/// <summary>Get the effective permission for the AclEntry.</summary> /// <remarks> /// Get the effective permission for the AclEntry. <br /> /// Recommended to use this API ONLY if client communicates with the old /// NameNode, needs to pass the Permission for the path to get effective /// permission, else use /// <see cref="GetEffectivePermission(AclEntry)"/> /// . /// </remarks> /// <param name="entry">AclEntry to get the effective action</param> /// <param name="permArg"> /// Permission for the path. However if the client is NOT /// communicating with old namenode, then this argument will not have /// any preference. /// </param> /// <returns>Returns the effective permission for the entry.</returns> /// <exception cref="System.ArgumentException"> /// If the client communicating with old /// namenode and permission is not passed as an argument. /// </exception> public virtual FsAction GetEffectivePermission(AclEntry entry, FsPermission permArg ) { // At least one permission bits should be available. Preconditions.CheckArgument(this.permission != null || permArg != null, "Permission bits are not available to calculate effective permission" ); if (this.permission != null) { // permission bits from server response will have the priority for // accuracy. permArg = this.permission; } if ((entry.GetName() != null || entry.GetType() == AclEntryType.Group)) { if (entry.GetScope() == AclEntryScope.Access) { FsAction entryPerm = entry.GetPermission(); return(entryPerm.And(permArg.GetGroupAction())); } else { Preconditions.CheckArgument(this.entries.Contains(entry) && this.entries.Count >= 3, "Passed default ACL entry not found in the list of ACLs"); // default mask entry for effective permission calculation will be the // penultimate entry. This can be mask entry in case of extended ACLs. // In case of minimal ACL, this is the owner group entry, and we end up // intersecting group FsAction with itself, which is a no-op. FsAction defaultMask = this.entries[this.entries.Count - 2].GetPermission(); FsAction entryPerm = entry.GetPermission(); return(entryPerm.And(defaultMask)); } } else { return(entry.GetPermission()); } }
/// <summary>Translates the given permission bits to the equivalent minimal ACL.</summary> /// <param name="perm">FsPermission to translate</param> /// <returns> /// List<AclEntry> containing exactly 3 entries representing the owner, /// group and other permissions /// </returns> public static IList <AclEntry> GetMinimalAcl(FsPermission perm) { return(Lists.NewArrayList(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType (AclEntryType.User).SetPermission(perm.GetUserAction()).Build(), new AclEntry.Builder ().SetScope(AclEntryScope.Access).SetType(AclEntryType.Group).SetPermission(perm .GetGroupAction()).Build(), new AclEntry.Builder().SetScope(AclEntryScope.Access ).SetType(AclEntryType.Other).SetPermission(perm.GetOtherAction()).Build())); }
/// <summary>Given permissions and extended ACL entries, returns the full logical ACL. /// </summary> /// <param name="perm">FsPermission containing permissions</param> /// <param name="entries">List<AclEntry> containing extended ACL entries</param> /// <returns>List<AclEntry> containing full logical ACL</returns> public static IList <AclEntry> GetAclFromPermAndEntries(FsPermission perm, IList <AclEntry > entries) { IList <AclEntry> acl = Lists.NewArrayListWithCapacity(entries.Count + 3); // Owner entry implied by owner permission bits. acl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType(AclEntryType .User).SetPermission(perm.GetUserAction()).Build()); // All extended access ACL entries. bool hasAccessAcl = false; IEnumerator <AclEntry> entryIter = entries.GetEnumerator(); AclEntry curEntry = null; while (entryIter.HasNext()) { curEntry = entryIter.Next(); if (curEntry.GetScope() == AclEntryScope.Default) { break; } hasAccessAcl = true; acl.AddItem(curEntry); } // Mask entry implied by group permission bits, or group entry if there is // no access ACL (only default ACL). acl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType(hasAccessAcl ? AclEntryType.Mask : AclEntryType.Group).SetPermission(perm.GetGroupAction()). Build()); // Other entry implied by other bits. acl.AddItem(new AclEntry.Builder().SetScope(AclEntryScope.Access).SetType(AclEntryType .Other).SetPermission(perm.GetOtherAction()).Build()); // Default ACL entries. if (curEntry != null && curEntry.GetScope() == AclEntryScope.Default) { acl.AddItem(curEntry); while (entryIter.HasNext()) { acl.AddItem(entryIter.Next()); } } return(acl); }