Add permission check for exists method

### What changes are proposed in this pull request? Add permission check for exists method. ### Why are the changes needed? Fix Alluxio#16195 ### Does this PR introduce any user facing changes? Please list the user-facing changes introduced by your change, including NA pr-link: Alluxio#16199 change-id: cid-805ad9aa636c1cff5925b37622a19c198626554c
LuQQiu · Sep 20, 2022 · 9ff952f · 9ff952f
1 parent bf8841d
commit 9ff952f
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 1 deletion.
diff --git a/core/server/master/src/main/java/alluxio/master/file/DefaultFileSystemMaster.java b/core/server/master/src/main/java/alluxio/master/file/DefaultFileSystemMaster.java
@@ -1471,13 +1471,21 @@ public boolean exists(AlluxioURI path, ExistsContext context)
           loadMetadataIfNotExist(rpcContext, path, lmCtx, false);
         }
       } catch (FileDoesNotExistException e) {
-        return false;
+        // ignore exception
       }
 
       try (LockedInodePath inodePath = mInodeTree.lockInodePath(
           createLockingScheme(path, context.getOptions().getCommonOptions(), LockPattern.READ),
           rpcContext.getJournalContext())
       ) {
+        try {
+          if (mPermissionChecker instanceof DefaultPermissionChecker) {
+            mPermissionChecker.checkParentPermission(Mode.Bits.EXECUTE, inodePath);
+          }
+        } catch (AccessControlException e) {
+          auditContext.setAllowed(false);
+          throw e;
+        }
         auditContext.setSucceeded(true);
         return inodePath.fullPathExists();
       }

diff --git a/core/server/master/src/test/java/alluxio/master/file/FileSystemMasterFsOptsTest.java b/core/server/master/src/test/java/alluxio/master/file/FileSystemMasterFsOptsTest.java
@@ -45,6 +45,7 @@
 import alluxio.master.file.contexts.CreateDirectoryContext;
 import alluxio.master.file.contexts.CreateFileContext;
 import alluxio.master.file.contexts.DeleteContext;
+import alluxio.master.file.contexts.ExistsContext;
 import alluxio.master.file.contexts.GetStatusContext;
 import alluxio.master.file.contexts.ListStatusContext;
 import alluxio.master.file.contexts.MountContext;
@@ -1283,4 +1284,31 @@ public void setRecursiveAcl() throws Exception {
       assertEquals(newEntries, Sets.newHashSet(info.convertAclToStringEntries()));
     }
   }
+
+  @Test
+  public void exists() throws Exception {
+    createFileWithSingleBlock(NESTED_FILE_URI, mNestedFileContext);
+
+    //Test existing file
+    assertEquals(true, mFileSystemMaster.exists(NESTED_FILE_URI, ExistsContext.defaults()));
+
+    //Test non-existent file
+    assertEquals(false, mFileSystemMaster.exists(NESTED_FILE2_URI, ExistsContext.defaults()));
+
+    //Test file without parent permission
+    mFileSystemMaster.setAttribute(NESTED_URI, SetAttributeContext
+        .mergeFrom(SetAttributePOptions.newBuilder().setMode(new Mode((short) 0700).toProto())));
+    try (AuthenticatedClientUserResource userA = new AuthenticatedClientUserResource("userA",
+        Configuration.global())) {
+      mThrown.expect(AccessControlException.class);
+      mFileSystemMaster.exists(NESTED_FILE_URI, ExistsContext.defaults());
+    }
+
+    //Test non-existent file without parent permission
+    try (AuthenticatedClientUserResource userA = new AuthenticatedClientUserResource("userA",
+        Configuration.global())) {
+      mThrown.expect(AccessControlException.class);
+      mFileSystemMaster.exists(NESTED_FILE2_URI, ExistsContext.defaults());
+    }
+  }
 }