[GitHub] [hbase] openinx commented on a change in pull request #336: HBASE-22580 Add a table attribute to make user scan snapshot feature configurable for table

Tue, 25 Jun 2019 04:44:06 -0700 

openinx commented on a change in pull request #336: HBASE-22580 Add a table 
attribute to make user scan snapshot feature configurable for table
URL: https://github.com/apache/hbase/pull/336#discussion_r297126966
 
 

 ##########
 File path: 
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SnapshotScannerHDFSAclHelper.java
 ##########
 @@ -465,10 +484,36 @@ private void setTableAcl(TableName tableName, 
Set<String> users)
    * @return users with table read permission
    * @throws IOException if an error occurred
    */
-  private Set<String> getUsersWithTableReadAction(TableName tableName) throws 
IOException {
-    return PermissionStorage.getTablePermissions(conf, 
tableName).entries().stream()
-        .filter(entry -> entry.getValue().getPermission().implies(READ))
-        .map(entry -> entry.getKey()).collect(Collectors.toSet());
+  Set<String> getUsersWithTableReadAction(TableName tableName) throws 
IOException {
+    return getUsersWithReadAction(PermissionStorage.getTablePermissions(conf, 
tableName));
+  }
+
+  private Set<String>
+      getUsersWithReadAction(ListMultimap<String, UserPermission> 
permissionMultimap) {
+    return permissionMultimap.entries().stream()
+        .filter(entry -> checkUserPermission(entry.getValue())).map(entry -> 
entry.getKey())
+        .collect(Collectors.toSet());
+  }
+
+  boolean checkUserPermission(UserPermission userPermission) {
+    boolean result = containReadAction(userPermission);
+    if (result && userPermission.getPermission() instanceof TablePermission) {
+      result = checkTablePermission((TablePermission) 
userPermission.getPermission());
+    }
+    return result;
+  }
+
+  boolean containReadAction(UserPermission userPermission) {
+    return userPermission.getPermission().implies(Permission.Action.READ);
+  }
+
+  boolean checkTablePermission(TablePermission tablePermission) {
+    return !tablePermission.hasFamily() && !tablePermission.hasQualifier();
+  }
+
+  boolean isTableUserScanSnapshotEnabled(TableDescriptor tableDescriptor) {
+    return tableDescriptor.getCoprocessorDescriptors().stream()
 
 Review comment:
   Just use the TableDescriptor#hasCoprocessor ? 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to