You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by mb...@apache.org on 2013/04/10 20:03:24 UTC
svn commit: r1466600 - in /hbase/trunk/hbase-server/src/main:
java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
ruby/hbase/security.rb ruby/shell/commands/grant.rb
ruby/shell/commands/revoke.rb
Author: mbertozzi
Date: Wed Apr 10 18:03:24 2013
New Revision: 1466600
URL: http://svn.apache.org/r1466600
Log:
HBASE-7658 grant with an empty string as permission should throw an exception
Modified:
hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb
hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb
hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb
Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java Wed Apr 10 18:03:24 2013
@@ -142,8 +142,9 @@ public class AccessControlLists {
byte[] key = userPermissionKey(userPerm);
if ((actions == null) || (actions.length == 0)) {
- LOG.warn("No actions associated with user '"+Bytes.toString(userPerm.getUser())+"'");
- return;
+ String msg = "No actions associated with user '" + Bytes.toString(userPerm.getUser()) + "'";
+ LOG.warn(msg);
+ throw new IOException(msg);
}
byte[] value = new byte[actions.length];
Modified: hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb (original)
+++ hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb Wed Apr 10 18:03:24 2013
@@ -36,6 +36,11 @@ module Hbase
# TODO: need to validate user name
+ # Verify that the specified permission is valid
+ if (permissions == nil || permissions.length == 0)
+ raise(ArgumentError, "Ivalid permission: no actions associated with user")
+ end
+
if (table_name != nil)
# Table should exist
raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)
Modified: hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb (original)
+++ hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb Wed Apr 10 18:03:24 2013
@@ -22,7 +22,7 @@ module Shell
def help
return <<-EOF
Grant users specific rights.
-Syntax : grant <user> <permissions> <table> <column family> <column qualifier>
+Syntax : grant <user> <permissions> [<table> [<column family> [<column qualifier>]]
permissions is either zero or more letters from the set "RWXCA".
READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A')
Modified: hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb (original)
+++ hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb Wed Apr 10 18:03:24 2013
@@ -22,9 +22,10 @@ module Shell
def help
return <<-EOF
Revoke a user's access rights.
-Syntax : revoke <user> <table> <column family> <column qualifier>
+Syntax : revoke <user> [<table> [<column family> [<column qualifier>]]
For example:
+ hbase> revoke 'bobsmith'
hbase> revoke 'bobsmith', 't1', 'f1', 'col1'
EOF
end