MAPREDUCE-7199. HsJobsBlock reuse JobACLsManager for checkAccess. Contributed by Bilwa S T

(cherry picked from commit a1b0697d379d33223ec1a46dfef31d6d226169bb)

hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/JobACLsManager.java

@@ -117,7 +117,7 @@ public class JobACLsManager {
     // Allow Job-owner for any operation on the job
     if (isMRAdmin(callerUGI)
         || user.equals(jobOwner)
-        || jobACL.isUserAllowed(callerUGI)) {
+        || (null != jobACL && jobACL.isUserAllowed(callerUGI))) {
       return true;
     }
 

hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-hs/src/main/java/org/apache/hadoop/mapreduce/v2/hs/webapp/HsJobsBlock.java

@@ -23,12 +23,12 @@ import java.util.Date;
 
 import org.apache.commons.text.StringEscapeUtils;
 import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.mapreduce.MRConfig;
+import org.apache.hadoop.mapred.JobACLsManager;
+import org.apache.hadoop.mapreduce.JobACL;
 import org.apache.hadoop.mapreduce.v2.app.AppContext;
 import org.apache.hadoop.mapreduce.v2.app.job.Job;
 import org.apache.hadoop.mapreduce.v2.hs.webapp.dao.JobInfo;
 import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.authorize.AccessControlList;
 import org.apache.hadoop.util.StringUtils;
 import org.apache.hadoop.yarn.conf.YarnConfiguration;
 import org.apache.hadoop.yarn.util.Times;
@@ -49,8 +49,7 @@ public class HsJobsBlock extends HtmlBlock {
     new SimpleDateFormat("yyyy.MM.dd HH:mm:ss z");
   private UserGroupInformation ugi;
   private boolean isFilterAppListByUserEnabled;
-  private boolean areAclsEnabled;
-  private AccessControlList adminAclList;
+  private JobACLsManager aclsManager;
 
   @Inject
   HsJobsBlock(Configuration conf, AppContext appCtx, ViewContext ctx) {
@@ -58,8 +57,7 @@ public class HsJobsBlock extends HtmlBlock {
     appContext = appCtx;
     isFilterAppListByUserEnabled = conf
         .getBoolean(YarnConfiguration.FILTER_ENTITY_LIST_BY_USER, false);
-    areAclsEnabled = conf.getBoolean(MRConfig.MR_ACLS_ENABLED, false);
-    adminAclList = new AccessControlList(conf.get(MRConfig.MR_ADMINS, " "));
+    aclsManager = new JobACLsManager(conf);
   }
 
   /*
@@ -94,8 +92,8 @@ public class HsJobsBlock extends HtmlBlock {
       JobInfo job = new JobInfo(j);
       ugi = getCallerUGI();
       // Allow to list only per-user apps if incoming ugi has permission.
-      if (isFilterAppListByUserEnabled && ugi != null
-          && !checkAccess(job.getUserName())) {
+      if (isFilterAppListByUserEnabled && ugi != null && !aclsManager
+          .checkAccess(ugi, JobACL.VIEW_JOB, job.getUserName(), null)) {
         continue;
       }
       jobsTableData.append("[\"")
@@ -160,21 +158,4 @@ public class HsJobsBlock extends HtmlBlock {
         __().
         __();
   }
-
-  private boolean checkAccess(String userName) {
-    if(!areAclsEnabled) {
-      return true;
-    }
-
-    // User could see its own job.
-    if (ugi.getShortUserName().equals(userName)) {
-      return true;
-    }
-
-    // Admin could also see all jobs
-    if (adminAclList != null && adminAclList.isUserAllowed(ugi)) {
-      return true;
-    }
-    return false;
-  }
 }