Return-Path: X-Original-To: apmail-incubator-accumulo-commits-archive@minotaur.apache.org Delivered-To: apmail-incubator-accumulo-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2D8DA92A0 for ; Wed, 19 Oct 2011 17:24:34 +0000 (UTC) Received: (qmail 12094 invoked by uid 500); 19 Oct 2011 17:24:34 -0000 Delivered-To: apmail-incubator-accumulo-commits-archive@incubator.apache.org Received: (qmail 12068 invoked by uid 500); 19 Oct 2011 17:24:34 -0000 Mailing-List: contact accumulo-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: accumulo-dev@incubator.apache.org Delivered-To: mailing list accumulo-commits@incubator.apache.org Received: (qmail 12061 invoked by uid 99); 19 Oct 2011 17:24:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Oct 2011 17:24:34 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Oct 2011 17:24:32 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id A64C123888FE; Wed, 19 Oct 2011 17:24:12 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1186357 - in /incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server: client/ClientServiceHandler.java tabletserver/TabletServer.java Date: Wed, 19 Oct 2011 17:24:12 -0000 To: accumulo-commits@incubator.apache.org From: kturner@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20111019172412.A64C123888FE@eris.apache.org> Author: kturner Date: Wed Oct 19 17:24:12 2011 New Revision: 1186357 URL: http://svn.apache.org/viewvc?rev=1186357&view=rev Log: ACCUMULO-10 made bulk import thrift calls require system permission Modified: incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Modified: incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java URL: http://svn.apache.org/viewvc/incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java?rev=1186357&r1=1186356&r2=1186357&view=diff ============================================================================== --- incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java (original) +++ incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java Wed Oct 19 17:24:12 2011 @@ -270,7 +270,7 @@ public class ClientServiceHandler implem throws ThriftSecurityException, ThriftTableOperationException, TException { try { - if (!authenticator.hasTablePermission(credentials, credentials.getUser(), tableId, TablePermission.BULK_IMPORT)) + if(!authenticator.hasSystemPermission(credentials, credentials.getUser(), SystemPermission.SYSTEM)) throw new AccumuloSecurityException(credentials.getUser(), SecurityErrorCode.PERMISSION_DENIED); return transactionWatcher.run(Constants.BULK_ARBITRATOR_TYPE, tid, new Callable>() { public List call() throws Exception { Modified: incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java URL: http://svn.apache.org/viewvc/incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java?rev=1186357&r1=1186356&r2=1186357&view=diff ============================================================================== --- incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java (original) +++ incubator/accumulo/trunk/src/server/src/main/java/org/apache/accumulo/server/tabletserver/TabletServer.java Wed Oct 19 17:24:12 2011 @@ -844,17 +844,16 @@ public class TabletServer extends Abstra @Override public List bulkImport(TInfo tinfo, AuthInfo credentials, long tid, Map> files, boolean setTime) throws ThriftSecurityException { - ArrayList failures = new ArrayList(); - for (Entry> entry : files.entrySet()) { - try { - if (!authenticator.hasTablePermission(credentials, credentials.user, new String(entry.getKey().getTable()), TablePermission.BULK_IMPORT)) - throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED); - } catch (AccumuloSecurityException e) { - throw e.asThriftException(); - } + try { + if (!authenticator.hasSystemPermission(credentials, credentials.user, SystemPermission.SYSTEM)) + throw new ThriftSecurityException(credentials.user, SecurityErrorCode.PERMISSION_DENIED); + } catch (AccumuloSecurityException e) { + throw e.asThriftException(); } + ArrayList failures = new ArrayList(); + for (Entry> entry : files.entrySet()) { TKeyExtent tke = entry.getKey(); Map fileMap = entry.getValue();