Search in sources :

Example 1 with WorkflowsJobGetJPAExecutor

use of org.apache.oozie.executor.jpa.WorkflowsJobGetJPAExecutor in project oozie by apache.

the class AuthorizationService method authorizeForJobs.

/**
 * Check if the user+group is authorized to operate on the specified jobs. <p> Checks if the user is a super-user or
 * the one who started the jobs. <p> Read operations are allowed to all users.
 *
 * @param user user name.
 * @param filter filter used to select jobs
 * @param start starting index of the jobs in DB
 * @param len maximum amount of jobs to select
 * @param write indicates if the check is for read or write job tasks.
 * @throws AuthorizationException thrown if the user is not authorized for the job.
 */
public void authorizeForJobs(String user, Map<String, List<String>> filter, String jobType, int start, int len, boolean write) throws AuthorizationException {
    if (authorizationEnabled && write && !isAdmin(user)) {
        try {
            // handle workflow jobs
            if (jobType.equals("wf")) {
                List<WorkflowJobBean> jobBeans = new ArrayList<WorkflowJobBean>();
                JPAService jpaService = Services.get().get(JPAService.class);
                if (jpaService != null) {
                    try {
                        jobBeans = jpaService.execute(new WorkflowsJobGetJPAExecutor(filter, start, len)).getWorkflows();
                    } catch (JPAExecutorException je) {
                        throw new AuthorizationException(je);
                    }
                } else {
                    throw new AuthorizationException(ErrorCode.E0610);
                }
                for (WorkflowJobBean jobBean : jobBeans) {
                    if (jobBean != null && !jobBean.getUser().equals(user)) {
                        if (!isUserInAcl(user, jobBean.getGroup())) {
                            incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
                            throw new AuthorizationException(ErrorCode.E0508, user, jobBean.getId());
                        }
                    }
                }
            } else // handle bundle jobs
            if (jobType.equals("bundle")) {
                List<BundleJobBean> jobBeans = new ArrayList<BundleJobBean>();
                JPAService jpaService = Services.get().get(JPAService.class);
                if (jpaService != null) {
                    try {
                        jobBeans = jpaService.execute(new BundleJobInfoGetJPAExecutor(filter, start, len)).getBundleJobs();
                    } catch (JPAExecutorException je) {
                        throw new AuthorizationException(je);
                    }
                } else {
                    throw new AuthorizationException(ErrorCode.E0610);
                }
                for (BundleJobBean jobBean : jobBeans) {
                    if (jobBean != null && !jobBean.getUser().equals(user)) {
                        if (!isUserInAcl(user, jobBean.getGroup())) {
                            incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
                            throw new AuthorizationException(ErrorCode.E0509, user, jobBean.getId());
                        }
                    }
                }
            } else // handle coordinator jobs
            {
                List<CoordinatorJobBean> jobBeans = new ArrayList<CoordinatorJobBean>();
                JPAService jpaService = Services.get().get(JPAService.class);
                if (jpaService != null) {
                    try {
                        jobBeans = jpaService.execute(new CoordJobInfoGetJPAExecutor(filter, start, len)).getCoordJobs();
                    } catch (JPAExecutorException je) {
                        throw new AuthorizationException(je);
                    }
                } else {
                    throw new AuthorizationException(ErrorCode.E0610);
                }
                for (CoordinatorJobBean jobBean : jobBeans) {
                    if (jobBean != null && !jobBean.getUser().equals(user)) {
                        if (!isUserInAcl(user, jobBean.getGroup())) {
                            incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
                            throw new AuthorizationException(ErrorCode.E0509, user, jobBean.getId());
                        }
                    }
                }
            }
        } catch (IOException ex) {
            throw new AuthorizationException(ErrorCode.E0501, ex.getMessage(), ex);
        }
    }
}
Also used : CoordinatorJobBean(org.apache.oozie.CoordinatorJobBean) CoordJobInfoGetJPAExecutor(org.apache.oozie.executor.jpa.CoordJobInfoGetJPAExecutor) ArrayList(java.util.ArrayList) IOException(java.io.IOException) WorkflowJobBean(org.apache.oozie.WorkflowJobBean) WorkflowsJobGetJPAExecutor(org.apache.oozie.executor.jpa.WorkflowsJobGetJPAExecutor) JPAExecutorException(org.apache.oozie.executor.jpa.JPAExecutorException) BundleJobBean(org.apache.oozie.BundleJobBean) ArrayList(java.util.ArrayList) List(java.util.List) BundleJobInfoGetJPAExecutor(org.apache.oozie.executor.jpa.BundleJobInfoGetJPAExecutor)

Aggregations

IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 BundleJobBean (org.apache.oozie.BundleJobBean)1 CoordinatorJobBean (org.apache.oozie.CoordinatorJobBean)1 WorkflowJobBean (org.apache.oozie.WorkflowJobBean)1 BundleJobInfoGetJPAExecutor (org.apache.oozie.executor.jpa.BundleJobInfoGetJPAExecutor)1 CoordJobInfoGetJPAExecutor (org.apache.oozie.executor.jpa.CoordJobInfoGetJPAExecutor)1 JPAExecutorException (org.apache.oozie.executor.jpa.JPAExecutorException)1 WorkflowsJobGetJPAExecutor (org.apache.oozie.executor.jpa.WorkflowsJobGetJPAExecutor)1