Examples with AclEntry - com.hortonworks.streamline.streams.security.catalog.AclEntry

Example 11 with AclEntry

use of com.hortonworks.streamline.streams.security.catalog.AclEntry in project streamline by hortonworks.

the class SecurityCatalogResource method shouldAllowAclAddOrUpdate.

private boolean shouldAllowAclAddOrUpdate(AclEntry aclEntry, SecurityContext securityContext) {
    if (SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN)) {
        return true;
    }
    User currentUser = getCurrentUser(securityContext);
    // check if the current user is the owner or can grant permission on the specific object
    EnumSet<Permission> remaining = aclEntry.getPermissions();
    Collection<AclEntry> userAcls = catalogService.listUserAcls(currentUser.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
    for (AclEntry userAcl : userAcls) {
        if (userAcl.isOwner()) {
            return true;
        } else if (userAcl.isGrant()) {
            remaining.removeAll(userAcl.getPermissions());
            if (remaining.isEmpty()) {
                return true;
            }
        }
    }
    // check if any roles that the current user belongs to is the owner or can grant
    Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
    for (Role role : currentUserRoles) {
        Collection<AclEntry> roleAcls = catalogService.listRoleAcls(role.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
        for (AclEntry roleAcl : roleAcls) {
            if (roleAcl.isOwner()) {
                return true;
            } else if (roleAcl.isGrant()) {
                remaining.removeAll(roleAcl.getPermissions());
                if (remaining.isEmpty()) {
                    return true;
                }
            }
        }
    }
    return false;
}

Also used : UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) Role(com.hortonworks.streamline.streams.security.catalog.Role) User(com.hortonworks.streamline.streams.security.catalog.User) Permission(com.hortonworks.streamline.streams.security.Permission) AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)

Aggregations

AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)11 Timed (com.codahale.metrics.annotation.Timed)5 User (com.hortonworks.streamline.streams.security.catalog.User)5 Path (javax.ws.rs.Path)5 Role (com.hortonworks.streamline.streams.security.catalog.Role)4 QueryParam (com.hortonworks.registries.common.QueryParam)3 Permission (com.hortonworks.streamline.streams.security.Permission)3 UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)3 StorableKey (com.hortonworks.registries.storage.StorableKey)2 DELETE (javax.ws.rs.DELETE)2 GET (javax.ws.rs.GET)2 POST (javax.ws.rs.POST)2 PUT (javax.ws.rs.PUT)2 Sets (com.google.common.collect.Sets)1 EntityNotFoundException (com.hortonworks.streamline.common.exception.service.exception.request.EntityNotFoundException)1 WebserviceAuthorizationException (com.hortonworks.streamline.common.exception.service.exception.request.WebserviceAuthorizationException)1 WSUtils (com.hortonworks.streamline.common.util.WSUtils)1 AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)1 AuthorizationException (com.hortonworks.streamline.streams.security.AuthorizationException)1 Roles (com.hortonworks.streamline.streams.security.Roles)1