Example 1 with PrivilegeIdent
use of io.crate.user.PrivilegeIdent in project crate by crate.
the class UsersPrivilegesMetadata method maybeCopyAndReplaceTableIdents.
/**
* Returns a copy of the {@link UsersPrivilegesMetadata} including a copied list of privileges if at least one
* privilege was replaced. Otherwise returns the NULL to indicate that nothing was changed.
* Privileges of class {@link Privilege.Clazz#TABLE} whose idents are matching the given source ident are replaced
* by a copy where the ident is changed to the given target ident.
*/
@Nullable
public static UsersPrivilegesMetadata maybeCopyAndReplaceTableIdents(UsersPrivilegesMetadata oldMetadata, String sourceIdent, String targetIdent) {
boolean privilegesChanged = false;
Map<String, Set<Privilege>> userPrivileges = new HashMap<>(oldMetadata.usersPrivileges.size());
for (Map.Entry<String, Set<Privilege>> entry : oldMetadata.usersPrivileges.entrySet()) {
Set<Privilege> privileges = new HashSet<>(entry.getValue().size());
for (Privilege privilege : entry.getValue()) {
PrivilegeIdent privilegeIdent = privilege.ident();
if (privilegeIdent.clazz().equals(Privilege.Clazz.TABLE) == false) {
privileges.add(privilege);
continue;
}
String ident = privilegeIdent.ident();
assert ident != null : "ident must not be null for privilege class 'TABLE'";
if (ident.equals(sourceIdent)) {
privileges.add(new Privilege(privilege.state(), privilegeIdent.type(), privilegeIdent.clazz(), targetIdent, privilege.grantor()));
privilegesChanged = true;
} else {
privileges.add(privilege);
}
}
userPrivileges.put(entry.getKey(), privileges);
}
if (privilegesChanged) {
return new UsersPrivilegesMetadata(userPrivileges);
}
return null;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
EnumSet(java.util.EnumSet)
HashMap(java.util.HashMap)
Privilege(io.crate.user.Privilege)
PrivilegeIdent(io.crate.user.PrivilegeIdent)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Nullable(javax.annotation.Nullable)
Example 2 with PrivilegeIdent
use of io.crate.user.PrivilegeIdent in project crate by crate.
the class UsersPrivilegesMetadata method dropTableOrViewPrivileges.
public long dropTableOrViewPrivileges(String tableOrViewIdent) {
long affectedPrivileges = 0L;
for (Set<Privilege> privileges : usersPrivileges.values()) {
Iterator<Privilege> privilegeIterator = privileges.iterator();
while (privilegeIterator.hasNext()) {
Privilege privilege = privilegeIterator.next();
PrivilegeIdent privilegeIdent = privilege.ident();
Privilege.Clazz clazz = privilegeIdent.clazz();
if (clazz.equals(Privilege.Clazz.TABLE) == false && clazz.equals(Privilege.Clazz.VIEW) == false) {
continue;
}
String ident = privilegeIdent.ident();
assert ident != null : "ident must not be null for privilege class 'TABLE'";
if (ident.equals(tableOrViewIdent)) {
privilegeIterator.remove();
affectedPrivileges++;
}
}
}
return affectedPrivileges;
}
Also used :
Privilege(io.crate.user.Privilege)
PrivilegeIdent(io.crate.user.PrivilegeIdent)
Example 3 with PrivilegeIdent
use of io.crate.user.PrivilegeIdent in project crate by crate.
the class UsersPrivilegesMetadata method applyPrivilegesToUser.
private long applyPrivilegesToUser(String userName, Iterable<Privilege> newPrivileges) {
Set<Privilege> userPrivileges = usersPrivileges.get(userName);
// privileges set is expected, it must be created on user creation
assert userPrivileges != null : "privileges must not be null for user=" + userName;
long affectedCount = 0L;
for (Privilege newPrivilege : newPrivileges) {
Iterator<Privilege> iterator = userPrivileges.iterator();
boolean userHadPrivilegeOnSameObject = false;
while (iterator.hasNext()) {
Privilege userPrivilege = iterator.next();
PrivilegeIdent privilegeIdent = userPrivilege.ident();
if (privilegeIdent.equals(newPrivilege.ident())) {
userHadPrivilegeOnSameObject = true;
if (newPrivilege.state().equals(State.REVOKE)) {
iterator.remove();
affectedCount++;
break;
} else {
// we only want to process a new GRANT/DENY privilege if the user doesn't already have it
if (userPrivilege.equals(newPrivilege) == false) {
iterator.remove();
userPrivileges.add(newPrivilege);
affectedCount++;
}
break;
}
}
}
if (userHadPrivilegeOnSameObject == false && newPrivilege.state().equals(State.REVOKE) == false) {
// revoking a privilege that was not granted is a no-op
affectedCount++;
userPrivileges.add(newPrivilege);
}
}
return affectedCount;
}
Also used :
Privilege(io.crate.user.Privilege)
PrivilegeIdent(io.crate.user.PrivilegeIdent)
Example 4 with PrivilegeIdent
use of io.crate.user.PrivilegeIdent in project crate by crate.
the class UsersPrivilegesMetadata method swapPrivileges.
public static UsersPrivilegesMetadata swapPrivileges(UsersPrivilegesMetadata usersPrivileges, RelationName source, RelationName target) {
HashMap<String, Set<Privilege>> privilegesByUser = new HashMap<>();
for (Map.Entry<String, Set<Privilege>> userPrivileges : usersPrivileges.usersPrivileges.entrySet()) {
String user = userPrivileges.getKey();
Set<Privilege> privileges = userPrivileges.getValue();
Set<Privilege> updatedPrivileges = new HashSet<>();
for (Privilege privilege : privileges) {
PrivilegeIdent ident = privilege.ident();
if (ident.clazz() == Privilege.Clazz.TABLE) {
if (source.fqn().equals(ident.ident())) {
updatedPrivileges.add(new Privilege(privilege.state(), ident.type(), ident.clazz(), target.fqn(), privilege.grantor()));
} else if (target.fqn().equals(ident.ident())) {
updatedPrivileges.add(new Privilege(privilege.state(), ident.type(), ident.clazz(), source.fqn(), privilege.grantor()));
} else {
updatedPrivileges.add(privilege);
}
} else {
updatedPrivileges.add(privilege);
}
}
privilegesByUser.put(user, updatedPrivileges);
}
return new UsersPrivilegesMetadata(privilegesByUser);
}