use of co.cask.cdap.proto.security.Role in project cdap by caskdata.
the class AuthorizationHandler method dropRole.
@Path("/roles/{role-name}")
@DELETE
public void dropRole(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("role-name") String roleName) throws Exception {
ensureSecurityEnabled();
authorizer.dropRole(new Role(roleName));
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.security.Role in project cdap by caskdata.
the class AuthorizationHandler method removeRoleFromPrincipal.
@Path("/{principal-type}/{principal-name}/roles/{role-name}")
@DELETE
public void removeRoleFromPrincipal(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName, @PathParam("role-name") String roleName) throws Exception {
ensureSecurityEnabled();
Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
authorizer.removeRoleFromPrincipal(new Role(roleName), principal);
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.security.Role in project cdap by caskdata.
the class RemoveRoleFromPrincipalCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
String roleName = arguments.get("role-name");
String principalType = arguments.get("principal-type");
String principalName = arguments.get("principal-name");
client.removeRoleFromPrincipal(new Role(roleName), new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())));
output.printf("Successfully removed role '%s' from %s '%s'\n", roleName, principalType, principalName);
}
use of co.cask.cdap.proto.security.Role in project cdap by caskdata.
the class DropRoleCommand method perform.
@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
String roleName = arguments.get("role-name");
client.dropRole(new Role(roleName));
output.printf("Successfully dropped role '%s'\n", roleName);
}
use of co.cask.cdap.proto.security.Role in project cdap by caskdata.
the class InMemoryAuthorizer method enforce.
@Override
public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException {
// super users do not have any enforcement
if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) {
return;
}
// actions allowed for this principal
Set<Action> allowed = getActions(entity, principal);
if (allowed.containsAll(actions)) {
return;
}
Set<Action> allowedForRoles = new HashSet<>();
// actions allowed for any of the roles to which this principal belongs if its not a role
if (principal.getType() != Principal.PrincipalType.ROLE) {
for (Role role : getRoles(principal)) {
allowedForRoles.addAll(getActions(entity, role));
}
}
if (!allowedForRoles.containsAll(actions)) {
throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity);
}
}
Aggregations