7662980798c82a239c4d446c290595836ed3a456,hbase-server/src/test/java/org/apache/hadoop/hbase/security/access/TestAccessController.java,TestAccessController,testCheckPermissions,#,1541

Before Change


    grantOnTable(TEST_UTIL, userTable.getShortName(),
      TEST_TABLE.getTableName(), null, null,
      Permission.Action.READ);
    grantOnTable(TEST_UTIL, userColumn.getShortName(),
      TEST_TABLE.getTableName(), TEST_FAMILY, null,
      Permission.Action.READ);
    grantOnTable(TEST_UTIL, userQualifier.getShortName(),
      TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
      Permission.Action.READ);

    AccessTestAction tableRead = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), null, null,
          Permission.Action.READ);
        return null;
      }
    };

    AccessTestAction columnRead = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, null,
          Permission.Action.READ);
        return null;
      }
    };

    AccessTestAction qualifierRead = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
          Permission.Action.READ);
        return null;
      }
    };

    AccessTestAction multiQualifierRead = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), new Permission[] {
            new TablePermission(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q1,
              Permission.Action.READ),
            new TablePermission(TEST_TABLE.getTableName(), TEST_FAMILY, TEST_Q2,
              Permission.Action.READ), });
        return null;
      }
    };

    AccessTestAction globalAndTableRead = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(),
          new Permission[] { new Permission(Permission.Action.READ),
            new TablePermission(TEST_TABLE.getTableName(), null, (byte[]) null,
            Permission.Action.READ), });
        return null;
      }
    };

    AccessTestAction noCheck = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), new Permission[0]);
        return null;
      }
    };

    verifyAllowed(tableRead, SUPERUSER, userTable);
    verifyDenied(tableRead, userColumn, userQualifier);

    verifyAllowed(columnRead, SUPERUSER, userTable, userColumn);
    verifyDenied(columnRead, userQualifier);

    verifyAllowed(qualifierRead, SUPERUSER, userTable, userColumn, userQualifier);

    verifyAllowed(multiQualifierRead, SUPERUSER, userTable, userColumn);
    verifyDenied(multiQualifierRead, userQualifier);

    verifyAllowed(globalAndTableRead, SUPERUSER);
    verifyDenied(globalAndTableRead, userTable, userColumn, userQualifier);

    verifyAllowed(noCheck, SUPERUSER, userTable, userColumn, userQualifier);

    // --------------------------------------
    // test family level multiple permissions
    AccessTestAction familyReadWrite = new AccessTestAction() {
      @Override
      public Void run() throws Exception {
        checkTablePerms(TEST_UTIL, TEST_TABLE.getTableName(), TEST_FAMILY, null,
          Permission.Action.READ, Permission.Action.WRITE);
        return null;
      }
    };

    verifyAllowed(familyReadWrite, SUPERUSER, USER_OWNER, USER_CREATE, USER_RW);
    verifyDenied(familyReadWrite, USER_NONE, USER_RO);

    // --------------------------------------
    // check for wrong table region
    CheckPermissionsRequest checkRequest = CheckPermissionsRequest.newBuilder()
      .addPermission(AccessControlProtos.Permission.newBuilder()
          .setType(AccessControlProtos.Permission.Type.Table)
          .setTablePermission(
              AccessControlProtos.TablePermission.newBuilder()
                  .setTableName(ProtobufUtil.toProtoTableName(TEST_TABLE.getTableName()))
                  .addAction(AccessControlProtos.Permission.Action.CREATE))
      ).build();
    Table acl = systemUserConnection.getTable(AccessControlLists.ACL_TABLE_NAME);

After Change


    grantOnTable(TEST_UTIL, userTable.getShortName(),
      TEST_TABLE, null, null,
      Permission.Action.READ);
    grantOnTable(TEST_UTIL, userColumn.getShortName(),
      TEST_TABLE, TEST_FAMILY, null,
      Permission.Action.READ);
    grantOnTable(TEST_UTIL, userQualifier.getShortName(),
      TEST_TABLE, TEST_FAMILY, TEST_Q1,
      Permission.Action.READ);