openinx commented on a change in pull request #336: HBASE-22580 Add a table attribute to make user scan snapshot feature configurable for table URL: https://github.com/apache/hbase/pull/336#discussion_r297126966
########## File path: hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclHelper.java ########## @@ -465,10 +484,36 @@ private void setTableAcl(TableName tableName, Set<String> users) * @return users with table read permission * @throws IOException if an error occurred */ - private Set<String> getUsersWithTableReadAction(TableName tableName) throws IOException { - return PermissionStorage.getTablePermissions(conf, tableName).entries().stream() - .filter(entry -> entry.getValue().getPermission().implies(READ)) - .map(entry -> entry.getKey()).collect(Collectors.toSet()); + Set<String> getUsersWithTableReadAction(TableName tableName) throws IOException { + return getUsersWithReadAction(PermissionStorage.getTablePermissions(conf, tableName)); + } + + private Set<String> + getUsersWithReadAction(ListMultimap<String, UserPermission> permissionMultimap) { + return permissionMultimap.entries().stream() + .filter(entry -> checkUserPermission(entry.getValue())).map(entry -> entry.getKey()) + .collect(Collectors.toSet()); + } + + boolean checkUserPermission(UserPermission userPermission) { + boolean result = containReadAction(userPermission); + if (result && userPermission.getPermission() instanceof TablePermission) { + result = checkTablePermission((TablePermission) userPermission.getPermission()); + } + return result; + } + + boolean containReadAction(UserPermission userPermission) { + return userPermission.getPermission().implies(Permission.Action.READ); + } + + boolean checkTablePermission(TablePermission tablePermission) { + return !tablePermission.hasFamily() && !tablePermission.hasQualifier(); + } + + boolean isTableUserScanSnapshotEnabled(TableDescriptor tableDescriptor) { + return tableDescriptor.getCoprocessorDescriptors().stream() Review comment: Just use the TableDescriptor#hasCoprocessor ? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services