public Set<Permission> load(Pair<AuthenticatedUser, IResource> userResource) { return authorizer.authorize(userResource.left, userResource.right); }
public Set<Permission> getPermissions(AuthenticatedUser user, IResource resource) { if (cache == null) return authorizer.authorize(user, resource); try { return cache.get(Pair.create(user, resource)); } catch (ExecutionException e) { throw new RuntimeException(e); } }
public PermissionsCache(IAuthorizer authorizer) { super("PermissionsCache", DatabaseDescriptor::setPermissionsValidity, DatabaseDescriptor::getPermissionsValidity, DatabaseDescriptor::setPermissionsUpdateInterval, DatabaseDescriptor::getPermissionsUpdateInterval, DatabaseDescriptor::setPermissionsCacheMaxEntries, DatabaseDescriptor::getPermissionsCacheMaxEntries, (p) -> authorizer.authorize(p.left, p.right), () -> DatabaseDescriptor.getAuthorizer().requireAuthorization()); }
public PermissionsCache(IAuthorizer authorizer) { super("PermissionsCache", DatabaseDescriptor::setPermissionsValidity, DatabaseDescriptor::getPermissionsValidity, DatabaseDescriptor::setPermissionsUpdateInterval, DatabaseDescriptor::getPermissionsUpdateInterval, DatabaseDescriptor::setPermissionsCacheMaxEntries, DatabaseDescriptor::getPermissionsCacheMaxEntries, (p) -> authorizer.authorize(p.left, p.right), () -> DatabaseDescriptor.getAuthorizer().requireAuthorization()); }
public PermissionsCache(IAuthorizer authorizer) { super("PermissionsCache", DatabaseDescriptor::setPermissionsValidity, DatabaseDescriptor::getPermissionsValidity, DatabaseDescriptor::setPermissionsUpdateInterval, DatabaseDescriptor::getPermissionsUpdateInterval, DatabaseDescriptor::setPermissionsCacheMaxEntries, DatabaseDescriptor::getPermissionsCacheMaxEntries, (p) -> authorizer.authorize(p.left, p.right), () -> DatabaseDescriptor.getAuthorizer().requireAuthorization()); }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // If the executing user has DESCRIBE permission on the root roles resource, let them list any and all roles boolean hasRootLevelSelect = DatabaseDescriptor.getAuthorizer() .authorize(state.getUser(), RoleResource.root()) .contains(Permission.DESCRIBE); if (hasRootLevelSelect) { if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); else return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); } else { RoleResource currentUser = RoleResource.role(state.getUser().getName()); if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(currentUser, recursive)); if (DatabaseDescriptor.getRoleManager().getRoles(currentUser, true).contains(grantee)) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); else throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee.getRoleName())); } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // If the executing user has DESCRIBE permission on the root roles resource, let them list any and all roles boolean hasRootLevelSelect = DatabaseDescriptor.getAuthorizer() .authorize(state.getUser(), RoleResource.root()) .contains(Permission.DESCRIBE); if (hasRootLevelSelect) { if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); else return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); } else { RoleResource currentUser = RoleResource.role(state.getUser().getName()); if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(currentUser, recursive)); if (DatabaseDescriptor.getRoleManager().getRoles(currentUser, true).contains(grantee)) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); else throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee.getRoleName())); } }
public ResultMessage execute(ClientState state) throws RequestValidationException, RequestExecutionException { // If the executing user has DESCRIBE permission on the root roles resource, let them list any and all roles boolean hasRootLevelSelect = DatabaseDescriptor.getAuthorizer() .authorize(state.getUser(), RoleResource.root()) .contains(Permission.DESCRIBE); if (hasRootLevelSelect) { if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getAllRoles()); else return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); } else { RoleResource currentUser = RoleResource.role(state.getUser().getName()); if (grantee == null) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(currentUser, recursive)); if (DatabaseDescriptor.getRoleManager().getRoles(currentUser, true).contains(grantee)) return resultMessage(DatabaseDescriptor.getRoleManager().getRoles(grantee, recursive)); else throw new UnauthorizedException(String.format("You are not authorized to view roles granted to %s ", grantee.getRoleName())); } }