public boolean apply(String s) { return resource.applicablePermissions().contains(Permission.valueOf(s)); } };
public boolean apply(String s) { return resource.applicablePermissions().contains(Permission.valueOf(s)); } };
public boolean apply(String s) { return resource.applicablePermissions().contains(Permission.valueOf(s)); } };
public final Permission permission() throws RecognitionException { Permission perm = null; Token p=null; try { // Parser.g:977:5: (p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE | K_DESCRIBE | K_EXECUTE ) ) // Parser.g:977:7: p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE | K_DESCRIBE | K_EXECUTE ) { p=input.LT(1); if ( input.LA(1)==K_ALTER||input.LA(1)==K_AUTHORIZE||input.LA(1)==K_CREATE||input.LA(1)==K_DESCRIBE||input.LA(1)==K_DROP||input.LA(1)==K_EXECUTE||input.LA(1)==K_MODIFY||input.LA(1)==K_SELECT ) { input.consume(); state.errorRecovery=false; } else { MismatchedSetException mse = new MismatchedSetException(null,input); throw mse; } perm = Permission.valueOf((p!=null?p.getText():null).toUpperCase()); } } catch (RecognitionException re) { reportError(re); recover(input,re); } finally { // do for sure before leaving } return perm; } // $ANTLR end "permission"
public final Permission permission() throws RecognitionException { Permission perm = null; Token p=null; try { // Parser.g:977:5: (p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE | K_DESCRIBE | K_EXECUTE ) ) // Parser.g:977:7: p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE | K_DESCRIBE | K_EXECUTE ) { p=input.LT(1); if ( input.LA(1)==K_ALTER||input.LA(1)==K_AUTHORIZE||input.LA(1)==K_CREATE||input.LA(1)==K_DESCRIBE||input.LA(1)==K_DROP||input.LA(1)==K_EXECUTE||input.LA(1)==K_MODIFY||input.LA(1)==K_SELECT ) { input.consume(); state.errorRecovery=false; } else { MismatchedSetException mse = new MismatchedSetException(null,input); throw mse; } perm = Permission.valueOf((p!=null?p.getText():null).toUpperCase()); } } catch (RecognitionException re) { reportError(re); recover(input,re); } finally { // do for sure before leaving } return perm; } // $ANTLR end "permission"
public final Permission permission() throws RecognitionException { Permission perm = null; Token p=null; try { // /tmp/tmp.qQwo4YQbPT/cassandra/src/java/org/apache/cassandra/cql3/Cql.g:746:5: (p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE ) ) // /tmp/tmp.qQwo4YQbPT/cassandra/src/java/org/apache/cassandra/cql3/Cql.g:746:7: p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE ) { p=input.LT(1); if ( input.LA(1)==K_ALTER||input.LA(1)==K_AUTHORIZE||input.LA(1)==K_CREATE||input.LA(1)==K_DROP||input.LA(1)==K_MODIFY||input.LA(1)==K_SELECT ) { input.consume(); state.errorRecovery=false; } else { MismatchedSetException mse = new MismatchedSetException(null,input); throw mse; } perm = Permission.valueOf((p!=null?p.getText():null).toUpperCase()); } } catch (RecognitionException re) { reportError(re); recover(input,re); } finally { // do for sure before leaving } return perm; } // $ANTLR end "permission"
public Set<PermissionDetails> list(AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of) throws RequestValidationException, RequestExecutionException { if (!performer.isSuper() && !performer.getName().equals(of)) throw new UnauthorizedException(String.format("You are not authorized to view %s's permissions", of == null ? "everyone" : of)); Set<PermissionDetails> details = new HashSet<PermissionDetails>(); for (UntypedResultSet.Row row : process(buildListQuery(resource, of))) { if (row.has(PERMISSIONS)) { for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) { Permission permission = Permission.valueOf(p); if (permissions.contains(permission)) details.add(new PermissionDetails(row.getString(USERNAME), DataResource.fromName(row.getString(RESOURCE)), permission)); } } } return details; }
private Set<PermissionDetails> listPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException { Set<PermissionDetails> details = new HashSet<>(); // If it exists, try the legacy user permissions table first. This is to handle the case // where the cluster is being upgraded and so is running with mixed versions of the perms table boolean useLegacyTable = Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) != null; String entityColumnName = useLegacyTable ? USERNAME : ROLE; for (UntypedResultSet.Row row : process(buildListQuery(resource, role, useLegacyTable))) { if (row.has(PERMISSIONS)) { for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) { Permission permission = Permission.valueOf(p); if (permissions.contains(permission)) details.add(new PermissionDetails(row.getString(entityColumnName), Resources.fromName(row.getString(RESOURCE)), permission)); } } } return details; }
private Set<PermissionDetails> listPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException { Set<PermissionDetails> details = new HashSet<>(); // If it exists, try the legacy user permissions table first. This is to handle the case // where the cluster is being upgraded and so is running with mixed versions of the perms table boolean useLegacyTable = Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) != null; String entityColumnName = useLegacyTable ? USERNAME : ROLE; for (UntypedResultSet.Row row : process(buildListQuery(resource, role, useLegacyTable))) { if (row.has(PERMISSIONS)) { for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) { Permission permission = Permission.valueOf(p); if (permissions.contains(permission)) details.add(new PermissionDetails(row.getString(entityColumnName), Resources.fromName(row.getString(RESOURCE)), permission)); } } } return details; }
private Set<PermissionDetails> listPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException { Set<PermissionDetails> details = new HashSet<>(); // If it exists, try the legacy user permissions table first. This is to handle the case // where the cluster is being upgraded and so is running with mixed versions of the perms table boolean useLegacyTable = Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) != null; String entityColumnName = useLegacyTable ? USERNAME : ROLE; for (UntypedResultSet.Row row : process(buildListQuery(resource, role, useLegacyTable))) { if (row.has(PERMISSIONS)) { for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) { Permission permission = Permission.valueOf(p); if (permissions.contains(permission)) details.add(new PermissionDetails(row.getString(entityColumnName), Resources.fromName(row.getString(RESOURCE)), permission)); } } } return details; }
public Set<Permission> authorize(AuthenticatedUser user, IResource resource) { if (user.isSuper()) return Permission.ALL; UntypedResultSet result; try { ResultMessage.Rows rows = authorizeStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(user.getName()), ByteBufferUtil.bytes(resource.getName())))); result = UntypedResultSet.create(rows.result); } catch (RequestValidationException e) { throw new AssertionError(e); // not supposed to happen } catch (RequestExecutionException e) { logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource); throw new RuntimeException(e); } if (result.isEmpty() || !result.one().has(PERMISSIONS)) return Permission.NONE; Set<Permission> permissions = EnumSet.noneOf(Permission.class); for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) permissions.add(Permission.valueOf(perm)); return permissions; }
private void addPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException, RequestValidationException { QueryOptions options = QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(role.getRoleName()), ByteBufferUtil.bytes(resource.getName()))); SelectStatement statement; // If it exists, read from the legacy user permissions table to handle the case where the cluster // is being upgraded and so is running with mixed versions of the authz schema if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) == null) statement = authorizeRoleStatement; else { // If the permissions table was initialised only after the statement got prepared, re-prepare (CASSANDRA-12813) if (legacyAuthorizeRoleStatement == null) legacyAuthorizeRoleStatement = prepare(USERNAME, USER_PERMISSIONS); statement = legacyAuthorizeRoleStatement; } ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), options, System.nanoTime()); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.isEmpty() && result.one().has(PERMISSIONS)) { for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) { permissions.add(Permission.valueOf(perm)); } } }
private void addPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException, RequestValidationException { QueryOptions options = QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(role.getRoleName()), ByteBufferUtil.bytes(resource.getName()))); SelectStatement statement; // If it exists, read from the legacy user permissions table to handle the case where the cluster // is being upgraded and so is running with mixed versions of the authz schema if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) == null) statement = authorizeRoleStatement; else { // If the permissions table was initialised only after the statement got prepared, re-prepare (CASSANDRA-12813) if (legacyAuthorizeRoleStatement == null) legacyAuthorizeRoleStatement = prepare(USERNAME, USER_PERMISSIONS); statement = legacyAuthorizeRoleStatement; } ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), options, System.nanoTime()); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.isEmpty() && result.one().has(PERMISSIONS)) { for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) { permissions.add(Permission.valueOf(perm)); } } }
private void addPermissionsForRole(Set<Permission> permissions, IResource resource, RoleResource role) throws RequestExecutionException, RequestValidationException { QueryOptions options = QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(ByteBufferUtil.bytes(role.getRoleName()), ByteBufferUtil.bytes(resource.getName()))); SelectStatement statement; // If it exists, read from the legacy user permissions table to handle the case where the cluster // is being upgraded and so is running with mixed versions of the authz schema if (Schema.instance.getCFMetaData(SchemaConstants.AUTH_KEYSPACE_NAME, USER_PERMISSIONS) == null) statement = authorizeRoleStatement; else { // If the permissions table was initialised only after the statement got prepared, re-prepare (CASSANDRA-12813) if (legacyAuthorizeRoleStatement == null) legacyAuthorizeRoleStatement = prepare(USERNAME, USER_PERMISSIONS); statement = legacyAuthorizeRoleStatement; } ResultMessage.Rows rows = statement.execute(QueryState.forInternalCalls(), options, System.nanoTime()); UntypedResultSet result = UntypedResultSet.create(rows.result); if (!result.isEmpty() && result.one().has(PERMISSIONS)) { for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance)) { permissions.add(Permission.valueOf(perm)); } } }
public final Permission permission() throws RecognitionException { Permission perm = null; Token p=null; try { // Parser.g:977:5: (p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE | K_DESCRIBE | K_EXECUTE ) ) // Parser.g:977:7: p= ( K_CREATE | K_ALTER | K_DROP | K_SELECT | K_MODIFY | K_AUTHORIZE | K_DESCRIBE | K_EXECUTE ) { p=input.LT(1); if ( input.LA(1)==K_ALTER||input.LA(1)==K_AUTHORIZE||input.LA(1)==K_CREATE||input.LA(1)==K_DESCRIBE||input.LA(1)==K_DROP||input.LA(1)==K_EXECUTE||input.LA(1)==K_MODIFY||input.LA(1)==K_SELECT ) { input.consume(); state.errorRecovery=false; } else { MismatchedSetException mse = new MismatchedSetException(null,input); throw mse; } perm = Permission.valueOf((p!=null?p.getText():null).toUpperCase()); } } catch (RecognitionException re) { reportError(re); recover(input,re); } finally { // do for sure before leaving } return perm; } // $ANTLR end "permission"