From 2908c1137155c2167fca0a26180f9ae5fe6fd863 Mon Sep 17 00:00:00 2001
From: Matteo Bertozzi <matteo.bertozzi@cloudera.com>
Date: Wed, 22 Oct 2014 10:08:31 +0100
Subject: [PATCH] HBASE-12301 user_permission command does not show global
 permissions

---
 .../hadoop/hbase/protobuf/ProtobufUtil.java     |  6 +++---
 .../security/access/AccessControlClient.java    | 17 ++++++-----------
 .../security/access/AccessControlLists.java     |  4 ++--
 hbase-shell/src/main/ruby/hbase/security.rb     |  4 ++--
 .../main/ruby/shell/commands/user_permission.rb |  2 +-
 5 files changed, 14 insertions(+), 19 deletions(-)

diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
index fd9d1abf561..c7d2b24123f 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/protobuf/ProtobufUtil.java
@@ -2279,7 +2279,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
@@ -2307,7 +2307,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
@@ -2335,7 +2335,7 @@ public final class ProtobufUtil {
     AccessControlProtos.GetUserPermissionsRequest request = builder.build();
     AccessControlProtos.GetUserPermissionsResponse response =
       protocol.getUserPermissions(null, request);
-    List<UserPermission> perms = new ArrayList<UserPermission>();
+    List<UserPermission> perms = new ArrayList<UserPermission>(response.getUserPermissionCount());
     for (AccessControlProtos.UserPermission perm: response.getUserPermissionList()) {
       perms.add(ProtobufUtil.toUserPermission(perm));
     }
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
index eb637517916..922bf67a9a2 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlClient.java
@@ -47,12 +47,11 @@ import org.apache.hadoop.hbase.util.Bytes;
 @InterfaceAudience.Public
 @InterfaceStability.Evolving
 public class AccessControlClient {
+  public static final TableName ACL_TABLE_NAME =
+      TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
 
   private static HTable getAclTable(Configuration conf) throws IOException {
-    TableName aclTableName =
-        TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR,
-            AccessControlConstants.OP_ATTRIBUTE_ACL);
-    return new HTable(conf, aclTableName.getName());
+    return new HTable(conf, ACL_TABLE_NAME);
   }
 
   private static BlockingInterface getAccessControlServiceStub(HTable ht)
@@ -111,12 +110,10 @@ public class AccessControlClient {
 
   public static boolean isAccessControllerRunning(Configuration conf)
       throws MasterNotRunningException, ZooKeeperConnectionException, IOException {
-    TableName aclTableName = TableName
-        .valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR, "acl");
     HBaseAdmin ha = null;
     try {
       ha = new HBaseAdmin(conf);
-      return ha.isTableAvailable(aclTableName.getNameAsString());
+      return ha.isTableAvailable(ACL_TABLE_NAME);
     } finally {
       if (ha != null) {
         ha.close();
@@ -183,16 +180,14 @@ public class AccessControlClient {
     Table ht = null;
     Admin ha = null;
     try {
-      TableName aclTableName = TableName.valueOf(NamespaceDescriptor.SYSTEM_NAMESPACE_NAME_STR,
-        "acl");
       ha = new HBaseAdmin(conf);
-      ht = new HTable(conf, aclTableName);
+      ht = new HTable(conf, ACL_TABLE_NAME);
       CoprocessorRpcChannel service = ht.coprocessorService(HConstants.EMPTY_START_ROW);
       BlockingInterface protocol = AccessControlProtos.AccessControlService
           .newBlockingStub(service);
       HTableDescriptor[] htds = null;
 
-      if (tableRegex == null) {
+      if (tableRegex == null || tableRegex.isEmpty()) {
         permList = ProtobufUtil.getUserPermissions(protocol);
       } else if (tableRegex.charAt(0) == '@') {
         String namespace = tableRegex.substring(1);
diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
index 007e610263b..c49bc332385 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
@@ -464,7 +464,7 @@ public class AccessControlLists {
    */
   static ListMultimap<String, TablePermission> getPermissions(Configuration conf,
       byte[] entryName) throws IOException {
-    if (entryName == null) entryName = ACL_TABLE_NAME.getName();
+    if (entryName == null) entryName = ACL_GLOBAL_NAME;
 
     // for normal user tables, we just read the table row from _acl_
     ListMultimap<String, TablePermission> perms = ArrayListMultimap.create();
@@ -659,7 +659,7 @@ public class AccessControlLists {
   public static boolean isNamespaceEntry(byte[] entryName) {
     return entryName[0] == NAMESPACE_PREFIX;
   }
-  
+
   public static String toNamespaceEntry(String namespace) {
      return NAMESPACE_PREFIX + namespace;
    }
diff --git a/hbase-shell/src/main/ruby/hbase/security.rb b/hbase-shell/src/main/ruby/hbase/security.rb
index 1361c19707f..154c5cad8a5 100644
--- a/hbase-shell/src/main/ruby/hbase/security.rb
+++ b/hbase-shell/src/main/ruby/hbase/security.rb
@@ -156,13 +156,13 @@ module Hbase
       count  = 0
       all_perms.each do |value|
           user_name = String.from_java_bytes(value.getUser)
-          if (isNamespace?(table_regex))
+          if (table_regex != nil && isNamespace?(table_regex))
             namespace = table_regex[1...table_regex.length]
           else
             namespace = (value.getTableName != nil) ? value.getTableName.getNamespaceAsString() : ''
           end
           table = (value.getTableName != nil) ? value.getTableName.getNameAsString() : ''
-          family = (value.getFamily != nil) ? 
+          family = (value.getFamily != nil) ?
             org.apache.hadoop.hbase.util.Bytes::toStringBinary(value.getFamily) :
             ''
           qualifier = (value.getQualifier != nil) ?
diff --git a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
index 7c292613f6c..57d83beb4ba 100644
--- a/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
+++ b/hbase-shell/src/main/ruby/shell/commands/user_permission.rb
@@ -33,7 +33,7 @@ For example:
 EOF
       end
 
-      def command(table_regex=".*")
+      def command(table_regex=nil)
         #format_simple_command do
         #admin.user_permission(table_regex)
         now = Time.now