private boolean worldEverything(List<AccessControl> acls) { boolean isWorldEverything = false; for (AccessControl acl : acls) { if (acl.get_type() == AccessControlType.OTHER && acl.get_access() == (READ | WRITE | ADMIN)) { isWorldEverything = true; break; } } return isWorldEverything; }
public java.lang.Object getFieldValue(_Fields field) { switch (field) { case TYPE: return get_type(); case NAME: return get_name(); case ACCESS: return get_access(); } throw new java.lang.IllegalStateException(); }
public static String accessControlToString(AccessControl ac) { StringBuilder ret = new StringBuilder(); switch (ac.get_type()) { case OTHER: ret.append("o"); break; case USER: ret.append("u"); break; default: throw new IllegalArgumentException("Don't know what a type of " + ac.get_type() + " means "); } ret.append(":"); if (ac.is_set_name()) { ret.append(ac.get_name()); } ret.append(":"); ret.append(accessToString(ac.get_access())); return ret.toString(); }
private List<AccessControl> removeBadACLs(List<AccessControl> accessControls) { List<AccessControl> resultAcl = new ArrayList<AccessControl>(); for (AccessControl control : accessControls) { if (control.get_type().equals(AccessControlType.OTHER) && (control.get_access() == 0)) { LOG.debug("Removing invalid blobstore world ACL " + BlobStoreAclHandler.accessControlToString(control)); continue; } resultAcl.add(control); } return resultAcl; }
private int getAllowed(AccessControl ac, Set<String> users) { switch (ac.get_type()) { case OTHER: return ac.get_access(); case USER: if (users.contains(ac.get_name())) { return ac.get_access(); } return 0; default: return 0; } }
private void fixEmptyNameACLForUsers(List<AccessControl> acls, Set<String> users, int mask) { List<AccessControl> aclsToAdd = new ArrayList<>(); List<AccessControl> aclsToRemove = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER && !control.is_set_name()) { aclsToRemove.add(control); int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } for (String user : users) { AccessControl copiedControl = new AccessControl(control); copiedControl.set_name(user); aclsToAdd.add(copiedControl); } } } acls.removeAll(aclsToRemove); acls.addAll(aclsToAdd); }
private void fixACLsForUser(List<AccessControl> acls, String user, int mask) { boolean foundUserACL = false; List<AccessControl> emptyUserACLs = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER) { if (!control.is_set_name()) { emptyUserACLs.add(control); } else if (control.get_name().equals(user)) { int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } foundUserACL = true; } } } // if ACLs have two user ACLs for empty user and principal, discard empty user ACL if (!emptyUserACLs.isEmpty() && foundUserACL) { acls.removeAll(emptyUserACLs); } // add default user ACL when only empty user ACL is not present if (emptyUserACLs.isEmpty() && !foundUserACL) { AccessControl userACL = new AccessControl(); userACL.set_type(AccessControlType.USER); userACL.set_name(user); userACL.set_access(mask); acls.add(userACL); } }
public static boolean canUserReadBlob(ReadableBlobMeta meta, String user, Map<String, Object> conf) { if (!ObjectReader.getBoolean(conf.get(Config.STORM_BLOBSTORE_ACL_VALIDATION_ENABLED), false)) { return true; } SettableBlobMeta settable = meta.get_settable(); for (AccessControl acl : settable.get_acl()) { if (acl.get_type().equals(AccessControlType.OTHER) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } if (acl.get_name().equals(user) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } } return false; }
private boolean worldEverything(List<AccessControl> acls) { boolean isWorldEverything = false; for (AccessControl acl : acls) { if (acl.get_type() == AccessControlType.OTHER && acl.get_access() == (READ|WRITE|ADMIN)) { isWorldEverything = true; break; } } return isWorldEverything; }
private List<AccessControl> removeBadACLs(List<AccessControl> accessControls) { List<AccessControl> resultAcl = new ArrayList<AccessControl>(); for (AccessControl control : accessControls) { if(control.get_type().equals(AccessControlType.OTHER) && (control.get_access() == 0 )) { LOG.debug("Removing invalid blobstore world ACL " + BlobStoreAclHandler.accessControlToString(control)); continue; } resultAcl.add(control); } return resultAcl; }
public Object getFieldValue(_Fields field) { switch (field) { case TYPE: return get_type(); case NAME: return get_name(); case ACCESS: return get_access(); } throw new IllegalStateException(); }
public static String accessControlToString(AccessControl ac) { StringBuilder ret = new StringBuilder(); switch(ac.get_type()) { case OTHER: ret.append("o"); break; case USER: ret.append("u"); break; default: throw new IllegalArgumentException("Don't know what a type of "+ac.get_type()+" means "); } ret.append(":"); if (ac.is_set_name()) { ret.append(ac.get_name()); } ret.append(":"); ret.append(accessToString(ac.get_access())); return ret.toString(); }
private int getAllowed(AccessControl ac, Set<String> users) { switch (ac.get_type()) { case OTHER: return ac.get_access(); case USER: if (users.contains(ac.get_name())) { return ac.get_access(); } return 0; default: return 0; } }
private void fixEmptyNameACLForUsers(List<AccessControl> acls, Set<String> users, int mask) { List<AccessControl> aclsToAdd = new ArrayList<>(); List<AccessControl> aclsToRemove = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER && !control.is_set_name()) { aclsToRemove.add(control); int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } for (String user : users) { AccessControl copiedControl = new AccessControl(control); copiedControl.set_name(user); aclsToAdd.add(copiedControl); } } } acls.removeAll(aclsToRemove); acls.addAll(aclsToAdd); }
public static boolean canUserReadBlob(ReadableBlobMeta meta, String user) { SettableBlobMeta settable = meta.get_settable(); for (AccessControl acl : settable.get_acl()) { if (acl.get_type().equals(AccessControlType.OTHER) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } if (acl.get_name().equals(user) && (acl.get_access() & BlobStoreAclHandler.READ) > 0) { return true; } } return false; }
private void fixACLsForUser(List<AccessControl> acls, String user, int mask) { boolean foundUserACL = false; List<AccessControl> emptyUserACLs = new ArrayList<>(); for (AccessControl control : acls) { if (control.get_type() == AccessControlType.USER) { if (!control.is_set_name()) { emptyUserACLs.add(control); } else if (control.get_name().equals(user)) { int currentAccess = control.get_access(); if ((currentAccess & mask) != mask) { control.set_access(currentAccess | mask); } foundUserACL = true; } } } // if ACLs have two user ACLs for empty user and principal, discard empty user ACL if (!emptyUserACLs.isEmpty() && foundUserACL) { acls.removeAll(emptyUserACLs); } // add default user ACL when only empty user ACL is not present if (emptyUserACLs.isEmpty() && !foundUserACL) { AccessControl userACL = new AccessControl(); userACL.set_type(AccessControlType.USER); userACL.set_name(user); userACL.set_access(mask); acls.add(userACL); } }