@Override public String toString() { return String.format("<PermissionDetails grantee:%s resource:%s permission:%s>", grantee, resource.getName(), permission); }
/** * Construct a chain of resource parents starting with the resource and ending with the root. * * @param resource The staring point. * @return list of resource in the chain form start to the root. */ public static List<? extends IResource> chain(IResource resource) { List<IResource> chain = new ArrayList<IResource>(); while (true) { chain.add(resource); if (!resource.hasParent()) break; resource = resource.getParent(); } return chain; }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { return resource.applicablePermissions(); }
public void validate(ClientState state) throws RequestValidationException { // a check to ensure the existence of the user isn't being leaked by user existence check. state.ensureNotAnonymous(); if (resource != null) { resource = maybeCorrectResource(resource, state); if (!resource.exists()) throw new InvalidRequestException(String.format("%s doesn't exist", resource)); } if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public void validate(ClientState state) throws RequestValidationException { // a check to ensure the existence of the user isn't being leaked by user existence check. state.ensureNotAnonymous(); if (resource != null) { resource = maybeCorrectResource(resource, state); if (!resource.exists()) throw new InvalidRequestException(String.format("%s doesn't exist", resource)); } if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
@Override public String toString() { return String.format("<PermissionDetails username:%s resource:%s permission:%s>", username, resource.getName(), permission); }
/** * Construct a chain of resource parents starting with the resource and ending with the root. * * @param resource The staring point. * @return list of resource in the chain form start to the root. */ public static List<? extends IResource> chain(IResource resource) { List<IResource> chain = new ArrayList<IResource>(); while (true) { chain.add(resource); if (!resource.hasParent()) break; resource = resource.getParent(); } return chain; }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { return resource.applicablePermissions(); }
public void validate(ClientState state) throws RequestValidationException { // a check to ensure the existence of the user isn't being leaked by user existence check. state.ensureNotAnonymous(); if (resource != null) { resource = maybeCorrectResource(resource, state); if (!resource.exists()) throw new InvalidRequestException(String.format("%s doesn't exist", resource)); } if ((grantee != null) && !DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee)); }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
@Override public String toString() { return String.format("<PermissionDetails grantee:%s resource:%s permission:%s>", grantee, resource.getName(), permission); }
/** * Construct a chain of resource parents starting with the resource and ending with the root. * * @param resource The staring point. * @return list of resource in the chain form start to the root. */ public static List<? extends IResource> chain(IResource resource) { List<IResource> chain = new ArrayList<IResource>(); while (true) { chain.add(resource); if (!resource.hasParent()) break; resource = resource.getParent(); } return chain; }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { return resource.applicablePermissions(); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName())); // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. // called both here and in checkAccess(), as in some cases we do not call the latter. resource = maybeCorrectResource(resource, state); // altering permissions on builtin functions is not supported if (resource instanceof FunctionResource && SchemaConstants.SYSTEM_KEYSPACE_NAME.equals(((FunctionResource)resource).getKeyspace())) { throw new InvalidRequestException("Altering permissions on builtin functions is not supported"); } if (!resource.exists()) throw new InvalidRequestException(String.format("Resource %s doesn't exist", resource)); }
@Override public String toString() { return String.format("<PermissionDetails grantee:%s resource:%s permission:%s>", grantee, resource.getName(), permission); }
/** * Construct a chain of resource parents starting with the resource and ending with the root. * * @param resource The staring point. * @return list of resource in the chain form start to the root. */ public static List<? extends IResource> chain(IResource resource) { List<IResource> chain = new ArrayList<IResource>(); while (true) { chain.add(resource); if (!resource.hasParent()) break; resource = resource.getParent(); } return chain; }
public boolean apply(String s) { return resource.applicablePermissions().contains(Permission.valueOf(s)); } };
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName())); // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. // called both here and in checkAccess(), as in some cases we do not call the latter. resource = maybeCorrectResource(resource, state); // altering permissions on builtin functions is not supported if (resource instanceof FunctionResource && SchemaConstants.SYSTEM_KEYSPACE_NAME.equals(((FunctionResource)resource).getKeyspace())) { throw new InvalidRequestException("Altering permissions on builtin functions is not supported"); } if (!resource.exists()) throw new InvalidRequestException(String.format("Resource %s doesn't exist", resource)); }