HBASE-13826 Unable to create table when group acls are appropriately set.

2015-06-02 22:37:41 -07:00 · 2015-06-02 22:37:41 -07:00 · fad545652f
parent 722fd17069
commit fad545652f
2 changed files with 22 additions and 9 deletions
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/TableAuthManager.java
@ -392,7 +392,7 @@ public class TableAuthManager {

  public boolean authorize(User user, String namespace, Permission.Action action) {
    // Global authorizations supercede namespace level
-    if (authorizeUser(user, action)) {
+    if (authorize(user, action)) {
      return true;
    }
    // Check namespace permissions
@ -430,14 +430,6 @@ public class TableAuthManager {
    return false;
  }

-  /**
-   * Checks global authorization for a specific action for a user, based on the
-   * stored user permissions.
-   */
-  public boolean authorizeUser(User user, Permission.Action action) {
-    return authorize(globalCache.getUser(user.getShortName()), action);
-  }
-
  /**
   * Checks authorization to a given table and column family for a user, based on the
   * stored user permissions.
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController2.java
@ -198,6 +198,27 @@ public class TestAccessController2 extends SecureTestUtil {
    assertTrue(perms.get(0).implies(Permission.Action.ADMIN));
  }

+  @Test
+  public void testCreateTableWithGroupPermissions() throws Exception {
+    grantGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+    AccessTestAction createAction = new AccessTestAction() {
+      @Override
+      public Object run() throws Exception {
+        HTableDescriptor desc = new HTableDescriptor(TEST_TABLE.getTableName());
+        desc.addFamily(new HColumnDescriptor(TEST_FAMILY));
+        try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
+          try (Admin admin = connection.getAdmin()) {
+            admin.createTable(desc);
+          }
+        }
+        return null;
+      }
+    };
+    verifyAllowed(createAction, TESTGROUP1_USER1);
+    verifyDenied(createAction, TESTGROUP2_USER1);
+    revokeGlobal(TEST_UTIL, convertToGroup(TESTGROUP_1), Action.CREATE);
+  }
+
  @Test
  public void testACLTableAccess() throws Exception {
    final Configuration conf = TEST_UTIL.getConfiguration();