| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <html lang="en"> |
| <head> |
| <title>Source code</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <div class="sourceContainer"> |
| <pre><span class="sourceLineNo">001</span>/**<a name="line.1"></a> |
| <span class="sourceLineNo">002</span> * Licensed to the Apache Software Foundation (ASF) under one<a name="line.2"></a> |
| <span class="sourceLineNo">003</span> * or more contributor license agreements. See the NOTICE file<a name="line.3"></a> |
| <span class="sourceLineNo">004</span> * distributed with this work for additional information<a name="line.4"></a> |
| <span class="sourceLineNo">005</span> * regarding copyright ownership. The ASF licenses this file<a name="line.5"></a> |
| <span class="sourceLineNo">006</span> * to you under the Apache License, Version 2.0 (the<a name="line.6"></a> |
| <span class="sourceLineNo">007</span> * "License"); you may not use this file except in compliance<a name="line.7"></a> |
| <span class="sourceLineNo">008</span> * with the License. You may obtain a copy of the License at<a name="line.8"></a> |
| <span class="sourceLineNo">009</span> *<a name="line.9"></a> |
| <span class="sourceLineNo">010</span> * http://www.apache.org/licenses/LICENSE-2.0<a name="line.10"></a> |
| <span class="sourceLineNo">011</span> *<a name="line.11"></a> |
| <span class="sourceLineNo">012</span> * Unless required by applicable law or agreed to in writing, software<a name="line.12"></a> |
| <span class="sourceLineNo">013</span> * distributed under the License is distributed on an "AS IS" BASIS,<a name="line.13"></a> |
| <span class="sourceLineNo">014</span> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<a name="line.14"></a> |
| <span class="sourceLineNo">015</span> * See the License for the specific language governing permissions and<a name="line.15"></a> |
| <span class="sourceLineNo">016</span> * limitations under the License.<a name="line.16"></a> |
| <span class="sourceLineNo">017</span> */<a name="line.17"></a> |
| <span class="sourceLineNo">018</span>package org.apache.hadoop.hbase.security.access;<a name="line.18"></a> |
| <span class="sourceLineNo">019</span><a name="line.19"></a> |
| <span class="sourceLineNo">020</span>import static org.junit.Assert.assertEquals;<a name="line.20"></a> |
| <span class="sourceLineNo">021</span>import static org.junit.Assert.fail;<a name="line.21"></a> |
| <span class="sourceLineNo">022</span><a name="line.22"></a> |
| <span class="sourceLineNo">023</span>import java.io.IOException;<a name="line.23"></a> |
| <span class="sourceLineNo">024</span>import java.security.PrivilegedExceptionAction;<a name="line.24"></a> |
| <span class="sourceLineNo">025</span>import java.util.HashMap;<a name="line.25"></a> |
| <span class="sourceLineNo">026</span>import java.util.Map;<a name="line.26"></a> |
| <span class="sourceLineNo">027</span>import org.apache.hadoop.conf.Configuration;<a name="line.27"></a> |
| <span class="sourceLineNo">028</span>import org.apache.hadoop.hbase.AuthUtil;<a name="line.28"></a> |
| <span class="sourceLineNo">029</span>import org.apache.hadoop.hbase.Coprocessor;<a name="line.29"></a> |
| <span class="sourceLineNo">030</span>import org.apache.hadoop.hbase.HBaseClassTestRule;<a name="line.30"></a> |
| <span class="sourceLineNo">031</span>import org.apache.hadoop.hbase.HBaseTestingUtility;<a name="line.31"></a> |
| <span class="sourceLineNo">032</span>import org.apache.hadoop.hbase.TableNameTestRule;<a name="line.32"></a> |
| <span class="sourceLineNo">033</span>import org.apache.hadoop.hbase.TableNotFoundException;<a name="line.33"></a> |
| <span class="sourceLineNo">034</span>import org.apache.hadoop.hbase.client.Admin;<a name="line.34"></a> |
| <span class="sourceLineNo">035</span>import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;<a name="line.35"></a> |
| <span class="sourceLineNo">036</span>import org.apache.hadoop.hbase.client.Connection;<a name="line.36"></a> |
| <span class="sourceLineNo">037</span>import org.apache.hadoop.hbase.client.ConnectionFactory;<a name="line.37"></a> |
| <span class="sourceLineNo">038</span>import org.apache.hadoop.hbase.client.Delete;<a name="line.38"></a> |
| <span class="sourceLineNo">039</span>import org.apache.hadoop.hbase.client.Get;<a name="line.39"></a> |
| <span class="sourceLineNo">040</span>import org.apache.hadoop.hbase.client.Increment;<a name="line.40"></a> |
| <span class="sourceLineNo">041</span>import org.apache.hadoop.hbase.client.Put;<a name="line.41"></a> |
| <span class="sourceLineNo">042</span>import org.apache.hadoop.hbase.client.Table;<a name="line.42"></a> |
| <span class="sourceLineNo">043</span>import org.apache.hadoop.hbase.client.TableDescriptor;<a name="line.43"></a> |
| <span class="sourceLineNo">044</span>import org.apache.hadoop.hbase.client.TableDescriptorBuilder;<a name="line.44"></a> |
| <span class="sourceLineNo">045</span>import org.apache.hadoop.hbase.master.MasterCoprocessorHost;<a name="line.45"></a> |
| <span class="sourceLineNo">046</span>import org.apache.hadoop.hbase.regionserver.RegionServerCoprocessorHost;<a name="line.46"></a> |
| <span class="sourceLineNo">047</span>import org.apache.hadoop.hbase.security.User;<a name="line.47"></a> |
| <span class="sourceLineNo">048</span>import org.apache.hadoop.hbase.security.access.Permission.Action;<a name="line.48"></a> |
| <span class="sourceLineNo">049</span>import org.apache.hadoop.hbase.testclassification.MediumTests;<a name="line.49"></a> |
| <span class="sourceLineNo">050</span>import org.apache.hadoop.hbase.testclassification.SecurityTests;<a name="line.50"></a> |
| <span class="sourceLineNo">051</span>import org.apache.hadoop.hbase.util.Bytes;<a name="line.51"></a> |
| <span class="sourceLineNo">052</span>import org.apache.hadoop.hbase.util.EnvironmentEdgeManager;<a name="line.52"></a> |
| <span class="sourceLineNo">053</span>import org.apache.hadoop.hbase.util.Threads;<a name="line.53"></a> |
| <span class="sourceLineNo">054</span>import org.junit.After;<a name="line.54"></a> |
| <span class="sourceLineNo">055</span>import org.junit.AfterClass;<a name="line.55"></a> |
| <span class="sourceLineNo">056</span>import org.junit.Before;<a name="line.56"></a> |
| <span class="sourceLineNo">057</span>import org.junit.BeforeClass;<a name="line.57"></a> |
| <span class="sourceLineNo">058</span>import org.junit.ClassRule;<a name="line.58"></a> |
| <span class="sourceLineNo">059</span>import org.junit.Rule;<a name="line.59"></a> |
| <span class="sourceLineNo">060</span>import org.junit.Test;<a name="line.60"></a> |
| <span class="sourceLineNo">061</span>import org.junit.experimental.categories.Category;<a name="line.61"></a> |
| <span class="sourceLineNo">062</span>import org.slf4j.Logger;<a name="line.62"></a> |
| <span class="sourceLineNo">063</span>import org.slf4j.LoggerFactory;<a name="line.63"></a> |
| <span class="sourceLineNo">064</span><a name="line.64"></a> |
| <span class="sourceLineNo">065</span>@Category({SecurityTests.class, MediumTests.class})<a name="line.65"></a> |
| <span class="sourceLineNo">066</span>public class TestCellACLWithMultipleVersions extends SecureTestUtil {<a name="line.66"></a> |
| <span class="sourceLineNo">067</span><a name="line.67"></a> |
| <span class="sourceLineNo">068</span> @ClassRule<a name="line.68"></a> |
| <span class="sourceLineNo">069</span> public static final HBaseClassTestRule CLASS_RULE =<a name="line.69"></a> |
| <span class="sourceLineNo">070</span> HBaseClassTestRule.forClass(TestCellACLWithMultipleVersions.class);<a name="line.70"></a> |
| <span class="sourceLineNo">071</span><a name="line.71"></a> |
| <span class="sourceLineNo">072</span> private static final Logger LOG = LoggerFactory.getLogger(TestCellACLWithMultipleVersions.class);<a name="line.72"></a> |
| <span class="sourceLineNo">073</span><a name="line.73"></a> |
| <span class="sourceLineNo">074</span> @Rule<a name="line.74"></a> |
| <span class="sourceLineNo">075</span> public TableNameTestRule testTable = new TableNameTestRule();<a name="line.75"></a> |
| <span class="sourceLineNo">076</span> private static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();<a name="line.76"></a> |
| <span class="sourceLineNo">077</span> private static final byte[] TEST_FAMILY1 = Bytes.toBytes("f1");<a name="line.77"></a> |
| <span class="sourceLineNo">078</span> private static final byte[] TEST_FAMILY2 = Bytes.toBytes("f2");<a name="line.78"></a> |
| <span class="sourceLineNo">079</span> private static final byte[] TEST_ROW = Bytes.toBytes("cellpermtest");<a name="line.79"></a> |
| <span class="sourceLineNo">080</span> private static final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.80"></a> |
| <span class="sourceLineNo">081</span> private static final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.81"></a> |
| <span class="sourceLineNo">082</span> private static final byte[] ZERO = Bytes.toBytes(0L);<a name="line.82"></a> |
| <span class="sourceLineNo">083</span> private static final byte[] ONE = Bytes.toBytes(1L);<a name="line.83"></a> |
| <span class="sourceLineNo">084</span> private static final byte[] TWO = Bytes.toBytes(2L);<a name="line.84"></a> |
| <span class="sourceLineNo">085</span><a name="line.85"></a> |
| <span class="sourceLineNo">086</span> private static Configuration conf;<a name="line.86"></a> |
| <span class="sourceLineNo">087</span><a name="line.87"></a> |
| <span class="sourceLineNo">088</span> private static final String GROUP = "group";<a name="line.88"></a> |
| <span class="sourceLineNo">089</span> private static User GROUP_USER;<a name="line.89"></a> |
| <span class="sourceLineNo">090</span> private static User USER_OWNER;<a name="line.90"></a> |
| <span class="sourceLineNo">091</span> private static User USER_OTHER;<a name="line.91"></a> |
| <span class="sourceLineNo">092</span> private static User USER_OTHER2;<a name="line.92"></a> |
| <span class="sourceLineNo">093</span><a name="line.93"></a> |
| <span class="sourceLineNo">094</span> private static String[] usersAndGroups;<a name="line.94"></a> |
| <span class="sourceLineNo">095</span><a name="line.95"></a> |
| <span class="sourceLineNo">096</span> @BeforeClass<a name="line.96"></a> |
| <span class="sourceLineNo">097</span> public static void setupBeforeClass() throws Exception {<a name="line.97"></a> |
| <span class="sourceLineNo">098</span> // setup configuration<a name="line.98"></a> |
| <span class="sourceLineNo">099</span> conf = TEST_UTIL.getConfiguration();<a name="line.99"></a> |
| <span class="sourceLineNo">100</span> // Enable security<a name="line.100"></a> |
| <span class="sourceLineNo">101</span> enableSecurity(conf);<a name="line.101"></a> |
| <span class="sourceLineNo">102</span> // Verify enableSecurity sets up what we require<a name="line.102"></a> |
| <span class="sourceLineNo">103</span> verifyConfiguration(conf);<a name="line.103"></a> |
| <span class="sourceLineNo">104</span><a name="line.104"></a> |
| <span class="sourceLineNo">105</span> // We expect 0.98 cell ACL semantics<a name="line.105"></a> |
| <span class="sourceLineNo">106</span> conf.setBoolean(AccessControlConstants.CF_ATTRIBUTE_EARLY_OUT, false);<a name="line.106"></a> |
| <span class="sourceLineNo">107</span><a name="line.107"></a> |
| <span class="sourceLineNo">108</span> TEST_UTIL.startMiniCluster();<a name="line.108"></a> |
| <span class="sourceLineNo">109</span> MasterCoprocessorHost cpHost = TEST_UTIL.getMiniHBaseCluster().getMaster()<a name="line.109"></a> |
| <span class="sourceLineNo">110</span> .getMasterCoprocessorHost();<a name="line.110"></a> |
| <span class="sourceLineNo">111</span> cpHost.load(AccessController.class, Coprocessor.PRIORITY_HIGHEST, conf);<a name="line.111"></a> |
| <span class="sourceLineNo">112</span> AccessController ac = cpHost.findCoprocessor(AccessController.class);<a name="line.112"></a> |
| <span class="sourceLineNo">113</span> cpHost.createEnvironment(ac, Coprocessor.PRIORITY_HIGHEST, 1, conf);<a name="line.113"></a> |
| <span class="sourceLineNo">114</span> RegionServerCoprocessorHost rsHost = TEST_UTIL.getMiniHBaseCluster().getRegionServer(0)<a name="line.114"></a> |
| <span class="sourceLineNo">115</span> .getRegionServerCoprocessorHost();<a name="line.115"></a> |
| <span class="sourceLineNo">116</span> rsHost.createEnvironment(ac, Coprocessor.PRIORITY_HIGHEST, 1, conf);<a name="line.116"></a> |
| <span class="sourceLineNo">117</span><a name="line.117"></a> |
| <span class="sourceLineNo">118</span> // Wait for the ACL table to become available<a name="line.118"></a> |
| <span class="sourceLineNo">119</span> TEST_UTIL.waitTableEnabled(PermissionStorage.ACL_TABLE_NAME);<a name="line.119"></a> |
| <span class="sourceLineNo">120</span><a name="line.120"></a> |
| <span class="sourceLineNo">121</span> // create a set of test users<a name="line.121"></a> |
| <span class="sourceLineNo">122</span> USER_OWNER = User.createUserForTesting(conf, "owner", new String[0]);<a name="line.122"></a> |
| <span class="sourceLineNo">123</span> USER_OTHER = User.createUserForTesting(conf, "other", new String[0]);<a name="line.123"></a> |
| <span class="sourceLineNo">124</span> USER_OTHER2 = User.createUserForTesting(conf, "other2", new String[0]);<a name="line.124"></a> |
| <span class="sourceLineNo">125</span> GROUP_USER = User.createUserForTesting(conf, "group_user", new String[] { GROUP });<a name="line.125"></a> |
| <span class="sourceLineNo">126</span><a name="line.126"></a> |
| <span class="sourceLineNo">127</span> usersAndGroups = new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) };<a name="line.127"></a> |
| <span class="sourceLineNo">128</span> }<a name="line.128"></a> |
| <span class="sourceLineNo">129</span><a name="line.129"></a> |
| <span class="sourceLineNo">130</span> @AfterClass<a name="line.130"></a> |
| <span class="sourceLineNo">131</span> public static void tearDownAfterClass() throws Exception {<a name="line.131"></a> |
| <span class="sourceLineNo">132</span> TEST_UTIL.shutdownMiniCluster();<a name="line.132"></a> |
| <span class="sourceLineNo">133</span> }<a name="line.133"></a> |
| <span class="sourceLineNo">134</span><a name="line.134"></a> |
| <span class="sourceLineNo">135</span> @Before<a name="line.135"></a> |
| <span class="sourceLineNo">136</span> public void setUp() throws Exception {<a name="line.136"></a> |
| <span class="sourceLineNo">137</span> TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(testTable.getTableName())<a name="line.137"></a> |
| <span class="sourceLineNo">138</span> .setColumnFamily(<a name="line.138"></a> |
| <span class="sourceLineNo">139</span> ColumnFamilyDescriptorBuilder.newBuilder(TEST_FAMILY1).setMaxVersions(4).build())<a name="line.139"></a> |
| <span class="sourceLineNo">140</span> .setColumnFamily(<a name="line.140"></a> |
| <span class="sourceLineNo">141</span> ColumnFamilyDescriptorBuilder.newBuilder(TEST_FAMILY2).setMaxVersions(4).build())<a name="line.141"></a> |
| <span class="sourceLineNo">142</span> .setOwner(USER_OWNER).build();<a name="line.142"></a> |
| <span class="sourceLineNo">143</span> // Create the test table (owner added to the _acl_ table)<a name="line.143"></a> |
| <span class="sourceLineNo">144</span> try (Connection connection = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {<a name="line.144"></a> |
| <span class="sourceLineNo">145</span> try (Admin admin = connection.getAdmin()) {<a name="line.145"></a> |
| <span class="sourceLineNo">146</span> admin.createTable(tableDescriptor, new byte[][] { Bytes.toBytes("s") });<a name="line.146"></a> |
| <span class="sourceLineNo">147</span> }<a name="line.147"></a> |
| <span class="sourceLineNo">148</span> }<a name="line.148"></a> |
| <span class="sourceLineNo">149</span> TEST_UTIL.waitTableEnabled(testTable.getTableName());<a name="line.149"></a> |
| <span class="sourceLineNo">150</span> LOG.info("Sleeping a second because of HBASE-12581");<a name="line.150"></a> |
| <span class="sourceLineNo">151</span> Threads.sleep(1000);<a name="line.151"></a> |
| <span class="sourceLineNo">152</span> }<a name="line.152"></a> |
| <span class="sourceLineNo">153</span><a name="line.153"></a> |
| <span class="sourceLineNo">154</span> @Test<a name="line.154"></a> |
| <span class="sourceLineNo">155</span> public void testCellPermissionwithVersions() throws Exception {<a name="line.155"></a> |
| <span class="sourceLineNo">156</span> // store two sets of values, one store with a cell level ACL, and one<a name="line.156"></a> |
| <span class="sourceLineNo">157</span> // without<a name="line.157"></a> |
| <span class="sourceLineNo">158</span> final Map<String, Permission> writePerms = prepareCellPermissions(usersAndGroups, Action.WRITE);<a name="line.158"></a> |
| <span class="sourceLineNo">159</span> final Map<String, Permission> readPerms = prepareCellPermissions(usersAndGroups, Action.READ);<a name="line.159"></a> |
| <span class="sourceLineNo">160</span> verifyAllowed(new AccessTestAction() {<a name="line.160"></a> |
| <span class="sourceLineNo">161</span> @Override<a name="line.161"></a> |
| <span class="sourceLineNo">162</span> public Object run() throws Exception {<a name="line.162"></a> |
| <span class="sourceLineNo">163</span> try(Connection connection = ConnectionFactory.createConnection(conf);<a name="line.163"></a> |
| <span class="sourceLineNo">164</span> Table t = connection.getTable(testTable.getTableName())) {<a name="line.164"></a> |
| <span class="sourceLineNo">165</span> Put p;<a name="line.165"></a> |
| <span class="sourceLineNo">166</span> // with ro ACL<a name="line.166"></a> |
| <span class="sourceLineNo">167</span> long now = System.currentTimeMillis();<a name="line.167"></a> |
| <span class="sourceLineNo">168</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, now, ZERO);<a name="line.168"></a> |
| <span class="sourceLineNo">169</span> p.setACL(writePerms);<a name="line.169"></a> |
| <span class="sourceLineNo">170</span> t.put(p);<a name="line.170"></a> |
| <span class="sourceLineNo">171</span> // with ro ACL<a name="line.171"></a> |
| <span class="sourceLineNo">172</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, now + 1, ZERO);<a name="line.172"></a> |
| <span class="sourceLineNo">173</span> p.setACL(readPerms);<a name="line.173"></a> |
| <span class="sourceLineNo">174</span> t.put(p);<a name="line.174"></a> |
| <span class="sourceLineNo">175</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, now + 2, ZERO);<a name="line.175"></a> |
| <span class="sourceLineNo">176</span> p.setACL(writePerms);<a name="line.176"></a> |
| <span class="sourceLineNo">177</span> t.put(p);<a name="line.177"></a> |
| <span class="sourceLineNo">178</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, now + 3, ZERO);<a name="line.178"></a> |
| <span class="sourceLineNo">179</span> p.setACL(readPerms);<a name="line.179"></a> |
| <span class="sourceLineNo">180</span> t.put(p);<a name="line.180"></a> |
| <span class="sourceLineNo">181</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, now + 4, ZERO);<a name="line.181"></a> |
| <span class="sourceLineNo">182</span> p.setACL(writePerms);<a name="line.182"></a> |
| <span class="sourceLineNo">183</span> t.put(p);<a name="line.183"></a> |
| <span class="sourceLineNo">184</span> }<a name="line.184"></a> |
| <span class="sourceLineNo">185</span> return null;<a name="line.185"></a> |
| <span class="sourceLineNo">186</span> }<a name="line.186"></a> |
| <span class="sourceLineNo">187</span> }, USER_OWNER);<a name="line.187"></a> |
| <span class="sourceLineNo">188</span><a name="line.188"></a> |
| <span class="sourceLineNo">189</span> /* ---- Gets ---- */<a name="line.189"></a> |
| <span class="sourceLineNo">190</span><a name="line.190"></a> |
| <span class="sourceLineNo">191</span> AccessTestAction getQ1 = new AccessTestAction() {<a name="line.191"></a> |
| <span class="sourceLineNo">192</span> @Override<a name="line.192"></a> |
| <span class="sourceLineNo">193</span> public Object run() throws Exception {<a name="line.193"></a> |
| <span class="sourceLineNo">194</span> Get get = new Get(TEST_ROW);<a name="line.194"></a> |
| <span class="sourceLineNo">195</span> get.readVersions(10);<a name="line.195"></a> |
| <span class="sourceLineNo">196</span> try(Connection connection = ConnectionFactory.createConnection(conf);<a name="line.196"></a> |
| <span class="sourceLineNo">197</span> Table t = connection.getTable(testTable.getTableName())) {<a name="line.197"></a> |
| <span class="sourceLineNo">198</span> return t.get(get).listCells();<a name="line.198"></a> |
| <span class="sourceLineNo">199</span> }<a name="line.199"></a> |
| <span class="sourceLineNo">200</span> }<a name="line.200"></a> |
| <span class="sourceLineNo">201</span> };<a name="line.201"></a> |
| <span class="sourceLineNo">202</span><a name="line.202"></a> |
| <span class="sourceLineNo">203</span> AccessTestAction get2 = new AccessTestAction() {<a name="line.203"></a> |
| <span class="sourceLineNo">204</span> @Override<a name="line.204"></a> |
| <span class="sourceLineNo">205</span> public Object run() throws Exception {<a name="line.205"></a> |
| <span class="sourceLineNo">206</span> Get get = new Get(TEST_ROW);<a name="line.206"></a> |
| <span class="sourceLineNo">207</span> get.readVersions(10);<a name="line.207"></a> |
| <span class="sourceLineNo">208</span> try(Connection connection = ConnectionFactory.createConnection(conf);<a name="line.208"></a> |
| <span class="sourceLineNo">209</span> Table t = connection.getTable(testTable.getTableName())) {<a name="line.209"></a> |
| <span class="sourceLineNo">210</span> return t.get(get).listCells();<a name="line.210"></a> |
| <span class="sourceLineNo">211</span> }<a name="line.211"></a> |
| <span class="sourceLineNo">212</span> }<a name="line.212"></a> |
| <span class="sourceLineNo">213</span> };<a name="line.213"></a> |
| <span class="sourceLineNo">214</span> // Confirm special read access set at cell level<a name="line.214"></a> |
| <span class="sourceLineNo">215</span><a name="line.215"></a> |
| <span class="sourceLineNo">216</span> verifyAllowed(GROUP_USER, getQ1, 2);<a name="line.216"></a> |
| <span class="sourceLineNo">217</span> verifyAllowed(USER_OTHER, getQ1, 2);<a name="line.217"></a> |
| <span class="sourceLineNo">218</span><a name="line.218"></a> |
| <span class="sourceLineNo">219</span> // store two sets of values, one store with a cell level ACL, and one<a name="line.219"></a> |
| <span class="sourceLineNo">220</span> // without<a name="line.220"></a> |
| <span class="sourceLineNo">221</span> verifyAllowed(new AccessTestAction() {<a name="line.221"></a> |
| <span class="sourceLineNo">222</span> @Override<a name="line.222"></a> |
| <span class="sourceLineNo">223</span> public Object run() throws Exception {<a name="line.223"></a> |
| <span class="sourceLineNo">224</span> try(Connection connection = ConnectionFactory.createConnection(conf);<a name="line.224"></a> |
| <span class="sourceLineNo">225</span> Table t = connection.getTable(testTable.getTableName())) {<a name="line.225"></a> |
| <span class="sourceLineNo">226</span> Put p;<a name="line.226"></a> |
| <span class="sourceLineNo">227</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.227"></a> |
| <span class="sourceLineNo">228</span> p.setACL(writePerms);<a name="line.228"></a> |
| <span class="sourceLineNo">229</span> t.put(p);<a name="line.229"></a> |
| <span class="sourceLineNo">230</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.230"></a> |
| <span class="sourceLineNo">231</span> p.setACL(readPerms);<a name="line.231"></a> |
| <span class="sourceLineNo">232</span> t.put(p);<a name="line.232"></a> |
| <span class="sourceLineNo">233</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.233"></a> |
| <span class="sourceLineNo">234</span> p.setACL(writePerms);<a name="line.234"></a> |
| <span class="sourceLineNo">235</span> t.put(p);<a name="line.235"></a> |
| <span class="sourceLineNo">236</span> }<a name="line.236"></a> |
| <span class="sourceLineNo">237</span> return null;<a name="line.237"></a> |
| <span class="sourceLineNo">238</span> }<a name="line.238"></a> |
| <span class="sourceLineNo">239</span> }, USER_OWNER);<a name="line.239"></a> |
| <span class="sourceLineNo">240</span> // Confirm special read access set at cell level<a name="line.240"></a> |
| <span class="sourceLineNo">241</span><a name="line.241"></a> |
| <span class="sourceLineNo">242</span> verifyAllowed(USER_OTHER, get2, 1);<a name="line.242"></a> |
| <span class="sourceLineNo">243</span> verifyAllowed(GROUP_USER, get2, 1);<a name="line.243"></a> |
| <span class="sourceLineNo">244</span> }<a name="line.244"></a> |
| <span class="sourceLineNo">245</span><a name="line.245"></a> |
| <span class="sourceLineNo">246</span> private Map<String, Permission> prepareCellPermissions(String[] users, Action... action) {<a name="line.246"></a> |
| <span class="sourceLineNo">247</span> Map<String, Permission> perms = new HashMap<>(2);<a name="line.247"></a> |
| <span class="sourceLineNo">248</span> for (String user : users) {<a name="line.248"></a> |
| <span class="sourceLineNo">249</span> perms.put(user, new Permission(action));<a name="line.249"></a> |
| <span class="sourceLineNo">250</span> }<a name="line.250"></a> |
| <span class="sourceLineNo">251</span> return perms;<a name="line.251"></a> |
| <span class="sourceLineNo">252</span> }<a name="line.252"></a> |
| <span class="sourceLineNo">253</span><a name="line.253"></a> |
| <span class="sourceLineNo">254</span> @Test<a name="line.254"></a> |
| <span class="sourceLineNo">255</span> public void testCellPermissionsWithDeleteMutipleVersions() throws Exception {<a name="line.255"></a> |
| <span class="sourceLineNo">256</span> // table/column/qualifier level permissions<a name="line.256"></a> |
| <span class="sourceLineNo">257</span> final byte[] TEST_ROW1 = Bytes.toBytes("r1");<a name="line.257"></a> |
| <span class="sourceLineNo">258</span> final byte[] TEST_ROW2 = Bytes.toBytes("r2");<a name="line.258"></a> |
| <span class="sourceLineNo">259</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.259"></a> |
| <span class="sourceLineNo">260</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.260"></a> |
| <span class="sourceLineNo">261</span> final byte[] ZERO = Bytes.toBytes(0L);<a name="line.261"></a> |
| <span class="sourceLineNo">262</span><a name="line.262"></a> |
| <span class="sourceLineNo">263</span> // additional test user<a name="line.263"></a> |
| <span class="sourceLineNo">264</span> final User user1 = User.createUserForTesting(conf, "user1", new String[0]);<a name="line.264"></a> |
| <span class="sourceLineNo">265</span> final User user2 = User.createUserForTesting(conf, "user2", new String[0]);<a name="line.265"></a> |
| <span class="sourceLineNo">266</span><a name="line.266"></a> |
| <span class="sourceLineNo">267</span> verifyAllowed(new AccessTestAction() {<a name="line.267"></a> |
| <span class="sourceLineNo">268</span> @Override<a name="line.268"></a> |
| <span class="sourceLineNo">269</span> public Object run() throws Exception {<a name="line.269"></a> |
| <span class="sourceLineNo">270</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.270"></a> |
| <span class="sourceLineNo">271</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.271"></a> |
| <span class="sourceLineNo">272</span> // with rw ACL for "user1"<a name="line.272"></a> |
| <span class="sourceLineNo">273</span> Put p = new Put(TEST_ROW1);<a name="line.273"></a> |
| <span class="sourceLineNo">274</span> p.addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.274"></a> |
| <span class="sourceLineNo">275</span> p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);<a name="line.275"></a> |
| <span class="sourceLineNo">276</span> p.setACL(user1.getShortName(), new Permission(Permission.Action.READ,<a name="line.276"></a> |
| <span class="sourceLineNo">277</span> Permission.Action.WRITE));<a name="line.277"></a> |
| <span class="sourceLineNo">278</span> t.put(p);<a name="line.278"></a> |
| <span class="sourceLineNo">279</span> // with rw ACL for "user1"<a name="line.279"></a> |
| <span class="sourceLineNo">280</span> p = new Put(TEST_ROW2);<a name="line.280"></a> |
| <span class="sourceLineNo">281</span> p.addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.281"></a> |
| <span class="sourceLineNo">282</span> p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);<a name="line.282"></a> |
| <span class="sourceLineNo">283</span> p.setACL(user1.getShortName(), new Permission(Permission.Action.READ,<a name="line.283"></a> |
| <span class="sourceLineNo">284</span> Permission.Action.WRITE));<a name="line.284"></a> |
| <span class="sourceLineNo">285</span> t.put(p);<a name="line.285"></a> |
| <span class="sourceLineNo">286</span> }<a name="line.286"></a> |
| <span class="sourceLineNo">287</span> }<a name="line.287"></a> |
| <span class="sourceLineNo">288</span> return null;<a name="line.288"></a> |
| <span class="sourceLineNo">289</span> }<a name="line.289"></a> |
| <span class="sourceLineNo">290</span> }, USER_OWNER);<a name="line.290"></a> |
| <span class="sourceLineNo">291</span><a name="line.291"></a> |
| <span class="sourceLineNo">292</span> verifyAllowed(new AccessTestAction() {<a name="line.292"></a> |
| <span class="sourceLineNo">293</span> @Override<a name="line.293"></a> |
| <span class="sourceLineNo">294</span> public Object run() throws Exception {<a name="line.294"></a> |
| <span class="sourceLineNo">295</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.295"></a> |
| <span class="sourceLineNo">296</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.296"></a> |
| <span class="sourceLineNo">297</span> // with rw ACL for "user1", "user2" and "@group"<a name="line.297"></a> |
| <span class="sourceLineNo">298</span> Put p = new Put(TEST_ROW1);<a name="line.298"></a> |
| <span class="sourceLineNo">299</span> p.addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.299"></a> |
| <span class="sourceLineNo">300</span> p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);<a name="line.300"></a> |
| <span class="sourceLineNo">301</span> Map<String, Permission> perms =<a name="line.301"></a> |
| <span class="sourceLineNo">302</span> prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(),<a name="line.302"></a> |
| <span class="sourceLineNo">303</span> AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE);<a name="line.303"></a> |
| <span class="sourceLineNo">304</span> p.setACL(perms);<a name="line.304"></a> |
| <span class="sourceLineNo">305</span> t.put(p);<a name="line.305"></a> |
| <span class="sourceLineNo">306</span> // with rw ACL for "user1", "user2" and "@group"<a name="line.306"></a> |
| <span class="sourceLineNo">307</span> p = new Put(TEST_ROW2);<a name="line.307"></a> |
| <span class="sourceLineNo">308</span> p.addColumn(TEST_FAMILY1, TEST_Q1, ZERO);<a name="line.308"></a> |
| <span class="sourceLineNo">309</span> p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);<a name="line.309"></a> |
| <span class="sourceLineNo">310</span> p.setACL(perms);<a name="line.310"></a> |
| <span class="sourceLineNo">311</span> t.put(p);<a name="line.311"></a> |
| <span class="sourceLineNo">312</span> }<a name="line.312"></a> |
| <span class="sourceLineNo">313</span> }<a name="line.313"></a> |
| <span class="sourceLineNo">314</span> return null;<a name="line.314"></a> |
| <span class="sourceLineNo">315</span> }<a name="line.315"></a> |
| <span class="sourceLineNo">316</span> }, user1);<a name="line.316"></a> |
| <span class="sourceLineNo">317</span><a name="line.317"></a> |
| <span class="sourceLineNo">318</span> // user1 should be allowed to delete TEST_ROW1 as he is having write permission on both<a name="line.318"></a> |
| <span class="sourceLineNo">319</span> // versions of the cells<a name="line.319"></a> |
| <span class="sourceLineNo">320</span> user1.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.320"></a> |
| <span class="sourceLineNo">321</span> @Override<a name="line.321"></a> |
| <span class="sourceLineNo">322</span> public Void run() throws Exception {<a name="line.322"></a> |
| <span class="sourceLineNo">323</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.323"></a> |
| <span class="sourceLineNo">324</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.324"></a> |
| <span class="sourceLineNo">325</span> Delete d = new Delete(TEST_ROW1);<a name="line.325"></a> |
| <span class="sourceLineNo">326</span> d.addColumns(TEST_FAMILY1, TEST_Q1);<a name="line.326"></a> |
| <span class="sourceLineNo">327</span> d.addColumns(TEST_FAMILY1, TEST_Q2);<a name="line.327"></a> |
| <span class="sourceLineNo">328</span> t.delete(d);<a name="line.328"></a> |
| <span class="sourceLineNo">329</span> }<a name="line.329"></a> |
| <span class="sourceLineNo">330</span> }<a name="line.330"></a> |
| <span class="sourceLineNo">331</span> return null;<a name="line.331"></a> |
| <span class="sourceLineNo">332</span> }<a name="line.332"></a> |
| <span class="sourceLineNo">333</span> });<a name="line.333"></a> |
| <span class="sourceLineNo">334</span> // user2 should not be allowed to delete TEST_ROW2 as he is having write permission only on one<a name="line.334"></a> |
| <span class="sourceLineNo">335</span> // version of the cells.<a name="line.335"></a> |
| <span class="sourceLineNo">336</span> verifyUserDeniedForDeleteMultipleVersions(user2, TEST_ROW2, TEST_Q1, TEST_Q2);<a name="line.336"></a> |
| <span class="sourceLineNo">337</span><a name="line.337"></a> |
| <span class="sourceLineNo">338</span> // GROUP_USER should not be allowed to delete TEST_ROW2 as he is having write permission only on<a name="line.338"></a> |
| <span class="sourceLineNo">339</span> // one version of the cells.<a name="line.339"></a> |
| <span class="sourceLineNo">340</span> verifyUserDeniedForDeleteMultipleVersions(GROUP_USER, TEST_ROW2, TEST_Q1, TEST_Q2);<a name="line.340"></a> |
| <span class="sourceLineNo">341</span><a name="line.341"></a> |
| <span class="sourceLineNo">342</span> // user1 should be allowed to delete the cf. (All data under cf for a row)<a name="line.342"></a> |
| <span class="sourceLineNo">343</span> user1.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.343"></a> |
| <span class="sourceLineNo">344</span> @Override<a name="line.344"></a> |
| <span class="sourceLineNo">345</span> public Void run() throws Exception {<a name="line.345"></a> |
| <span class="sourceLineNo">346</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.346"></a> |
| <span class="sourceLineNo">347</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.347"></a> |
| <span class="sourceLineNo">348</span> Delete d = new Delete(TEST_ROW2);<a name="line.348"></a> |
| <span class="sourceLineNo">349</span> d.addFamily(TEST_FAMILY1);<a name="line.349"></a> |
| <span class="sourceLineNo">350</span> t.delete(d);<a name="line.350"></a> |
| <span class="sourceLineNo">351</span> }<a name="line.351"></a> |
| <span class="sourceLineNo">352</span> }<a name="line.352"></a> |
| <span class="sourceLineNo">353</span> return null;<a name="line.353"></a> |
| <span class="sourceLineNo">354</span> }<a name="line.354"></a> |
| <span class="sourceLineNo">355</span> });<a name="line.355"></a> |
| <span class="sourceLineNo">356</span> }<a name="line.356"></a> |
| <span class="sourceLineNo">357</span><a name="line.357"></a> |
| <span class="sourceLineNo">358</span> private void verifyUserDeniedForDeleteMultipleVersions(final User user, final byte[] row,<a name="line.358"></a> |
| <span class="sourceLineNo">359</span> final byte[] q1, final byte[] q2) throws IOException, InterruptedException {<a name="line.359"></a> |
| <span class="sourceLineNo">360</span> user.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.360"></a> |
| <span class="sourceLineNo">361</span> @Override<a name="line.361"></a> |
| <span class="sourceLineNo">362</span> public Void run() throws Exception {<a name="line.362"></a> |
| <span class="sourceLineNo">363</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.363"></a> |
| <span class="sourceLineNo">364</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.364"></a> |
| <span class="sourceLineNo">365</span> Delete d = new Delete(row);<a name="line.365"></a> |
| <span class="sourceLineNo">366</span> d.addColumns(TEST_FAMILY1, q1);<a name="line.366"></a> |
| <span class="sourceLineNo">367</span> d.addColumns(TEST_FAMILY1, q2);<a name="line.367"></a> |
| <span class="sourceLineNo">368</span> t.delete(d);<a name="line.368"></a> |
| <span class="sourceLineNo">369</span> fail(user.getShortName() + " should not be allowed to delete the row");<a name="line.369"></a> |
| <span class="sourceLineNo">370</span> } catch (Exception e) {<a name="line.370"></a> |
| <span class="sourceLineNo">371</span><a name="line.371"></a> |
| <span class="sourceLineNo">372</span> }<a name="line.372"></a> |
| <span class="sourceLineNo">373</span> }<a name="line.373"></a> |
| <span class="sourceLineNo">374</span> return null;<a name="line.374"></a> |
| <span class="sourceLineNo">375</span> }<a name="line.375"></a> |
| <span class="sourceLineNo">376</span> });<a name="line.376"></a> |
| <span class="sourceLineNo">377</span> }<a name="line.377"></a> |
| <span class="sourceLineNo">378</span><a name="line.378"></a> |
| <span class="sourceLineNo">379</span><a name="line.379"></a> |
| <span class="sourceLineNo">380</span> @Test<a name="line.380"></a> |
| <span class="sourceLineNo">381</span> public void testDeleteWithFutureTimestamp() throws Exception {<a name="line.381"></a> |
| <span class="sourceLineNo">382</span> // Store two values, one in the future<a name="line.382"></a> |
| <span class="sourceLineNo">383</span><a name="line.383"></a> |
| <span class="sourceLineNo">384</span> verifyAllowed(new AccessTestAction() {<a name="line.384"></a> |
| <span class="sourceLineNo">385</span> @Override<a name="line.385"></a> |
| <span class="sourceLineNo">386</span> public Object run() throws Exception {<a name="line.386"></a> |
| <span class="sourceLineNo">387</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.387"></a> |
| <span class="sourceLineNo">388</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.388"></a> |
| <span class="sourceLineNo">389</span> // Store a read write ACL without a timestamp, server will use current time<a name="line.389"></a> |
| <span class="sourceLineNo">390</span> Put p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q2, ONE);<a name="line.390"></a> |
| <span class="sourceLineNo">391</span> Map<String, Permission> readAndWritePerms =<a name="line.391"></a> |
| <span class="sourceLineNo">392</span> prepareCellPermissions(usersAndGroups, Action.READ, Action.WRITE);<a name="line.392"></a> |
| <span class="sourceLineNo">393</span> p.setACL(readAndWritePerms);<a name="line.393"></a> |
| <span class="sourceLineNo">394</span> t.put(p);<a name="line.394"></a> |
| <span class="sourceLineNo">395</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY2, TEST_Q2, ONE);<a name="line.395"></a> |
| <span class="sourceLineNo">396</span> p.setACL(readAndWritePerms);<a name="line.396"></a> |
| <span class="sourceLineNo">397</span> t.put(p);<a name="line.397"></a> |
| <span class="sourceLineNo">398</span> LOG.info("Stored at current time");<a name="line.398"></a> |
| <span class="sourceLineNo">399</span> // Store read only ACL at a future time<a name="line.399"></a> |
| <span class="sourceLineNo">400</span> p = new Put(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1,<a name="line.400"></a> |
| <span class="sourceLineNo">401</span> EnvironmentEdgeManager.currentTime() + 1000000, ZERO);<a name="line.401"></a> |
| <span class="sourceLineNo">402</span> p.setACL(prepareCellPermissions(new String[]{ USER_OTHER.getShortName(),<a name="line.402"></a> |
| <span class="sourceLineNo">403</span> AuthUtil.toGroupEntry(GROUP)}, Action.READ));<a name="line.403"></a> |
| <span class="sourceLineNo">404</span> t.put(p);<a name="line.404"></a> |
| <span class="sourceLineNo">405</span> }<a name="line.405"></a> |
| <span class="sourceLineNo">406</span> }<a name="line.406"></a> |
| <span class="sourceLineNo">407</span> return null;<a name="line.407"></a> |
| <span class="sourceLineNo">408</span> }<a name="line.408"></a> |
| <span class="sourceLineNo">409</span> }, USER_OWNER);<a name="line.409"></a> |
| <span class="sourceLineNo">410</span><a name="line.410"></a> |
| <span class="sourceLineNo">411</span> // Confirm stores are visible<a name="line.411"></a> |
| <span class="sourceLineNo">412</span><a name="line.412"></a> |
| <span class="sourceLineNo">413</span> AccessTestAction getQ1 = new AccessTestAction() {<a name="line.413"></a> |
| <span class="sourceLineNo">414</span> @Override<a name="line.414"></a> |
| <span class="sourceLineNo">415</span> public Object run() throws Exception {<a name="line.415"></a> |
| <span class="sourceLineNo">416</span> Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q1);<a name="line.416"></a> |
| <span class="sourceLineNo">417</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.417"></a> |
| <span class="sourceLineNo">418</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.418"></a> |
| <span class="sourceLineNo">419</span> return t.get(get).listCells();<a name="line.419"></a> |
| <span class="sourceLineNo">420</span> }<a name="line.420"></a> |
| <span class="sourceLineNo">421</span> }<a name="line.421"></a> |
| <span class="sourceLineNo">422</span> }<a name="line.422"></a> |
| <span class="sourceLineNo">423</span> };<a name="line.423"></a> |
| <span class="sourceLineNo">424</span><a name="line.424"></a> |
| <span class="sourceLineNo">425</span> AccessTestAction getQ2 = new AccessTestAction() {<a name="line.425"></a> |
| <span class="sourceLineNo">426</span> @Override<a name="line.426"></a> |
| <span class="sourceLineNo">427</span> public Object run() throws Exception {<a name="line.427"></a> |
| <span class="sourceLineNo">428</span> Get get = new Get(TEST_ROW).addColumn(TEST_FAMILY1, TEST_Q2);<a name="line.428"></a> |
| <span class="sourceLineNo">429</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.429"></a> |
| <span class="sourceLineNo">430</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.430"></a> |
| <span class="sourceLineNo">431</span> return t.get(get).listCells();<a name="line.431"></a> |
| <span class="sourceLineNo">432</span> }<a name="line.432"></a> |
| <span class="sourceLineNo">433</span> }<a name="line.433"></a> |
| <span class="sourceLineNo">434</span> }<a name="line.434"></a> |
| <span class="sourceLineNo">435</span> };<a name="line.435"></a> |
| <span class="sourceLineNo">436</span><a name="line.436"></a> |
| <span class="sourceLineNo">437</span> verifyAllowed(getQ1, USER_OWNER, USER_OTHER, GROUP_USER);<a name="line.437"></a> |
| <span class="sourceLineNo">438</span> verifyAllowed(getQ2, USER_OWNER, USER_OTHER, GROUP_USER);<a name="line.438"></a> |
| <span class="sourceLineNo">439</span><a name="line.439"></a> |
| <span class="sourceLineNo">440</span><a name="line.440"></a> |
| <span class="sourceLineNo">441</span> // Issue a DELETE for the family, should succeed because the future ACL is<a name="line.441"></a> |
| <span class="sourceLineNo">442</span> // not considered<a name="line.442"></a> |
| <span class="sourceLineNo">443</span> AccessTestAction deleteFamily1 = getDeleteFamilyAction(TEST_FAMILY1);<a name="line.443"></a> |
| <span class="sourceLineNo">444</span> AccessTestAction deleteFamily2 = getDeleteFamilyAction(TEST_FAMILY2);<a name="line.444"></a> |
| <span class="sourceLineNo">445</span><a name="line.445"></a> |
| <span class="sourceLineNo">446</span> verifyAllowed(deleteFamily1, USER_OTHER);<a name="line.446"></a> |
| <span class="sourceLineNo">447</span> verifyAllowed(deleteFamily2, GROUP_USER);<a name="line.447"></a> |
| <span class="sourceLineNo">448</span><a name="line.448"></a> |
| <span class="sourceLineNo">449</span> // The future put should still exist<a name="line.449"></a> |
| <span class="sourceLineNo">450</span><a name="line.450"></a> |
| <span class="sourceLineNo">451</span> verifyAllowed(getQ1, USER_OWNER, USER_OTHER,GROUP_USER);<a name="line.451"></a> |
| <span class="sourceLineNo">452</span><a name="line.452"></a> |
| <span class="sourceLineNo">453</span> // The other put should be covered by the tombstone<a name="line.453"></a> |
| <span class="sourceLineNo">454</span><a name="line.454"></a> |
| <span class="sourceLineNo">455</span> verifyIfNull(getQ2, USER_OTHER, GROUP_USER);<a name="line.455"></a> |
| <span class="sourceLineNo">456</span> }<a name="line.456"></a> |
| <span class="sourceLineNo">457</span><a name="line.457"></a> |
| <span class="sourceLineNo">458</span> private AccessTestAction getDeleteFamilyAction(final byte[] fam) {<a name="line.458"></a> |
| <span class="sourceLineNo">459</span> AccessTestAction deleteFamilyAction = new AccessTestAction() {<a name="line.459"></a> |
| <span class="sourceLineNo">460</span> @Override<a name="line.460"></a> |
| <span class="sourceLineNo">461</span> public Object run() throws Exception {<a name="line.461"></a> |
| <span class="sourceLineNo">462</span> Delete delete = new Delete(TEST_ROW).addFamily(fam);<a name="line.462"></a> |
| <span class="sourceLineNo">463</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.463"></a> |
| <span class="sourceLineNo">464</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.464"></a> |
| <span class="sourceLineNo">465</span> t.delete(delete);<a name="line.465"></a> |
| <span class="sourceLineNo">466</span> }<a name="line.466"></a> |
| <span class="sourceLineNo">467</span> }<a name="line.467"></a> |
| <span class="sourceLineNo">468</span> return null;<a name="line.468"></a> |
| <span class="sourceLineNo">469</span> }<a name="line.469"></a> |
| <span class="sourceLineNo">470</span> };<a name="line.470"></a> |
| <span class="sourceLineNo">471</span> return deleteFamilyAction;<a name="line.471"></a> |
| <span class="sourceLineNo">472</span> }<a name="line.472"></a> |
| <span class="sourceLineNo">473</span><a name="line.473"></a> |
| <span class="sourceLineNo">474</span> @Test<a name="line.474"></a> |
| <span class="sourceLineNo">475</span> public void testCellPermissionsWithDeleteWithUserTs() throws Exception {<a name="line.475"></a> |
| <span class="sourceLineNo">476</span> USER_OWNER.runAs(new AccessTestAction() {<a name="line.476"></a> |
| <span class="sourceLineNo">477</span> @Override<a name="line.477"></a> |
| <span class="sourceLineNo">478</span> public Object run() throws Exception {<a name="line.478"></a> |
| <span class="sourceLineNo">479</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.479"></a> |
| <span class="sourceLineNo">480</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.480"></a> |
| <span class="sourceLineNo">481</span> // This version (TS = 123) with rw ACL for USER_OTHER and USER_OTHER2<a name="line.481"></a> |
| <span class="sourceLineNo">482</span> Put p = new Put(TEST_ROW);<a name="line.482"></a> |
| <span class="sourceLineNo">483</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 123L, ZERO);<a name="line.483"></a> |
| <span class="sourceLineNo">484</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 123L, ZERO);<a name="line.484"></a> |
| <span class="sourceLineNo">485</span> p.setACL(prepareCellPermissions(<a name="line.485"></a> |
| <span class="sourceLineNo">486</span> new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP),<a name="line.486"></a> |
| <span class="sourceLineNo">487</span> USER_OTHER2.getShortName() }, Permission.Action.READ, Permission.Action.WRITE));<a name="line.487"></a> |
| <span class="sourceLineNo">488</span> t.put(p);<a name="line.488"></a> |
| <span class="sourceLineNo">489</span><a name="line.489"></a> |
| <span class="sourceLineNo">490</span> // This version (TS = 125) with rw ACL for USER_OTHER<a name="line.490"></a> |
| <span class="sourceLineNo">491</span> p = new Put(TEST_ROW);<a name="line.491"></a> |
| <span class="sourceLineNo">492</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 125L, ONE);<a name="line.492"></a> |
| <span class="sourceLineNo">493</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 125L, ONE);<a name="line.493"></a> |
| <span class="sourceLineNo">494</span> p.setACL(prepareCellPermissions(<a name="line.494"></a> |
| <span class="sourceLineNo">495</span> new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) },<a name="line.495"></a> |
| <span class="sourceLineNo">496</span> Action.READ, Action.WRITE));<a name="line.496"></a> |
| <span class="sourceLineNo">497</span> t.put(p);<a name="line.497"></a> |
| <span class="sourceLineNo">498</span><a name="line.498"></a> |
| <span class="sourceLineNo">499</span> // This version (TS = 127) with rw ACL for USER_OTHER<a name="line.499"></a> |
| <span class="sourceLineNo">500</span> p = new Put(TEST_ROW);<a name="line.500"></a> |
| <span class="sourceLineNo">501</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 127L, TWO);<a name="line.501"></a> |
| <span class="sourceLineNo">502</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 127L, TWO);<a name="line.502"></a> |
| <span class="sourceLineNo">503</span> p.setACL(prepareCellPermissions(<a name="line.503"></a> |
| <span class="sourceLineNo">504</span> new String[] { USER_OTHER.getShortName(), AuthUtil.toGroupEntry(GROUP) },<a name="line.504"></a> |
| <span class="sourceLineNo">505</span> Action.READ, Action.WRITE));<a name="line.505"></a> |
| <span class="sourceLineNo">506</span> t.put(p);<a name="line.506"></a> |
| <span class="sourceLineNo">507</span><a name="line.507"></a> |
| <span class="sourceLineNo">508</span> return null;<a name="line.508"></a> |
| <span class="sourceLineNo">509</span> }<a name="line.509"></a> |
| <span class="sourceLineNo">510</span> }<a name="line.510"></a> |
| <span class="sourceLineNo">511</span> }<a name="line.511"></a> |
| <span class="sourceLineNo">512</span> });<a name="line.512"></a> |
| <span class="sourceLineNo">513</span><a name="line.513"></a> |
| <span class="sourceLineNo">514</span> // USER_OTHER2 should be allowed to delete the column f1:q1 versions older than TS 124L<a name="line.514"></a> |
| <span class="sourceLineNo">515</span> USER_OTHER2.runAs(new AccessTestAction() {<a name="line.515"></a> |
| <span class="sourceLineNo">516</span> @Override<a name="line.516"></a> |
| <span class="sourceLineNo">517</span> public Object run() throws Exception {<a name="line.517"></a> |
| <span class="sourceLineNo">518</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.518"></a> |
| <span class="sourceLineNo">519</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.519"></a> |
| <span class="sourceLineNo">520</span> Delete d = new Delete(TEST_ROW, 124L);<a name="line.520"></a> |
| <span class="sourceLineNo">521</span> d.addColumns(TEST_FAMILY1, TEST_Q1);<a name="line.521"></a> |
| <span class="sourceLineNo">522</span> t.delete(d);<a name="line.522"></a> |
| <span class="sourceLineNo">523</span> }<a name="line.523"></a> |
| <span class="sourceLineNo">524</span> }<a name="line.524"></a> |
| <span class="sourceLineNo">525</span> return null;<a name="line.525"></a> |
| <span class="sourceLineNo">526</span> }<a name="line.526"></a> |
| <span class="sourceLineNo">527</span> });<a name="line.527"></a> |
| <span class="sourceLineNo">528</span><a name="line.528"></a> |
| <span class="sourceLineNo">529</span> // USER_OTHER2 should be allowed to delete the column f1:q2 versions older than TS 124L<a name="line.529"></a> |
| <span class="sourceLineNo">530</span> USER_OTHER2.runAs(new AccessTestAction() {<a name="line.530"></a> |
| <span class="sourceLineNo">531</span> @Override<a name="line.531"></a> |
| <span class="sourceLineNo">532</span> public Object run() throws Exception {<a name="line.532"></a> |
| <span class="sourceLineNo">533</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.533"></a> |
| <span class="sourceLineNo">534</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.534"></a> |
| <span class="sourceLineNo">535</span> Delete d = new Delete(TEST_ROW);<a name="line.535"></a> |
| <span class="sourceLineNo">536</span> d.addColumns(TEST_FAMILY1, TEST_Q2, 124L);<a name="line.536"></a> |
| <span class="sourceLineNo">537</span> t.delete(d);<a name="line.537"></a> |
| <span class="sourceLineNo">538</span> }<a name="line.538"></a> |
| <span class="sourceLineNo">539</span> }<a name="line.539"></a> |
| <span class="sourceLineNo">540</span> return null;<a name="line.540"></a> |
| <span class="sourceLineNo">541</span> }<a name="line.541"></a> |
| <span class="sourceLineNo">542</span> });<a name="line.542"></a> |
| <span class="sourceLineNo">543</span> }<a name="line.543"></a> |
| <span class="sourceLineNo">544</span><a name="line.544"></a> |
| <span class="sourceLineNo">545</span> @Test<a name="line.545"></a> |
| <span class="sourceLineNo">546</span> public void testCellPermissionsWithDeleteExactVersion() throws Exception {<a name="line.546"></a> |
| <span class="sourceLineNo">547</span> final byte[] TEST_ROW1 = Bytes.toBytes("r1");<a name="line.547"></a> |
| <span class="sourceLineNo">548</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.548"></a> |
| <span class="sourceLineNo">549</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.549"></a> |
| <span class="sourceLineNo">550</span> final byte[] ZERO = Bytes.toBytes(0L);<a name="line.550"></a> |
| <span class="sourceLineNo">551</span><a name="line.551"></a> |
| <span class="sourceLineNo">552</span> final User user1 = User.createUserForTesting(conf, "user1", new String[0]);<a name="line.552"></a> |
| <span class="sourceLineNo">553</span> final User user2 = User.createUserForTesting(conf, "user2", new String[0]);<a name="line.553"></a> |
| <span class="sourceLineNo">554</span><a name="line.554"></a> |
| <span class="sourceLineNo">555</span> verifyAllowed(new AccessTestAction() {<a name="line.555"></a> |
| <span class="sourceLineNo">556</span> @Override<a name="line.556"></a> |
| <span class="sourceLineNo">557</span> public Object run() throws Exception {<a name="line.557"></a> |
| <span class="sourceLineNo">558</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.558"></a> |
| <span class="sourceLineNo">559</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.559"></a> |
| <span class="sourceLineNo">560</span> Map<String, Permission> permsU1andOwner =<a name="line.560"></a> |
| <span class="sourceLineNo">561</span> prepareCellPermissions(<a name="line.561"></a> |
| <span class="sourceLineNo">562</span> new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ,<a name="line.562"></a> |
| <span class="sourceLineNo">563</span> Action.WRITE);<a name="line.563"></a> |
| <span class="sourceLineNo">564</span> Map<String, Permission> permsU2andGUandOwner =<a name="line.564"></a> |
| <span class="sourceLineNo">565</span> prepareCellPermissions(<a name="line.565"></a> |
| <span class="sourceLineNo">566</span> new String[] { user2.getShortName(), AuthUtil.toGroupEntry(GROUP),<a name="line.566"></a> |
| <span class="sourceLineNo">567</span> USER_OWNER.getShortName() }, Action.READ, Action.WRITE);<a name="line.567"></a> |
| <span class="sourceLineNo">568</span> Put p = new Put(TEST_ROW1);<a name="line.568"></a> |
| <span class="sourceLineNo">569</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 123, ZERO);<a name="line.569"></a> |
| <span class="sourceLineNo">570</span> p.setACL(permsU1andOwner);<a name="line.570"></a> |
| <span class="sourceLineNo">571</span> t.put(p);<a name="line.571"></a> |
| <span class="sourceLineNo">572</span> p = new Put(TEST_ROW1);<a name="line.572"></a> |
| <span class="sourceLineNo">573</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 123, ZERO);<a name="line.573"></a> |
| <span class="sourceLineNo">574</span> p.setACL(permsU2andGUandOwner);<a name="line.574"></a> |
| <span class="sourceLineNo">575</span> t.put(p);<a name="line.575"></a> |
| <span class="sourceLineNo">576</span> p = new Put(TEST_ROW1);<a name="line.576"></a> |
| <span class="sourceLineNo">577</span> p.addColumn(TEST_FAMILY2, TEST_Q1, 123, ZERO);<a name="line.577"></a> |
| <span class="sourceLineNo">578</span> p.addColumn(TEST_FAMILY2, TEST_Q2, 123, ZERO);<a name="line.578"></a> |
| <span class="sourceLineNo">579</span> p.setACL(permsU2andGUandOwner);<a name="line.579"></a> |
| <span class="sourceLineNo">580</span> t.put(p);<a name="line.580"></a> |
| <span class="sourceLineNo">581</span><a name="line.581"></a> |
| <span class="sourceLineNo">582</span> p = new Put(TEST_ROW1);<a name="line.582"></a> |
| <span class="sourceLineNo">583</span> p.addColumn(TEST_FAMILY2, TEST_Q1, 125, ZERO);<a name="line.583"></a> |
| <span class="sourceLineNo">584</span> p.addColumn(TEST_FAMILY2, TEST_Q2, 125, ZERO);<a name="line.584"></a> |
| <span class="sourceLineNo">585</span> p.setACL(permsU1andOwner);<a name="line.585"></a> |
| <span class="sourceLineNo">586</span> t.put(p);<a name="line.586"></a> |
| <span class="sourceLineNo">587</span><a name="line.587"></a> |
| <span class="sourceLineNo">588</span> p = new Put(TEST_ROW1);<a name="line.588"></a> |
| <span class="sourceLineNo">589</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 127, ZERO);<a name="line.589"></a> |
| <span class="sourceLineNo">590</span> p.setACL(permsU2andGUandOwner);<a name="line.590"></a> |
| <span class="sourceLineNo">591</span> t.put(p);<a name="line.591"></a> |
| <span class="sourceLineNo">592</span> p = new Put(TEST_ROW1);<a name="line.592"></a> |
| <span class="sourceLineNo">593</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 127, ZERO);<a name="line.593"></a> |
| <span class="sourceLineNo">594</span> p.setACL(permsU1andOwner);<a name="line.594"></a> |
| <span class="sourceLineNo">595</span> t.put(p);<a name="line.595"></a> |
| <span class="sourceLineNo">596</span> p = new Put(TEST_ROW1);<a name="line.596"></a> |
| <span class="sourceLineNo">597</span> p.addColumn(TEST_FAMILY2, TEST_Q1, 129, ZERO);<a name="line.597"></a> |
| <span class="sourceLineNo">598</span> p.addColumn(TEST_FAMILY2, TEST_Q2, 129, ZERO);<a name="line.598"></a> |
| <span class="sourceLineNo">599</span> p.setACL(permsU1andOwner);<a name="line.599"></a> |
| <span class="sourceLineNo">600</span> t.put(p);<a name="line.600"></a> |
| <span class="sourceLineNo">601</span> }<a name="line.601"></a> |
| <span class="sourceLineNo">602</span> }<a name="line.602"></a> |
| <span class="sourceLineNo">603</span> return null;<a name="line.603"></a> |
| <span class="sourceLineNo">604</span> }<a name="line.604"></a> |
| <span class="sourceLineNo">605</span> }, USER_OWNER);<a name="line.605"></a> |
| <span class="sourceLineNo">606</span><a name="line.606"></a> |
| <span class="sourceLineNo">607</span> // user1 should be allowed to delete TEST_ROW1 as he is having write permission on both<a name="line.607"></a> |
| <span class="sourceLineNo">608</span> // versions of the cells<a name="line.608"></a> |
| <span class="sourceLineNo">609</span> user1.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.609"></a> |
| <span class="sourceLineNo">610</span> @Override<a name="line.610"></a> |
| <span class="sourceLineNo">611</span> public Void run() throws Exception {<a name="line.611"></a> |
| <span class="sourceLineNo">612</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.612"></a> |
| <span class="sourceLineNo">613</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.613"></a> |
| <span class="sourceLineNo">614</span> Delete d = new Delete(TEST_ROW1);<a name="line.614"></a> |
| <span class="sourceLineNo">615</span> d.addColumn(TEST_FAMILY1, TEST_Q1, 123);<a name="line.615"></a> |
| <span class="sourceLineNo">616</span> d.addColumn(TEST_FAMILY1, TEST_Q2);<a name="line.616"></a> |
| <span class="sourceLineNo">617</span> d.addFamilyVersion(TEST_FAMILY2, 125);<a name="line.617"></a> |
| <span class="sourceLineNo">618</span> t.delete(d);<a name="line.618"></a> |
| <span class="sourceLineNo">619</span> }<a name="line.619"></a> |
| <span class="sourceLineNo">620</span> }<a name="line.620"></a> |
| <span class="sourceLineNo">621</span> return null;<a name="line.621"></a> |
| <span class="sourceLineNo">622</span> }<a name="line.622"></a> |
| <span class="sourceLineNo">623</span> });<a name="line.623"></a> |
| <span class="sourceLineNo">624</span><a name="line.624"></a> |
| <span class="sourceLineNo">625</span> verifyUserDeniedForDeleteExactVersion(user2, TEST_ROW1, TEST_Q1, TEST_Q2);<a name="line.625"></a> |
| <span class="sourceLineNo">626</span> verifyUserDeniedForDeleteExactVersion(GROUP_USER, TEST_ROW1, TEST_Q1, TEST_Q2);<a name="line.626"></a> |
| <span class="sourceLineNo">627</span> }<a name="line.627"></a> |
| <span class="sourceLineNo">628</span><a name="line.628"></a> |
| <span class="sourceLineNo">629</span> private void verifyUserDeniedForDeleteExactVersion(final User user, final byte[] row,<a name="line.629"></a> |
| <span class="sourceLineNo">630</span> final byte[] q1, final byte[] q2) throws IOException, InterruptedException {<a name="line.630"></a> |
| <span class="sourceLineNo">631</span> user.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.631"></a> |
| <span class="sourceLineNo">632</span> @Override<a name="line.632"></a> |
| <span class="sourceLineNo">633</span> public Void run() throws Exception {<a name="line.633"></a> |
| <span class="sourceLineNo">634</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.634"></a> |
| <span class="sourceLineNo">635</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.635"></a> |
| <span class="sourceLineNo">636</span> Delete d = new Delete(row, 127);<a name="line.636"></a> |
| <span class="sourceLineNo">637</span> d.addColumns(TEST_FAMILY1, q1);<a name="line.637"></a> |
| <span class="sourceLineNo">638</span> d.addColumns(TEST_FAMILY1, q2);<a name="line.638"></a> |
| <span class="sourceLineNo">639</span> d.addFamily(TEST_FAMILY2, 129);<a name="line.639"></a> |
| <span class="sourceLineNo">640</span> t.delete(d);<a name="line.640"></a> |
| <span class="sourceLineNo">641</span> fail(user.getShortName() + " can not do the delete");<a name="line.641"></a> |
| <span class="sourceLineNo">642</span> } catch (Exception e) {<a name="line.642"></a> |
| <span class="sourceLineNo">643</span><a name="line.643"></a> |
| <span class="sourceLineNo">644</span> }<a name="line.644"></a> |
| <span class="sourceLineNo">645</span> }<a name="line.645"></a> |
| <span class="sourceLineNo">646</span> return null;<a name="line.646"></a> |
| <span class="sourceLineNo">647</span> }<a name="line.647"></a> |
| <span class="sourceLineNo">648</span> });<a name="line.648"></a> |
| <span class="sourceLineNo">649</span> }<a name="line.649"></a> |
| <span class="sourceLineNo">650</span><a name="line.650"></a> |
| <span class="sourceLineNo">651</span> @Test<a name="line.651"></a> |
| <span class="sourceLineNo">652</span> public void testCellPermissionsForIncrementWithMultipleVersions() throws Exception {<a name="line.652"></a> |
| <span class="sourceLineNo">653</span> final byte[] TEST_ROW1 = Bytes.toBytes("r1");<a name="line.653"></a> |
| <span class="sourceLineNo">654</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.654"></a> |
| <span class="sourceLineNo">655</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.655"></a> |
| <span class="sourceLineNo">656</span> final byte[] ZERO = Bytes.toBytes(0L);<a name="line.656"></a> |
| <span class="sourceLineNo">657</span><a name="line.657"></a> |
| <span class="sourceLineNo">658</span> final User user1 = User.createUserForTesting(conf, "user1", new String[0]);<a name="line.658"></a> |
| <span class="sourceLineNo">659</span> final User user2 = User.createUserForTesting(conf, "user2", new String[0]);<a name="line.659"></a> |
| <span class="sourceLineNo">660</span><a name="line.660"></a> |
| <span class="sourceLineNo">661</span> verifyAllowed(new AccessTestAction() {<a name="line.661"></a> |
| <span class="sourceLineNo">662</span> @Override<a name="line.662"></a> |
| <span class="sourceLineNo">663</span> public Object run() throws Exception {<a name="line.663"></a> |
| <span class="sourceLineNo">664</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.664"></a> |
| <span class="sourceLineNo">665</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.665"></a> |
| <span class="sourceLineNo">666</span> Map<String, Permission> permsU1andOwner =<a name="line.666"></a> |
| <span class="sourceLineNo">667</span> prepareCellPermissions(<a name="line.667"></a> |
| <span class="sourceLineNo">668</span> new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ,<a name="line.668"></a> |
| <span class="sourceLineNo">669</span> Action.WRITE);<a name="line.669"></a> |
| <span class="sourceLineNo">670</span> Map<String, Permission> permsU2andGUandOwner =<a name="line.670"></a> |
| <span class="sourceLineNo">671</span> prepareCellPermissions(<a name="line.671"></a> |
| <span class="sourceLineNo">672</span> new String[] { user2.getShortName(), AuthUtil.toGroupEntry(GROUP),<a name="line.672"></a> |
| <span class="sourceLineNo">673</span> USER_OWNER.getShortName() }, Action.READ, Action.WRITE);<a name="line.673"></a> |
| <span class="sourceLineNo">674</span> Put p = new Put(TEST_ROW1);<a name="line.674"></a> |
| <span class="sourceLineNo">675</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 123, ZERO);<a name="line.675"></a> |
| <span class="sourceLineNo">676</span> p.setACL(permsU1andOwner);<a name="line.676"></a> |
| <span class="sourceLineNo">677</span> t.put(p);<a name="line.677"></a> |
| <span class="sourceLineNo">678</span> p = new Put(TEST_ROW1);<a name="line.678"></a> |
| <span class="sourceLineNo">679</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 123, ZERO);<a name="line.679"></a> |
| <span class="sourceLineNo">680</span> p.setACL(permsU2andGUandOwner);<a name="line.680"></a> |
| <span class="sourceLineNo">681</span> t.put(p);<a name="line.681"></a> |
| <span class="sourceLineNo">682</span><a name="line.682"></a> |
| <span class="sourceLineNo">683</span> p = new Put(TEST_ROW1);<a name="line.683"></a> |
| <span class="sourceLineNo">684</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 127, ZERO);<a name="line.684"></a> |
| <span class="sourceLineNo">685</span> p.setACL(permsU2andGUandOwner);<a name="line.685"></a> |
| <span class="sourceLineNo">686</span> t.put(p);<a name="line.686"></a> |
| <span class="sourceLineNo">687</span> p = new Put(TEST_ROW1);<a name="line.687"></a> |
| <span class="sourceLineNo">688</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 127, ZERO);<a name="line.688"></a> |
| <span class="sourceLineNo">689</span> p.setACL(permsU1andOwner);<a name="line.689"></a> |
| <span class="sourceLineNo">690</span> t.put(p);<a name="line.690"></a> |
| <span class="sourceLineNo">691</span> }<a name="line.691"></a> |
| <span class="sourceLineNo">692</span> }<a name="line.692"></a> |
| <span class="sourceLineNo">693</span> return null;<a name="line.693"></a> |
| <span class="sourceLineNo">694</span> }<a name="line.694"></a> |
| <span class="sourceLineNo">695</span> }, USER_OWNER);<a name="line.695"></a> |
| <span class="sourceLineNo">696</span><a name="line.696"></a> |
| <span class="sourceLineNo">697</span> // Increment considers the TimeRange set on it.<a name="line.697"></a> |
| <span class="sourceLineNo">698</span> user1.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.698"></a> |
| <span class="sourceLineNo">699</span> @Override<a name="line.699"></a> |
| <span class="sourceLineNo">700</span> public Void run() throws Exception {<a name="line.700"></a> |
| <span class="sourceLineNo">701</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.701"></a> |
| <span class="sourceLineNo">702</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.702"></a> |
| <span class="sourceLineNo">703</span> Increment inc = new Increment(TEST_ROW1);<a name="line.703"></a> |
| <span class="sourceLineNo">704</span> inc.setTimeRange(0, 123);<a name="line.704"></a> |
| <span class="sourceLineNo">705</span> inc.addColumn(TEST_FAMILY1, TEST_Q1, 2L);<a name="line.705"></a> |
| <span class="sourceLineNo">706</span> t.increment(inc);<a name="line.706"></a> |
| <span class="sourceLineNo">707</span> t.incrementColumnValue(TEST_ROW1, TEST_FAMILY1, TEST_Q2, 1L);<a name="line.707"></a> |
| <span class="sourceLineNo">708</span> }<a name="line.708"></a> |
| <span class="sourceLineNo">709</span> }<a name="line.709"></a> |
| <span class="sourceLineNo">710</span> return null;<a name="line.710"></a> |
| <span class="sourceLineNo">711</span> }<a name="line.711"></a> |
| <span class="sourceLineNo">712</span> });<a name="line.712"></a> |
| <span class="sourceLineNo">713</span><a name="line.713"></a> |
| <span class="sourceLineNo">714</span> verifyUserDeniedForIncrementMultipleVersions(user2, TEST_ROW1, TEST_Q2);<a name="line.714"></a> |
| <span class="sourceLineNo">715</span> verifyUserDeniedForIncrementMultipleVersions(GROUP_USER, TEST_ROW1, TEST_Q2);<a name="line.715"></a> |
| <span class="sourceLineNo">716</span> }<a name="line.716"></a> |
| <span class="sourceLineNo">717</span><a name="line.717"></a> |
| <span class="sourceLineNo">718</span> private void verifyUserDeniedForIncrementMultipleVersions(final User user, final byte[] row,<a name="line.718"></a> |
| <span class="sourceLineNo">719</span> final byte[] q1) throws IOException, InterruptedException {<a name="line.719"></a> |
| <span class="sourceLineNo">720</span> user.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.720"></a> |
| <span class="sourceLineNo">721</span> @Override<a name="line.721"></a> |
| <span class="sourceLineNo">722</span> public Void run() throws Exception {<a name="line.722"></a> |
| <span class="sourceLineNo">723</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.723"></a> |
| <span class="sourceLineNo">724</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.724"></a> |
| <span class="sourceLineNo">725</span> Increment inc = new Increment(row);<a name="line.725"></a> |
| <span class="sourceLineNo">726</span> inc.setTimeRange(0, 127);<a name="line.726"></a> |
| <span class="sourceLineNo">727</span> inc.addColumn(TEST_FAMILY1, q1, 2L);<a name="line.727"></a> |
| <span class="sourceLineNo">728</span> t.increment(inc);<a name="line.728"></a> |
| <span class="sourceLineNo">729</span> fail(user.getShortName() + " cannot do the increment.");<a name="line.729"></a> |
| <span class="sourceLineNo">730</span> } catch (Exception e) {<a name="line.730"></a> |
| <span class="sourceLineNo">731</span><a name="line.731"></a> |
| <span class="sourceLineNo">732</span> }<a name="line.732"></a> |
| <span class="sourceLineNo">733</span> }<a name="line.733"></a> |
| <span class="sourceLineNo">734</span> return null;<a name="line.734"></a> |
| <span class="sourceLineNo">735</span> }<a name="line.735"></a> |
| <span class="sourceLineNo">736</span> });<a name="line.736"></a> |
| <span class="sourceLineNo">737</span> }<a name="line.737"></a> |
| <span class="sourceLineNo">738</span><a name="line.738"></a> |
| <span class="sourceLineNo">739</span> @Test<a name="line.739"></a> |
| <span class="sourceLineNo">740</span> public void testCellPermissionsForPutWithMultipleVersions() throws Exception {<a name="line.740"></a> |
| <span class="sourceLineNo">741</span> final byte[] TEST_ROW1 = Bytes.toBytes("r1");<a name="line.741"></a> |
| <span class="sourceLineNo">742</span> final byte[] TEST_Q1 = Bytes.toBytes("q1");<a name="line.742"></a> |
| <span class="sourceLineNo">743</span> final byte[] TEST_Q2 = Bytes.toBytes("q2");<a name="line.743"></a> |
| <span class="sourceLineNo">744</span> final byte[] ZERO = Bytes.toBytes(0L);<a name="line.744"></a> |
| <span class="sourceLineNo">745</span><a name="line.745"></a> |
| <span class="sourceLineNo">746</span> final User user1 = User.createUserForTesting(conf, "user1", new String[0]);<a name="line.746"></a> |
| <span class="sourceLineNo">747</span> final User user2 = User.createUserForTesting(conf, "user2", new String[0]);<a name="line.747"></a> |
| <span class="sourceLineNo">748</span><a name="line.748"></a> |
| <span class="sourceLineNo">749</span> verifyAllowed(new AccessTestAction() {<a name="line.749"></a> |
| <span class="sourceLineNo">750</span> @Override<a name="line.750"></a> |
| <span class="sourceLineNo">751</span> public Object run() throws Exception {<a name="line.751"></a> |
| <span class="sourceLineNo">752</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.752"></a> |
| <span class="sourceLineNo">753</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.753"></a> |
| <span class="sourceLineNo">754</span> Map<String, Permission> permsU1andOwner =<a name="line.754"></a> |
| <span class="sourceLineNo">755</span> prepareCellPermissions(<a name="line.755"></a> |
| <span class="sourceLineNo">756</span> new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ,<a name="line.756"></a> |
| <span class="sourceLineNo">757</span> Action.WRITE);<a name="line.757"></a> |
| <span class="sourceLineNo">758</span> Map<String, Permission> permsU2andGUandOwner =<a name="line.758"></a> |
| <span class="sourceLineNo">759</span> prepareCellPermissions(<a name="line.759"></a> |
| <span class="sourceLineNo">760</span> new String[] { user1.getShortName(), AuthUtil.toGroupEntry(GROUP),<a name="line.760"></a> |
| <span class="sourceLineNo">761</span> USER_OWNER.getShortName() }, Action.READ, Action.WRITE);<a name="line.761"></a> |
| <span class="sourceLineNo">762</span> permsU2andGUandOwner.put(user2.getShortName(), new Permission(Permission.Action.READ,<a name="line.762"></a> |
| <span class="sourceLineNo">763</span> Permission.Action.WRITE));<a name="line.763"></a> |
| <span class="sourceLineNo">764</span> permsU2andGUandOwner.put(USER_OWNER.getShortName(), new Permission(Permission.Action.READ,<a name="line.764"></a> |
| <span class="sourceLineNo">765</span> Permission.Action.WRITE));<a name="line.765"></a> |
| <span class="sourceLineNo">766</span> Put p = new Put(TEST_ROW1);<a name="line.766"></a> |
| <span class="sourceLineNo">767</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 123, ZERO);<a name="line.767"></a> |
| <span class="sourceLineNo">768</span> p.setACL(permsU1andOwner);<a name="line.768"></a> |
| <span class="sourceLineNo">769</span> t.put(p);<a name="line.769"></a> |
| <span class="sourceLineNo">770</span> p = new Put(TEST_ROW1);<a name="line.770"></a> |
| <span class="sourceLineNo">771</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 123, ZERO);<a name="line.771"></a> |
| <span class="sourceLineNo">772</span> p.setACL(permsU2andGUandOwner);<a name="line.772"></a> |
| <span class="sourceLineNo">773</span> t.put(p);<a name="line.773"></a> |
| <span class="sourceLineNo">774</span><a name="line.774"></a> |
| <span class="sourceLineNo">775</span> p = new Put(TEST_ROW1);<a name="line.775"></a> |
| <span class="sourceLineNo">776</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 127, ZERO);<a name="line.776"></a> |
| <span class="sourceLineNo">777</span> p.setACL(permsU2andGUandOwner);<a name="line.777"></a> |
| <span class="sourceLineNo">778</span> t.put(p);<a name="line.778"></a> |
| <span class="sourceLineNo">779</span> p = new Put(TEST_ROW1);<a name="line.779"></a> |
| <span class="sourceLineNo">780</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 127, ZERO);<a name="line.780"></a> |
| <span class="sourceLineNo">781</span> p.setACL(permsU1andOwner);<a name="line.781"></a> |
| <span class="sourceLineNo">782</span> t.put(p);<a name="line.782"></a> |
| <span class="sourceLineNo">783</span> }<a name="line.783"></a> |
| <span class="sourceLineNo">784</span> }<a name="line.784"></a> |
| <span class="sourceLineNo">785</span> return null;<a name="line.785"></a> |
| <span class="sourceLineNo">786</span> }<a name="line.786"></a> |
| <span class="sourceLineNo">787</span> }, USER_OWNER);<a name="line.787"></a> |
| <span class="sourceLineNo">788</span><a name="line.788"></a> |
| <span class="sourceLineNo">789</span> // new Put with TEST_Q1 column having TS=125. This covers old cell with TS 123 and user1 is<a name="line.789"></a> |
| <span class="sourceLineNo">790</span> // having RW permission. While TEST_Q2 is with latest TS and so it covers old cell with TS 127.<a name="line.790"></a> |
| <span class="sourceLineNo">791</span> // User1 is having RW permission on that too.<a name="line.791"></a> |
| <span class="sourceLineNo">792</span> user1.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.792"></a> |
| <span class="sourceLineNo">793</span> @Override<a name="line.793"></a> |
| <span class="sourceLineNo">794</span> public Void run() throws Exception {<a name="line.794"></a> |
| <span class="sourceLineNo">795</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.795"></a> |
| <span class="sourceLineNo">796</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.796"></a> |
| <span class="sourceLineNo">797</span> Put p = new Put(TEST_ROW1);<a name="line.797"></a> |
| <span class="sourceLineNo">798</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 125, ZERO);<a name="line.798"></a> |
| <span class="sourceLineNo">799</span> p.addColumn(TEST_FAMILY1, TEST_Q2, ZERO);<a name="line.799"></a> |
| <span class="sourceLineNo">800</span> p.setACL(user2.getShortName(), new Permission(Permission.Action.READ,<a name="line.800"></a> |
| <span class="sourceLineNo">801</span> Permission.Action.WRITE));<a name="line.801"></a> |
| <span class="sourceLineNo">802</span> t.put(p);<a name="line.802"></a> |
| <span class="sourceLineNo">803</span> }<a name="line.803"></a> |
| <span class="sourceLineNo">804</span> }<a name="line.804"></a> |
| <span class="sourceLineNo">805</span> return null;<a name="line.805"></a> |
| <span class="sourceLineNo">806</span> }<a name="line.806"></a> |
| <span class="sourceLineNo">807</span> });<a name="line.807"></a> |
| <span class="sourceLineNo">808</span><a name="line.808"></a> |
| <span class="sourceLineNo">809</span> verifyUserDeniedForPutMultipleVersions(user2, TEST_ROW1, TEST_Q1, TEST_Q2, ZERO);<a name="line.809"></a> |
| <span class="sourceLineNo">810</span> verifyUserDeniedForPutMultipleVersions(GROUP_USER, TEST_ROW1, TEST_Q1, TEST_Q2, ZERO);<a name="line.810"></a> |
| <span class="sourceLineNo">811</span> }<a name="line.811"></a> |
| <span class="sourceLineNo">812</span><a name="line.812"></a> |
| <span class="sourceLineNo">813</span> private void verifyUserDeniedForPutMultipleVersions(final User user, final byte[] row,<a name="line.813"></a> |
| <span class="sourceLineNo">814</span> final byte[] q1, final byte[] q2, final byte[] value) throws IOException,<a name="line.814"></a> |
| <span class="sourceLineNo">815</span> InterruptedException {<a name="line.815"></a> |
| <span class="sourceLineNo">816</span> user.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.816"></a> |
| <span class="sourceLineNo">817</span> @Override<a name="line.817"></a> |
| <span class="sourceLineNo">818</span> public Void run() throws Exception {<a name="line.818"></a> |
| <span class="sourceLineNo">819</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.819"></a> |
| <span class="sourceLineNo">820</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.820"></a> |
| <span class="sourceLineNo">821</span> Put p = new Put(row);<a name="line.821"></a> |
| <span class="sourceLineNo">822</span> // column Q1 covers version at 123 fr which user2 do not have permission<a name="line.822"></a> |
| <span class="sourceLineNo">823</span> p.addColumn(TEST_FAMILY1, q1, 124, value);<a name="line.823"></a> |
| <span class="sourceLineNo">824</span> p.addColumn(TEST_FAMILY1, q2, value);<a name="line.824"></a> |
| <span class="sourceLineNo">825</span> t.put(p);<a name="line.825"></a> |
| <span class="sourceLineNo">826</span> fail(user.getShortName() + " cannot do the put.");<a name="line.826"></a> |
| <span class="sourceLineNo">827</span> } catch (Exception e) {<a name="line.827"></a> |
| <span class="sourceLineNo">828</span><a name="line.828"></a> |
| <span class="sourceLineNo">829</span> }<a name="line.829"></a> |
| <span class="sourceLineNo">830</span> }<a name="line.830"></a> |
| <span class="sourceLineNo">831</span> return null;<a name="line.831"></a> |
| <span class="sourceLineNo">832</span> }<a name="line.832"></a> |
| <span class="sourceLineNo">833</span> });<a name="line.833"></a> |
| <span class="sourceLineNo">834</span> }<a name="line.834"></a> |
| <span class="sourceLineNo">835</span><a name="line.835"></a> |
| <span class="sourceLineNo">836</span> @Test<a name="line.836"></a> |
| <span class="sourceLineNo">837</span> public void testCellPermissionsForCheckAndDelete() throws Exception {<a name="line.837"></a> |
| <span class="sourceLineNo">838</span> final byte[] TEST_ROW1 = Bytes.toBytes("r1");<a name="line.838"></a> |
| <span class="sourceLineNo">839</span> final byte[] TEST_Q3 = Bytes.toBytes("q3");<a name="line.839"></a> |
| <span class="sourceLineNo">840</span> final byte[] ZERO = Bytes.toBytes(0L);<a name="line.840"></a> |
| <span class="sourceLineNo">841</span><a name="line.841"></a> |
| <span class="sourceLineNo">842</span> final User user1 = User.createUserForTesting(conf, "user1", new String[0]);<a name="line.842"></a> |
| <span class="sourceLineNo">843</span> final User user2 = User.createUserForTesting(conf, "user2", new String[0]);<a name="line.843"></a> |
| <span class="sourceLineNo">844</span><a name="line.844"></a> |
| <span class="sourceLineNo">845</span> verifyAllowed(new AccessTestAction() {<a name="line.845"></a> |
| <span class="sourceLineNo">846</span> @Override<a name="line.846"></a> |
| <span class="sourceLineNo">847</span> public Object run() throws Exception {<a name="line.847"></a> |
| <span class="sourceLineNo">848</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.848"></a> |
| <span class="sourceLineNo">849</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.849"></a> |
| <span class="sourceLineNo">850</span> Map<String, Permission> permsU1andOwner =<a name="line.850"></a> |
| <span class="sourceLineNo">851</span> prepareCellPermissions(<a name="line.851"></a> |
| <span class="sourceLineNo">852</span> new String[] { user1.getShortName(), USER_OWNER.getShortName() }, Action.READ,<a name="line.852"></a> |
| <span class="sourceLineNo">853</span> Action.WRITE);<a name="line.853"></a> |
| <span class="sourceLineNo">854</span> Map<String, Permission> permsU1andU2andGUandOwner =<a name="line.854"></a> |
| <span class="sourceLineNo">855</span> prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(),<a name="line.855"></a> |
| <span class="sourceLineNo">856</span> AuthUtil.toGroupEntry(GROUP), USER_OWNER.getShortName() }, Action.READ,<a name="line.856"></a> |
| <span class="sourceLineNo">857</span> Action.WRITE);<a name="line.857"></a> |
| <span class="sourceLineNo">858</span> Map<String, Permission> permsU1_U2andGU =<a name="line.858"></a> |
| <span class="sourceLineNo">859</span> prepareCellPermissions(new String[] { user1.getShortName(), user2.getShortName(),<a name="line.859"></a> |
| <span class="sourceLineNo">860</span> AuthUtil.toGroupEntry(GROUP) }, Action.READ, Action.WRITE);<a name="line.860"></a> |
| <span class="sourceLineNo">861</span><a name="line.861"></a> |
| <span class="sourceLineNo">862</span> Put p = new Put(TEST_ROW1);<a name="line.862"></a> |
| <span class="sourceLineNo">863</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 120, ZERO);<a name="line.863"></a> |
| <span class="sourceLineNo">864</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 120, ZERO);<a name="line.864"></a> |
| <span class="sourceLineNo">865</span> p.addColumn(TEST_FAMILY1, TEST_Q3, 120, ZERO);<a name="line.865"></a> |
| <span class="sourceLineNo">866</span> p.setACL(permsU1andU2andGUandOwner);<a name="line.866"></a> |
| <span class="sourceLineNo">867</span> t.put(p);<a name="line.867"></a> |
| <span class="sourceLineNo">868</span><a name="line.868"></a> |
| <span class="sourceLineNo">869</span> p = new Put(TEST_ROW1);<a name="line.869"></a> |
| <span class="sourceLineNo">870</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 123, ZERO);<a name="line.870"></a> |
| <span class="sourceLineNo">871</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 123, ZERO);<a name="line.871"></a> |
| <span class="sourceLineNo">872</span> p.addColumn(TEST_FAMILY1, TEST_Q3, 123, ZERO);<a name="line.872"></a> |
| <span class="sourceLineNo">873</span> p.setACL(permsU1andOwner);<a name="line.873"></a> |
| <span class="sourceLineNo">874</span> t.put(p);<a name="line.874"></a> |
| <span class="sourceLineNo">875</span><a name="line.875"></a> |
| <span class="sourceLineNo">876</span> p = new Put(TEST_ROW1);<a name="line.876"></a> |
| <span class="sourceLineNo">877</span> p.addColumn(TEST_FAMILY1, TEST_Q1, 127, ZERO);<a name="line.877"></a> |
| <span class="sourceLineNo">878</span> p.setACL(permsU1_U2andGU);<a name="line.878"></a> |
| <span class="sourceLineNo">879</span> t.put(p);<a name="line.879"></a> |
| <span class="sourceLineNo">880</span><a name="line.880"></a> |
| <span class="sourceLineNo">881</span> p = new Put(TEST_ROW1);<a name="line.881"></a> |
| <span class="sourceLineNo">882</span> p.addColumn(TEST_FAMILY1, TEST_Q2, 127, ZERO);<a name="line.882"></a> |
| <span class="sourceLineNo">883</span> p.setACL(user2.getShortName(), new Permission(Permission.Action.READ));<a name="line.883"></a> |
| <span class="sourceLineNo">884</span> t.put(p);<a name="line.884"></a> |
| <span class="sourceLineNo">885</span><a name="line.885"></a> |
| <span class="sourceLineNo">886</span> p = new Put(TEST_ROW1);<a name="line.886"></a> |
| <span class="sourceLineNo">887</span> p.addColumn(TEST_FAMILY1, TEST_Q3, 127, ZERO);<a name="line.887"></a> |
| <span class="sourceLineNo">888</span> p.setACL(AuthUtil.toGroupEntry(GROUP), new Permission(Permission.Action.READ));<a name="line.888"></a> |
| <span class="sourceLineNo">889</span> t.put(p);<a name="line.889"></a> |
| <span class="sourceLineNo">890</span> }<a name="line.890"></a> |
| <span class="sourceLineNo">891</span> }<a name="line.891"></a> |
| <span class="sourceLineNo">892</span> return null;<a name="line.892"></a> |
| <span class="sourceLineNo">893</span> }<a name="line.893"></a> |
| <span class="sourceLineNo">894</span> }, USER_OWNER);<a name="line.894"></a> |
| <span class="sourceLineNo">895</span><a name="line.895"></a> |
| <span class="sourceLineNo">896</span> // user1 should be allowed to do the checkAndDelete. user1 having read permission on the latest<a name="line.896"></a> |
| <span class="sourceLineNo">897</span> // version cell and write permission on all versions<a name="line.897"></a> |
| <span class="sourceLineNo">898</span> user1.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.898"></a> |
| <span class="sourceLineNo">899</span> @Override<a name="line.899"></a> |
| <span class="sourceLineNo">900</span> public Void run() throws Exception {<a name="line.900"></a> |
| <span class="sourceLineNo">901</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.901"></a> |
| <span class="sourceLineNo">902</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.902"></a> |
| <span class="sourceLineNo">903</span> Delete d = new Delete(TEST_ROW1);<a name="line.903"></a> |
| <span class="sourceLineNo">904</span> d.addColumns(TEST_FAMILY1, TEST_Q1, 120);<a name="line.904"></a> |
| <span class="sourceLineNo">905</span> t.checkAndMutate(TEST_ROW1, TEST_FAMILY1).qualifier(TEST_Q1)<a name="line.905"></a> |
| <span class="sourceLineNo">906</span> .ifEquals(ZERO).thenDelete(d);<a name="line.906"></a> |
| <span class="sourceLineNo">907</span> }<a name="line.907"></a> |
| <span class="sourceLineNo">908</span> }<a name="line.908"></a> |
| <span class="sourceLineNo">909</span> return null;<a name="line.909"></a> |
| <span class="sourceLineNo">910</span> }<a name="line.910"></a> |
| <span class="sourceLineNo">911</span> });<a name="line.911"></a> |
| <span class="sourceLineNo">912</span> // user2 shouldn't be allowed to do the checkAndDelete. user2 having RW permission on the latest<a name="line.912"></a> |
| <span class="sourceLineNo">913</span> // version cell but not on cell version TS=123<a name="line.913"></a> |
| <span class="sourceLineNo">914</span> verifyUserDeniedForCheckAndDelete(user2, TEST_ROW1, ZERO);<a name="line.914"></a> |
| <span class="sourceLineNo">915</span><a name="line.915"></a> |
| <span class="sourceLineNo">916</span> // GROUP_USER shouldn't be allowed to do the checkAndDelete. GROUP_USER having RW permission on<a name="line.916"></a> |
| <span class="sourceLineNo">917</span> // the latest<a name="line.917"></a> |
| <span class="sourceLineNo">918</span> // version cell but not on cell version TS=123<a name="line.918"></a> |
| <span class="sourceLineNo">919</span> verifyUserDeniedForCheckAndDelete(GROUP_USER, TEST_ROW1, ZERO);<a name="line.919"></a> |
| <span class="sourceLineNo">920</span><a name="line.920"></a> |
| <span class="sourceLineNo">921</span> // user2 should be allowed to do the checkAndDelete when delete tries to delete the old version<a name="line.921"></a> |
| <span class="sourceLineNo">922</span> // TS=120. user2 having R permission on the latest version(no W permission) cell<a name="line.922"></a> |
| <span class="sourceLineNo">923</span> // and W permission on cell version TS=120.<a name="line.923"></a> |
| <span class="sourceLineNo">924</span> verifyUserAllowedforCheckAndDelete(user2, TEST_ROW1, TEST_Q2, ZERO);<a name="line.924"></a> |
| <span class="sourceLineNo">925</span><a name="line.925"></a> |
| <span class="sourceLineNo">926</span> // GROUP_USER should be allowed to do the checkAndDelete when delete tries to delete the old<a name="line.926"></a> |
| <span class="sourceLineNo">927</span> // version<a name="line.927"></a> |
| <span class="sourceLineNo">928</span> // TS=120. user2 having R permission on the latest version(no W permission) cell<a name="line.928"></a> |
| <span class="sourceLineNo">929</span> // and W permission on cell version TS=120.<a name="line.929"></a> |
| <span class="sourceLineNo">930</span> verifyUserAllowedforCheckAndDelete(GROUP_USER, TEST_ROW1, TEST_Q3, ZERO);<a name="line.930"></a> |
| <span class="sourceLineNo">931</span> }<a name="line.931"></a> |
| <span class="sourceLineNo">932</span><a name="line.932"></a> |
| <span class="sourceLineNo">933</span> private void verifyUserAllowedforCheckAndDelete(final User user, final byte[] row,<a name="line.933"></a> |
| <span class="sourceLineNo">934</span> final byte[] q1, final byte[] value) throws IOException, InterruptedException {<a name="line.934"></a> |
| <span class="sourceLineNo">935</span> user.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.935"></a> |
| <span class="sourceLineNo">936</span> @Override<a name="line.936"></a> |
| <span class="sourceLineNo">937</span> public Void run() throws Exception {<a name="line.937"></a> |
| <span class="sourceLineNo">938</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.938"></a> |
| <span class="sourceLineNo">939</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.939"></a> |
| <span class="sourceLineNo">940</span> Delete d = new Delete(row);<a name="line.940"></a> |
| <span class="sourceLineNo">941</span> d.addColumn(TEST_FAMILY1, q1, 120);<a name="line.941"></a> |
| <span class="sourceLineNo">942</span> t.checkAndMutate(row, TEST_FAMILY1).qualifier(q1).ifEquals(value).thenDelete(d);<a name="line.942"></a> |
| <span class="sourceLineNo">943</span> }<a name="line.943"></a> |
| <span class="sourceLineNo">944</span> }<a name="line.944"></a> |
| <span class="sourceLineNo">945</span> return null;<a name="line.945"></a> |
| <span class="sourceLineNo">946</span> }<a name="line.946"></a> |
| <span class="sourceLineNo">947</span> });<a name="line.947"></a> |
| <span class="sourceLineNo">948</span> }<a name="line.948"></a> |
| <span class="sourceLineNo">949</span><a name="line.949"></a> |
| <span class="sourceLineNo">950</span> private void verifyUserDeniedForCheckAndDelete(final User user, final byte[] row,<a name="line.950"></a> |
| <span class="sourceLineNo">951</span> final byte[] value) throws IOException, InterruptedException {<a name="line.951"></a> |
| <span class="sourceLineNo">952</span> user.runAs(new PrivilegedExceptionAction<Void>() {<a name="line.952"></a> |
| <span class="sourceLineNo">953</span> @Override<a name="line.953"></a> |
| <span class="sourceLineNo">954</span> public Void run() throws Exception {<a name="line.954"></a> |
| <span class="sourceLineNo">955</span> try (Connection connection = ConnectionFactory.createConnection(conf)) {<a name="line.955"></a> |
| <span class="sourceLineNo">956</span> try (Table t = connection.getTable(testTable.getTableName())) {<a name="line.956"></a> |
| <span class="sourceLineNo">957</span> Delete d = new Delete(row);<a name="line.957"></a> |
| <span class="sourceLineNo">958</span> d.addColumns(TEST_FAMILY1, TEST_Q1);<a name="line.958"></a> |
| <span class="sourceLineNo">959</span> t.checkAndMutate(row, TEST_FAMILY1).qualifier(TEST_Q1).ifEquals(value).thenDelete(d);<a name="line.959"></a> |
| <span class="sourceLineNo">960</span> fail(user.getShortName() + " should not be allowed to do checkAndDelete");<a name="line.960"></a> |
| <span class="sourceLineNo">961</span> } catch (Exception e) {<a name="line.961"></a> |
| <span class="sourceLineNo">962</span> }<a name="line.962"></a> |
| <span class="sourceLineNo">963</span> }<a name="line.963"></a> |
| <span class="sourceLineNo">964</span> return null;<a name="line.964"></a> |
| <span class="sourceLineNo">965</span> }<a name="line.965"></a> |
| <span class="sourceLineNo">966</span> });<a name="line.966"></a> |
| <span class="sourceLineNo">967</span> }<a name="line.967"></a> |
| <span class="sourceLineNo">968</span><a name="line.968"></a> |
| <span class="sourceLineNo">969</span> @After<a name="line.969"></a> |
| <span class="sourceLineNo">970</span> public void tearDown() throws Exception {<a name="line.970"></a> |
| <span class="sourceLineNo">971</span> // Clean the _acl_ table<a name="line.971"></a> |
| <span class="sourceLineNo">972</span> try {<a name="line.972"></a> |
| <span class="sourceLineNo">973</span> TEST_UTIL.deleteTable(testTable.getTableName());<a name="line.973"></a> |
| <span class="sourceLineNo">974</span> } catch (TableNotFoundException ex) {<a name="line.974"></a> |
| <span class="sourceLineNo">975</span> // Test deleted the table, no problem<a name="line.975"></a> |
| <span class="sourceLineNo">976</span> LOG.info("Test deleted table " + testTable.getTableName());<a name="line.976"></a> |
| <span class="sourceLineNo">977</span> }<a name="line.977"></a> |
| <span class="sourceLineNo">978</span> assertEquals(0, PermissionStorage.getTablePermissions(conf, testTable.getTableName()).size());<a name="line.978"></a> |
| <span class="sourceLineNo">979</span> }<a name="line.979"></a> |
| <span class="sourceLineNo">980</span>}<a name="line.980"></a> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </body> |
| </html> |
