[
https://issues.apache.org/jira/browse/PHOENIX-4528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16325437#comment-16325437
]
Hadoop QA commented on PHOENIX-4528:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12906012/PHOENIX-4528.001.patch
against master branch at commit 27d6582827b9306e66d3bfd430c6186ac165fb08.
ATTACHMENT ID: 12906012
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:red}-1 release audit{color}. The applied patch generated 1 release
audit warnings (more than the master's current 0 warnings).
{color:red}-1 lineLengths{color}. The patch introduces the following lines
longer than 100:
+ verifyAllowed(grantPermissions("C", regularUser1,
surroundWithDoubleQuotes(SchemaUtil.SCHEMA_FOR_DEFAULT_NAMESPACE), true),
superUser1);
+ verifyAllowed(grantPermissions("C", regularUser1,
surroundWithDoubleQuotes(SchemaUtil.SCHEMA_FOR_DEFAULT_NAMESPACE), true),
superUser1);
+ verifyAllowed(grantPermissions("RX", regularUser1,
surroundWithDoubleQuotes(SchemaUtil.SCHEMA_FOR_DEFAULT_NAMESPACE), true),
superUser1);
+ // Use AccessControlClient API's if the
accessController is an instance of
org.apache.hadoop.hbase.security.access.AccessController
+
userPermissions.addAll(AccessControlClient.getUserPermissions(connection,
tableName.getNameAsString()));
+ connection,
AuthUtil.toGroupEntry(tableName.getNamespaceAsString())));
+
getUserPermsFromUserDefinedAccessController(userPermissions, connection,
(AccessControlService.Interface) service);
+ private void getUserPermsFromUserDefinedAccessController(final
List<UserPermission> userPermissions, Connection connection,
AccessControlService.Interface service) {
+ AccessControlProtos.GetUserPermissionsRequest.Builder
builderTablePerms = AccessControlProtos.GetUserPermissionsRequest
+ AccessControlProtos.GetUserPermissionsRequest
requestTablePerms = builderTablePerms.build();
{color:green}+1 core tests{color}. The patch passed unit tests in .
Test results:
https://builds.apache.org/job/PreCommit-PHOENIX-Build/1709//testReport/
Release audit warnings:
https://builds.apache.org/job/PreCommit-PHOENIX-Build/1709//artifact/patchprocess/patchReleaseAuditWarnings.txt
Console output:
https://builds.apache.org/job/PreCommit-PHOENIX-Build/1709//console
This message is automatically generated.
> PhoenixAccessController checks permissions only at table level when creating
> views
> ----------------------------------------------------------------------------------
>
> Key: PHOENIX-4528
> URL: https://issues.apache.org/jira/browse/PHOENIX-4528
> Project: Phoenix
> Issue Type: Bug
> Reporter: Karan Mehta
> Assignee: Karan Mehta
> Attachments: PHOENIX-4528.001.patch, PHOENIX-4528.repro-test.diff
>
>
> The {{PhoenixAccessController#preCreateTable()}} method is invoked everytime
> a user wants to create a view on a base table. The {{requireAccess()}} method
> takes in tableName as the parameter and checks for user permissions only at
> that table level. The correct approach is to also check permissions at
> namespace level, since it is at a larger scope than per table level.
> For example, if the table name is {{TEST_SCHEMA.TEST_TABLE}}, it will created
> as {{TEST_SCHEMA:TEST_TABLE}} HBase table is namespace mapping is enabled.
> View creation on this table would fail if permissions are granted to just
> {{TEST_SCHEMA}} and not on {{TEST_TABLE}}. It works correctly if same
> permissions are granted at table level too.
> FYI. [~ankit.singhal] [~twdsi...@gmail.com]
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
