HBASE-7373 table should not be required in AccessControlService

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1424604 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
jxiang 2012-12-20 17:44:45 +00:00
parent cdf88c07dc
commit 4480a9f6eb
5 changed files with 25 additions and 15 deletions

View File

@ -4073,7 +4073,7 @@ public final class AccessControlProtos {
public interface UserPermissionsRequestOrBuilder
extends com.google.protobuf.MessageOrBuilder {
// required bytes table = 1;
// optional bytes table = 1;
boolean hasTable();
com.google.protobuf.ByteString getTable();
}
@ -4106,7 +4106,7 @@ public final class AccessControlProtos {
}
private int bitField0_;
// required bytes table = 1;
// optional bytes table = 1;
public static final int TABLE_FIELD_NUMBER = 1;
private com.google.protobuf.ByteString table_;
public boolean hasTable() {
@ -4124,10 +4124,6 @@ public final class AccessControlProtos {
byte isInitialized = memoizedIsInitialized;
if (isInitialized != -1) return isInitialized == 1;
if (!hasTable()) {
memoizedIsInitialized = 0;
return false;
}
memoizedIsInitialized = 1;
return true;
}
@ -4376,10 +4372,6 @@ public final class AccessControlProtos {
}
public final boolean isInitialized() {
if (!hasTable()) {
return false;
}
return true;
}
@ -4417,7 +4409,7 @@ public final class AccessControlProtos {
private int bitField0_;
// required bytes table = 1;
// optional bytes table = 1;
private com.google.protobuf.ByteString table_ = com.google.protobuf.ByteString.EMPTY;
public boolean hasTable() {
return ((bitField0_ & 0x00000001) == 0x00000001);
@ -6425,7 +6417,7 @@ public final class AccessControlProtos {
"\017.UserPermission\"\017\n\rGrantResponse\"4\n\rRev" +
"okeRequest\022#\n\npermission\030\001 \002(\0132\017.UserPer" +
"mission\"\020\n\016RevokeResponse\"\'\n\026UserPermiss" +
"ionsRequest\022\r\n\005table\030\001 \002(\014\">\n\027UserPermis" +
"ionsRequest\022\r\n\005table\030\001 \001(\014\">\n\027UserPermis" +
"sionsResponse\022#\n\npermission\030\001 \003(\0132\017.User" +
"Permission\":\n\027CheckPermissionsRequest\022\037\n" +
"\npermission\030\001 \003(\0132\013.Permission\"\032\n\030CheckP" +

View File

@ -70,7 +70,7 @@ message RevokeResponse {
message UserPermissionsRequest {
required bytes table = 1;
optional bytes table = 1;
}
message UserPermissionsResponse {

View File

@ -1142,8 +1142,11 @@ public class AccessController extends BaseRegionObserver
public void getUserPermissions(RpcController controller,
AccessControlProtos.UserPermissionsRequest request,
RpcCallback<AccessControlProtos.UserPermissionsResponse> done) {
byte[] table = request.getTable().toByteArray();
AccessControlProtos.UserPermissionsResponse response = null;
byte[] table = null;
if (request.hasTable()) {
table = request.getTable().toByteArray();
}
try {
// only allowed to be called on _acl_ region
if (aclRegion) {

View File

@ -352,6 +352,7 @@ public class TableAuthManager {
if (authorizeUser(username, action)) {
return true;
}
if (table == null) table = AccessControlLists.ACL_TABLE_NAME;
return authorize(getTablePermissions(table).getUser(username), table, family,
qualifier, action);
}
@ -380,6 +381,7 @@ public class TableAuthManager {
if (authorizeGroup(groupName, action)) {
return true;
}
if (table == null) table = AccessControlLists.ACL_TABLE_NAME;
return authorize(getTablePermissions(table).getGroup(groupName), table, family, action);
}

View File

@ -33,11 +33,11 @@ import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hbase.Coprocessor;
import org.apache.hadoop.hbase.HBaseTestingUtility;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.HRegionInfo;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.hbase.LargeTests;
import org.apache.hadoop.hbase.ServerName;
import org.apache.hadoop.hbase.UnknownRowLockException;
import org.apache.hadoop.hbase.client.Append;
import org.apache.hadoop.hbase.client.Delete;
import org.apache.hadoop.hbase.client.Get;
@ -1161,6 +1161,19 @@ public class TestAccessController {
admin.deleteTable(tableName);
}
@Test
public void testGlobalPermissionList() throws Exception {
HTable acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
BlockingRpcChannel service = acl.coprocessorService(HConstants.EMPTY_START_ROW);
AccessControlService.BlockingInterface protocol =
AccessControlService.newBlockingStub(service);
List<UserPermission> perms = ProtobufUtil.getUserPermissions(protocol, null);
UserPermission adminPerm = new UserPermission(Bytes.toBytes(USER_ADMIN.getShortName()),
AccessControlLists.ACL_TABLE_NAME, null, null, Bytes.toBytes("ACRW"));
assertTrue("Only user admin has permission on table _acl_ per setup",
perms.size() == 1 && hasFoundUserPermission(adminPerm, perms));
}
/** global operations */
private void verifyGlobal(PrivilegedExceptionAction<?> action) throws Exception {
verifyAllowed(action, SUPERUSER);