/** * Get the query to execute in the JDO deducing privileges include the scope of according to the given privilege * The query was used in three privilege operations: * 1.revoking privilege * 2.renaming privilege * 3.dropping privilege * Take the Solr for example, if there exists three privileges such as p1:Collection=c1->action=query, * p2:Collection=c1->Field=f1->action=query and p3:Collection=c1->Field=f2->action=query. * When the revoking operation happens, the request privilege is p4:Collection=c1->action=query. * The result is that not only p1 should be revoked, but also p2 and p3 should be revoked together. * So the populateIncludePrivilegesQuery should be Collection=c1 * @param privilege * @return query */ public static String populateIncludePrivilegesQuery(MSentryGMPrivilege privilege) { StringBuilder query = new StringBuilder(); query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" "); query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" "); List<? extends Authorizable> authorizables = privilege.getAuthorizables(); for (int i= 0 ; i < authorizables.size(); i++) { String resourceName = PREFIX_RESOURCE_NAME + String.valueOf(i); String resourceType = PREFIX_RESOURCE_TYPE + String.valueOf(i); query.append("&& " + resourceName + " == \"" + authorizables.get(i).getName() + "\" "); query.append("&& " + resourceType + " == \"" + authorizables.get(i).getTypeName() + "\" "); } return query.toString(); } }
query.append("serviceName == \"" + toNULLCol(privilege.getServiceName()) + "\" "); query.append("&& componentName == \"" + toNULLCol(privilege.getComponentName()) + "\" "); query.append("&& scope == \"" + toNULLCol(privilege.getScope()) + "\" "); query.append("&& action == \"" + toNULLCol(privilege.getAction()) + "\""); if (privilege.getGrantOption() == null) { query.append("&& this.grantOption == null ");
/** * Only allow strict hierarchies. That is, can level =1 be not null when level = 0 is null * @param authorizables */ public void setAuthorizables(List<? extends Authorizable> authorizables) { if (authorizables == null || authorizables.isEmpty()) { //service scope scope = SERVICE_SCOPE; return; } if (authorizables.size() > AUTHORIZABLE_LEVEL) { throw new IllegalStateException("This generic privilege model only supports maximum 4 level."); } for (int i = 0; i < authorizables.size(); i++) { Authorizable authorizable = authorizables.get(i); if (authorizable == null) { String msg = String.format("The authorizable can't be null. Please check authorizables[%d]:", i); throw new IllegalStateException(msg); } String resourceName = authorizable.getName(); String resourceTYpe = authorizable.getTypeName(); if (isNULL(resourceName) || isNULL(resourceTYpe)) { String msg = String.format("The name and type of authorizable can't be empty or null.Please check authorizables[%d]", i); throw new IllegalStateException(msg); } setField(this, PREFIX_RESOURCE_NAME + String.valueOf(i), toNULLCol(resourceName)); setField(this, PREFIX_RESOURCE_TYPE + String.valueOf(i), toNULLCol(resourceTYpe)); scope = resourceTYpe; } }
/** * Only allow strict hierarchies. That is, can level =1 be not null when level = 0 is null * @param authorizables */ public void setAuthorizables(List<? extends Authorizable> authorizables) { if (authorizables == null || authorizables.isEmpty()) { //service scope scope = SERVICE_SCOPE; return; } if (authorizables.size() > AUTHORIZABLE_LEVEL) { throw new IllegalStateException("This generic privilege model only supports maximum 4 level."); } for (int i = 0; i < authorizables.size(); i++) { Authorizable authorizable = authorizables.get(i); if (authorizable == null) { String msg = String.format("The authorizable can't be null. Please check authorizables[%d]:", i); throw new IllegalStateException(msg); } String resourceName = authorizable.getName(); String resourceTYpe = authorizable.getTypeName(); if (isNULL(resourceName) || isNULL(resourceTYpe)) { String msg = String.format("The name and type of authorizable can't be empty or null.Please check authorizables[%d]", i); throw new IllegalStateException(msg); } setField(this, PREFIX_RESOURCE_NAME + String.valueOf(i), toNULLCol(resourceName)); setField(this, PREFIX_RESOURCE_TYPE + String.valueOf(i), toNULLCol(resourceTYpe)); scope = resourceTYpe; } }