Examples with ImmutableMultimap org.apache.beam.vendor.calcite.v1_28_0.com.google.common.collect.ImmutableMultimap used on opensource projects

Example 31 with ImmutableMultimap

use of org.apache.beam.vendor.calcite.v1_28_0.com.google.common.collect.ImmutableMultimap in project graylog2-server by Graylog2.

the class EntityDependencyPermissionChecker method check.

/**
 * Runs permission checks for the given dependencies for every selected grantee and returns the entities that
 * grantees cannot access.
 *
 * @param sharingUser      the sharing user
 * @param dependencies     the dependencies to check
 * @param selectedGrantees the selected grantees
 * @return dependencies that grantees cannot access, grouped by grantee
 */
public ImmutableMultimap<GRN, EntityDescriptor> check(GRN sharingUser, ImmutableSet<EntityDescriptor> dependencies, Set<GRN> selectedGrantees) {
    final ImmutableMultimap.Builder<GRN, EntityDescriptor> deniedDependencies = ImmutableMultimap.builder();
    final GranteeAuthorizer sharerAuthorizer = granteeAuthorizerFactory.create(sharingUser);
    for (final GRN grantee : selectedGrantees) {
        // We only check for existing grants for the actual grantee. If the grantee is a team, we only check if
        // the team has a grant, not if any users in the team can access the dependency via other grants.
        // The same for the "everyone" grantee, we only check if  the "everyone" grantee has access to a dependency.
        final GranteeAuthorizer granteeAuthorizer = granteeAuthorizerFactory.create(grantee);
        for (final EntityDescriptor dependency : dependencies) {
            // leaking information to the sharing user.
            if (cannotView(sharerAuthorizer, dependency)) {
                continue;
            }
            if (cannotView(granteeAuthorizer, dependency)) {
                deniedDependencies.put(grantee, dependency);
            }
        }
    }
    return deniedDependencies.build();
}