public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public void ensureHasPermission(Permission perm, IResource resource) throws UnauthorizedException { if (!DatabaseDescriptor.getAuthorizer().requireAuthorization()) return; // Access to built in functions is unrestricted if(resource instanceof FunctionResource && resource.hasParent()) if (((FunctionResource)resource).getKeyspace().equals(SchemaConstants.SYSTEM_KEYSPACE_NAME)) return; checkPermissionOnResourceChain(perm, resource); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName())); // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. // called both here and in checkAccess(), as in some cases we do not call the latter. resource = maybeCorrectResource(resource, state); // altering permissions on builtin functions is not supported if (resource instanceof FunctionResource && SchemaConstants.SYSTEM_KEYSPACE_NAME.equals(((FunctionResource)resource).getKeyspace())) { throw new InvalidRequestException("Altering permissions on builtin functions is not supported"); } if (!resource.exists()) throw new InvalidRequestException(String.format("Resource %s doesn't exist", resource)); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName())); // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. // called both here and in checkAccess(), as in some cases we do not call the latter. resource = maybeCorrectResource(resource, state); // altering permissions on builtin functions is not supported if (resource instanceof FunctionResource && SchemaConstants.SYSTEM_KEYSPACE_NAME.equals(((FunctionResource)resource).getKeyspace())) { throw new InvalidRequestException("Altering permissions on builtin functions is not supported"); } if (!resource.exists()) throw new InvalidRequestException(String.format("Resource %s doesn't exist", resource)); }
public void validate(ClientState state) throws RequestValidationException { // validate login here before checkAccess to avoid leaking user existence to anonymous users. state.ensureNotAnonymous(); if (!DatabaseDescriptor.getRoleManager().isExistingRole(grantee)) throw new InvalidRequestException(String.format("Role %s doesn't exist", grantee.getRoleName())); // if a keyspace is omitted when GRANT/REVOKE ON TABLE <table>, we need to correct the resource. // called both here and in checkAccess(), as in some cases we do not call the latter. resource = maybeCorrectResource(resource, state); // altering permissions on builtin functions is not supported if (resource instanceof FunctionResource && SchemaConstants.SYSTEM_KEYSPACE_NAME.equals(((FunctionResource)resource).getKeyspace())) { throw new InvalidRequestException("Altering permissions on builtin functions is not supported"); } if (!resource.exists()) throw new InvalidRequestException(String.format("Resource %s doesn't exist", resource)); }