public boolean isSuper(RoleResource role) { return getRole(role.getRoleName()).isSuper; }
public void dropRole(AuthenticatedUser performer, RoleResource role) throws RequestValidationException, RequestExecutionException { process(String.format("DELETE FROM %s.%s WHERE role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.ROLES, escape(role.getRoleName())), consistencyForRole(role.getRoleName())); removeAllMembers(role.getRoleName()); }
public void dropRole(AuthenticatedUser performer, RoleResource role) throws RequestValidationException, RequestExecutionException { process(String.format("DELETE FROM %s.%s WHERE role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.ROLES, escape(role.getRoleName())), consistencyForRole(role.getRoleName())); removeAllMembers(role.getRoleName()); }
public void validate(ClientState state) throws RequestValidationException { opts.validate(); if (role.getRoleName().isEmpty()) throw new InvalidRequestException("Role name can't be an empty string"); // validate login here before checkAccess to avoid leaking role existence to anonymous users. state.ensureNotAnonymous(); if (!ifNotExists && DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s already exists", role.getRoleName())); }
public void validate(ClientState state) throws RequestValidationException { opts.validate(); if (role.getRoleName().isEmpty()) throw new InvalidRequestException("Role name can't be an empty string"); // validate login here before checkAccess to avoid leaking role existence to anonymous users. state.ensureNotAnonymous(); if (!ifNotExists && DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s already exists", role.getRoleName())); }
public void validate(ClientState state) throws RequestValidationException { opts.validate(); if (role.getRoleName().isEmpty()) throw new InvalidRequestException("Role name can't be an empty string"); // validate login here before checkAccess to avoid leaking role existence to anonymous users. state.ensureNotAnonymous(); if (!ifNotExists && DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s already exists", role.getRoleName())); }
private void modifyRolePermissions(Set<Permission> permissions, IResource resource, RoleResource role, String op) throws RequestExecutionException { process(String.format("UPDATE %s.%s SET permissions = permissions %s {%s} WHERE role = '%s' AND resource = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.ROLE_PERMISSIONS, op, "'" + StringUtils.join(permissions, "','") + "'", escape(role.getRoleName()), escape(resource.getName()))); }
public Set<RoleResource> getRoles(RoleResource grantee, boolean includeInherited) throws RequestValidationException, RequestExecutionException { Set<RoleResource> roles = new HashSet<>(); Role role = getRole(grantee.getRoleName()); if (!role.equals(NULL_ROLE)) { roles.add(RoleResource.role(role.name)); collectRoles(role, roles, includeInherited); } return roles; }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
public void validate(ClientState state) throws RequestValidationException { state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee.getRoleName())); } }
public Set<RoleResource> getRoles(RoleResource grantee, boolean includeInherited) throws RequestValidationException, RequestExecutionException { Set<RoleResource> roles = new HashSet<>(); Role role = getRole(grantee.getRoleName()); if (!role.equals(NULL_ROLE)) { roles.add(RoleResource.role(role.name)); collectRoles(role, roles, includeInherited); } return roles; }
private void modifyRolePermissions(Set<Permission> permissions, IResource resource, RoleResource role, String op) throws RequestExecutionException { process(String.format("UPDATE %s.%s SET permissions = permissions %s {%s} WHERE role = '%s' AND resource = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.ROLE_PERMISSIONS, op, "'" + StringUtils.join(permissions, "','") + "'", escape(role.getRoleName()), escape(resource.getName()))); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
public void validate(ClientState state) throws RequestValidationException { state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("%s doesn't exist", grantee.getRoleName())); } }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
private void removeLookupEntry(IResource resource, RoleResource role) throws RequestExecutionException { process(String.format("DELETE FROM %s.%s WHERE resource = '%s' and role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.RESOURCE_ROLE_INDEX, escape(resource.getName()), escape(role.getRoleName()))); }
private void removeLookupEntry(IResource resource, RoleResource role) throws RequestExecutionException { process(String.format("DELETE FROM %s.%s WHERE resource = '%s' and role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.RESOURCE_ROLE_INDEX, escape(resource.getName()), escape(role.getRoleName()))); }
private void addLookupEntry(IResource resource, RoleResource role) throws RequestExecutionException { process(String.format("INSERT INTO %s.%s (resource, role) VALUES ('%s','%s')", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.RESOURCE_ROLE_INDEX, escape(resource.getName()), escape(role.getRoleName()))); }
private void removeLookupEntry(IResource resource, RoleResource role) throws RequestExecutionException { process(String.format("DELETE FROM %s.%s WHERE resource = '%s' and role = '%s'", SchemaConstants.AUTH_KEYSPACE_NAME, AuthKeyspace.RESOURCE_ROLE_INDEX, escape(resource.getName()), escape(role.getRoleName()))); }
public void validate(ClientState state) throws RequestValidationException { opts.validate(); if (opts.isEmpty()) throw new InvalidRequestException("ALTER [ROLE|USER] can't be empty"); // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); }