That seems to be the right semantics to me. If a user doesn't have
permission to make a call, we wouldn't want to call any pre-hook. However...
I'm looking at RSRpcServices to compare and it looks to me that having
the authz check outside of the AccessController CP is weird. For the
methods there, permission checks are done via the AccessController being
configured for use on the Region in question, not explicitly in the
server endpoint impl.
I would question why RSGroupAdminServer is doing things different. Is
there a reason or was this just inadvertent because hooks weren't added?
On 5/23/18 7:17 AM, Ted Yu wrote:
Hi,
I was looking at RSGroupAdminServer#removeRSGroup :
if (master.getMasterCoprocessorHost() != null) {
master.getMasterCoprocessorHost().preRemoveRSGroup(name);
}
However, RSGroupAdminServer#removeRSGroup is called by RSGroupAdminEndpoint
:
checkPermission("removeRSGroup");
groupAdminServer.removeRSGroup(request.getRSGroupName());
Meaning, if permission check fails, the pre hook wouldn't be called.
I wonder if the call to preRemoveRSGroup() should be lifted to before
calling checkPermission().
Cheers
