String kspAdmins = accessProperties.getProperty(KEYSPACES_WRITE_PROPERTY); for (String admin : kspAdmins.split(",")) if (admin.equals(user.getName())) return (EnumSet<Permission>) Permission.ALL; if (reader.equals(user.getName())) { canRead = true; break; if (writer.equals(user.getName())) { canWrite = true; break;
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { if (!user.isAnonymous() && !Auth.isExistingUser(user.getName())) throw new AuthenticationException(String.format("User %s doesn't exist - create it with CREATE USER query first", user.getName())); this.user = user; }
private void checkPermissionOnResourceChain(Permission perm, IResource resource) { for (IResource r : Resources.chain(resource)) if (authorize(r).contains(perm)) return; throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", user.getName(), perm, resource)); }
private void checkPermissionOnResourceChain(Permission perm, IResource resource) { for (IResource r : Resources.chain(resource)) if (authorize(r).contains(perm)) return; throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", user.getName(), perm, resource)); }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { for (IResource r : Resources.chain(resource)) if (authorize(r).contains(perm)) return; throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", user.getName(), perm, resource)); }
private void checkPermissionOnResourceChain(Permission perm, IResource resource) { for (IResource r : Resources.chain(resource)) if (authorize(r).contains(perm)) return; throw new UnauthorizedException(String.format("User %s has no %s permission on %s or any of its parents", user.getName(), perm, resource)); }
public void checkPermission(ClientState state, Permission required, RoleResource resource) throws UnauthorizedException { try { state.ensureHasPermission(required, resource); } catch (UnauthorizedException e) { // Catch and rethrow with a more friendly message throw new UnauthorizedException(String.format("User %s does not have sufficient privileges " + "to perform the requested operation", state.getUser().getName())); } } }
public void checkPermission(ClientState state, Permission required, RoleResource resource) throws UnauthorizedException { try { state.ensureHasPermission(required, resource); } catch (UnauthorizedException e) { // Catch and rethrow with a more friendly message throw new UnauthorizedException(String.format("User %s does not have sufficient privileges " + "to perform the requested operation", state.getUser().getName())); } } }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !Auth.isExistingUser(username)) throw new InvalidRequestException(String.format("User %s doesn't exist", username)); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(username)) throw new InvalidRequestException("Users aren't allowed to DROP themselves"); }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { // Login privilege is not inherited via granted roles, so just // verify that the role with the credentials that were actually // supplied has it if (user.isAnonymous() || DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) this.user = user; else throw new AuthenticationException(String.format("%s is not permitted to log in", user.getName())); }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { // Login privilege is not inherited via granted roles, so just // verify that the role with the credentials that were actually // supplied has it if (user.isAnonymous() || DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) this.user = user; else throw new AuthenticationException(String.format("%s is not permitted to log in", user.getName())); }
/** * Attempts to login the given user. */ public void login(AuthenticatedUser user) throws AuthenticationException { // Login privilege is not inherited via granted roles, so just // verify that the role with the credentials that were actually // supplied has it if (user.isAnonymous() || DatabaseDescriptor.getRoleManager().canLogin(user.getPrimaryRole())) this.user = user; else throw new AuthenticationException(String.format("%s is not permitted to log in", user.getName())); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!ifExists && !DatabaseDescriptor.getRoleManager().isExistingRole(role)) throw new InvalidRequestException(String.format("%s doesn't exist", role.getRoleName())); AuthenticatedUser user = state.getUser(); if (user != null && user.getName().equals(role.getRoleName())) throw new InvalidRequestException("Cannot DROP primary role for current login"); }
protected void grantPermissionsToCreator(QueryState state) { try { IResource resource = FunctionResource.function(functionName.keyspace, functionName.name, argTypes); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, resource.applicablePermissions(), resource, RoleResource.role(state.getClientState().getUser().getName())); } catch (RequestExecutionException e) { throw new RuntimeException(e); } }
protected void grantPermissionsToCreator(QueryState state) { try { IResource resource = FunctionResource.function(functionName.keyspace, functionName.name, argTypes); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, resource.applicablePermissions(), resource, RoleResource.role(state.getClientState().getUser().getName())); } catch (RequestExecutionException e) { throw new RuntimeException(e); } }
protected void grantPermissionsToCreator(QueryState state) { try { IResource resource = FunctionResource.function(functionName.keyspace, functionName.name, argTypes); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, resource.applicablePermissions(), resource, RoleResource.role(state.getClientState().getUser().getName())); } catch (RequestExecutionException e) { throw new RuntimeException(e); } }
protected void grantPermissionsToCreator(QueryState state) { try { IResource resource = FunctionResource.function(functionName.keyspace, functionName.name, argTypes); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, resource.applicablePermissions(), resource, RoleResource.role(state.getClientState().getUser().getName())); } catch (RequestExecutionException e) { throw new RuntimeException(e); } }
protected void grantPermissionsToCreator(QueryState state) { try { IResource resource = DataResource.table(keyspace(), columnFamily()); DatabaseDescriptor.getAuthorizer().grant(AuthenticatedUser.SYSTEM_USER, resource.applicablePermissions(), resource, RoleResource.role(state.getClientState().getUser().getName())); } catch (RequestExecutionException e) { throw new RuntimeException(e); } }