use of org.apache.oozie.executor.jpa.BundleJobInfoGetJPAExecutor in project oozie by apache.
the class AuthorizationService method authorizeForJobs.
/**
* Check if the user+group is authorized to operate on the specified jobs. <p> Checks if the user is a super-user or
* the one who started the jobs. <p> Read operations are allowed to all users.
*
* @param user user name.
* @param filter filter used to select jobs
* @param start starting index of the jobs in DB
* @param len maximum amount of jobs to select
* @param write indicates if the check is for read or write job tasks.
* @throws AuthorizationException thrown if the user is not authorized for the job.
*/
public void authorizeForJobs(String user, Map<String, List<String>> filter, String jobType, int start, int len, boolean write) throws AuthorizationException {
if (authorizationEnabled && write && !isAdmin(user)) {
try {
// handle workflow jobs
if (jobType.equals("wf")) {
List<WorkflowJobBean> jobBeans = new ArrayList<WorkflowJobBean>();
JPAService jpaService = Services.get().get(JPAService.class);
if (jpaService != null) {
try {
jobBeans = jpaService.execute(new WorkflowsJobGetJPAExecutor(filter, start, len)).getWorkflows();
} catch (JPAExecutorException je) {
throw new AuthorizationException(je);
}
} else {
throw new AuthorizationException(ErrorCode.E0610);
}
for (WorkflowJobBean jobBean : jobBeans) {
if (jobBean != null && !jobBean.getUser().equals(user)) {
if (!isUserInAcl(user, jobBean.getGroup())) {
incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
throw new AuthorizationException(ErrorCode.E0508, user, jobBean.getId());
}
}
}
} else // handle bundle jobs
if (jobType.equals("bundle")) {
List<BundleJobBean> jobBeans = new ArrayList<BundleJobBean>();
JPAService jpaService = Services.get().get(JPAService.class);
if (jpaService != null) {
try {
jobBeans = jpaService.execute(new BundleJobInfoGetJPAExecutor(filter, start, len)).getBundleJobs();
} catch (JPAExecutorException je) {
throw new AuthorizationException(je);
}
} else {
throw new AuthorizationException(ErrorCode.E0610);
}
for (BundleJobBean jobBean : jobBeans) {
if (jobBean != null && !jobBean.getUser().equals(user)) {
if (!isUserInAcl(user, jobBean.getGroup())) {
incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
throw new AuthorizationException(ErrorCode.E0509, user, jobBean.getId());
}
}
}
} else // handle coordinator jobs
{
List<CoordinatorJobBean> jobBeans = new ArrayList<CoordinatorJobBean>();
JPAService jpaService = Services.get().get(JPAService.class);
if (jpaService != null) {
try {
jobBeans = jpaService.execute(new CoordJobInfoGetJPAExecutor(filter, start, len)).getCoordJobs();
} catch (JPAExecutorException je) {
throw new AuthorizationException(je);
}
} else {
throw new AuthorizationException(ErrorCode.E0610);
}
for (CoordinatorJobBean jobBean : jobBeans) {
if (jobBean != null && !jobBean.getUser().equals(user)) {
if (!isUserInAcl(user, jobBean.getGroup())) {
incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
throw new AuthorizationException(ErrorCode.E0509, user, jobBean.getId());
}
}
}
}
} catch (IOException ex) {
throw new AuthorizationException(ErrorCode.E0501, ex.getMessage(), ex);
}
}
}
use of org.apache.oozie.executor.jpa.BundleJobInfoGetJPAExecutor in project oozie by apache.
the class BundleJobsXCommand method execute.
/* (non-Javadoc)
* @see org.apache.oozie.command.XCommand#execute()
*/
@Override
protected BundleJobInfo execute() throws CommandException {
try {
JPAService jpaService = Services.get().get(JPAService.class);
BundleJobInfo bundleInfo = null;
if (jpaService != null) {
bundleInfo = jpaService.execute(new BundleJobInfoGetJPAExecutor(filter, start, len));
} else {
LOG.error(ErrorCode.E0610);
}
return bundleInfo;
} catch (XException ex) {
throw new CommandException(ex);
}
}
Aggregations