/** * Whether a cache pool can be accessed by the current context * * @param pool CachePool being accessed * @param access type of action being performed on the cache pool * @throws AccessControlException if pool cannot be accessed */ public void checkPermission(CachePool pool, FsAction access) throws AccessControlException { FsPermission mode = pool.getMode(); if (isSuperUser()) { return; } if (getUser().equals(pool.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (isMemberOfGroup(pool.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (!getUser().equals(pool.getOwnerName()) && !isMemberOfGroup(pool.getGroupName()) && mode.getOtherAction().implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool.getPoolName() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); }
private boolean hasPermission(INodeAttributes inode, FsAction access) { if (inode == null) { return true; } final FsPermission mode = inode.getFsPermission(); final AclFeature aclFeature = inode.getAclFeature(); if (aclFeature != null && aclFeature.getEntriesSize() > 0) { // It's possible that the inode has a default ACL but no access ACL. int firstEntry = aclFeature.getEntryAt(0); if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) { return hasAclPermission(inode, access, mode, aclFeature); } } final FsAction checkAction; if (getUser().equals(inode.getUserName())) { //user class checkAction = mode.getUserAction(); } else if (isMemberOfGroup(inode.getGroupName())) { //group class checkAction = mode.getGroupAction(); } else { //other class checkAction = mode.getOtherAction(); } return checkAction.implies(access); }
static FileStatus setOwner( FSDirectory fsd, FSPermissionChecker pc, String src, String username, String group) throws IOException { if (FSDirectory.isExactReservedName(src)) { throw new InvalidPathException(src); } INodesInPath iip; fsd.writeLock(); try { iip = fsd.resolvePath(pc, src, DirOp.WRITE); fsd.checkOwner(pc, iip); if (!pc.isSuperUser()) { if (username != null && !pc.getUser().equals(username)) { throw new AccessControlException("User " + pc.getUser() + " is not a super user (non-super user cannot change owner)."); } if (group != null && !pc.isMemberOfGroup(group)) { throw new AccessControlException( "User " + pc.getUser() + " does not belong to " + group); } } unprotectedSetOwner(fsd, iip, username, group); } finally { fsd.writeUnlock(); } fsd.getEditLog().logSetOwner(iip.getPath(), username, group); return fsd.getAuditFileInfo(iip); }
if (isMemberOfGroup(group)) { FsAction masked = AclEntryStatusFormat.getPermission(entry).and( mode.getGroupAction());
private boolean hasPermission(INodeAttributes inode, FsAction access) { if (inode == null) { return true; } final FsPermission mode = inode.getFsPermission(); final AclFeature aclFeature = inode.getAclFeature(); if (aclFeature != null) { // It's possible that the inode has a default ACL but no access ACL. int firstEntry = aclFeature.getEntryAt(0); if (AclEntryStatusFormat.getScope(firstEntry) == AclEntryScope.ACCESS) { return hasAclPermission(inode, access, mode, aclFeature); } } final FsAction checkAction; if (getUser().equals(inode.getUserName())) { //user class checkAction = mode.getUserAction(); } else if (isMemberOfGroup(inode.getGroupName())) { //group class checkAction = mode.getGroupAction(); } else { //other class checkAction = mode.getOtherAction(); } return checkAction.implies(access); }
static HdfsFileStatus setOwner( FSDirectory fsd, String src, String username, String group) throws IOException { FSPermissionChecker pc = fsd.getPermissionChecker(); INodesInPath iip; fsd.writeLock(); try { iip = fsd.resolvePathForWrite(pc, src); src = iip.getPath(); fsd.checkOwner(pc, iip); if (!pc.isSuperUser()) { if (username != null && !pc.getUser().equals(username)) { throw new AccessControlException("User " + username + " is not a super user (non-super user cannot change owner)."); } if (group != null && !pc.isMemberOfGroup(group)) { throw new AccessControlException( "User " + username + " does not belong to " + group); } } unprotectedSetOwner(fsd, src, username, group); } finally { fsd.writeUnlock(); } fsd.getEditLog().logSetOwner(src, username, group); return fsd.getAuditFileInfo(iip); }
/** * Whether a cache pool can be accessed by the current context * * @param pool CachePool being accessed * @param access type of action being performed on the cache pool * @throws AccessControlException if pool cannot be accessed */ public void checkPermission(CachePool pool, FsAction access) throws AccessControlException { FsPermission mode = pool.getMode(); if (isSuperUser()) { return; } if (getUser().equals(pool.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (isMemberOfGroup(pool.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (mode.getOtherAction().implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool.getPoolName() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); } }
if (isMemberOfGroup(group)) { FsAction masked = AclEntryStatusFormat.getPermission(entry).and( mode.getGroupAction());