How to use

AccessControlList

in

alluxio.security.authorization

  acl = new DefaultAccessControlList();
 } else {
  acl = new AccessControlList();
acl.setOwningUser(owner);
acl.setOwningGroup(owningGroup);
 acl.setEntry(aclEntry);

/**
 * @return the list of string entries
 */
public List<String> toStringEntries() {
 List<String> entries = new ArrayList<>();
 for (AclEntry entry : getEntries()) {
  entries.add(entry.toCliString());
 }
 return entries;
}

/**
 * Tests getting and setting owner and group.
 */
@Test
public void ownerGroup() {
 AccessControlList acl = new AccessControlList();
 acl.setOwningUser(OWNING_USER);
 acl.setOwningGroup(OWNING_GROUP);
 Assert.assertEquals(OWNING_USER, acl.getOwningUser());
 Assert.assertEquals(OWNING_GROUP, acl.getOwningGroup());
}

/**
 * Update the mask to be the union of owning group entry, named user entry and named group entry.
 * This method must be called when the aforementioned entries are modified.
 */
public void updateMask() {
 if (hasExtended()) {
  AclActions actions = getOwningGroupActions();
  mExtendedEntries.updateMask(actions);
 }
}

 /**
  * Serialize an AccessControlList object.
  * @param accessControlList the ACL object to be serialized
  * @param jsonGenerator json generator
  * @param serializerProvider default serializer
  * @throws IOException
  */
 @Override
 public void serialize(AccessControlList accessControlList, JsonGenerator jsonGenerator,
   SerializerProvider serializerProvider) throws IOException {
  jsonGenerator.writeStartObject();
  jsonGenerator.writeStringField(OWNER_FIELD, accessControlList.getOwningUser());
  jsonGenerator.writeStringField(OWNING_GROUP_FIELD, accessControlList.getOwningGroup());
  jsonGenerator.writeObjectField(STRING_ENTRY_FIELD, accessControlList.toStringEntries());
  jsonGenerator.writeEndObject();
 }
}

protected MoreObjects.ToStringHelper toStringHelper() {
 return MoreObjects.toStringHelper(this)
   .add("id", mId)
   .add("name", mName)
   .add("parentId", mParentId)
   .add("creationTimeMs", mCreationTimeMs)
   .add("pinned", mPinned)
   .add("deleted", mDeleted)
   .add("ttl", mTtl)
   .add("ttlAction", mTtlAction)
   .add("directory", mDirectory)
   .add("persistenceState", mPersistenceState)
   .add("lastModificationTimeMs", mLastModificationTimeMs)
   .add("owner", mAcl.getOwningUser())
   .add("group", mAcl.getOwningGroup())
   .add("permission", mAcl.getMode())
   .add("ufsFingerprint", mUfsFingerprint);
}

/**
 * @param acl the access control list to convert
 * @return the proto representation of this object
 */
public static PAcl toProto(AccessControlList acl) {
 PAcl.Builder pAcl = PAcl.newBuilder();
 pAcl.setOwner(acl.getOwningUser());
 pAcl.setOwningGroup(acl.getOwningGroup());
 pAcl.setMode(acl.getMode());
 if (acl.hasExtended()) {
  for (AclEntry entry : acl.getExtendedEntries().getEntries()) {
   pAcl.addEntries(toProto(entry));
  }
 }
 pAcl.setIsDefault(false);
 return pAcl.build();
}

builder.setOwningUser(acl.getOwningUser());
builder.setOwningGroup(acl.getOwningGroup());
  .setActions(toProto(acl.getOwningUserActions()))
  .build());
builder.addGroupActions(Acl.NamedAclActions.newBuilder()
  .setName(AccessControlList.OWNING_GROUP_KEY)
  .setActions(toProto(acl.getOwningGroupActions()))
  .build());
builder.setOtherActions(toProto(acl.getOtherActions()));
if (acl.getExtendedEntries() != null) {
 builder.addAllUserActions(getNamedUsersProto(acl.getExtendedEntries()));
 builder.addAllGroupActions(getNamedGroupsProto(acl.getExtendedEntries()));
 builder.setMaskActions(toProto(acl.getExtendedEntries().getMask()));

 return new AclActions(getOwningUserActions());
if (hasExtended()) {
 AclActions actions = mExtendedEntries.getNamedUser(user);
 if (actions != null) {
if (groups.contains(mOwningGroup)) {
 isGroupKnown = true;
 groupActions.merge(getOwningGroupActions());
if (hasExtended()) {
 for (String group : groups) {
  AclActions actions = mExtendedEntries.getNamedGroup(group);
 if (hasExtended()) {
  groupActions.mask(mExtendedEntries.mMaskActions);
return getOtherActions();

/**
 * Tests the constructor contract.
 */
@Test
public void constructor() {
 AccessControlList acl = new AccessControlList();
 Assert.assertEquals("", acl.getOwningUser());
 Assert.assertEquals("", acl.getOwningGroup());
}

/**
 * Tests {@link AccessControlList#getMode()}.
 */
@Test
public void getMode() {
 AccessControlList acl = new AccessControlList();
 Assert.assertEquals(0, acl.getMode());
 acl.setEntry(new AclEntry.Builder().setType(AclEntryType.OWNING_USER).setSubject(OWNING_USER)
   .addAction(AclAction.READ).build());
 acl.setEntry(new AclEntry.Builder().setType(AclEntryType.OWNING_GROUP).setSubject(OWNING_GROUP)
   .addAction(AclAction.WRITE).build());
 acl.setEntry(new AclEntry.Builder().setType(AclEntryType.OTHER)
   .addAction(AclAction.EXECUTE).build());
 Assert.assertEquals(new Mode(Mode.Bits.READ, Mode.Bits.WRITE, Mode.Bits.EXECUTE).toShort(),
   acl.getMode());
}

/**
 * Tests {@link AccessControlList#setMode(short)}.
 */
@Test
public void setMode() {
 AccessControlList acl = new AccessControlList();
 short mode = new Mode(Mode.Bits.EXECUTE, Mode.Bits.WRITE, Mode.Bits.READ).toShort();
 acl.setMode(mode);
 Assert.assertEquals(mode, acl.getMode());
}

@Override
public String getFingerprint(String path) {
 // TODO(yuzhu): include default ACL in the fingerprint
 try {
  UfsStatus status = getStatus(path);
  Pair<AccessControlList, DefaultAccessControlList> aclPair = getAclPair(path);
  if (aclPair == null || aclPair.getFirst() == null || !aclPair.getFirst().hasExtended()) {
   return Fingerprint.create(getUnderFSType(), status).serialize();
  } else {
   return Fingerprint.create(getUnderFSType(), status, aclPair.getFirst()).serialize();
  }
 } catch (Exception e) {
  // In certain scenarios, it is expected that the UFS path does not exist.
  LOG.debug("Failed fingerprint. path: {} error: {}", path, e.toString());
  return Constants.INVALID_UFS_FINGERPRINT;
 }
}

protected MutableInode(long id, boolean isDirectory) {
 mCreationTimeMs = System.currentTimeMillis();
 mDeleted = false;
 mDirectory = isDirectory;
 mId = id;
 mTtl = Constants.NO_TTL;
 mTtlAction = TtlAction.DELETE;
 mLastModificationTimeMs = mCreationTimeMs;
 mName = null;
 mParentId = InodeTree.NO_PARENT;
 mPersistenceState = PersistenceState.NOT_PERSISTED;
 mPinned = false;
 mAcl = new AccessControlList();
 mUfsFingerprint = Constants.INVALID_UFS_FINGERPRINT;
}

@Override
public void setEntry(AclEntry entry) {
 if (isEmpty() && mAccessAcl != null) {
  mMode = mAccessAcl.mMode;
 }
 super.setEntry(entry);
 setEmpty(false);
}

@Override
public String getOwner() {
 return mAcl.getOwningUser();
}

@Override
public String getGroup() {
 return mAcl.getOwningGroup();
}

@Override
public AclActions getPermission(String user, List<String> groups) {
 return mAcl.getPermission(user, groups);
}

/**
 * @param group the group of the inode
 * @return the updated object
 */
public T setGroup(String group) {
 mAcl.setOwningGroup(group);
 if (isDirectory()) {
  getDefaultACL().setOwningGroup(group);
 }
 return getThis();
}

/**
 * @param owner the owner name of the inode
 * @return the updated object
 */
public T setOwner(String owner) {
 mAcl.setOwningUser(owner);
 if (isDirectory()) {
  getDefaultACL().setOwningUser(owner);
 }
 return getThis();
}