[
https://issues.apache.org/jira/browse/HBASE-20185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16397812#comment-16397812
]
Josh Elser commented on HBASE-20185:
------------------------------------
I like the direction your solution is pushing us, [~appy].
Some minor suggestions/requests:
* Leave a TODO comment around the "pre" CP hooks to mirror the nice comments
you left in the stub-methods where we'll eventually move the access control
checks to. I'm hoping that will help prevent us from ever accidentally
modifying the pre-hooks and forgetting to move the AC logic into the new methods
* Some unrelated whitespace/formatting changes make this appear bigger than it
is
* Is the object visibility change on AccessChecker in RSRpcServices actually
necessary? Doesn't look like it to me, but maybe I'm just not seeing it without
having it in my editor :)
Only other thought is to try to write a test to prevent regressions like this
in the future. However, I'd rather see this land today than wait another day
while one of us writes a test.
> Fix ACL check for MasterRpcServices#execProcedure
> -------------------------------------------------
>
> Key: HBASE-20185
> URL: https://issues.apache.org/jira/browse/HBASE-20185
> Project: HBase
> Issue Type: Bug
> Reporter: Appy
> Assignee: Appy
> Priority: Major
> Fix For: 2.0.0
>
> Attachments: HBASE-20185.master.001.patch
>
>
> Mailing thread ref:
> [http://mail-archives.apache.org/mod_mbox/hbase-dev/201803.mbox/%3CCAAjhxrriGy_UXpC4iHCSyBB18iAbjU3Y2%2BnjQ-66i9kPPCrPRQ%40mail.gmail.com%3E]
> TLDR; HBASE-19400 messed up perms required for flushing a table.
> ----
> Looks like flush and snapshot procedures are already doing permissions check
> as part of preTableFlush/preSnapshot hooks. However,
> LogRollMasterProcedureManager is missing access checks ([~elserj], can
> someone look at it?)
>
> With that, it makes no sense to put an ADMIN perm requirement which was added
> by me in HBASE-19400. Removing it.
> However, to make things better for future, i have made few design changes
> which will ensure 1) perm checks don't slip by mistake, 2) a suitable
> placeholder for checks for flush & snapshot when we remove AccessController
> for good.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
