Example 1 with RevokeRequest
use of co.cask.cdap.proto.security.RevokeRequest in project cdap by caskdata.
the class AuthorizationHandler method revoke.
@Path("/privileges/revoke")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
ensureSecurityEnabled();
RevokeRequest request = parseBody(httpRequest, RevokeRequest.class);
verifyAuthRequest(request);
// enforce that the user revoking access has admin privileges on the entity
authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
if (request.getPrincipal() == null && request.getActions() == null) {
privilegesManager.revoke(request.getEntity());
} else {
Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
privilegesManager.revoke(request.getEntity(), request.getPrincipal(), actions);
}
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Also used :
RevokeRequest(co.cask.cdap.proto.security.RevokeRequest)
Action(co.cask.cdap.proto.security.Action)
Path(javax.ws.rs.Path)
AuditPolicy(co.cask.cdap.common.security.AuditPolicy)
POST(javax.ws.rs.POST)
Aggregations
AuditPolicy (co.cask.cdap.common.security.AuditPolicy)1
Action (co.cask.cdap.proto.security.Action)1
RevokeRequest (co.cask.cdap.proto.security.RevokeRequest)1
POST (javax.ws.rs.POST)1
Path (javax.ws.rs.Path)1
