use of co.cask.cdap.proto.security.RevokeRequest in project cdap by caskdata.
the class AuthorizationHandler method revoke.
@Path("/privileges/revoke")
@POST
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void revoke(HttpRequest httpRequest, HttpResponder httpResponder) throws Exception {
ensureSecurityEnabled();
RevokeRequest request = parseBody(httpRequest, RevokeRequest.class);
verifyAuthRequest(request);
// enforce that the user revoking access has admin privileges on the entity
authorizationEnforcer.enforce(request.getEntity(), authenticationContext.getPrincipal(), Action.ADMIN);
if (request.getPrincipal() == null && request.getActions() == null) {
privilegesManager.revoke(request.getEntity());
} else {
Set<Action> actions = request.getActions() == null ? EnumSet.allOf(Action.class) : request.getActions();
privilegesManager.revoke(request.getEntity(), request.getPrincipal(), actions);
}
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, request, HttpResponseStatus.OK);
}
Aggregations