public void assertAllows( Function<AccessMode,Boolean> allows, String mode ) { AccessMode accessMode = securityContext().mode(); if ( !allows.apply( accessMode ) ) { throw accessMode.onViolation( format( "%s operations are not allowed for %s.", mode, securityContext().description() ) ); } }
@Test public void shouldMakeNiceDescription() { assertThat( context.description(), equalTo( "user 'johan' with FULL" ) ); }
@Test public void shouldMakeNiceDescriptionAuthDisabled() { SecurityContext disabled = SecurityContext.AUTH_DISABLED; assertThat( disabled.description(), equalTo( "AUTH_DISABLED with FULL" ) ); }
@Test public void shouldMakeNiceDescriptionWithMode() { SecurityContext modified = context.withMode( AccessMode.Static.WRITE ); assertThat( modified.description(), equalTo( "user 'johan' with WRITE" ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallRead( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsReads() ) { throw accessMode.onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallSchema( QualifiedName name, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsSchemaWrites() ) { throw accessMode.onViolation( format( "Schema operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.FULL ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallWrite( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsWrites() ) { throw accessMode.onViolation( format( "Write operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.TOKEN_WRITE ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallSchema( int id, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsSchemaWrites() ) { throw accessMode.onViolation( format( "Schema operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.FULL ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallWrite( QualifiedName name, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsWrites() ) { throw accessMode.onViolation( format( "Write operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.TOKEN_WRITE ) ); }
@Override public RawIterator<Object[],ProcedureException> procedureCallRead( QualifiedName name, Object[] arguments ) throws ProcedureException { AccessMode accessMode = ktx.securityContext().mode(); if ( !accessMode.allowsReads() ) { throw accessMode.onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callProcedure( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static .READ ) ); }
@Override public AnyValue functionCall( QualifiedName name, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public UserAggregator aggregationFunction( int id ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( id, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public AnyValue functionCall( int id, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( id, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public UserAggregator aggregationFunction( QualifiedName name ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( name, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Test public void shouldMakeNiceDescriptionOverridden() { SecurityContext overridden = context.withMode( new OverriddenAccessMode( context.mode(), AccessMode.Static.READ ) ); assertThat( overridden.description(), equalTo( "user 'johan' with FULL overridden by READ" ) ); }
@Test public void shouldMakeNiceDescriptionAuthDisabledAndRestricted() { SecurityContext disabled = SecurityContext.AUTH_DISABLED; SecurityContext restricted = disabled.withMode( new RestrictedAccessMode( disabled.mode(), AccessMode.Static.READ ) ); assertThat( restricted.description(), equalTo( "AUTH_DISABLED with FULL restricted to READ" ) ); }
@Test public void shouldMakeNiceDescriptionRestricted() { SecurityContext restricted = context.withMode( new RestrictedAccessMode( context.mode(), AccessMode.Static.READ ) ); assertThat( restricted.description(), equalTo( "user 'johan' with FULL restricted to READ" ) ); }
public void assertAllows( Function<AccessMode,Boolean> allows, String mode ) { AccessMode accessMode = securityContext().mode(); if ( !allows.apply( accessMode ) ) { throw accessMode.onViolation( format( "%s operations are not allowed for %s.", mode, securityContext().description() ) ); } }
@Override public UserAggregator aggregationFunction( int id ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return aggregationFunction( id, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }
@Override public AnyValue functionCall( QualifiedName name, AnyValue[] arguments ) throws ProcedureException { if ( !ktx.securityContext().mode().allowsReads() ) { throw ktx.securityContext().mode().onViolation( format( "Read operations are not allowed for %s.", ktx.securityContext().description() ) ); } return callFunction( name, arguments, new RestrictedAccessMode( ktx.securityContext().mode(), AccessMode.Static.READ ) ); }