hbase-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ssrungar...@apache.org
Subject hbase git commit: HBASE-13826 Unable to create table when group acls are appropriately set.
Date Wed, 03 Jun 2015 05:41:42 GMT
Repository: hbase
Updated Branches:
  refs/heads/0.98 8defd4931 -> ea7d2c3c0


HBASE-13826 Unable to create table when group acls are appropriately set.


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/ea7d2c3c
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/ea7d2c3c
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/ea7d2c3c

Branch: refs/heads/0.98
Commit: ea7d2c3c0406324de649c9f44978e5643de758b7
Parents: 8defd49
Author: Srikanth Srungarapu <ssrungarapu@cloudera.com>
Authored: Tue Jun 2 22:37:41 2015 -0700
Committer: Srikanth Srungarapu <ssrungarapu@cloudera.com>
Committed: Tue Jun 2 22:42:27 2015 -0700

----------------------------------------------------------------------
 .../hbase/security/access/TableAuthManager.java | 10 +---------
 .../security/access/TestAccessController2.java  | 21 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/ea7d2c3c/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
index e73b23c..8e0933c 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
@@ -391,7 +391,7 @@ public class TableAuthManager {
 
   public boolean authorize(User user, String namespace, Permission.Action action) {
     // Global authorizations supercede namespace level
-    if (authorizeUser(user, action)) {
+    if (authorize(user, action)) {
       return true;
     }
     // Check namespace permissions
@@ -430,14 +430,6 @@ public class TableAuthManager {
   }
 
   /**
-   * Checks global authorization for a specific action for a user, based on the
-   * stored user permissions.
-   */
-  public boolean authorizeUser(User user, Permission.Action action) {
-    return authorize(globalCache.getUser(user.getShortName()), action);
-  }
-
-  /**
    * Checks authorization to a given table and column family for a user, based on the
    * stored user permissions.
    *

http://git-wip-us.apache.org/repos/asf/hbase/blob/ea7d2c3c/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
index 3c327e8..6e1c597 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
@@ -188,6 +188,27 @@ public class TestAccessController2 extends SecureTestUtil {
   }
 
   @Test
+  public void testCreateTableWithGroupPermissions() throws Exception {
+    grantGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+    AccessTestAction createAction = new AccessTestAction() {
+      @Override
+      public Object run() throws Exception {
+        HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
+        desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
+        try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration()))
{
+          try (Admin admin = connection.getAdmin()) {
+            admin.createTable(desc);
+          }
+        }
+        return null;
+      }
+    };
+    verifyAllowed(createAction, TESTGROUP1_USER1);
+    verifyDenied(createAction, TESTGROUP2_USER1);
+    revokeGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+  }
+
+  @Test
   public void testACLTableAccess() throws Exception {
     final Configuration conf = TEST_UTIL.getConfiguration();
 


Mime
View raw message