You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2012/06/21 20:29:55 UTC
svn commit: r1352645 - in /hbase/branches/0.94/security/src:
main/java/org/apache/hadoop/hbase/security/access/AccessController.java
test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Author: apurtell
Date: Thu Jun 21 18:29:54 2012
New Revision: 1352645
URL: http://svn.apache.org/viewvc?rev=1352645&view=rev
Log:
HBASE-6252. TABLE ADMIN should be allowed to relocate regions (Laxman)
Modified:
hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
Modified: hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java?rev=1352645&r1=1352644&r2=1352645&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java (original)
+++ hbase/branches/0.94/security/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java Thu Jun 21 18:29:54 2012
@@ -375,7 +375,7 @@ public class AccessController extends Ba
AuthResult result = null;
for (Action permission : permissions) {
- if (authManager.authorize(user, tableName, null, null, permission)) {
+ if (authManager.authorize(user, tableName, family, qualifier, permission)) {
result = AuthResult.allow("Table permission granted", user, permission, tableName, family, qualifier);
break;
} else {
@@ -623,30 +623,32 @@ public class AccessController extends Ba
byte[] tableName) throws IOException {}
@Override
- public void preMove(ObserverContext<MasterCoprocessorEnvironment> c,
- HRegionInfo region, ServerName srcServer, ServerName destServer)
- throws IOException {
- requirePermission(Permission.Action.ADMIN);
+ public void preMove(ObserverContext<MasterCoprocessorEnvironment> c, HRegionInfo region,
+ ServerName srcServer, ServerName destServer) throws IOException {
+ requirePermission(region.getTableName(), null, null, Action.ADMIN);
}
+
@Override
public void postMove(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo region, ServerName srcServer, ServerName destServer)
throws IOException {}
@Override
- public void preAssign(ObserverContext<MasterCoprocessorEnvironment> c,
- HRegionInfo regionInfo) throws IOException {
- requirePermission(Permission.Action.ADMIN);
+ public void preAssign(ObserverContext<MasterCoprocessorEnvironment> c, HRegionInfo regionInfo)
+ throws IOException {
+ requirePermission(regionInfo.getTableName(), null, null, Action.ADMIN);
}
+
@Override
public void postAssign(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo regionInfo) throws IOException {}
@Override
- public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> c,
- HRegionInfo regionInfo, boolean force) throws IOException {
- requirePermission(Permission.Action.ADMIN);
+ public void preUnassign(ObserverContext<MasterCoprocessorEnvironment> c, HRegionInfo regionInfo,
+ boolean force) throws IOException {
+ requirePermission(regionInfo.getTableName(), null, null, Action.ADMIN);
}
+
@Override
public void postUnassign(ObserverContext<MasterCoprocessorEnvironment> c,
HRegionInfo regionInfo, boolean force) throws IOException {}
Modified: hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java
URL: http://svn.apache.org/viewvc/hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java?rev=1352645&r1=1352644&r2=1352645&view=diff
==============================================================================
--- hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java (original)
+++ hbase/branches/0.94/security/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java Thu Jun 21 18:29:54 2012
@@ -338,8 +338,8 @@ public class TestAccessController {
}
};
- verifyAllowed(action, SUPERUSER, USER_ADMIN);
- verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
+ verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
}
@Test
@@ -356,8 +356,8 @@ public class TestAccessController {
}
};
- verifyAllowed(action, SUPERUSER, USER_ADMIN);
- verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
+ verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
}
@Test
@@ -374,8 +374,8 @@ public class TestAccessController {
}
};
- verifyAllowed(action, SUPERUSER, USER_ADMIN);
- verifyDenied(action, USER_CREATE, USER_OWNER, USER_RW, USER_RO, USER_NONE);
+ verifyAllowed(action, SUPERUSER, USER_ADMIN, USER_OWNER);
+ verifyDenied(action, USER_CREATE, USER_RW, USER_RO, USER_NONE);
}
@Test