use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class RemotePrivilegesHandler method grant.
@POST
@Path("/grant")
public void grant(HttpRequest request, HttpResponder responder) throws Exception {
Iterator<MethodArgument> arguments = parseArguments(request);
EntityId entityId = deserializeNext(arguments);
Principal principal = deserializeNext(arguments);
Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
LOG.trace("Granting {} on {} to {}", actions, entityId, principal);
privilegesManager.grant(entityId, principal, actions);
LOG.info("Granted {} on {} to {} successfully", actions, entityId, principal);
responder.sendStatus(HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class RemotePrivilegesHandler method revoke.
@POST
@Path("/revoke")
public void revoke(HttpRequest request, HttpResponder responder) throws Exception {
Iterator<MethodArgument> arguments = parseArguments(request);
EntityId entityId = deserializeNext(arguments);
Principal principal = deserializeNext(arguments);
Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
LOG.trace("Revoking {} on {} from {}", actions, entityId, principal);
privilegesManager.revoke(entityId, principal, actions);
LOG.info("Revoked {} on {} from {} successfully", actions, entityId, principal);
responder.sendStatus(HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class RemotePrivilegesHandler method revokeAll.
@POST
@Path("/revokeAll")
public void revokeAll(HttpRequest request, HttpResponder responder) throws Exception {
Iterator<MethodArgument> arguments = parseArguments(request);
EntityId entityId = deserializeNext(arguments);
LOG.trace("Revoking all actions on {}", entityId);
privilegesManager.revoke(entityId);
LOG.info("Revoked all actions on {} successfully", entityId);
responder.sendStatus(HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class ApplicationLifecycleService method ensureAccess.
/**
* Ensures that the logged-in user has a {@link Action privilege} on the specified dataset instance.
*
* @param appId the {@link ApplicationId} to check for privileges
* @throws UnauthorizedException if the logged in user has no {@link Action privileges} on the specified dataset
*/
private void ensureAccess(ApplicationId appId) throws Exception {
Principal principal = authenticationContext.getPrincipal();
Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
if (!filter.apply(appId)) {
throw new UnauthorizedException(principal, appId);
}
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class ProgramLifecycleService method hasAccess.
private boolean hasAccess(ProgramId programId) throws Exception {
Principal principal = authenticationContext.getPrincipal();
Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
return filter.apply(programId);
}
Aggregations