public abstract ResultMessage execute(ClientState state) throws RequestExecutionException, RequestValidationException;
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.AUTHORIZE, role); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.AUTHORIZE, role); }
public abstract ResultMessage execute(ClientState state) throws RequestExecutionException, RequestValidationException;
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.AUTHORIZE, role); }
public abstract ResultMessage execute(ClientState state) throws RequestExecutionException, RequestValidationException;
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
public abstract ResultMessage execute(ClientState state) throws RequestExecutionException, RequestValidationException;
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
public void checkAccess(ClientState state) throws UnauthorizedException { AuthenticatedUser user = state.getUser(); boolean isSuper = user.isSuper(); if (opts.getSuperuser().isPresent() && user.getRoles().contains(role)) throw new UnauthorizedException("You aren't allowed to alter your own superuser " + "status or that of a role granted to you"); if (opts.getSuperuser().isPresent() && !isSuper) throw new UnauthorizedException("Only superusers are allowed to alter superuser status"); // superusers can do whatever else they like if (isSuper) return; // a role may only modify the subset of its own attributes as determined by IRoleManager#alterableOptions if (user.getName().equals(role.getRoleName())) { for (Option option : opts.getOptions().keySet()) { if (!DatabaseDescriptor.getRoleManager().alterableOptions().contains(option)) throw new UnauthorizedException(String.format("You aren't allowed to alter %s", option)); } } else { // if not attempting to alter another role, ensure we have ALTER permissions on it super.checkPermission(state, Permission.ALTER, role); } }
public void checkAccess(ClientState state) throws UnauthorizedException { AuthenticatedUser user = state.getUser(); boolean isSuper = user.isSuper(); if (opts.getSuperuser().isPresent() && user.getRoles().contains(role)) throw new UnauthorizedException("You aren't allowed to alter your own superuser " + "status or that of a role granted to you"); if (opts.getSuperuser().isPresent() && !isSuper) throw new UnauthorizedException("Only superusers are allowed to alter superuser status"); // superusers can do whatever else they like if (isSuper) return; // a role may only modify the subset of its own attributes as determined by IRoleManager#alterableOptions if (user.getName().equals(role.getRoleName())) { for (Option option : opts.getOptions().keySet()) { if (!DatabaseDescriptor.getRoleManager().alterableOptions().contains(option)) throw new UnauthorizedException(String.format("You aren't allowed to alter %s", option)); } } else { // if not attempting to alter another role, ensure we have ALTER permissions on it super.checkPermission(state, Permission.ALTER, role); } }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.DROP, role); // We only check superuser status for existing roles to avoid // caching info about roles which don't exist (CASSANDRA-9189) if (DatabaseDescriptor.getRoleManager().isExistingRole(role) && Roles.hasSuperuserStatus(role) && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can drop a role with superuser status"); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.DROP, role); // We only check superuser status for existing roles to avoid // caching info about roles which don't exist (CASSANDRA-9189) if (DatabaseDescriptor.getRoleManager().isExistingRole(role) && Roles.hasSuperuserStatus(role) && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can drop a role with superuser status"); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.DROP, role); // We only check superuser status for existing roles to avoid // caching info about roles which don't exist (CASSANDRA-9189) if (DatabaseDescriptor.getRoleManager().isExistingRole(role) && Roles.hasSuperuserStatus(role) && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can drop a role with superuser status"); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
public void checkAccess(ClientState state) throws UnauthorizedException { AuthenticatedUser user = state.getUser(); boolean isSuper = user.isSuper(); if (opts.getSuperuser().isPresent() && user.getRoles().contains(role)) throw new UnauthorizedException("You aren't allowed to alter your own superuser " + "status or that of a role granted to you"); if (opts.getSuperuser().isPresent() && !isSuper) throw new UnauthorizedException("Only superusers are allowed to alter superuser status"); // superusers can do whatever else they like if (isSuper) return; // a role may only modify the subset of its own attributes as determined by IRoleManager#alterableOptions if (user.getName().equals(role.getRoleName())) { for (Option option : opts.getOptions().keySet()) { if (!DatabaseDescriptor.getRoleManager().alterableOptions().contains(option)) throw new UnauthorizedException(String.format("You aren't allowed to alter %s", option)); } } else { // if not attempting to alter another role, ensure we have ALTER permissions on it super.checkPermission(state, Permission.ALTER, role); } }