Skip to content

HDDS-5307. Remove checkAclRight method, duplicates checkAclRights #2323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xiaoyuyao merged 3 commits into from
Jun 11, 2021
Merged

HDDS-5307. Remove checkAclRight method, duplicates checkAclRights #2323

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8e25f67
deprecate checkAclRights in OzoneAclUtil.java because checkAclRights …
pakapoj-tul Jun 9, 2021
b37d327
Merge branch 'apache:master' into HDDS-5307
pakapoj-tul Jun 10, 2021
7f47561
HDDS-5307. deprecate all checkAclRight method
pakapoj-tul Jun 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 0 additions & 25 deletions hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,31 +88,6 @@ public static List<OzoneAcl> filterAclList(String identityName,
return retList;
}

/**
* Check if acl right requested for given RequestContext exist
* in provided acl list.
* Acl validation rules:
* 1. If user/group has ALL bit set than all user should have all rights.
* 2. If user/group has NONE bit set than user/group will not have any right.
* 3. For all other individual rights individual bits should be set.
*
* @param acls
* @param context
* @return return true if acl list contains right requsted in context.
* */
public static boolean checkAclRight(List<OzoneAcl> acls,
RequestContext context) throws OMException {
String[] userGroups = context.getClientUgi().getGroupNames();
String userName = context.getClientUgi().getUserName();
ACLType aclToCheck = context.getAclRights();
for (OzoneAcl a : acls) {
if(checkAccessInAcl(a, userGroups, userName, aclToCheck)) {
return true;
}
}
return false;
}

private static boolean checkAccessInAcl(OzoneAcl a, String[] groups,
String username, ACLType aclToCheck) {
BitSet rights = a.getAclBitSet();
Expand Down
6 changes: 3 additions & 3 deletions hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1782,7 +1782,7 @@ public boolean checkAccess(OzoneObj ozObject, RequestContext context)
return true;
}

boolean hasAccess = OzoneAclUtil.checkAclRight(
boolean hasAccess = OzoneAclUtil.checkAclRights(
keyInfo.getAcls(), context);
if (LOG.isDebugEnabled()) {
LOG.debug("user:{} has access rights for key:{} :{} ",
Expand Down Expand Up @@ -1819,7 +1819,7 @@ private boolean checkChildrenAcls(OzoneObj ozObject, RequestContext context)
// Using stack to check acls for subpaths
Stack<OzoneFileStatus> directories = new Stack<>();
// check whether given file/dir has access
boolean hasAccess = OzoneAclUtil.checkAclRight(keyInfo.getAcls(), context);
boolean hasAccess = OzoneAclUtil.checkAclRights(keyInfo.getAcls(), context);
if (LOG.isDebugEnabled()) {
LOG.debug("user:{} has access rights for key:{} :{} ",
context.getClientUgi(), ozObject.getKeyName(), hasAccess);
Expand All @@ -1835,7 +1835,7 @@ private boolean checkChildrenAcls(OzoneObj ozObject, RequestContext context)
while (hasAccess && children.hasNext()) {
ozoneFileStatus = children.next();
keyInfo = ozoneFileStatus.getKeyInfo();
hasAccess = OzoneAclUtil.checkAclRight(keyInfo.getAcls(), context);
hasAccess = OzoneAclUtil.checkAclRights(keyInfo.getAcls(), context);
if (LOG.isDebugEnabled()) {
LOG.debug("user:{} has access rights for key:{} :{} ",
context.getClientUgi(), keyInfo.getKeyName(), hasAccess);
Expand Down