[jira] [Work logged] (HDDS-1611) Evaluate ACL on volume bucket key and prefix to authorize access

Mon, 17 Jun 2019 14:00:29 -0700 


     [ 
https://issues.apache.org/jira/browse/HDDS-1611?focusedWorklogId=261799&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-261799
 ]

ASF GitHub Bot logged work on HDDS-1611:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 17/Jun/19 20:59
            Start Date: 17/Jun/19 20:59
    Worklog Time Spent: 10m 
      Work Description: xiaoyuyao commented on pull request #973: HDDS-1611. 
Evaluate ACL on volume bucket key and prefix to authorize access. Contributed 
by Ajay Kumar.
URL: https://github.com/apache/hadoop/pull/973#discussion_r294514957
 
 

 ##########
 File path: 
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/web/utils/OzoneUtils.java
 ##########
 @@ -265,4 +272,89 @@ public static long getTimeDurationInMS(Configuration 
conf, String key,
     }
     return listOfAcls;
   }
+
+  /**
+   * Check if acl right requested for given RequestContext exist
+   * in provided acl list.
+   * Acl validation rules:
+   * 1. If user/group has ALL bit set than all user should have all rights.
+   * 2. If user/group has NONE bit set than user/group will not have any right.
+   * 3. For all other individual rights individual bits should be set.
+   *
+   * @param acls
+   * @param context
+   * @return return true if acl list contains right requsted in context.
+   * */
+  public static boolean checkAclRight(List<OzoneAclInfo> acls,
+      RequestContext context) throws OMException {
+    String[] userGroups = context.getClientUgi().getGroupNames();
+    for (OzoneAclInfo a : acls) {
+      BitSet rights = BitSet.valueOf(a.getRights().toByteArray());
+      switch (a.getType()) {
+      case USER:
+        if (a.getName().equals(context.getClientUgi().getUserName())) {
 
 Review comment:
   Can we move context.getClientUgi().getUserName() out of the for loop?
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 261799)
    Time Spent: 40m  (was: 0.5h)

> Evaluate ACL on volume bucket key and prefix to authorize access 
> -----------------------------------------------------------------
>
>                 Key: HDDS-1611
>                 URL: https://issues.apache.org/jira/browse/HDDS-1611
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>            Reporter: Xiaoyu Yao
>            Assignee: Ajay Kumar
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to