Search in sources :

Example 1 with RevokeRequest

use of co.cask.cdap.proto.security.RevokeRequest in project cdap by caskdata.

the class AuthorizationHandler method revoke.

@Path("/privileges/revoke")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
    ensureSecurityEnabled();
    RevokeRequest request = parseBody(httpRequest, RevokeRequest.class);
    verifyAuthRequest(request);
    // enforce that the user revoking access has admin privileges on the entity
    authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
    if (request.getPrincipal() == null && request.getActions() == null) {
        privilegesManager.revoke(request.getEntity());
    } else {
        Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
        privilegesManager.revoke(request.getEntity(), request.getPrincipal(), actions);
    }
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Also used : RevokeRequest(co.cask.cdap.proto.security.RevokeRequest) Action(co.cask.cdap.proto.security.Action) Path(javax.ws.rs.Path) AuditPolicy(co.cask.cdap.common.security.AuditPolicy) POST(javax.ws.rs.POST)

Aggregations

AuditPolicy (co.cask.cdap.common.security.AuditPolicy)1 Action (co.cask.cdap.proto.security.Action)1 RevokeRequest (co.cask.cdap.proto.security.RevokeRequest)1 POST (javax.ws.rs.POST)1 Path (javax.ws.rs.Path)1