[ 
https://issues.apache.org/jira/browse/HDFS-5673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13858998#comment-13858998
 ] 

Haohui Mai commented on HDFS-5673:
----------------------------------

Thanks Chris. The latest version is much more readable to me.  It seems to me 
that the code is essentially doing the following:

1. promoteDefaultEntries:

{code}
foreach AclEntryType:
  if there's an {{ACCESS}} entry without a name and no default entry for the 
type:
    promote it as a default entry.
{code}

(However, it seems that for some reasons the code keeps the original entry as 
well)

2. calculateMask:

{code}
foreach scope:
  if there exists an entry without a name and no mask entry:
    add a mask entry whose permission equals to or(forall entries.perm)
{code}

The code can be further simplified when the ACL entries are sorted. Recall the 
ACL entries are sorted by scope, name, type, and finally permissions.
For example:

{code}
promoteDefaultEntries(entries):
  pivot = the index of first entry with type ACCESS
  while (pivot < entries.length && entries[pivot].name() != null)
    if there is no corresponding default entry in entries[0..pivot - 1]:
      entries[pivot].type = DEFAULT

calculateMask(entries):
  pivot = the index of first entry with type ACCESS
  calculateMaskForScope(entries, 0, pivot - 1, DEFAULT)
  calculateMaskForScope(entries, pivot, entries.lengt, ACCESS)
  sort(entries)

calculateMaskForScope(entries, start, end, type):
  if entries[start].type != MASK:
     perm = or(forall entries[start..end].perm())
     entries.append(newMaskEntry(type, perm)) 

merge(existing, new):
  out = concat(existing, new)
  sort(out)
  remove duplicate in out
  validate(out)
  promoteDefaultEntries(out)
  calculateMask(out)
  validate(out)
  return out
{code}

That way you don't need to keep track on things like scopeDirty / providedMask. 
I also propose to move the compareTo() function AclEntry out to a new 
comparator inside AclTransformationLogic.

Questions:

# Is it possible to have multiple entries whose type equals to ACCESS, and 
empty names? If the answer is yes, {{copyDefaultsIfNeeded}} will always pick up 
the last entry. Is it expected?
# How are you going to use these functions? It is not immediately clear to me 
that you can implement the APIs using these functions directly.


> Implement logic for modification of ACLs.
> -----------------------------------------
>
>                 Key: HDFS-5673
>                 URL: https://issues.apache.org/jira/browse/HDFS-5673
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HDFS-5673.1.patch, HDFS-5673.2.patch, HDFS-5673.3.patch, 
> HDFS-5673.4.patch
>
>
> This patch will include the core logic for modification of ACLs.  This 
> includes support for all user-facing APIs that modify ACLs.  This will cover 
> access ACLs, default ACLs, automatic mask calculations, automatic inference 
> of unprovided default ACL entries, and validation to prevent creation of an 
> invalid ACL.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to