Search in sources :

Example 1 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class RemotePrivilegesHandler method grant.

@POST
@Path("/grant")
public void grant(HttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    EntityId entityId = deserializeNext(arguments);
    Principal principal = deserializeNext(arguments);
    Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
    LOG.trace("Granting {} on {} to {}", actions, entityId, principal);
    privilegesManager.grant(entityId, principal, actions);
    LOG.info("Granted {} on {} to {} successfully", actions, entityId, principal);
    responder.sendStatus(HttpResponseStatus.OK);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) Action(co.cask.cdap.proto.security.Action) MethodArgument(co.cask.cdap.common.internal.remote.MethodArgument) Principal(co.cask.cdap.proto.security.Principal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 2 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class RemotePrivilegesHandler method revoke.

@POST
@Path("/revoke")
public void revoke(HttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    EntityId entityId = deserializeNext(arguments);
    Principal principal = deserializeNext(arguments);
    Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
    LOG.trace("Revoking {} on {} from {}", actions, entityId, principal);
    privilegesManager.revoke(entityId, principal, actions);
    LOG.info("Revoked {} on {} from {} successfully", actions, entityId, principal);
    responder.sendStatus(HttpResponseStatus.OK);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) Action(co.cask.cdap.proto.security.Action) MethodArgument(co.cask.cdap.common.internal.remote.MethodArgument) Principal(co.cask.cdap.proto.security.Principal) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 3 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class RemotePrivilegesHandler method revokeAll.

@POST
@Path("/revokeAll")
public void revokeAll(HttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    EntityId entityId = deserializeNext(arguments);
    LOG.trace("Revoking all actions on {}", entityId);
    privilegesManager.revoke(entityId);
    LOG.info("Revoked all actions on {} successfully", entityId);
    responder.sendStatus(HttpResponseStatus.OK);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) MethodArgument(co.cask.cdap.common.internal.remote.MethodArgument) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST)

Example 4 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class ApplicationLifecycleService method ensureAccess.

/**
   * Ensures that the logged-in user has a {@link Action privilege} on the specified dataset instance.
   *
   * @param appId the {@link ApplicationId} to check for privileges
   * @throws UnauthorizedException if the logged in user has no {@link Action privileges} on the specified dataset
   */
private void ensureAccess(ApplicationId appId) throws Exception {
    Principal principal = authenticationContext.getPrincipal();
    Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
    if (!filter.apply(appId)) {
        throw new UnauthorizedException(principal, appId);
    }
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException) Principal(co.cask.cdap.proto.security.Principal)

Example 5 with EntityId

use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.

the class ProgramLifecycleService method hasAccess.

private boolean hasAccess(ProgramId programId) throws Exception {
    Principal principal = authenticationContext.getPrincipal();
    Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
    return filter.apply(programId);
}
Also used : EntityId(co.cask.cdap.proto.id.EntityId) Principal(co.cask.cdap.proto.security.Principal)

Aggregations

EntityId (co.cask.cdap.proto.id.EntityId)62 Principal (co.cask.cdap.proto.security.Principal)21 EnumSet (java.util.EnumSet)18 HashSet (java.util.HashSet)18 Set (java.util.Set)18 PartitionedFileSet (co.cask.cdap.api.dataset.lib.PartitionedFileSet)17 ImmutableSet (com.google.common.collect.ImmutableSet)17 Test (org.junit.Test)17 Action (co.cask.cdap.proto.security.Action)14 UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)13 DatasetId (co.cask.cdap.proto.id.DatasetId)12 ProgramId (co.cask.cdap.proto.id.ProgramId)11 ApplicationManager (co.cask.cdap.test.ApplicationManager)11 ApplicationId (co.cask.cdap.proto.id.ApplicationId)10 StreamId (co.cask.cdap.proto.id.StreamId)9 NamespaceId (co.cask.cdap.proto.id.NamespaceId)8 PrivilegedAction (java.security.PrivilegedAction)8 KeyValueTable (co.cask.cdap.api.dataset.lib.KeyValueTable)7 NamespaceMeta (co.cask.cdap.proto.NamespaceMeta)7 Authorizer (co.cask.cdap.security.spi.authorization.Authorizer)7