/// <summary>Get the effective permission for the AclEntry.</summary>
/// <remarks>
/// Get the effective permission for the AclEntry. <br />
/// Recommended to use this API ONLY if client communicates with the old
/// NameNode, needs to pass the Permission for the path to get effective
/// permission, else use
/// <see cref="GetEffectivePermission(AclEntry)"/>
/// .
/// </remarks>
/// <param name="entry">AclEntry to get the effective action</param>
/// <param name="permArg">
/// Permission for the path. However if the client is NOT
/// communicating with old namenode, then this argument will not have
/// any preference.
/// </param>
/// <returns>Returns the effective permission for the entry.</returns>
/// <exception cref="System.ArgumentException">
/// If the client communicating with old
/// namenode and permission is not passed as an argument.
/// </exception>
public virtual FsAction GetEffectivePermission(AclEntry entry, FsPermission permArg
)
{
// At least one permission bits should be available.
Preconditions.CheckArgument(this.permission != null || permArg != null, "Permission bits are not available to calculate effective permission"
);
if (this.permission != null)
{
// permission bits from server response will have the priority for
// accuracy.
permArg = this.permission;
}
if ((entry.GetName() != null || entry.GetType() == AclEntryType.Group))
{
if (entry.GetScope() == AclEntryScope.Access)
{
FsAction entryPerm = entry.GetPermission();
return(entryPerm.And(permArg.GetGroupAction()));
}
else
{
Preconditions.CheckArgument(this.entries.Contains(entry) && this.entries.Count >=
3, "Passed default ACL entry not found in the list of ACLs");
// default mask entry for effective permission calculation will be the
// penultimate entry. This can be mask entry in case of extended ACLs.
// In case of minimal ACL, this is the owner group entry, and we end up
// intersecting group FsAction with itself, which is a no-op.
FsAction defaultMask = this.entries[this.entries.Count - 2].GetPermission();
FsAction entryPerm = entry.GetPermission();
return(entryPerm.And(defaultMask));
}
}
else
{
return(entry.GetPermission());
}
}
/// <summary>Translates the given permission bits to the equivalent minimal ACL.</summary>
/// <param name="perm">FsPermission to translate</param>
/// <returns>
/// List<AclEntry> containing exactly 3 entries representing the owner,
/// group and other permissions
/// </returns>
public static IList <AclEntry> GetMinimalAcl(FsPermission perm)
{
return(Lists.NewArrayList(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType
(AclEntryType.User).SetPermission(perm.GetUserAction()).Build(), new AclEntry.Builder
().SetScope(AclEntryScope.Access).SetType(AclEntryType.Group).SetPermission(perm
.GetGroupAction()).Build(), new AclEntry.Builder().SetScope(AclEntryScope.Access
).SetType(AclEntryType.Other).SetPermission(perm.GetOtherAction()).Build()));
}
/// <summary>Given permissions and extended ACL entries, returns the full logical ACL.
/// </summary>
/// <param name="perm">FsPermission containing permissions</param>
/// <param name="entries">List<AclEntry> containing extended ACL entries</param>
/// <returns>List<AclEntry> containing full logical ACL</returns>
public static IList <AclEntry> GetAclFromPermAndEntries(FsPermission perm, IList <AclEntry
> entries)
{
IList <AclEntry> acl = Lists.NewArrayListWithCapacity(entries.Count + 3);
// Owner entry implied by owner permission bits.
acl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType(AclEntryType
.User).SetPermission(perm.GetUserAction()).Build());
// All extended access ACL entries.
bool hasAccessAcl = false;
IEnumerator <AclEntry> entryIter = entries.GetEnumerator();
AclEntry curEntry = null;
while (entryIter.HasNext())
{
curEntry = entryIter.Next();
if (curEntry.GetScope() == AclEntryScope.Default)
{
break;
}
hasAccessAcl = true;
acl.AddItem(curEntry);
}
// Mask entry implied by group permission bits, or group entry if there is
// no access ACL (only default ACL).
acl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType(hasAccessAcl
? AclEntryType.Mask : AclEntryType.Group).SetPermission(perm.GetGroupAction()).
Build());
// Other entry implied by other bits.
acl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType(AclEntryType
.Other).SetPermission(perm.GetOtherAction()).Build());
// Default ACL entries.
if (curEntry != null && curEntry.GetScope() == AclEntryScope.Default)
{
acl.AddItem(curEntry);
while (entryIter.HasNext())
{
acl.AddItem(entryIter.Next());
}
}
return(acl);
}
