HBASE-10860 Insufficient AccessController covering permission check.(Anoop)

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1582987 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
anoopsamjohn 2014-03-29 11:11:20 +00:00
parent a3e66356fe
commit 4fa7db7304
2 changed files with 25 additions and 2 deletions

View File

@ -38,6 +38,7 @@ import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.DoNotRetryIOException;
import org.apache.hadoop.hbase.HConstants;
import org.apache.hadoop.hbase.KeyValue.Type;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HRegionInfo;
@ -526,10 +527,17 @@ public class AccessController extends BaseRegionObserver
if (list == null || list.isEmpty()) {
get.addFamily(col);
} else {
for (Cell cell: list) {
// In case of family delete, a Cell will be added into the list with Qualifier as null.
for (Cell cell : list) {
if (cell.getQualifierLength() == 0
&& (cell.getTypeByte() == Type.DeleteFamily.getCode()
|| cell.getTypeByte() == Type.DeleteFamilyVersion.getCode())) {
get.addFamily(col);
} else {
get.addColumn(col, CellUtil.cloneQualifier(cell));
}
}
}
} else {
throw new RuntimeException("Unhandled collection type " +
entry.getValue().getClass().getName());

View File

@ -1315,6 +1315,21 @@ public class TestAccessController extends SecureTestUtil {
return null;
}
});
// user1 should be allowed to delete the cf. (All data under cf for a row)
user1.runAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
HTable t = new HTable(conf, TEST_TABLE.getTableName());
try {
Delete d = new Delete(TEST_ROW2);
d.deleteFamily(TEST_FAMILY);
t.delete(d);
} finally {
t.close();
}
return null;
}
});
}
@Test