You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by an...@apache.org on 2014/03/29 12:11:20 UTC
svn commit: r1582987 - in /hbase/trunk/hbase-server/src:
main/java/org/apache/hadoop/hbase/security/access/AccessController.java
test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Author: anoopsamjohn
Date: Sat Mar 29 11:11:20 2014
New Revision: 1582987
URL: http://svn.apache.org/r1582987
Log:
HBASE-10860 Insufficient AccessController covering permission check.(Anoop)
Modified:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1582987&r1=1582986&r2=1582987&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Sat Mar 29 11:11:20 2014
@@ -38,6 +38,7 @@ import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.CoprocessorEnvironment;
import org.apache.hadoop.hbase.DoNotRetryIOException;
import org.apache.hadoop.hbase.HConstants;
+import org.apache.hadoop.hbase.KeyValue.Type;
import org.apache.hadoop.hbase.TableName;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HRegionInfo;
@@ -526,8 +527,15 @@ public class AccessController extends Ba
if (list == null || list.isEmpty()) {
get.addFamily(col);
} else {
- for (Cell cell: list) {
- get.addColumn(col, CellUtil.cloneQualifier(cell));
+ // In case of family delete, a Cell will be added into the list with Qualifier as null.
+ for (Cell cell : list) {
+ if (cell.getQualifierLength() == 0
+ && (cell.getTypeByte() == Type.DeleteFamily.getCode()
+ || cell.getTypeByte() == Type.DeleteFamilyVersion.getCode())) {
+ get.addFamily(col);
+ } else {
+ get.addColumn(col, CellUtil.cloneQualifier(cell));
+ }
}
}
} else {
Modified: hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1582987&r1=1582986&r2=1582987&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Sat Mar 29 11:11:20 2014
@@ -1315,6 +1315,21 @@ public class TestAccessController extend
return null;
}
});
+ // user1 should be allowed to delete the cf. (All data under cf for a row)
+ user1.runAs(new PrivilegedExceptionAction<Void>() {
+ @Override
+ public Void run() throws Exception {
+ HTable t = new HTable(conf, TEST_TABLE.getTableName());
+ try {
+ Delete d = new Delete(TEST_ROW2);
+ d.deleteFamily(TEST_FAMILY);
+ t.delete(d);
+ } finally {
+ t.close();
+ }
+ return null;
+ }
+ });
}
@Test