use of com.thinkbiganalytics.metadata.modeshape.catalog.JcrDataSetSparkParameters in project kylo by Teradata.
the class JcrDataSourceAllowedActions method updateEntityAccess.
/**
* Enables the specified actions for the specified principal.
*
* @param principal the subject
* @param actions the allowed actions
*/
protected void updateEntityAccess(@Nonnull final Principal principal, @Nonnull final Collection<? extends Action> actions) {
Set<String> detailPrivs = new HashSet<>();
Set<String> summaryPrivs = new HashSet<>();
actions.forEach(action -> {
if (action.implies(DatasourceAccessControl.CHANGE_PERMS)) {
Collections.addAll(detailPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL);
Collections.addAll(summaryPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL);
} else if (action.implies(DatasourceAccessControl.EDIT_DETAILS) || action.implies(DatasourceAccessControl.EDIT_SUMMARY)) {
detailPrivs.add(Privilege.JCR_ALL);
summaryPrivs.add(Privilege.JCR_ALL);
} else if (action.implies(DatasourceAccessControl.ACCESS_DETAILS) || action.implies(DatasourceAccessControl.ACCESS_DATASOURCE)) {
detailPrivs.add(Privilege.JCR_READ);
summaryPrivs.add(Privilege.JCR_READ);
}
// TODO: Re-enable equivalent below after proper, catalog data source-specific roles and permissions are created.
// } else if (action.implies(DatasourceAccessControl.EDIT_DETAILS)) {
// detailPrivs.add(Privilege.JCR_ALL);
// } else if (action.implies(DatasourceAccessControl.EDIT_SUMMARY)) {
// summaryPrivs.add(Privilege.JCR_ALL);
// } else if (action.implies(DatasourceAccessControl.ACCESS_DETAILS)) {
// detailPrivs.add(Privilege.JCR_READ);
// } else if (action.implies(DatasourceAccessControl.ACCESS_DATASOURCE)) {
// summaryPrivs.add(Privilege.JCR_READ);
// }
});
JcrAccessControlUtil.setPermissions(this.dataSource.getNode(), principal, summaryPrivs);
JcrDataSetSparkParameters params = (JcrDataSetSparkParameters) this.dataSource.getSparkParameters();
JcrAccessControlUtil.setPermissions(params.getNode(), principal, detailPrivs);
// allow user to create datasource nodes under this connector
if (summaryPrivs.contains(Privilege.JCR_READ) || summaryPrivs.contains(Privilege.JCR_ALL)) {
JcrAccessControlUtil.setPermissions(this.dataSource.getDataSetsNode(), principal, Privilege.JCR_ALL);
} else {
JcrAccessControlUtil.removePermissions(this.dataSource.getDataSetsNode(), principal, Privilege.JCR_ALL);
}
// grant read to the datasource connector if the user has access to the datasource
if (summaryPrivs.contains(Privilege.JCR_READ)) {
dataSource.getConnector().getAllowedActions().enable(principal, ConnectorAccessControl.ACCESS_CONNECTOR);
}
}
Aggregations