Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-6252. TABLE ADMIN should be allowed to relocate regions (Laxman) 

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1352644 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Andrew Kyle Purtell 2012-06-21 18:29:45 +00:00
parent 6e5c615355
commit 4b1a528bdd
2 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
View File

@ -375,7 +375,7 @@ public class AccessController extends BaseRegionObserver
AuthResult result = null;
for (Action permission : permissions) {
if (authManager.authorize(user, tableName, null, null, permission)) {
if (authManager.authorize(user, tableName, family, qualifier, permission)) {
result = AuthResult.allow("Table permission granted", user, permission, tableName, family, qualifier);
break;
} else {
@ -677,30 +677,32 @@ public class AccessController extends BaseRegionObserver
byte[] tableName) throws IOException {}
@Override
public void preMove(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo region, ServerName srcServer, ServerName destServer)
throws IOException {
requirePermission(Permission.Action.ADMIN);
public void preMove(ObserverContext<MasterCoprocessorEnvironment> c, HRegionInfo region,
ServerName srcServer, ServerName destServer) throws IOException {
requirePermission(region.getTableName(), null, null, Action.ADMIN);
}
@Override
public void postMove(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo region, ServerName srcServer, ServerName destServer)
throws IOException {}
@Override
public void preAssign(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo regionInfo) throws IOException {
requirePermission(Permission.Action.ADMIN);
public void preAssign(ObserverContext<MasterCoprocessorEnvironment> c, HRegionInfo regionInfo)
throws IOException {
requirePermission(regionInfo.getTableName(), null, null, Action.ADMIN);
}
@Override
public void postAssign(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo regionInfo) throws IOException {}
@Override
public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo regionInfo, boolean force) throws IOException {
requirePermission(Permission.Action.ADMIN);
public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> c, HRegionInfo regionInfo,
boolean force) throws IOException {
requirePermission(regionInfo.getTableName(), null, null, Action.ADMIN);
}
@Override
public void postUnassign(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo regionInfo, boolean force) throws IOException {}

12
hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
View File

@ -338,8 +338,8 @@ public class TestAccessController {
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN);
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
}
@Test
@ -356,8 +356,8 @@ public class TestAccessController {
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN);
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
}
@Test
@ -374,8 +374,8 @@ public class TestAccessController {
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN);
verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
}
@Test