Examples with RoleGrant com.facebook.presto.spi.security.RoleGrant used on opensource projects

Example 6 with RoleGrant

use of com.facebook.presto.spi.security.RoleGrant in project urban-eureka by errir503.

the class InformationSchemaPageSourceProvider method buildApplicableRoles.

private InternalTable buildApplicableRoles(Session session, String catalog) {
    InternalTable.Builder table = InternalTable.builder(informationSchemaTableColumns(TABLE_APPLICABLE_ROLES));
    for (RoleGrant grant : metadata.listApplicableRoles(session, new PrestoPrincipal(USER, session.getUser()), catalog)) {
        PrestoPrincipal grantee = grant.getGrantee();
        table.add(grantee.getName(), grantee.getType().toString(), grant.getRoleName(), grant.isGrantable() ? "YES" : "NO");
    }
    return table.build();
}

Example 7 with RoleGrant

use of com.facebook.presto.spi.security.RoleGrant in project urban-eureka by errir503.

the class FileHiveMetastore method listRoleGrants.

@Override
public synchronized Set<RoleGrant> listRoleGrants(MetastoreContext metastoreContext, PrestoPrincipal principal) {
    ImmutableSet.Builder<RoleGrant> result = ImmutableSet.builder();
    if (principal.getType() == USER) {
        result.add(new RoleGrant(principal, PUBLIC_ROLE_NAME, false));
        if (ADMIN_USERS.contains(principal.getName())) {
            result.add(new RoleGrant(principal, ADMIN_ROLE_NAME, true));
        }
    }
    result.addAll(listRoleGrantsSanitized(metastoreContext).stream().filter(grant -> grant.getGrantee().equals(principal)).collect(toSet()));
    return result.build();
}

Example 8 with RoleGrant

use of com.facebook.presto.spi.security.RoleGrant in project urban-eureka by errir503.

the class FileHiveMetastore method removeDuplicatedEntries.

private Set<RoleGrant> removeDuplicatedEntries(Set<RoleGrant> grants) {
    Map<RoleGranteeTuple, RoleGrant> map = new HashMap<>();
    for (RoleGrant grant : grants) {
        RoleGranteeTuple tuple = new RoleGranteeTuple(grant.getRoleName(), grant.getGrantee());
        map.merge(tuple, grant, (first, second) -> first.isGrantable() ? first : second);
    }
    return ImmutableSet.copyOf(map.values());
}

Example 9 with RoleGrant

use of com.facebook.presto.spi.security.RoleGrant in project urban-eureka by errir503.

the class ThriftMetastoreUtil method listEnabledRoles.

public static Stream<String> listEnabledRoles(ConnectorIdentity identity, Function<PrestoPrincipal, Set<RoleGrant>> listRoleGrants) {
    Optional<SelectedRole> role = identity.getRole();
    if (role.isPresent() && role.get().getType() == SelectedRole.Type.NONE) {
        return Stream.of(PUBLIC_ROLE_NAME);
    }
    PrestoPrincipal principal;
    if (!role.isPresent() || role.get().getType() == SelectedRole.Type.ALL) {
        principal = new PrestoPrincipal(USER, identity.getUser());
    } else {
        principal = new PrestoPrincipal(ROLE, role.get().getRole().get());
    }
    Stream<String> roles = Stream.of(PUBLIC_ROLE_NAME);
    if (principal.getType() == ROLE) {
        roles = Stream.concat(roles, Stream.of(principal.getName()));
    }
    return Stream.concat(roles, listApplicableRoles(principal, listRoleGrants).map(RoleGrant::getRoleName).filter(Predicate.isEqual(ADMIN_ROLE_NAME).negate()));
}

Example 10 with RoleGrant

use of com.facebook.presto.spi.security.RoleGrant in project urban-eureka by errir503.

the class SqlStandardAccessControl method hasAdminOptionForRoles.

private boolean hasAdminOptionForRoles(ConnectorTransactionHandle transaction, ConnectorIdentity identity, MetastoreContext metastoreContext, Set<String> roles) {
    if (isAdmin(transaction, identity, metastoreContext)) {
        return true;
    }
    SemiTransactionalHiveMetastore metastore = getMetastore(transaction);
    Set<String> rolesWithGrantOption = listApplicableRoles(new PrestoPrincipal(USER, identity.getUser()), (PrestoPrincipal p) -> metastore.listRoleGrants(metastoreContext, p)).filter(RoleGrant::isGrantable).map(RoleGrant::getRoleName).collect(toSet());
    return rolesWithGrantOption.containsAll(roles);
}