/** * Whether a cache pool can be accessed by the current context * * @param pool CachePool being accessed * @param access type of action being performed on the cache pool * @throws AccessControlException if pool cannot be accessed */ public void checkPermission(CachePool pool, FsAction access) throws AccessControlException { FsPermission mode = pool.getMode(); if (isSuperUser()) { return; } if (getUser().equals(pool.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (isMemberOfGroup(pool.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (!getUser().equals(pool.getOwnerName()) && !isMemberOfGroup(pool.getGroupName()) && mode.getOtherAction().implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool.getPoolName() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); }
/** * Use ABFS authorizer to check if user is authorized to perform specific * {@link FsAction} on specified {@link Path}s. * * @param action The {@link FsAction} being requested on the provided {@link Path}s. * @param paths The absolute paths of the storage being accessed. * @throws AbfsAuthorizationException on authorization failure. * @throws IOException network problems or similar. * @throws IllegalArgumentException if the required parameters are not provided. */ private void performAbfsAuthCheck(FsAction action, Path... paths) throws AbfsAuthorizationException, IOException { if (authorizer == null) { LOG.debug("ABFS authorizer is not initialized. No authorization check will be performed."); } else { Preconditions.checkArgument(paths.length > 0, "no paths supplied for authorization check"); LOG.debug("Auth check for action: {} on paths: {}", action.toString(), Arrays.toString(paths)); if (!authorizer.isAuthorized(action, paths)) { throw new AbfsAuthorizationException( "User is not authorized for action " + action.toString() + " on paths: " + Arrays.toString(paths)); } } } }
/** * Whether a cache pool can be accessed by the current context * * @param pool CachePool being accessed * @param access type of action being performed on the cache pool * @throws AccessControlException if pool cannot be accessed */ public void checkPermission(CachePool pool, FsAction access) throws AccessControlException { FsPermission mode = pool.getMode(); if (isSuperUser()) { return; } if (getUser().equals(pool.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (getGroups().contains(pool.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (mode.getOtherAction().implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool.getPoolName() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); } }
/** * Whether a cache pool can be accessed by the current context * * @param pool CachePool being accessed * @param access type of action being performed on the cache pool * @throws AccessControlException if pool cannot be accessed */ public void checkPermission(CachePool pool, FsAction access) throws AccessControlException { FsPermission mode = pool.getMode(); if (isSuperUser()) { return; } if (getUser().equals(pool.getOwnerName()) && mode.getUserAction().implies(access)) { return; } if (isMemberOfGroup(pool.getGroupName()) && mode.getGroupAction().implies(access)) { return; } if (mode.getOtherAction().implies(access)) { return; } throw new AccessControlException("Permission denied while accessing pool " + pool.getPoolName() + ": user " + getUser() + " does not have " + access.toString() + " permissions."); } }