Examples with Role com.hortonworks.streamline.streams.security.catalog.Role used on opensource projects

Example 16 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogResource method shouldAllowAclAddOrUpdate.

private boolean shouldAllowAclAddOrUpdate(AclEntry aclEntry, SecurityContext securityContext) {
    if (SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN)) {
        return true;
    }
    User currentUser = getCurrentUser(securityContext);
    // check if the current user is the owner or can grant permission on the specific object
    EnumSet<Permission> remaining = aclEntry.getPermissions();
    Collection<AclEntry> userAcls = catalogService.listUserAcls(currentUser.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
    for (AclEntry userAcl : userAcls) {
        if (userAcl.isOwner()) {
            return true;
        } else if (userAcl.isGrant()) {
            remaining.removeAll(userAcl.getPermissions());
            if (remaining.isEmpty()) {
                return true;
            }
        }
    }
    // check if any roles that the current user belongs to is the owner or can grant
    Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
    for (Role role : currentUserRoles) {
        Collection<AclEntry> roleAcls = catalogService.listRoleAcls(role.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
        for (AclEntry roleAcl : roleAcls) {
            if (roleAcl.isOwner()) {
                return true;
            } else if (roleAcl.isGrant()) {
                remaining.removeAll(roleAcl.getPermissions());
                if (remaining.isEmpty()) {
                    return true;
                }
            }
        }
    }
    return false;
}

Example 17 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogResource method addChildRole.

@POST
@Path("/roles/{parentRoleName}/children/{childRoleName}")
@Timed
public Response addChildRole(@PathParam("parentRoleName") String parentRoleName, @PathParam("childRoleName") String childRoleName, @Context SecurityContext securityContext) throws Exception {
    SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
    if (childRoleName.equals(parentRoleName)) {
        throw new IllegalArgumentException("Child role is same as parent role");
    }
    Long parentId = getIdFromRoleName(parentRoleName);
    Long childId = getIdFromRoleName(childRoleName);
    Role childRole = catalogService.getRole(childId);
    if (childRole != null) {
        RoleHierarchy roleHierarchy = catalogService.addChildRole(parentId, childId);
        return WSUtils.respondEntity(roleHierarchy, OK);
    }
    throw EntityNotFoundException.byId(childId.toString());
}