xiaoyuyao commented on a change in pull request #973: HDDS-1611. Evaluate ACL
on volume bucket key and prefix to authorize access. Contributed by Ajay Kumar.
URL: https://github.com/apache/hadoop/pull/973#discussion_r294524841
##########
File path:
hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OmOzoneAclMap.java
##########
@@ -163,10 +164,49 @@ public boolean hasAccess(OzoneAclInfo acl) {
if (aclBitSet == null) {
return false;
}
+ BitSet result = BitSet.valueOf(acl.getRights().toByteArray());
+ result.and(aclBitSet);
+ return !result.equals(ZERO_BITSET);
+ }
+
+ /**
+ * Ror a given acl, check if the user has access rights.
+ * @param acl
+ * @param aclType
+ * @param ugi
+ *
+ * @return true if given ugi has acl set, else false.
+ * */
+ public boolean hasAccess(ACLType acl, ACLIdentityType aclType,
Review comment:
Discussed offline, we need to handle different identity types.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
