1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import org.apache.commons.logging.Log;
22  import org.apache.commons.logging.LogFactory;
23  import org.apache.hadoop.hbase.util.Bytes;
24  
25  import java.io.DataInput;
26  import java.io.DataOutput;
27  import java.io.IOException;
28  
29  /**
30   * Represents an authorization for access over the given table, column family
31   * plus qualifier, for the given user.
32   */
33  public class UserPermission extends TablePermission {
34    private static Log LOG = LogFactory.getLog(UserPermission.class);
35  
36    private byte[] user;
37  
38    /** Nullary constructor for Writable, do not use */
39    public UserPermission() {
40      super();
41    }
42  
43    /**
44     * Creates a new instance for the given user.
45     * @param user the user
46     * @param assigned the list of allowed actions
47     */
48    public UserPermission(byte[] user, Action... assigned) {
49      super(null, null, null, assigned);
50      this.user = user;
51    }
52  
53    /**
54     * Creates a new instance for the given user,
55     * matching the actions with the given codes.
56     * @param user the user
57     * @param actionCodes the list of allowed action codes
58     */
59    public UserPermission(byte[] user, byte[] actionCodes) {
60      super(null, null, null, actionCodes);
61      this.user = user;
62    }
63  
64    /**
65     * Creates a new instance for the given user, table and column family.
66     * @param user the user
67     * @param table the table
68     * @param family the family, can be null if action is allowed over the entire
69     *   table
70     * @param assigned the list of allowed actions
71     */
72    public UserPermission(byte[] user, byte[] table, byte[] family,
73                          Action... assigned) {
74      super(table, family, assigned);
75      this.user = user;
76    }
77  
78    /**
79     * Creates a new permission for the given user, table, column family and
80     * column qualifier.
81     * @param user the user
82     * @param table the table
83     * @param family the family, can be null if action is allowed over the entire
84     *   table
85     * @param qualifier the column qualifier, can be null if action is allowed
86     *   over the entire column family
87     * @param assigned the list of allowed actions
88     */
89    public UserPermission(byte[] user, byte[] table, byte[] family,
90                          byte[] qualifier, Action... assigned) {
91      super(table, family, qualifier, assigned);
92      this.user = user;
93    }
94  
95    /**
96     * Creates a new instance for the given user, table, column family and
97     * qualifier, matching the actions with the given codes.
98     * @param user the user
99     * @param table the table
100    * @param family the family, can be null if action is allowed over the entire
101    *   table
102    * @param qualifier the column qualifier, can be null if action is allowed
103    *   over the entire column family
104    * @param actionCodes the list of allowed action codes
105    */
106   public UserPermission(byte[] user, byte[] table, byte[] family,
107                         byte[] qualifier, byte[] actionCodes) {
108     super(table, family, qualifier, actionCodes);
109     this.user = user;
110   }
111 
112   public byte[] getUser() {
113     return user;
114   }
115 
116   /**
117    * Returns true if this permission describes a global user permission.
118    */
119   public boolean isGlobal() {
120     byte[] tableName = getTable();
121     return(tableName == null || tableName.length == 0);
122   }
123 
124   @Override
125   public boolean equals(Object obj) {
126     if (!(obj instanceof UserPermission)) {
127       return false;
128     }
129     UserPermission other = (UserPermission)obj;
130 
131     if ((Bytes.equals(user, other.getUser()) &&
132         super.equals(obj))) {
133       return true;
134     } else {
135       return false;
136     }
137   }
138 
139   @Override
140   public int hashCode() {
141     final int prime = 37;
142     int result = super.hashCode();
143     if (user != null) {
144       result = prime * result + Bytes.hashCode(user);
145     }
146     return result;
147   }
148 
149   public String toString() {
150     StringBuilder str = new StringBuilder("UserPermission: ")
151         .append("user=").append(Bytes.toString(user))
152         .append(", ").append(super.toString());
153     return str.toString();
154   }
155 
156   @Override
157   public void readFields(DataInput in) throws IOException {
158     super.readFields(in);
159     user = Bytes.readByteArray(in);
160   }
161 
162   @Override
163   public void write(DataOutput out) throws IOException {
164     super.write(out);
165     Bytes.writeByteArray(out, user);
166   }
167 }