hadoop-yetus commented on a change in pull request #973: HDDS-1611. Evaluate
ACL on volume bucket key and prefix to authorize access. Contributed by Ajay
Kumar.
URL: https://github.com/apache/hadoop/pull/973#discussion_r298385910
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/KeyManagerImpl.java
##########
@@ -1623,6 +1625,58 @@ public boolean setAcl(OzoneObj obj, List<OzoneAcl>
acls) throws IOException {
}
}
+ /**
+ * Check access for given ozoneObject.
+ *
+ * @param ozObject object for which access needs to be checked.
+ * @param context Context object encapsulating all user related information.
+ * @return true if user has access else false.
+ */
+ @Override
+ public boolean checkAccess(OzoneObj ozObject, RequestContext context)
+ throws OMException {
+ Objects.requireNonNull(ozObject);
+ Objects.requireNonNull(context);
+ Objects.requireNonNull(context.getClientUgi());
+
+ String volume = ozObject.getVolumeName();
+ String bucket = ozObject.getBucketName();
+ String keyName = ozObject.getKeyName();
+
+ metadataManager.getLock().acquireBucketLock(volume, bucket);
+ try {
+ validateBucket(volume, bucket);
+ String objectKey = metadataManager.getOzoneKey(volume, bucket, keyName);
Review comment:
whitespace:end of line
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
