All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.hadoop.fs.permission.AclUtil Maven / Gradle / Ivy

There is a newer version: 3.4.1
Show newest version
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.fs.permission;

import java.util.Iterator;
import java.util.List;

import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;

import com.google.common.collect.Lists;

/**
 * AclUtil contains utility methods for manipulating ACLs.
 */
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Unstable
public final class AclUtil {

  /**
   * Given permissions and extended ACL entries, returns the full logical ACL.
   *
   * @param perm FsPermission containing permissions
   * @param entries List containing extended ACL entries
   * @return List containing full logical ACL
   */
  public static List getAclFromPermAndEntries(FsPermission perm,
      List entries) {
    List acl = Lists.newArrayListWithCapacity(entries.size() + 3);

    // Owner entry implied by owner permission bits.
    acl.add(new AclEntry.Builder()
      .setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.USER)
      .setPermission(perm.getUserAction())
      .build());

    // All extended access ACL entries.
    boolean hasAccessAcl = false;
    Iterator entryIter = entries.iterator();
    AclEntry curEntry = null;
    while (entryIter.hasNext()) {
      curEntry = entryIter.next();
      if (curEntry.getScope() == AclEntryScope.DEFAULT) {
        break;
      }
      hasAccessAcl = true;
      acl.add(curEntry);
    }

    // Mask entry implied by group permission bits, or group entry if there is
    // no access ACL (only default ACL).
    acl.add(new AclEntry.Builder()
      .setScope(AclEntryScope.ACCESS)
      .setType(hasAccessAcl ? AclEntryType.MASK : AclEntryType.GROUP)
      .setPermission(perm.getGroupAction())
      .build());

    // Other entry implied by other bits.
    acl.add(new AclEntry.Builder()
      .setScope(AclEntryScope.ACCESS)
      .setType(AclEntryType.OTHER)
      .setPermission(perm.getOtherAction())
      .build());

    // Default ACL entries.
    if (curEntry != null && curEntry.getScope() == AclEntryScope.DEFAULT) {
      acl.add(curEntry);
      while (entryIter.hasNext()) {
        acl.add(entryIter.next());
      }
    }

    return acl;
  }

  /**
   * Translates the given permission bits to the equivalent minimal ACL.
   *
   * @param perm FsPermission to translate
   * @return List containing exactly 3 entries representing the owner,
   *   group and other permissions
   */
  public static List getMinimalAcl(FsPermission perm) {
    return Lists.newArrayList(
      new AclEntry.Builder()
        .setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.USER)
        .setPermission(perm.getUserAction())
        .build(),
      new AclEntry.Builder()
        .setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.GROUP)
        .setPermission(perm.getGroupAction())
        .build(),
      new AclEntry.Builder()
        .setScope(AclEntryScope.ACCESS)
        .setType(AclEntryType.OTHER)
        .setPermission(perm.getOtherAction())
        .build());
  }

  /**
   * Checks if the given entries represent a minimal ACL (contains exactly 3
   * entries).
   *
   * @param entries List entries to check
   * @return boolean true if the entries represent a minimal ACL
   */
  public static boolean isMinimalAcl(List entries) {
    return entries.size() == 3;
  }

  /**
   * There is no reason to instantiate this class.
   */
  private AclUtil() {
  }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy