Examples with Action co.cask.cdap.proto.security.Action used on opensource projects

Example 1 with Action

use of co.cask.cdap.proto.security.Action in project cdap by caskdata.

the class AuthorizationHandler method grant.

@Path("/privileges/grant")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void grant(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    GrantRequest request = parseBody(httpRequest, GrantRequest.class);
    verifyAuthRequest(request);
    Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
    // enforce that the user granting access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    privilegesManager.grant(request.getEntity(), request.getPrincipal(), actions);
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}

Example 2 with Action

use of co.cask.cdap.proto.security.Action in project cdap by caskdata.

the class AuthorizationHandler method revoke.

@Path("/privileges/revoke")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    RevokeRequest request = parseBody(httpRequest, RevokeRequest.class);
    verifyAuthRequest(request);
    // enforce that the user revoking access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    if (request.getPrincipal() == null && request.getActions() == null) {
        privilegesManager.revoke(request.getEntity());
    } else {
        Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
        privilegesManager.revoke(request.getEntity(), request.getPrincipal(), actions);
    }
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}

Example 3 with Action

use of co.cask.cdap.proto.security.Action in project cdap by caskdata.

the class RemotePrivilegesHandler method grant.

@POST
@Path("/grant")
public void grant(HttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    EntityId entityId = deserializeNext(arguments);
    Principal principal = deserializeNext(arguments);
    Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
    LOG.trace("Granting {} on {} to {}", actions, entityId, principal);
    privilegesManager.grant(entityId, principal, actions);
    LOG.info("Granted {} on {} to {} successfully", actions, entityId, principal);
    responder.sendStatus(HttpResponseStatus.OK);
}

Example 4 with Action

use of co.cask.cdap.proto.security.Action in project cdap by caskdata.

the class RemotePrivilegesHandler method revoke.

@POST
@Path("/revoke")
public void revoke(HttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    EntityId entityId = deserializeNext(arguments);
    Principal principal = deserializeNext(arguments);
    Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
    LOG.trace("Revoking {} on {} from {}", actions, entityId, principal);
    privilegesManager.revoke(entityId, principal, actions);
    LOG.info("Revoked {} on {} from {} successfully", actions, entityId, principal);
    responder.sendStatus(HttpResponseStatus.OK);
}

Example 5 with Action

use of co.cask.cdap.proto.security.Action in project cdap by caskdata.

the class ArtifactRepository method addArtifact.

/**
   * Inspects and builds plugin and application information for the given artifact, adding an additional set of
   * plugin classes to the plugins found through inspection. This method is used when all plugin classes
   * cannot be derived by inspecting the artifact but need to be explicitly set. This is true for 3rd party plugins
   * like jdbc drivers.
   *
   * @param artifactId the id of the artifact to inspect and store
   * @param artifactFile the artifact to inspect and store
   * @param parentArtifacts artifacts the given artifact extends.
   *                        If null, the given artifact does not extend another artifact
   * @param additionalPlugins the set of additional plugin classes to add to the plugins found through inspection.
   *                          If null, no additional plugin classes will be added
   * @throws IOException if there was an exception reading from the artifact store
   * @throws ArtifactRangeNotFoundException if none of the parent artifacts could be found
   * @throws UnauthorizedException if the user is not authorized to add an artifact in the specified namespace. To add
   *                               an artifact, a user must have {@link Action#WRITE} on the namespace in which
   *                               the artifact is being added. If authorization is successful, and
   *                               the artifact is added successfully, then the user gets all {@link Action privileges}
   *                               on the added artifact.
   */
public ArtifactDetail addArtifact(Id.Artifact artifactId, File artifactFile, @Nullable Set<ArtifactRange> parentArtifacts, @Nullable Set<PluginClass> additionalPlugins) throws Exception {
    // To add an artifact, a user must have write privileges on the namespace in which the artifact is being added
    // This method is used to add user app artifacts, so enforce authorization on the specified, non-system namespace
    Principal principal = authenticationContext.getPrincipal();
    NamespaceId namespace = artifactId.getNamespace().toEntityId();
    authorizationEnforcer.enforce(namespace, principal, Action.WRITE);
    ArtifactDetail artifactDetail = addArtifact(artifactId, artifactFile, parentArtifacts, additionalPlugins, Collections.<String, String>emptyMap());
    // artifact successfully added. now grant ALL permissions on the artifact to the current user
    privilegesManager.grant(artifactId.toEntityId(), principal, EnumSet.allOf(Action.class));
    return artifactDetail;
}