private void setUfsAcl(LockedInodePath inodePath) throws InvalidPathException, AccessControlException { Inode inode = inodePath.getInodeOrNull(); checkUfsMode(inodePath.getUri(), OperationType.WRITE); MountTable.Resolution resolution = mMountTable.resolve(inodePath.getUri()); String ufsUri = resolution.getUri().toString(); try (CloseableResource<UnderFileSystem> ufsResource = resolution.acquireUfsResource()) { UnderFileSystem ufs = ufsResource.get(); if (ufs.isObjectStorage()) { LOG.warn("SetACL is not supported to object storage UFS via Alluxio. " + "UFS: " + ufsUri + ". This has no effect on the underlying object."); } else { try { List<AclEntry> entries = new ArrayList<>(inode.getACL().getEntries()); if (inode.isDirectory()) { entries.addAll(inode.asDirectory().getDefaultACL().getEntries()); } ufs.setAclEntries(ufsUri, entries); } catch (IOException e) { throw new AccessControlException("Could not setAcl for UFS file: " + ufsUri); } } } }
@Test public void removeExtendedDefaultAclMask() throws Exception { mFileSystemMaster.createDirectory(NESTED_URI, CreateDirectoryContext .defaults(CreateDirectoryPOptions.newBuilder().setRecursive(true))); AclEntry newAcl = AclEntry.fromCliString("default:user:newuser:rwx"); // Add an ACL addAcl(NESTED_URI, newAcl); assertThat(getInfo(NESTED_URI).getDefaultAcl().getEntries(), hasItem(newAcl)); // Attempt to remove the ACL mask AclEntry maskEntry = AclEntry.fromCliString("default:mask::rwx"); assertThat(getInfo(NESTED_URI).getDefaultAcl().getEntries(), hasItem(maskEntry)); try { removeAcl(NESTED_URI, maskEntry); fail("Expected removing the mask from an extended ACL to fail"); } catch (IOException e) { assertThat(e.getMessage(), containsString("mask")); } // Remove the extended ACL removeAcl(NESTED_URI, newAcl); // Now we can add and remove a mask addAcl(NESTED_URI, maskEntry); removeAcl(NESTED_URI, maskEntry); }
createDirectoryContext.setDefaultAcl(defaultAcl.getEntries());