RANGER-4722: HDFS authorization logic for directory hierarchy rooted at '/' is incorrect

commit: c4f6cc3951f979c4ae5859fbeaf1be5fe945b12d [log] [tgz]
author: Abhay Kulkarni <abhay@apache.org> Tue Feb 20 14:36:09 2024 -0800
committer: Abhay Kulkarni <abhay@apache.org> Wed Feb 21 12:34:20 2024 -0800
tree: eef53c0e2c8a8190d3d4bc875c6b69378c3d809b
parent: 4280c517c1e26009a01e30acc55a7de54cf5f7c1 [diff]
diff --git a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
index 9b1279b..9b410a1 100644
--- a/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
+++ b/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java

@@ -453,7 +453,11 @@
 								if (subDirAuthStatus != AuthzStatus.ALLOW) {
 									for(INode child : cList) {
 										if (child.isDirectory()) {
-											directories.push(new SubAccessData(child.asDirectory(), resourcePath + Path.SEPARATOR_CHAR + child.getLocalName()));
+											if (data.resourcePath.endsWith(Path.SEPARATOR)) {
+												directories.push(new SubAccessData(child.asDirectory(), data.resourcePath + child.getLocalName()));
+											} else {
+												directories.push(new SubAccessData(child.asDirectory(), data.resourcePath + Path.SEPARATOR_CHAR + child.getLocalName()));
+											}
 										}
 									}
 								}
commit	c4f6cc3951f979c4ae5859fbeaf1be5fe945b12d	[log] [tgz]
author	Abhay Kulkarni <abhay@apache.org>	Tue Feb 20 14:36:09 2024 -0800
committer	Abhay Kulkarni <abhay@apache.org>	Wed Feb 21 12:34:20 2024 -0800
tree	eef53c0e2c8a8190d3d4bc875c6b69378c3d809b
parent	4280c517c1e26009a01e30acc55a7de54cf5f7c1 [diff]