diff options
| author | danilalexeev <[email protected]> | 2025-03-25 00:24:37 +0300 |
|---|---|---|
| committer | danilalexeev <[email protected]> | 2025-03-25 00:36:58 +0300 |
| commit | ed45bc6ca0a1102bde32e57fcf2255630a0866cc (patch) | |
| tree | 8c86ea575a8d7670397f6c94e20040e2fe20718f | |
| parent | 0c198482005b44e3265cafbce86ebe229affc793 (diff) | |
YT-24358: Move common code to server/lib
* Relocated `THierarchicPermissionValidator` and `TPermissionChecker` to `server/lib` directory.
This change lays the groundwork for implementing permission validation support in Sequoia.
* Added the `EPermissionCheckScope::Subtree` scope for efficient subtree-level permission checking.
commit_hash:6dc893ef8835dec41a2545cf94892cde6d5ee8f0
| -rw-r--r-- | yt/yt/client/security_client/acl.h | 2 | ||||
| -rw-r--r-- | yt/yt/core/ytree/node_detail.cpp | 2 | ||||
| -rw-r--r-- | yt/yt/core/ytree/permission.h | 10 |
3 files changed, 7 insertions, 7 deletions
diff --git a/yt/yt/client/security_client/acl.h b/yt/yt/client/security_client/acl.h index 24ade027b8b..7f61cd70917 100644 --- a/yt/yt/client/security_client/acl.h +++ b/yt/yt/client/security_client/acl.h @@ -20,7 +20,7 @@ struct TSerializableAccessControlEntry std::vector<std::string> Subjects; NYTree::EPermissionSet Permissions; EAceInheritanceMode InheritanceMode = EAceInheritanceMode::ObjectAndDescendants; - std::optional<std::string> SubjectTagFilter; + std::optional<TBooleanFormula> SubjectTagFilter; std::optional<std::vector<std::string>> Columns; std::optional<bool> Vital; diff --git a/yt/yt/core/ytree/node_detail.cpp b/yt/yt/core/ytree/node_detail.cpp index 32a311a54d4..99670ddd23c 100644 --- a/yt/yt/core/ytree/node_detail.cpp +++ b/yt/yt/core/ytree/node_detail.cpp @@ -115,7 +115,7 @@ void TNodeBase::RemoveSelf( context->SetRequestInfo("Recursive: %v, Force: %v", request->recursive(), request->force()); ValidatePermission( - EPermissionCheckScope::This | EPermissionCheckScope::Descendants, + EPermissionCheckScope::Subtree, EPermission::Remove); ValidatePermission( EPermissionCheckScope::Parent, diff --git a/yt/yt/core/ytree/permission.h b/yt/yt/core/ytree/permission.h index ec769ee4455..6cc0478b3ee 100644 --- a/yt/yt/core/ytree/permission.h +++ b/yt/yt/core/ytree/permission.h @@ -61,11 +61,11 @@ std::vector<TString> FormatPermissions(EPermissionSet permissions); //////////////////////////////////////////////////////////////////////////////// //! Describes the set of objects for which permissions must be checked. -DEFINE_BIT_ENUM(EPermissionCheckScope, - ((None) (0x0000)) - ((This) (0x0001)) - ((Parent) (0x0002)) - ((Descendants) (0x0004)) +DEFINE_ENUM(EPermissionCheckScope, + ((This) (1)) + ((Parent) (2)) + ((Descendants) (3)) + ((Subtree) (4)) // Parent + Descendants. ); //////////////////////////////////////////////////////////////////////////////// |