public void checkAccess(ClientState state) throws UnauthorizedException { if (!state.getUser().isSuper()) throw new UnauthorizedException("Only superusers are allowed to perform DROP USER queries"); }
public void checkAccess(ClientState state) throws UnauthorizedException { if (!state.getUser().isSuper()) throw new UnauthorizedException("Only superusers are allowed to perform CREATE USER queries"); }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { if (user.isSuper()) return resource.applicablePermissions(); Set<Permission> permissions = EnumSet.noneOf(Permission.class); try { for (RoleResource role: user.getRoles()) addPermissionsForRole(permissions, resource, role); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource); throw new RuntimeException(e); } return permissions; }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { if (user.isSuper()) return resource.applicablePermissions(); Set<Permission> permissions = EnumSet.noneOf(Permission.class); try { for (RoleResource role: user.getRoles()) addPermissionsForRole(permissions, resource, role); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource); throw new RuntimeException(e); } return permissions; }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { if (user.isSuper()) return resource.applicablePermissions(); Set<Permission> permissions = EnumSet.noneOf(Permission.class); try { for (RoleResource role: user.getRoles()) addPermissionsForRole(permissions, resource, role); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource); throw new RuntimeException(e); } return permissions; }
public void ensureIsSuper(String message) throws UnauthorizedException { if (DatabaseDescriptor.getAuthenticator().requireAuthentication() && (user == null || !user.isSuper())) throw new UnauthorizedException(message); }
public void ensureIsSuper(String message) throws UnauthorizedException { if (DatabaseDescriptor.getAuthenticator().requireAuthentication() && (user == null || !user.isSuper())) throw new UnauthorizedException(message); }
public void ensureIsSuper(String message) throws UnauthorizedException { if (DatabaseDescriptor.getAuthenticator().requireAuthentication() && (user == null || !user.isSuper())) throw new UnauthorizedException(message); }
public void ensureIsSuper(String message) throws UnauthorizedException { if (DatabaseDescriptor.getAuthenticator().requireAuthentication() && (user == null || !user.isSuper())) throw new UnauthorizedException(message); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }
public void checkAccess(ClientState state) throws UnauthorizedException { AuthenticatedUser user = state.getUser(); boolean isSuper = user.isSuper(); if (superuser != null && user.getName().equals(username)) throw new UnauthorizedException("You aren't allowed to alter your own superuser status"); if (superuser != null && !isSuper) throw new UnauthorizedException("Only superusers are allowed to alter superuser status"); if (!user.isSuper() && !user.getName().equals(username)) throw new UnauthorizedException("You aren't allowed to alter this user"); if (!isSuper) { for (IAuthenticator.Option option : opts.getOptions().keySet()) { if (!DatabaseDescriptor.getAuthenticator().alterableOptions().contains(option)) throw new UnauthorizedException(String.format("You aren't allowed to alter %s option", option)); } } }
public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, RoleResource grantee) throws RequestValidationException, RequestExecutionException { if (!(performer.isSuper() || performer.isSystem()) && !performer.getRoles().contains(grantee)) throw new UnauthorizedException(String.format("You are not authorized to view %s's permissions", grantee == null ? "everyone" : grantee.getRoleName())); if (null == grantee) return listPermissionsForRole(permissions, resource, grantee); Set<RoleResource> roles = DatabaseDescriptor.getRoleManager().getRoles(grantee, true); Set<PermissionDetails> details = new HashSet<>(); for (RoleResource role : roles) details.addAll(listPermissionsForRole(permissions, resource, role)); return details; }
public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, RoleResource grantee) throws RequestValidationException, RequestExecutionException { if (!(performer.isSuper() || performer.isSystem()) && !performer.getRoles().contains(grantee)) throw new UnauthorizedException(String.format("You are not authorized to view %s's permissions", grantee == null ? "everyone" : grantee.getRoleName())); if (null == grantee) return listPermissionsForRole(permissions, resource, grantee); Set<RoleResource> roles = DatabaseDescriptor.getRoleManager().getRoles(grantee, true); Set<PermissionDetails> details = new HashSet<>(); for (RoleResource role : roles) details.addAll(listPermissionsForRole(permissions, resource, role)); return details; }
public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, RoleResource grantee) throws RequestValidationException, RequestExecutionException { if (!(performer.isSuper() || performer.isSystem()) && !performer.getRoles().contains(grantee)) throw new UnauthorizedException(String.format("You are not authorized to view %s's permissions", grantee == null ? "everyone" : grantee.getRoleName())); if (null == grantee) return listPermissionsForRole(permissions, resource, grantee); Set<RoleResource> roles = DatabaseDescriptor.getRoleManager().getRoles(grantee, true); Set<PermissionDetails> details = new HashSet<>(); for (RoleResource role : roles) details.addAll(listPermissionsForRole(permissions, resource, role)); return details; }
public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of) throws RequestValidationException, RequestExecutionException { if (!performer.isSuper() && !performer.getName().equals(of)) throw new UnauthorizedException(String.format("You are not authorized to view %s's permissions", of == null ? "everyone" : of)); Set<PermissionDetails> details = new HashSet<PermissionDetails>(); for (UntypedResultSet.Row row : process(buildListQuery(resource, of))) { if (row.has(PERMISSIONS)) { for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) { Permission permission = Permission.valueOf(p); if (permissions.contains(permission)) details.add(new PermissionDetails(row.getString(USERNAME), DataResource.fromName(row.getString(RESOURCE)), permission)); } } } return details; }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.DROP, role); // We only check superuser status for existing roles to avoid // caching info about roles which don't exist (CASSANDRA-9189) if (DatabaseDescriptor.getRoleManager().isExistingRole(role) && Roles.hasSuperuserStatus(role) && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can drop a role with superuser status"); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.DROP, role); // We only check superuser status for existing roles to avoid // caching info about roles which don't exist (CASSANDRA-9189) if (DatabaseDescriptor.getRoleManager().isExistingRole(role) && Roles.hasSuperuserStatus(role) && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can drop a role with superuser status"); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.DROP, role); // We only check superuser status for existing roles to avoid // caching info about roles which don't exist (CASSANDRA-9189) if (DatabaseDescriptor.getRoleManager().isExistingRole(role) && Roles.hasSuperuserStatus(role) && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can drop a role with superuser status"); }
public void checkAccess(ClientState state) throws UnauthorizedException { super.checkPermission(state, Permission.CREATE, RoleResource.root()); if (opts.getSuperuser().isPresent()) { if (opts.getSuperuser().get() && !state.getUser().isSuper()) throw new UnauthorizedException("Only superusers can create a role with superuser status"); } }