> entityTypesRaw = policy.getResources().get("entity-type").getValues();
+
+                    if (entities.contains("*") && entityTypesRaw.contains("*")) {
+                        shouldClauses.clear();
+                        shouldClauses.add(getMap("match_all", getMap("_name", policy.getGuid() + getPolicySuffix(policy))));
+                        break;
+                    }
 
-                Map<String, Object> dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null,
-                        policy.getGuid() + getPolicySuffix(policy));
-                shouldClauses.add(dslForPolicyResources);
+                    Map<String, Object> dslForPolicyResources = getDSLForResources(entities, new HashSet<>(entityTypesRaw), null,
+                            policy.getGuid() + getPolicySuffix(policy));
+                    shouldClauses.add(dslForPolicyResources);
+                }
             }
         }
         return shouldClauses;