Search in sources :

Example 1 with PrivilegeIdent

use of io.crate.user.PrivilegeIdent in project crate by crate.

the class UsersPrivilegesMetadata method maybeCopyAndReplaceTableIdents.

/**
 * Returns a copy of the {@link UsersPrivilegesMetadata} including a copied list of privileges if at least one
 * privilege was replaced. Otherwise returns the NULL to indicate that nothing was changed.
 * Privileges of class {@link Privilege.Clazz#TABLE} whose idents are matching the given source ident are replaced
 * by a copy where the ident is changed to the given target ident.
 */
@Nullable
public static UsersPrivilegesMetadata maybeCopyAndReplaceTableIdents(UsersPrivilegesMetadata oldMetadata, String sourceIdent, String targetIdent) {
    boolean privilegesChanged = false;
    Map<String, Set<Privilege>> userPrivileges = new HashMap<>(oldMetadata.usersPrivileges.size());
    for (Map.Entry<String, Set<Privilege>> entry : oldMetadata.usersPrivileges.entrySet()) {
        Set<Privilege> privileges = new HashSet<>(entry.getValue().size());
        for (Privilege privilege : entry.getValue()) {
            PrivilegeIdent privilegeIdent = privilege.ident();
            if (privilegeIdent.clazz().equals(Privilege.Clazz.TABLE) == false) {
                privileges.add(privilege);
                continue;
            }
            String ident = privilegeIdent.ident();
            assert ident != null : "ident must not be null for privilege class 'TABLE'";
            if (ident.equals(sourceIdent)) {
                privileges.add(new Privilege(privilege.state(), privilegeIdent.type(), privilegeIdent.clazz(), targetIdent, privilege.grantor()));
                privilegesChanged = true;
            } else {
                privileges.add(privilege);
            }
        }
        userPrivileges.put(entry.getKey(), privileges);
    }
    if (privilegesChanged) {
        return new UsersPrivilegesMetadata(userPrivileges);
    }
    return null;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) EnumSet(java.util.EnumSet) HashMap(java.util.HashMap) Privilege(io.crate.user.Privilege) PrivilegeIdent(io.crate.user.PrivilegeIdent) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet) Nullable(javax.annotation.Nullable)

Example 2 with PrivilegeIdent

use of io.crate.user.PrivilegeIdent in project crate by crate.

the class UsersPrivilegesMetadata method dropTableOrViewPrivileges.

public long dropTableOrViewPrivileges(String tableOrViewIdent) {
    long affectedPrivileges = 0L;
    for (Set<Privilege> privileges : usersPrivileges.values()) {
        Iterator<Privilege> privilegeIterator = privileges.iterator();
        while (privilegeIterator.hasNext()) {
            Privilege privilege = privilegeIterator.next();
            PrivilegeIdent privilegeIdent = privilege.ident();
            Privilege.Clazz clazz = privilegeIdent.clazz();
            if (clazz.equals(Privilege.Clazz.TABLE) == false && clazz.equals(Privilege.Clazz.VIEW) == false) {
                continue;
            }
            String ident = privilegeIdent.ident();
            assert ident != null : "ident must not be null for privilege class 'TABLE'";
            if (ident.equals(tableOrViewIdent)) {
                privilegeIterator.remove();
                affectedPrivileges++;
            }
        }
    }
    return affectedPrivileges;
}
Also used : Privilege(io.crate.user.Privilege) PrivilegeIdent(io.crate.user.PrivilegeIdent)

Example 3 with PrivilegeIdent

use of io.crate.user.PrivilegeIdent in project crate by crate.

the class UsersPrivilegesMetadata method applyPrivilegesToUser.

private long applyPrivilegesToUser(String userName, Iterable<Privilege> newPrivileges) {
    Set<Privilege> userPrivileges = usersPrivileges.get(userName);
    // privileges set is expected, it must be created on user creation
    assert userPrivileges != null : "privileges must not be null for user=" + userName;
    long affectedCount = 0L;
    for (Privilege newPrivilege : newPrivileges) {
        Iterator<Privilege> iterator = userPrivileges.iterator();
        boolean userHadPrivilegeOnSameObject = false;
        while (iterator.hasNext()) {
            Privilege userPrivilege = iterator.next();
            PrivilegeIdent privilegeIdent = userPrivilege.ident();
            if (privilegeIdent.equals(newPrivilege.ident())) {
                userHadPrivilegeOnSameObject = true;
                if (newPrivilege.state().equals(State.REVOKE)) {
                    iterator.remove();
                    affectedCount++;
                    break;
                } else {
                    // we only want to process a new GRANT/DENY privilege if the user doesn't already have it
                    if (userPrivilege.equals(newPrivilege) == false) {
                        iterator.remove();
                        userPrivileges.add(newPrivilege);
                        affectedCount++;
                    }
                    break;
                }
            }
        }
        if (userHadPrivilegeOnSameObject == false && newPrivilege.state().equals(State.REVOKE) == false) {
            // revoking a privilege that was not granted is a no-op
            affectedCount++;
            userPrivileges.add(newPrivilege);
        }
    }
    return affectedCount;
}
Also used : Privilege(io.crate.user.Privilege) PrivilegeIdent(io.crate.user.PrivilegeIdent)

Example 4 with PrivilegeIdent

use of io.crate.user.PrivilegeIdent in project crate by crate.

the class UsersPrivilegesMetadata method swapPrivileges.

public static UsersPrivilegesMetadata swapPrivileges(UsersPrivilegesMetadata usersPrivileges, RelationName source, RelationName target) {
    HashMap<String, Set<Privilege>> privilegesByUser = new HashMap<>();
    for (Map.Entry<String, Set<Privilege>> userPrivileges : usersPrivileges.usersPrivileges.entrySet()) {
        String user = userPrivileges.getKey();
        Set<Privilege> privileges = userPrivileges.getValue();
        Set<Privilege> updatedPrivileges = new HashSet<>();
        for (Privilege privilege : privileges) {
            PrivilegeIdent ident = privilege.ident();
            if (ident.clazz() == Privilege.Clazz.TABLE) {
                if (source.fqn().equals(ident.ident())) {
                    updatedPrivileges.add(new Privilege(privilege.state(), ident.type(), ident.clazz(), target.fqn(), privilege.grantor()));
                } else if (target.fqn().equals(ident.ident())) {
                    updatedPrivileges.add(new Privilege(privilege.state(), ident.type(), ident.clazz(), source.fqn(), privilege.grantor()));
                } else {
                    updatedPrivileges.add(privilege);
                }
            } else {
                updatedPrivileges.add(privilege);
            }
        }
        privilegesByUser.put(user, updatedPrivileges);
    }
    return new UsersPrivilegesMetadata(privilegesByUser);
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) EnumSet(java.util.EnumSet) HashMap(java.util.HashMap) Privilege(io.crate.user.Privilege) PrivilegeIdent(io.crate.user.PrivilegeIdent) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

Privilege (io.crate.user.Privilege)4 PrivilegeIdent (io.crate.user.PrivilegeIdent)4 EnumSet (java.util.EnumSet)2 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 Map (java.util.Map)2 Set (java.util.Set)2 Nullable (javax.annotation.Nullable)1