xiaoyuyao commented on a change in pull request #2254:
URL: https://github.com/apache/ozone/pull/2254#discussion_r638247858
##########
File path:
hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/token/BlockTokenVerifier.java
##########
@@ -77,21 +75,20 @@ protected Object getService(ContainerCommandRequestProto
cmd) {
@Override
protected void verify(OzoneBlockTokenIdentifier tokenId,
- ContainerCommandRequestProto cmd) throws SCMSecurityException {
+ ContainerCommandRequestProtoOrBuilder cmd) throws SCMSecurityException {
- ContainerProtos.Type type = cmd.getCmdType();
- if (type == ReadChunk || type == GetBlock || type == GetSmallFile) {
- if (!tokenId.getAccessModes().contains(READ)) {
- throw new BlockTokenException("Block token with " +
tokenId.getService()
- + " doesn't have READ permission");
- }
- } else if (type == WriteChunk || type == PutBlock || type == PutSmallFile)
{
- if (!tokenId.getAccessModes().contains(WRITE)) {
- throw new BlockTokenException("Block token with " +
tokenId.getService()
- + " doesn't have WRITE permission");
- }
+ HddsProtos.BlockTokenSecretProto.AccessModeProto accessMode;
+ if (HddsUtils.isReadOnly(cmd)) {
+ accessMode = READ;
+ } else if (cmd.getCmdType() == DeleteBlock ||
+ cmd.getCmdType() == DeleteChunk) {
+ accessMode = DELETE;
Review comment:
bq. Regarding the further change I mentioned, I opened HDDS-5264 and
submitted another PR. It turned out to be quite separate from this one, so on
second thought I wanted to avoid mixing the two.
Sounds good to me. +1.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org
For additional commands, e-mail: issues-h...@ozone.apache.org
