Return-Path: 
 <issues-return-180174-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B69B717C8E
	for <apmail-hbase-issues-archive@www.apache.org>;
 Mon, 26 Jan 2015 21:45:34 +0000 (UTC)
Received: (qmail 84420 invoked by uid 500); 26 Jan 2015 21:45:34 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 84371 invoked by uid 500); 26 Jan 2015 21:45:34 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 84359 invoked by uid 99); 26 Jan 2015 21:45:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Jan 2015 21:45:34 +0000
Date: Mon, 26 Jan 2015 21:45:34 +0000 (UTC)
From: "Srikanth Srungarapu (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12770199.1422308652000.176790.1422308734722@Atlassian.JIRA>
In-Reply-To: <JIRA.12770199.1422308652000@Atlassian.JIRA>
References: <JIRA.12770199.1422308652000@Atlassian.JIRA>
 <JIRA.12770199.1422308652825@arcas>
Subject: [jira] [Updated] (HBASE-12925) Use acl cache for doing access
 control checks in prepare and clean phases of Bulkloading.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HBASE-12925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Srikanth Srungarapu updated HBASE-12925:
----------------------------------------
    Attachment: HBASE-12925.patch

> Use acl cache for doing access control checks in prepare and clean phases of Bulkloading.
> -----------------------------------------------------------------------------------------
>
>                 Key: HBASE-12925
>                 URL: https://issues.apache.org/jira/browse/HBASE-12925
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Srikanth Srungarapu
>            Assignee: Srikanth Srungarapu
>         Attachments: HBASE-12925.patch
>
>
> Currently, prepareBulkLoad and cleanupBulkLoad are using "hasSomeAccess", which performs scan on ACL table, instead of using TableAuthManager. Also, the method "hasSomeAccess" has a logical error, as it doesn't filter the acl scan results by the current active user. More specifically 
> {code}
> for (UserPermission userPerm: perms) {
>         for (Action userAction: userPerm.getActions()) {
>           if (userAction.equals(action)) {
>             return AuthResult.allow(method, "Access allowed", requestUser,
>               action, tableName, null, null);
>           }
>         }
>       }
> {code} 
> The if clause ideally should be having something like userPerm.getUser.equals(requestUser). This issue will help us in getting rid of this problematic implementation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)