use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class DefaultAuthorizationEnforcerTest method testAuthFilter.
@Test
public void testAuthFilter() throws Exception {
try (AuthorizerInstantiator authorizerInstantiator = new AuthorizerInstantiator(CCONF, AUTH_CONTEXT_FACTORY)) {
Authorizer authorizer = authorizerInstantiator.get();
NamespaceId ns1 = new NamespaceId("ns1");
NamespaceId ns2 = new NamespaceId("ns2");
DatasetId ds11 = ns1.dataset("ds1");
DatasetId ds12 = ns1.dataset("ds2");
DatasetId ds21 = ns2.dataset("ds1");
DatasetId ds22 = ns2.dataset("ds2");
DatasetId ds23 = ns2.dataset("ds3");
Set<NamespaceId> namespaces = ImmutableSet.of(ns1, ns2);
authorizer.grant(ns1, ALICE, Collections.singleton(Action.WRITE));
authorizer.grant(ns2, ALICE, Collections.singleton(Action.ADMIN));
authorizer.grant(ds11, ALICE, Collections.singleton(Action.READ));
authorizer.grant(ds11, BOB, Collections.singleton(Action.ADMIN));
authorizer.grant(ds21, ALICE, Collections.singleton(Action.WRITE));
authorizer.grant(ds12, BOB, Collections.singleton(Action.WRITE));
authorizer.grant(ds12, BOB, EnumSet.allOf(Action.class));
authorizer.grant(ds21, ALICE, Collections.singleton(Action.WRITE));
authorizer.grant(ds23, ALICE, Collections.singleton(Action.ADMIN));
authorizer.grant(ds22, BOB, Collections.singleton(Action.ADMIN));
DefaultAuthorizationEnforcer authEnforcementService = new DefaultAuthorizationEnforcer(CCONF, authorizerInstantiator);
Predicate<EntityId> aliceFilter = authEnforcementService.createFilter(ALICE);
for (NamespaceId namespace : namespaces) {
Assert.assertTrue(aliceFilter.apply(namespace));
}
Predicate<EntityId> bobFilter = authEnforcementService.createFilter(BOB);
for (NamespaceId namespace : namespaces) {
Assert.assertFalse(bobFilter.apply(namespace));
}
for (DatasetId datasetId : ImmutableSet.of(ds11, ds21, ds23)) {
Assert.assertTrue(aliceFilter.apply(datasetId));
}
for (DatasetId datasetId : ImmutableSet.of(ds12, ds22)) {
Assert.assertTrue(aliceFilter.apply(datasetId));
}
for (DatasetId datasetId : ImmutableSet.of(ds11, ds12, ds22)) {
Assert.assertTrue(bobFilter.apply(datasetId));
}
for (DatasetId datasetId : ImmutableSet.of(ds21, ds23)) {
Assert.assertFalse(bobFilter.apply(datasetId));
}
}
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class AuthorizationHandler method verifyAuthRequest.
private void verifyAuthRequest(AuthorizationRequest request) throws BadRequestException, NotFoundException {
if (request == null) {
throw new BadRequestException("Missing request body");
}
EntityId entity = request.getEntity();
entityExistenceVerifier.ensureExists(entity);
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class ArtifactRepository method getArtifactDetails.
/**
* Get all artifact details that match artifacts in the given ranges.
*
* @param range the range to match artifacts in
* @param limit the limit number of the result
* @param order the order of the result
* @return an unmodifiable list of all artifacts that match the given ranges. If none exist, an empty list is returned
*/
public List<ArtifactDetail> getArtifactDetails(final ArtifactRange range, int limit, ArtifactSortOrder order) throws Exception {
List<ArtifactDetail> artifacts = artifactStore.getArtifacts(range, limit, order);
// No authorization for system artifacts
if (NamespaceId.SYSTEM.getNamespace().equals(range.getNamespace())) {
return artifacts;
}
Principal principal = authenticationContext.getPrincipal();
final Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
return Lists.newArrayList(Iterables.filter(artifacts, new com.google.common.base.Predicate<ArtifactDetail>() {
@Override
public boolean apply(ArtifactDetail artifactDetail) {
ArtifactId artifactId = artifactDetail.getDescriptor().getArtifactId();
return filter.apply(new NamespaceId(range.getNamespace()).artifact(artifactId.getName(), artifactId.getVersion().getVersion()));
}
}));
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class DatasetInstanceService method ensureAccess.
/**
* Ensures that the logged-in user has a {@link Action privilege} on the specified dataset instance.
*
* @param datasetId the {@link DatasetId} to check for privileges
* @throws UnauthorizedException if the logged in user has no {@link Action privileges} on the specified dataset
*/
private void ensureAccess(DatasetId datasetId) throws Exception {
Principal principal = authenticationContext.getPrincipal();
Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
if (!filter.apply(datasetId)) {
throw new UnauthorizedException(principal, datasetId);
}
}
use of co.cask.cdap.proto.id.EntityId in project cdap by caskdata.
the class RemoveMetadataCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
EntityId entity = EntityId.fromString(arguments.get(ArgumentName.ENTITY.toString()));
client.removeMetadata(entity);
output.println("Successfully removed metadata");
}
Aggregations