git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RS group related hooks


That seems to be the right semantics to me. If a user doesn't have permission to make a call, we wouldn't want to call any pre-hook. However...

I'm looking at RSRpcServices to compare and it looks to me that having the authz check outside of the AccessController CP is weird. For the methods there, permission checks are done via the AccessController being configured for use on the Region in question, not explicitly in the server endpoint impl.

I would question why RSGroupAdminServer is doing things different. Is there a reason or was this just inadvertent because hooks weren't added?

On 5/23/18 7:17 AM, Ted Yu wrote:
Hi,
I was looking at RSGroupAdminServer#removeRSGroup :

       if (master.getMasterCoprocessorHost() != null) {

         master.getMasterCoprocessorHost().preRemoveRSGroup(name);

       }
However, RSGroupAdminServer#removeRSGroup is called by RSGroupAdminEndpoint
:

         checkPermission("removeRSGroup");
         groupAdminServer.removeRSGroup(request.getRSGroupName());

Meaning, if permission check fails, the pre hook wouldn't be called.

I wonder if the call to preRemoveRSGroup() should be lifted to before
calling checkPermission().

Cheers