Java Code Examples for org.apache.hadoop.fs.permission.AclEntryScope#ACCESS

The following examples show how to use org.apache.hadoop.fs.permission.AclEntryScope#ACCESS . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestSnapshotScannerHDFSAclController.java    From hbase with Apache License 2.0 6 votes vote down vote up
static void checkUserAclEntry(FileSystem fs, Path path, String userName, boolean requireAccessAcl,
    boolean requireDefaultAcl) throws IOException {
  boolean accessAclEntry = false;
  boolean defaultAclEntry = false;
  if (fs.exists(path)) {
    for (AclEntry aclEntry : fs.getAclStatus(path).getEntries()) {
      String user = aclEntry.getName();
      if (user != null && user.equals(userName)) {
        if (aclEntry.getScope() == AclEntryScope.DEFAULT) {
          defaultAclEntry = true;
        } else if (aclEntry.getScope() == AclEntryScope.ACCESS) {
          accessAclEntry = true;
        }
      }
    }
  }
  String message = "require user: " + userName + ", path: " + path.toString() + " acl";
  assertEquals(message, requireAccessAcl, accessAclEntry);
  assertEquals(message, requireDefaultAcl, defaultAclEntry);
}
 
Example 2
Source File: FSPermissionChecker.java    From hadoop with Apache License 2.0 5 votes vote down vote up
private void check(INodeAttributes inode, String path, FsAction access
    ) throws AccessControlException {
  if (inode == null) {
    return;
  }
  final FsPermission mode = inode.getFsPermission();
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      checkAccessAcl(inode, path, access, mode, aclFeature);
      return;
    }
  }
  if (getUser().equals(inode.getUserName())) { //user class
    if (mode.getUserAction().implies(access)) { return; }
  }
  else if (getGroups().contains(inode.getGroupName())) { //group class
    if (mode.getGroupAction().implies(access)) { return; }
  }
  else { //other class
    if (mode.getOtherAction().implies(access)) { return; }
  }
  throw new AccessControlException(
      toAccessControlString(inode, path, access, mode));
}
 
Example 3
Source File: FSPermissionChecker.java    From big-c with Apache License 2.0 5 votes vote down vote up
private void check(INodeAttributes inode, String path, FsAction access
    ) throws AccessControlException {
  if (inode == null) {
    return;
  }
  final FsPermission mode = inode.getFsPermission();
  final AclFeature aclFeature = inode.getAclFeature();
  if (aclFeature != null) {
    // It's possible that the inode has a default ACL but no access ACL.
    int firstEntry = aclFeature.getEntryAt(0);
    if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) {
      checkAccessAcl(inode, path, access, mode, aclFeature);
      return;
    }
  }
  if (getUser().equals(inode.getUserName())) { //user class
    if (mode.getUserAction().implies(access)) { return; }
  }
  else if (getGroups().contains(inode.getGroupName())) { //group class
    if (mode.getGroupAction().implies(access)) { return; }
  }
  else { //other class
    if (mode.getOtherAction().implies(access)) { return; }
  }
  throw new AccessControlException(
      toAccessControlString(inode, path, access, mode));
}
 
Example 4
Source File: AclCommands.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
protected void processOptions(LinkedList<String> args) throws IOException {
  cf.parse(args);
  setRecursive(cf.getOpt("R"));
  // Mix of remove and modify acl flags are not allowed
  boolean bothRemoveOptions = cf.getOpt("b") && cf.getOpt("k");
  boolean bothModifyOptions = cf.getOpt("m") && cf.getOpt("x");
  boolean oneRemoveOption = cf.getOpt("b") || cf.getOpt("k");
  boolean oneModifyOption = cf.getOpt("m") || cf.getOpt("x");
  boolean setOption = cf.getOpt("-set");
  if ((bothRemoveOptions || bothModifyOptions)
      || (oneRemoveOption && oneModifyOption)
      || (setOption && (oneRemoveOption || oneModifyOption))) {
    throw new HadoopIllegalArgumentException(
        "Specified flags contains both remove and modify flags");
  }

  // Only -m, -x and --set expects <acl_spec>
  if (oneModifyOption || setOption) {
    if (args.size() < 2) {
      throw new HadoopIllegalArgumentException("<acl_spec> is missing");
    }
    aclEntries = AclEntry.parseAclSpec(args.removeFirst(), !cf.getOpt("x"));
  }

  if (args.isEmpty()) {
    throw new HadoopIllegalArgumentException("<path> is missing");
  }
  if (args.size() > 1) {
    throw new HadoopIllegalArgumentException("Too many arguments");
  }

  // In recursive mode, save a separate list of just the access ACL entries.
  // Only directories may have a default ACL.  When a recursive operation
  // encounters a file under the specified path, it must pass only the
  // access ACL entries.
  if (isRecursive() && (oneModifyOption || setOption)) {
    accessAclEntries = Lists.newArrayList();
    for (AclEntry entry: aclEntries) {
      if (entry.getScope() == AclEntryScope.ACCESS) {
        accessAclEntries.add(entry);
      }
    }
  }
}
 
Example 5
Source File: AclCommands.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
protected void processOptions(LinkedList<String> args) throws IOException {
  cf.parse(args);
  setRecursive(cf.getOpt("R"));
  // Mix of remove and modify acl flags are not allowed
  boolean bothRemoveOptions = cf.getOpt("b") && cf.getOpt("k");
  boolean bothModifyOptions = cf.getOpt("m") && cf.getOpt("x");
  boolean oneRemoveOption = cf.getOpt("b") || cf.getOpt("k");
  boolean oneModifyOption = cf.getOpt("m") || cf.getOpt("x");
  boolean setOption = cf.getOpt("-set");
  if ((bothRemoveOptions || bothModifyOptions)
      || (oneRemoveOption && oneModifyOption)
      || (setOption && (oneRemoveOption || oneModifyOption))) {
    throw new HadoopIllegalArgumentException(
        "Specified flags contains both remove and modify flags");
  }

  // Only -m, -x and --set expects <acl_spec>
  if (oneModifyOption || setOption) {
    if (args.size() < 2) {
      throw new HadoopIllegalArgumentException("<acl_spec> is missing");
    }
    aclEntries = AclEntry.parseAclSpec(args.removeFirst(), !cf.getOpt("x"));
  }

  if (args.isEmpty()) {
    throw new HadoopIllegalArgumentException("<path> is missing");
  }
  if (args.size() > 1) {
    throw new HadoopIllegalArgumentException("Too many arguments");
  }

  // In recursive mode, save a separate list of just the access ACL entries.
  // Only directories may have a default ACL.  When a recursive operation
  // encounters a file under the specified path, it must pass only the
  // access ACL entries.
  if (isRecursive() && (oneModifyOption || setOption)) {
    accessAclEntries = Lists.newArrayList();
    for (AclEntry entry: aclEntries) {
      if (entry.getScope() == AclEntryScope.ACCESS) {
        accessAclEntries.add(entry);
      }
    }
  }
}