HBASE-11008 Align bulk load, flush, and compact to require Action.CREATE

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1590124 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jean-Daniel Cryans 2014-04-25 20:00:21 +00:00
parent 6a127224e6
commit e1a767105d
3 changed files with 21 additions and 15 deletions

View File

@ -1219,7 +1219,8 @@ public class AccessController extends BaseRegionObserver
@Override
public void preFlush(ObserverContext<RegionCoprocessorEnvironment> e) throws IOException {
requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN);
requirePermission("flush", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
Action.CREATE);
}
@Override
@ -1237,7 +1238,8 @@ public class AccessController extends BaseRegionObserver
public InternalScanner preCompact(ObserverContext<RegionCoprocessorEnvironment> e,
final Store store, final InternalScanner scanner, final ScanType scanType)
throws IOException {
requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN);
requirePermission("compact", getTableName(e.getEnvironment()), null, null, Action.ADMIN,
Action.CREATE);
return scanner;
}
@ -1549,7 +1551,7 @@ public class AccessController extends BaseRegionObserver
ctx.getEnvironment().getRegion().getTableDesc().getTableName(),
el.getFirst(),
null,
Permission.Action.WRITE);
Action.CREATE);
}
}

View File

@ -616,8 +616,8 @@ public class TestAccessController extends SecureTestUtil {
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
verifyDenied(action, USER_RW, USER_RO, USER_NONE);
}
@Test
@ -631,8 +631,8 @@ public class TestAccessController extends SecureTestUtil {
}
};
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER, USER_CREATE);
verifyDenied(action, USER_RW, USER_RO, USER_NONE);
}
@Test

View File

@ -602,14 +602,6 @@ Access control mechanisms are mature and fairly standardized in the relational d
<entry></entry>
<entry>CheckAndDelete/Put</entry>
</row>
<row>
<entry></entry>
<entry>Flush</entry>
</row>
<row>
<entry></entry>
<entry>Compact</entry>
</row>
<!-- CREATE -->
<row>
<entry>Create</entry>
@ -623,6 +615,10 @@ Access control mechanisms are mature and fairly standardized in the relational d
<entry></entry>
<entry>Drop</entry>
</row>
<row>
<entry></entry>
<entry>Bulk Load</entry>
</row>
<!-- ADMIN -->
<row>
<entry>Admin</entry>
@ -636,6 +632,14 @@ Access control mechanisms are mature and fairly standardized in the relational d
<entry></entry>
<entry>Split</entry>
</row>
<row>
<entry></entry>
<entry>Flush</entry>
</row>
<row>
<entry></entry>
<entry>Compact</entry>
</row>
<row>
<entry></entry>
<entry>Major Compact</entry>