Example 21 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method shouldAllowAclAddOrUpdate.
private boolean shouldAllowAclAddOrUpdate(AclEntry aclEntry, SecurityContext securityContext) {
if (SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN)) {
return true;
}
User currentUser = getCurrentUser(securityContext);
// check if the current user is the owner or can grant permission on the specific object
EnumSet<Permission> remaining = aclEntry.getPermissions();
Collection<AclEntry> userAcls = catalogService.listUserAcls(currentUser.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
for (AclEntry userAcl : userAcls) {
if (userAcl.isOwner()) {
return true;
} else if (userAcl.isGrant()) {
remaining.removeAll(userAcl.getPermissions());
if (remaining.isEmpty()) {
return true;
}
}
}
// check if any roles that the current user belongs to is the owner or can grant
Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
for (Role role : currentUserRoles) {
Collection<AclEntry> roleAcls = catalogService.listRoleAcls(role.getId(), aclEntry.getObjectNamespace(), aclEntry.getObjectId());
for (AclEntry roleAcl : roleAcls) {
if (roleAcl.isOwner()) {
return true;
} else if (roleAcl.isGrant()) {
remaining.removeAll(roleAcl.getPermissions());
if (remaining.isEmpty()) {
return true;
}
}
}
}
return false;
}
Also used :
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
User(com.hortonworks.streamline.streams.security.catalog.User)
Permission(com.hortonworks.streamline.streams.security.Permission)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Example 22 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class TopologyEditorToolbarResource method getUserId.
private long getUserId(SecurityContext securityContext) {
Principal principal = securityContext.getUserPrincipal();
String principalName = principal != null ? SecurityUtil.getUserName(principal.getName()) : null;
String userName = principalName != null ? principalName : User.USER_ANONYMOUS;
User user = securityCatalogService.getUser(userName);
if (user != null && user.getId() != null) {
return user.getId();
}
throw new IllegalArgumentException("No such user: " + userName);
}Aggregations
User (com.hortonworks.streamline.streams.security.catalog.User)22
Role (com.hortonworks.streamline.streams.security.catalog.Role)10
AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)8
UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)7
Timed (com.codahale.metrics.annotation.Timed)6
QueryParam (com.hortonworks.registries.common.QueryParam)6
AuthorizationException (com.hortonworks.streamline.streams.security.AuthorizationException)6
Permission (com.hortonworks.streamline.streams.security.Permission)6
Path (javax.ws.rs.Path)6
AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)5
Roles (com.hortonworks.streamline.streams.security.Roles)4
SecurityUtil (com.hortonworks.streamline.streams.security.SecurityUtil)4
StreamlineAuthorizer (com.hortonworks.streamline.streams.security.StreamlineAuthorizer)4
Principal (java.security.Principal)4
EnumSet (java.util.EnumSet)4
Set (java.util.Set)4
Collectors (java.util.stream.Collectors)4
POST (javax.ws.rs.POST)4
Date (java.util.Date)3
DELETE (javax.ws.rs.DELETE)3
