@Override public AuthorizationViolationException onViolation( String msg ) { return wrapping.onViolation( msg ); }
public void assertAllows( Function<AccessMode,Boolean> allows, String mode ) { AccessMode accessMode = securityContext().mode(); if ( !allows.apply( accessMode ) ) { throw accessMode.onViolation( format( "%s operations are not allowed for %s.", mode, securityContext().description() ) ); } }
public void assertCredentialsNotExpired() { if ( subject().getAuthenticationResult().equals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED ) ) { throw mode().onViolation( PERMISSION_DENIED ); } }
@Override public RawIterator<Object[],ProcedureException> procedureCallRead( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsReads() ) { throw accessMode.onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallWrite( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsWrites() ) { throw accessMode.onViolation( format( "Write operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.TOKEN_WRITE ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallSchema( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsSchemaWrites() ) { throw accessMode.onViolation( format( "Schema operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.FULL ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallWrite( QualifiedName name, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsWrites() ) { throw accessMode.onViolation( format( "Write operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.TOKEN_WRITE ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallRead( QualifiedName name, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsReads() ) { throw accessMode.onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static .READ ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallSchema( QualifiedName name, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsSchemaWrites() ) { throw accessMode.onViolation( format( "Schema operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.FULL ) ); }
@Override public AnyValue functionCall( int id, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public UserAggregator aggregationFunction( QualifiedName name ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( name, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public UserAggregator aggregationFunction( int id ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( id, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public AnyValue functionCall( QualifiedName name, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
public void assertAllows( Function<AccessMode,Boolean> allows, String mode ) { AccessMode accessMode = securityContext().mode(); if ( !allows.apply( accessMode ) ) { throw accessMode.onViolation( format( "%s operations are not allowed for %s.", mode, securityContext().description() ) ); } }
@Override public RawIterator<Object[],ProcedureException> procedureCallRead( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsReads() ) { throw accessMode.onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallWrite( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsWrites() ) { throw accessMode.onViolation( format( "Write operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.TOKEN_WRITE ) ); }
@Override public AnyValue functionCall( QualifiedName name, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public UserAggregator aggregationFunction( int id ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( id, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public AnyValue functionCall( int id, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public UserAggregator aggregationFunction( QualifiedName name ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( name, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }