List of usage examples for org.apache.hadoop.fs.permission FsAction and
public FsAction and(FsAction that)
From source file:org.apache.sentry.hdfs.UpdateableAuthzPermissions.java
License:Apache License
private void applyPrivilegeUpdates(PermissionsUpdate update) { TPrivilegePrincipal addPrivEntity, delPrivEntity; for (TPrivilegeChanges pUpdate : update.getPrivilegeUpdates()) { LOG.debug("Applying privilege update on object:{} add privileges {}, delete privileges {}", pUpdate.getAuthzObj(), pUpdate.getAddPrivileges(), pUpdate.getDelPrivileges()); if (pUpdate.getAuthzObj().equals(PermissionsUpdate.RENAME_PRIVS)) { addPrivEntity = pUpdate.getAddPrivileges().keySet().iterator().next(); delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next(); if (addPrivEntity.getType() != TPrivilegePrincipalType.AUTHZ_OBJ || delPrivEntity.getType() != TPrivilegePrincipalType.AUTHZ_OBJ) { LOG.warn(/* w ww. jav a2 s . co m*/ "Invalid Permission Update, Received Rename update with wrong data, (Add) Type: {}, Value:{} " + "(Del) Type: {}, Value:{}", addPrivEntity.getType(), addPrivEntity.getValue(), delPrivEntity.getType(), delPrivEntity.getValue()); continue; } String newAuthzObj = addPrivEntity.getValue(); String oldAuthzObj = delPrivEntity.getValue(); LOG.debug("Performing Rename from {} to {}", oldAuthzObj, newAuthzObj); PrivilegeInfo privilegeInfo = perms.getPrivilegeInfo(oldAuthzObj); // The privilegeInfo object can be null if no explicit Privileges // have been granted on the object. For eg. If grants have been applied on // Db, but no explicit grants on Table.. then the authzObject associated // with the table will never exist. if (privilegeInfo != null) { LOG.debug("Permission info before rename " + privilegeInfo.toString()); Map<TPrivilegePrincipal, FsAction> allPermissions = privilegeInfo.getAllPermissions(); perms.delPrivilegeInfo(oldAuthzObj); perms.removeParentChildMappings(oldAuthzObj); PrivilegeInfo newPrivilegeInfo = new PrivilegeInfo(newAuthzObj); for (Map.Entry<TPrivilegePrincipal, FsAction> e : allPermissions.entrySet()) { newPrivilegeInfo.setPermission(e.getKey(), e.getValue()); } perms.addPrivilegeInfo(newPrivilegeInfo); perms.addParentChildMappings(newAuthzObj); LOG.debug("Permission info before rename " + newPrivilegeInfo.toString()); } return; } if (pUpdate.getAuthzObj().equals(PermissionsUpdate.ALL_AUTHZ_OBJ)) { // Request to remove role from all Privileges delPrivEntity = pUpdate.getDelPrivileges().keySet().iterator().next(); for (PrivilegeInfo pInfo : perms.getAllPrivileges()) { LOG.debug("Role {} is revoked permission on {}", delPrivEntity.getValue(), pInfo.getAuthzObj()); pInfo.removePermission(delPrivEntity); } } logPermissionInfo("BEFORE-UPDATE", pUpdate.getAuthzObj()); PrivilegeInfo pInfo = perms.getPrivilegeInfo(pUpdate.getAuthzObj()); for (Map.Entry<TPrivilegePrincipal, String> aMap : pUpdate.getAddPrivileges().entrySet()) { if (pInfo == null) { pInfo = new PrivilegeInfo(pUpdate.getAuthzObj()); } FsAction fsAction = pInfo.getPermission(aMap.getKey()); if (fsAction == null) { fsAction = getFAction(aMap.getValue()); } else { fsAction = fsAction.or(getFAction(aMap.getValue())); } pInfo.setPermission(aMap.getKey(), fsAction); } if (pInfo != null) { perms.addPrivilegeInfo(pInfo); perms.addParentChildMappings(pUpdate.getAuthzObj()); for (Map.Entry<TPrivilegePrincipal, String> dMap : pUpdate.getDelPrivileges().entrySet()) { if (dMap.getKey().getValue().equals(PermissionsUpdate.ALL_PRIVS)) { // Remove all privileges perms.delPrivilegeInfo(pUpdate.getAuthzObj()); perms.removeParentChildMappings(pUpdate.getAuthzObj()); break; } List<PrivilegeInfo> parentAndChild = new ArrayList<>(); parentAndChild.add(pInfo); Set<String> children = perms.getChildren(pInfo.getAuthzObj()); if (children != null) { for (String child : children) { parentAndChild.add(perms.getPrivilegeInfo(child)); } } // recursive revoke for (PrivilegeInfo pInfo2 : parentAndChild) { FsAction fsAction = pInfo2.getPermission(dMap.getKey()); if (fsAction != null) { fsAction = fsAction.and(getFAction(dMap.getValue()).not()); if (FsAction.NONE == fsAction) { pInfo2.removePermission(dMap.getKey()); } else { pInfo2.setPermission(dMap.getKey(), fsAction); } } } } } logPermissionInfo("AFTER-UPDATE", pUpdate.getAuthzObj()); } }
From source file:org.araqne.storage.hdfs.HDFSFilePath.java
License:Apache License
@Override public boolean canRead() throws SecurityException { String username = System.getProperty("user.name"); FileStatus fs;// w w w . ja v a 2 s .c om try { fs = root.getFileSystem().getFileStatus(path); } catch (IOException e) { throw new IllegalStateException("Unexpected IOException", e); } FsPermission permission = fs.getPermission(); // TODO handle user group FsAction action = (username.equals(fs.getOwner())) ? permission.getUserAction() : permission.getOtherAction(); return action.and(FsAction.READ).equals(FsAction.READ); }
From source file:org.araqne.storage.hdfs.HDFSFilePath.java
License:Apache License
@Override public boolean canWrite() throws SecurityException { String username = System.getProperty("user.name"); FileStatus fs;//from w ww . j av a 2 s . c o m try { fs = root.getFileSystem().getFileStatus(path); } catch (IOException e) { throw new IllegalStateException("Unexpected IOException", e); } FsPermission permission = fs.getPermission(); // TODO handle user group FsAction action = (username.equals(fs.getOwner())) ? permission.getUserAction() : permission.getOtherAction(); return action.and(FsAction.WRITE).equals(FsAction.WRITE); }