d82b07dc6db0f1c693f6a56e80a0f965bace2cbd,hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java,TestAccessController,testPostGrantRevokeAtQualifierLevel,#,1095

Before Change



    // only grant write permission
    // TODO: comment this portion after HBASE-3583
    ProtobufUtil.grant(protocol, user.getShortName(),
      tableName, family1, qualifier, Permission.Action.WRITE);
    Thread.sleep(100);

    verifyDenied(user, getQualifierAction);

After Change



    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
    try {
      BlockingRpcChannel service = acl.coprocessorService(tableName);
      AccessControlService.BlockingInterface protocol =
        AccessControlService.newBlockingStub(service);
      ProtobufUtil.grant(protocol, user.getShortName(),
        tableName, family1, qualifier, Permission.Action.READ);
    } finally {
      acl.close();
    }

    Thread.sleep(100);

    verifyAllowed(user, getQualifierAction);
    verifyDenied(user, putQualifierAction);
    verifyDenied(user, deleteQualifierAction);

    // only grant write permission
    // TODO: comment this portion after HBASE-3583
    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
    try {
      BlockingRpcChannel service = acl.coprocessorService(tableName);
      AccessControlService.BlockingInterface protocol =
        AccessControlService.newBlockingStub(service);
      ProtobufUtil.grant(protocol, user.getShortName(),
        tableName, family1, qualifier, Permission.Action.WRITE);
    } finally {
      acl.close();
    }

    Thread.sleep(100);

    verifyDenied(user, getQualifierAction);
    verifyAllowed(user, putQualifierAction);
    verifyAllowed(user, deleteQualifierAction);

    // grant both read and write permission.
    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
    try {
      BlockingRpcChannel service = acl.coprocessorService(tableName);
      AccessControlService.BlockingInterface protocol =
        AccessControlService.newBlockingStub(service);
      ProtobufUtil.grant(protocol, user.getShortName(),
        tableName, family1, qualifier,
          Permission.Action.READ, Permission.Action.WRITE);
    } finally {
      acl.close();
    }

    Thread.sleep(100);

    verifyAllowed(user, getQualifierAction);
    verifyAllowed(user, putQualifierAction);
    verifyAllowed(user, deleteQualifierAction);

    // revoke family level permission won't impact column level.
    acl = new HTable(conf, AccessControlLists.ACL_TABLE_NAME);
    try {
      BlockingRpcChannel service = acl.coprocessorService(tableName);
      AccessControlService.BlockingInterface protocol =
        AccessControlService.newBlockingStub(service);
      ProtobufUtil.revoke(protocol, user.getShortName(),
        tableName, family1, qualifier);
    } finally {