Fix listing privileges of tables owned by an user

Currently Presto shows that the owner of a table has ALL privileges, even after some privileges are revoked. This commit fixes this issue by listing only privileges actually present in the metastore. Extracted-From: prestodb/presto#10904
trinodb · Jan 29, 2019 · fb93b6e · fb93b6e
1 parent 1d11c06
commit fb93b6e
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/HivePrivilegeInfo.java b/presto-hive/src/main/java/io/prestosql/plugin/hive/metastore/HivePrivilegeInfo.java
@@ -110,9 +110,7 @@ public Set<PrivilegeInfo> toPrivilegeInfo()
             case UPDATE:
                 return ImmutableSet.of(new PrivilegeInfo(Privilege.UPDATE, isGrantOption()));
             case OWNERSHIP:
-                return ImmutableSet.copyOf(Arrays.stream(Privilege.values())
-                        .map(privilege -> new PrivilegeInfo(privilege, Boolean.TRUE))
-                        .collect(Collectors.toSet()));
+                return ImmutableSet.of();
             default:
                 throw new IllegalArgumentException("Unsupported hivePrivilege: " + hivePrivilege);
         }

diff --git a/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java b/presto-product-tests/src/main/java/io/prestosql/tests/hive/TestRoles.java
@@ -244,6 +244,32 @@ public void testRevokeRoleFromRole()
                         row("alice", "USER", "role1", "NO"));
     }
 
+    @Test(groups = {ROLES, AUTHORIZATION, PROFILE_SPECIFIC_TESTS})
+    public void testRevokeRoleFromOwner()
+    {
+        try {
+            onPrestoAlice().executeQuery("CREATE TABLE hive.default.test_table (foo BIGINT)");
+            QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table"))
+                    .containsOnly(ImmutableList.of(
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "SELECT", "YES", null),
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "DELETE", "YES", null),
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "UPDATE", "YES", null),
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "INSERT", "YES", null)));
+
+            onPresto().executeQuery("REVOKE SELECT ON hive.default.test_table FROM USER alice");
+
+            // now there should be no SELECT privileges shown even though alice has OWNERSHIP
+            QueryAssert.assertThat(onPrestoAlice().executeQuery("SHOW GRANTS ON hive.default.test_table"))
+                    .containsOnly(ImmutableList.of(
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "DELETE", "YES", null),
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "UPDATE", "YES", null),
+                            row("alice", "USER", "alice", "USER", "hive", "default", "test_table", "INSERT", "YES", null)));
+        }
+        finally {
+            onPrestoAlice().executeQuery("DROP TABLE hive.default.test_table");
+        }
+    }
+
     @Test(groups = {ROLES, AUTHORIZATION, PROFILE_SPECIFIC_TESTS})
     public void testDropGrantedRole()
     {