/** * @return Parent of the resource, if any. Throws IllegalStateException if it's the root-level resource. */ public IResource getParent() { if (level == Level.ROLE) return root(); throw new IllegalStateException("Root-level resource can't have a parent"); }
/** * @return Parent of the resource, if any. Throws IllegalStateException if it's the root-level resource. */ public IResource getParent() { if (level == Level.ROLE) return root(); throw new IllegalStateException("Root-level resource can't have a parent"); }
/** * @return Parent of the resource, if any. Throws IllegalStateException if it's the root-level resource. */ public IResource getParent() { if (level == Level.ROLE) return root(); throw new IllegalStateException("Root-level resource can't have a parent"); }
/** * Parses a role resource name into a RoleResource instance. * * @param name Name of the data resource. * @return RoleResource instance matching the name. */ public static RoleResource fromName(String name) { String[] parts = StringUtils.split(name, "/", 2); if (!parts[0].equals(ROOT_NAME)) throw new IllegalArgumentException(String.format("%s is not a valid role resource name", name)); if (parts.length == 1) return root(); return role(parts[1]); }
/** * Parses a role resource name into a RoleResource instance. * * @param name Name of the data resource. * @return RoleResource instance matching the name. */ public static RoleResource fromName(String name) { String[] parts = StringUtils.split(name, "/", 2); if (!parts[0].equals(ROOT_NAME)) throw new IllegalArgumentException(String.format("%s is not a valid role resource name", name)); if (parts.length == 1) return root(); return role(parts[1]); }
/** * Parses a role resource name into a RoleResource instance. * * @param name Name of the data resource. * @return RoleResource instance matching the name. */ public static RoleResource fromName(String name) { String[] parts = StringUtils.split(name, "/", 2); if (!parts[0].equals(ROOT_NAME)) throw new IllegalArgumentException(String.format("%s is not a valid role resource name", name)); if (parts.length == 1) return root(); return role(parts[1]); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
res = RoleResource.root();
res = RoleResource.root();
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // If the executing user has DESCRIBE permission on the root roles resource, let them list any and all roles boolean hasRootLevelSelect = DatabaseDescriptor.getAuthorizer() .authorize(state.getUser(), RoleResource.root()) .contains(Permission.DESCRIBE); if (hasRootLevelSelect) { if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); else return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); } else { RoleResource currentUser = RoleResource.role(state.getUser().getName()); if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(currentUser, recursive)); if (DatabaseDescriptor.getRoleManager().getRoles(currentUser, true).contains(grantee)) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); else throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee.getRoleName())); } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // If the executing user has DESCRIBE permission on the root roles resource, let them list any and all roles boolean hasRootLevelSelect = DatabaseDescriptor.getAuthorizer() .authorize(state.getUser(), RoleResource.root()) .contains(Permission.DESCRIBE); if (hasRootLevelSelect) { if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); else return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); } else { RoleResource currentUser = RoleResource.role(state.getUser().getName()); if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(currentUser, recursive)); if (DatabaseDescriptor.getRoleManager().getRoles(currentUser, true).contains(grantee)) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); else throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee.getRoleName())); } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // If the executing user has DESCRIBE permission on the root roles resource, let them list any and all roles boolean hasRootLevelSelect = DatabaseDescriptor.getAuthorizer() .authorize(state.getUser(), RoleResource.root()) .contains(Permission.DESCRIBE); if (hasRootLevelSelect) { if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); else return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); } else { RoleResource currentUser = RoleResource.role(state.getUser().getName()); if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(currentUser, recursive)); if (DatabaseDescriptor.getRoleManager().getRoles(currentUser, true).contains(grantee)) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); else throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee.getRoleName())); } }
res = RoleResource.root();