You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by mb...@apache.org on 2013/04/10 20:03:24 UTC
svn commit: r1466600 - in /hbase/trunk/hbase-server/src/main: java/org/apache/hadoop/hbase/security/access/AccessControlLists.java ruby/hbase/security.rb ruby/shell/commands/grant.rb ruby/shell/commands/revoke.rb

Author: mbertozzi
Date: Wed Apr 10 18:03:24 2013
New Revision: 1466600

URL: http://svn.apache.org/r1466600
Log:
HBASE-7658 grant with an empty string as permission should throw an exception

Modified:
    hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
    hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb
    hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb
    hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb

Modified: hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java (original)
+++ hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessControlLists.java Wed Apr 10 18:03:24 2013
@@ -142,8 +142,9 @@ public class AccessControlLists {
     byte[] key = userPermissionKey(userPerm);
 
     if ((actions == null) || (actions.length == 0)) {
-      LOG.warn("No actions associated with user '"+Bytes.toString(userPerm.getUser())+"'");
-      return;
+      String msg = "No actions associated with user '" + Bytes.toString(userPerm.getUser()) + "'";
+      LOG.warn(msg);
+      throw new IOException(msg);
     }
 
     byte[] value = new byte[actions.length];

Modified: hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb (original)
+++ hbase/trunk/hbase-server/src/main/ruby/hbase/security.rb Wed Apr 10 18:03:24 2013
@@ -36,6 +36,11 @@ module Hbase
 
       # TODO: need to validate user name
 
+      # Verify that the specified permission is valid
+      if (permissions == nil || permissions.length == 0)
+        raise(ArgumentError, "Ivalid permission: no actions associated with user")
+      end
+
       if (table_name != nil)
         # Table should exist
         raise(ArgumentError, "Can't find a table: #{table_name}") unless exists?(table_name)

Modified: hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb (original)
+++ hbase/trunk/hbase-server/src/main/ruby/shell/commands/grant.rb Wed Apr 10 18:03:24 2013
@@ -22,7 +22,7 @@ module Shell
       def help
         return <<-EOF
 Grant users specific rights.
-Syntax : grant <user> <permissions> <table> <column family> <column qualifier>
+Syntax : grant <user> <permissions> [<table> [<column family> [<column qualifier>]]
 
 permissions is either zero or more letters from the set "RWXCA".
 READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A')

Modified: hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb
URL: http://svn.apache.org/viewvc/hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb?rev=1466600&r1=1466599&r2=1466600&view=diff
==============================================================================
--- hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb (original)
+++ hbase/trunk/hbase-server/src/main/ruby/shell/commands/revoke.rb Wed Apr 10 18:03:24 2013
@@ -22,9 +22,10 @@ module Shell
       def help
         return <<-EOF
 Revoke a user's access rights.
-Syntax : revoke <user> <table> <column family> <column qualifier>
+Syntax : revoke <user> [<table> [<column family> [<column qualifier>]]
 For example:
 
+    hbase> revoke 'bobsmith'
     hbase> revoke 'bobsmith', 't1', 'f1', 'col1'
 EOF
       end