@POST @Path("/listPrivileges") public void listPrivileges(FullHttpRequest request, HttpResponder responder) throws Exception { Iterator<MethodArgument> arguments = parseArguments(request); Principal principal = deserializeNext(arguments); LOG.trace("Listing privileges for principal {}", principal); Set<Privilege> privileges = privilegesManager.listPrivileges(principal); LOG.debug("Returning privileges for principal {} as {}", principal, privileges); responder.sendJson(HttpResponseStatus.OK, GSON.toJson(privileges)); }
@POST @Path("/listPrivileges") public void listPrivileges(FullHttpRequest request, HttpResponder responder) throws Exception { Iterator<MethodArgument> arguments = parseArguments(request); Principal principal = deserializeNext(arguments); LOG.trace("Listing privileges for principal {}", principal); Set<Privilege> privileges = privilegesManager.listPrivileges(principal); LOG.debug("Returning privileges for principal {} as {}", principal, privileges); responder.sendJson(HttpResponseStatus.OK, GSON.toJson(privileges)); }
@Test public void testPrivilegesManager() throws Exception { // In this test, grants and revokes happen via PrivilegesManager, privilege listing and enforcement happens via // Authorizer. Also, since grants and revokes go directly to master and don't need a proxy, the // RemoteSystemOperationsService does not need to be started in this release. privilegesManager.grant(Authorizable.fromEntityId(NS), ALICE, EnumSet.allOf(Action.class)); privilegesManager.grant(Authorizable.fromEntityId(APP), ALICE, Collections.singleton(Action.ADMIN)); privilegesManager.grant(Authorizable.fromEntityId(PROGRAM), ALICE, Collections.singleton(Action.EXECUTE)); authorizationEnforcer.enforce(NS, ALICE, EnumSet.allOf(Action.class)); authorizationEnforcer.enforce(APP, ALICE, Action.ADMIN); authorizationEnforcer.enforce(PROGRAM, ALICE, Action.EXECUTE); authorizationEnforcer.enforce(APP, ALICE, Collections.singleton(Action.ADMIN)); privilegesManager.revoke(Authorizable.fromEntityId(PROGRAM)); privilegesManager.revoke(Authorizable.fromEntityId(APP), ALICE, EnumSet.allOf(Action.class)); privilegesManager.revoke(Authorizable.fromEntityId(NS), ALICE, EnumSet.allOf(Action.class)); Set<Privilege> privileges = privilegesManager.listPrivileges(ALICE); Assert.assertTrue(String.format("Expected all of alice's privileges to be revoked, but found %s", privileges), privileges.isEmpty()); }