use of org.apache.atlas.authorize.AtlasTypeAccessRequest in project atlas by apache.
the class AtlasEntityDefStoreV1 method create.
@Override
public AtlasEntityDef create(AtlasEntityDef entityDef, AtlasVertex preCreateResult) throws AtlasBaseException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> AtlasEntityDefStoreV1.create({}, {})", entityDef, preCreateResult);
}
AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_CREATE, entityDef), "create entity-def ", entityDef.getName());
AtlasVertex vertex = (preCreateResult == null) ? preCreate(entityDef) : preCreateResult;
updateVertexAddReferences(entityDef, vertex);
AtlasEntityDef ret = toEntityDef(vertex);
if (LOG.isDebugEnabled()) {
LOG.debug("<== AtlasEntityDefStoreV1.create({}, {}): {}", entityDef, preCreateResult, ret);
}
return ret;
}
use of org.apache.atlas.authorize.AtlasTypeAccessRequest in project atlas by apache.
the class AtlasEntityDefStoreV1 method updateByGuid.
@Override
public AtlasEntityDef updateByGuid(String guid, AtlasEntityDef entityDef) throws AtlasBaseException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> AtlasEntityDefStoreV1.updateByGuid({})", guid);
}
AtlasEntityDef existingDef = typeRegistry.getEntityDefByGuid(guid);
AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_UPDATE, existingDef), "update entity-def ", (existingDef != null ? existingDef.getName() : guid));
validateType(entityDef);
AtlasType type = typeRegistry.getTypeByGuid(guid);
if (type.getTypeCategory() != org.apache.atlas.model.TypeCategory.ENTITY) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_MATCH_FAILED, entityDef.getName(), TypeCategory.CLASS.name());
}
AtlasVertex vertex = typeDefStore.findTypeVertexByGuidAndCategory(guid, TypeCategory.CLASS);
if (vertex == null) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_GUID_NOT_FOUND, guid);
}
updateVertexPreUpdate(entityDef, (AtlasEntityType) type, vertex);
updateVertexAddReferences(entityDef, vertex);
AtlasEntityDef ret = toEntityDef(vertex);
if (LOG.isDebugEnabled()) {
LOG.debug("<== AtlasEntityDefStoreV1.updateByGuid({}): {}", guid, ret);
}
return ret;
}
use of org.apache.atlas.authorize.AtlasTypeAccessRequest in project atlas by apache.
the class AtlasEntityDefStoreV1 method preDeleteByGuid.
@Override
public AtlasVertex preDeleteByGuid(String guid) throws AtlasBaseException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> AtlasEntityDefStoreV1.preDeleteByGuid({})", guid);
}
AtlasEntityDef existingDef = typeRegistry.getEntityDefByGuid(guid);
AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_DELETE, existingDef), "delete entity-def ", (existingDef != null ? existingDef.getName() : guid));
AtlasVertex ret = typeDefStore.findTypeVertexByGuidAndCategory(guid, TypeCategory.CLASS);
String typeName = AtlasGraphUtilsV1.getProperty(ret, Constants.TYPENAME_PROPERTY_KEY, String.class);
if (AtlasGraphUtilsV1.typeHasInstanceVertex(typeName)) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_HAS_REFERENCES, typeName);
}
if (ret == null) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_GUID_NOT_FOUND, guid);
}
// error if we are trying to delete an entityDef that has a relationshipDef
if (typeDefStore.hasIncomingEdgesWithLabel(ret, AtlasGraphUtilsV1.RELATIONSHIPTYPE_EDGE_LABEL)) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_HAS_RELATIONSHIPS, typeName);
}
typeDefStore.deleteTypeVertexOutEdges(ret);
if (LOG.isDebugEnabled()) {
LOG.debug("<== AtlasEntityDefStoreV1.preDeleteByGuid({}): {}", guid, ret);
}
return ret;
}
use of org.apache.atlas.authorize.AtlasTypeAccessRequest in project ranger by apache.
the class RangerAtlasAuthorizer method filterTypes.
private void filterTypes(AtlasAccessRequest request, List<? extends AtlasBaseTypeDef> typeDefs) throws AtlasAuthorizationException {
if (typeDefs != null) {
for (ListIterator<? extends AtlasBaseTypeDef> iter = typeDefs.listIterator(); iter.hasNext(); ) {
AtlasBaseTypeDef typeDef = iter.next();
AtlasTypeAccessRequest typeRequest = new AtlasTypeAccessRequest(request.getAction(), typeDef, request.getUser(), request.getUserGroups());
typeRequest.setClientIPAddress(request.getClientIPAddress());
typeRequest.setForwardedAddresses(request.getForwardedAddresses());
typeRequest.setRemoteIPAddress(request.getRemoteIPAddress());
if (!isAccessAllowed(typeRequest)) {
iter.remove();
}
}
}
}
use of org.apache.atlas.authorize.AtlasTypeAccessRequest in project atlas by apache.
the class AtlasStructDefStoreV1 method preDeleteByName.
@Override
public AtlasVertex preDeleteByName(String name) throws AtlasBaseException {
if (LOG.isDebugEnabled()) {
LOG.debug("==> AtlasStructDefStoreV1.preDeleteByName({})", name);
}
AtlasStructDef existingDef = typeRegistry.getStructDefByName(name);
AtlasAuthorizationUtils.verifyAccess(new AtlasTypeAccessRequest(AtlasPrivilege.TYPE_DELETE, existingDef), "delete struct-def ", name);
AtlasVertex ret = typeDefStore.findTypeVertexByNameAndCategory(name, TypeCategory.STRUCT);
if (AtlasGraphUtilsV1.typeHasInstanceVertex(name)) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_HAS_REFERENCES, name);
}
if (ret == null) {
throw new AtlasBaseException(AtlasErrorCode.TYPE_NAME_NOT_FOUND, name);
}
typeDefStore.deleteTypeVertexOutEdges(ret);
if (LOG.isDebugEnabled()) {
LOG.debug("<== AtlasStructDefStoreV1.preDeleteByName({}): {}", name, ret);
}
return ret;
}
Aggregations