Example 1 with Privilege
use of io.crate.user.Privilege in project crate by crate.
the class PrivilegesMetadataUpgrader method apply.
@Override
public Map<String, Metadata.Custom> apply(Settings settings, Map<String, Metadata.Custom> customMetadata) {
UsersMetadata usersMetadata = (UsersMetadata) customMetadata.get(UsersMetadata.TYPE);
if (usersMetadata == null) {
return customMetadata;
}
List<String> users = usersMetadata.userNames();
if (users.size() == 0) {
return customMetadata;
}
UsersPrivilegesMetadata privilegesMetadata = (UsersPrivilegesMetadata) customMetadata.get(UsersPrivilegesMetadata.TYPE);
if (privilegesMetadata == null) {
privilegesMetadata = new UsersPrivilegesMetadata();
customMetadata.put(UsersPrivilegesMetadata.TYPE, privilegesMetadata);
}
for (String userName : usersMetadata.userNames()) {
Set<Privilege> userPrivileges = privilegesMetadata.getUserPrivileges(userName);
if (userPrivileges == null) {
userPrivileges = new HashSet<>();
privilegesMetadata.createPrivileges(userName, userPrivileges);
// add GRANT privileges for all available types on the CLUSTER class
for (Privilege.Type privilegeType : Privilege.Type.values()) {
userPrivileges.add(new Privilege(Privilege.State.GRANT, privilegeType, Privilege.Clazz.CLUSTER, null, CRATE_USER.name()));
}
}
}
return customMetadata;
}
Also used :
Privilege(io.crate.user.Privilege)
Example 2 with Privilege
use of io.crate.user.Privilege in project crate by crate.
the class UsersPrivilegesMetadata method maybeCopyAndReplaceTableIdents.
/**
* Returns a copy of the {@link UsersPrivilegesMetadata} including a copied list of privileges if at least one
* privilege was replaced. Otherwise returns the NULL to indicate that nothing was changed.
* Privileges of class {@link Privilege.Clazz#TABLE} whose idents are matching the given source ident are replaced
* by a copy where the ident is changed to the given target ident.
*/
@Nullable
public static UsersPrivilegesMetadata maybeCopyAndReplaceTableIdents(UsersPrivilegesMetadata oldMetadata, String sourceIdent, String targetIdent) {
boolean privilegesChanged = false;
Map<String, Set<Privilege>> userPrivileges = new HashMap<>(oldMetadata.usersPrivileges.size());
for (Map.Entry<String, Set<Privilege>> entry : oldMetadata.usersPrivileges.entrySet()) {
Set<Privilege> privileges = new HashSet<>(entry.getValue().size());
for (Privilege privilege : entry.getValue()) {
PrivilegeIdent privilegeIdent = privilege.ident();
if (privilegeIdent.clazz().equals(Privilege.Clazz.TABLE) == false) {
privileges.add(privilege);
continue;
}
String ident = privilegeIdent.ident();
assert ident != null : "ident must not be null for privilege class 'TABLE'";
if (ident.equals(sourceIdent)) {
privileges.add(new Privilege(privilege.state(), privilegeIdent.type(), privilegeIdent.clazz(), targetIdent, privilege.grantor()));
privilegesChanged = true;
} else {
privileges.add(privilege);
}
}
userPrivileges.put(entry.getKey(), privileges);
}
if (privilegesChanged) {
return new UsersPrivilegesMetadata(userPrivileges);
}
return null;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
EnumSet(java.util.EnumSet)
HashMap(java.util.HashMap)
Privilege(io.crate.user.Privilege)
PrivilegeIdent(io.crate.user.PrivilegeIdent)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Nullable(javax.annotation.Nullable)
Example 3 with Privilege
use of io.crate.user.Privilege in project crate by crate.
the class UsersPrivilegesMetadata method dropTableOrViewPrivileges.
public long dropTableOrViewPrivileges(String tableOrViewIdent) {
long affectedPrivileges = 0L;
for (Set<Privilege> privileges : usersPrivileges.values()) {
Iterator<Privilege> privilegeIterator = privileges.iterator();
while (privilegeIterator.hasNext()) {
Privilege privilege = privilegeIterator.next();
PrivilegeIdent privilegeIdent = privilege.ident();
Privilege.Clazz clazz = privilegeIdent.clazz();
if (clazz.equals(Privilege.Clazz.TABLE) == false && clazz.equals(Privilege.Clazz.VIEW) == false) {
continue;
}
String ident = privilegeIdent.ident();
assert ident != null : "ident must not be null for privilege class 'TABLE'";
if (ident.equals(tableOrViewIdent)) {
privilegeIterator.remove();
affectedPrivileges++;
}
}
}
return affectedPrivileges;
}
Also used :
Privilege(io.crate.user.Privilege)
PrivilegeIdent(io.crate.user.PrivilegeIdent)
Example 4 with Privilege
use of io.crate.user.Privilege in project crate by crate.
the class UsersPrivilegesMetadata method applyPrivilegesToUser.
private long applyPrivilegesToUser(String userName, Iterable<Privilege> newPrivileges) {
Set<Privilege> userPrivileges = usersPrivileges.get(userName);
// privileges set is expected, it must be created on user creation
assert userPrivileges != null : "privileges must not be null for user=" + userName;
long affectedCount = 0L;
for (Privilege newPrivilege : newPrivileges) {
Iterator<Privilege> iterator = userPrivileges.iterator();
boolean userHadPrivilegeOnSameObject = false;
while (iterator.hasNext()) {
Privilege userPrivilege = iterator.next();
PrivilegeIdent privilegeIdent = userPrivilege.ident();
if (privilegeIdent.equals(newPrivilege.ident())) {
userHadPrivilegeOnSameObject = true;
if (newPrivilege.state().equals(State.REVOKE)) {
iterator.remove();
affectedCount++;
break;
} else {
// we only want to process a new GRANT/DENY privilege if the user doesn't already have it
if (userPrivilege.equals(newPrivilege) == false) {
iterator.remove();
userPrivileges.add(newPrivilege);
affectedCount++;
}
break;
}
}
}
if (userHadPrivilegeOnSameObject == false && newPrivilege.state().equals(State.REVOKE) == false) {
// revoking a privilege that was not granted is a no-op
affectedCount++;
userPrivileges.add(newPrivilege);
}
}
return affectedCount;
}
Also used :
Privilege(io.crate.user.Privilege)
PrivilegeIdent(io.crate.user.PrivilegeIdent)
Example 5 with Privilege
use of io.crate.user.Privilege in project crate by crate.
the class UsersPrivilegesMetadata method toXContent.
@Override
public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
for (Map.Entry<String, Set<Privilege>> entry : usersPrivileges.entrySet()) {
builder.startArray(entry.getKey());
for (Privilege privilege : entry.getValue()) {
privilegeToXContent(privilege, builder);
}
builder.endArray();
}
return builder;
}Aggregations
Privilege (io.crate.user.Privilege)12
HashMap (java.util.HashMap)5
HashSet (java.util.HashSet)5
Set (java.util.Set)5
PrivilegeIdent (io.crate.user.PrivilegeIdent)4
EnumSet (java.util.EnumSet)4
Map (java.util.Map)4
Test (org.junit.Test)3
UserPrivileges (io.crate.user.UserPrivileges)2
DenyPrivilege (io.crate.sql.tree.DenyPrivilege)1
GrantPrivilege (io.crate.sql.tree.GrantPrivilege)1
RevokePrivilege (io.crate.sql.tree.RevokePrivilege)1
State (io.crate.user.Privilege.State)1
Nullable (javax.annotation.Nullable)1
ElasticsearchParseException (org.elasticsearch.ElasticsearchParseException)1
XContentParser (org.elasticsearch.common.xcontent.XContentParser)1
