Example 1 with BatchAccessChecker
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class ContentApiImplWithAuthorization method getMultipleContents.
@Override
public GetMultipleContentsResponse getMultipleContents(String namedRef, String hashOnRef, GetMultipleContentsRequest request) throws NessieNotFoundException {
WithHash<NamedRef> ref = namedRefWithHashOrThrow(namedRef, hashOnRef);
BatchAccessChecker check = startAccessCheck();
request.getRequestedKeys().forEach(k -> check.canReadEntityValue(ref.getValue(), k, null));
check.checkAndThrow();
return super.getMultipleContents(namedRef, hashOnRef, request);
}
Also used :
BatchAccessChecker(org.projectnessie.services.authz.BatchAccessChecker)
NamedRef(org.projectnessie.versioned.NamedRef)
Example 2 with BatchAccessChecker
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method createReference.
@Override
public Reference createReference(@Nullable String sourceRefName, Reference reference) throws NessieNotFoundException, NessieConflictException {
BatchAccessChecker check = startAccessCheck().canCreateReference(RefUtil.toNamedRef(reference));
try {
check.canViewReference(namedRefWithHashOrThrow(sourceRefName, reference.getHash()).getValue());
} catch (NessieNotFoundException e) {
// cases, re-throw the exception.
if (!(reference instanceof Branch && reference.getName().equals(getConfig().getDefaultBranch()) && (null == reference.getHash() || getStore().noAncestorHash().asString().equals(reference.getHash())))) {
throw e;
}
}
check.checkAndThrow();
return super.createReference(sourceRefName, reference);
}
Also used :
BatchAccessChecker(org.projectnessie.services.authz.BatchAccessChecker)
Branch(org.projectnessie.model.Branch)
NessieNotFoundException(org.projectnessie.error.NessieNotFoundException)
Example 3 with BatchAccessChecker
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method deleteReference.
@Override
protected void deleteReference(NamedRef ref, String hash) throws NessieConflictException, NessieNotFoundException {
BatchAccessChecker check = startAccessCheck();
if (ref instanceof BranchName && getConfig().getDefaultBranch().equals(ref.getName())) {
check.canDeleteDefaultBranch();
} else {
check.canDeleteReference(ref);
}
check.checkAndThrow();
super.deleteReference(ref, hash);
}
Also used :
BatchAccessChecker(org.projectnessie.services.authz.BatchAccessChecker)
BranchName(org.projectnessie.versioned.BranchName)
Example 4 with BatchAccessChecker
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method commitMultipleOperations.
@Override
public Branch commitMultipleOperations(String branch, String hash, Operations operations) throws NessieNotFoundException, NessieConflictException {
BranchName branchName = BranchName.of(branch);
BatchAccessChecker check = startAccessCheck().canCommitChangeAgainstReference(branchName);
operations.getOperations().forEach(op -> {
if (op instanceof Delete) {
check.canDeleteEntity(branchName, op.getKey(), null);
} else if (op instanceof Put) {
check.canUpdateEntity(branchName, op.getKey(), null);
}
});
check.checkAndThrow();
return super.commitMultipleOperations(branch, hash, operations);
}
Also used :
Delete(org.projectnessie.model.Operation.Delete)
BatchAccessChecker(org.projectnessie.services.authz.BatchAccessChecker)
BranchName(org.projectnessie.versioned.BranchName)
Put(org.projectnessie.model.Operation.Put)
Example 5 with BatchAccessChecker
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method getAllReferences.
@Override
public ReferencesResponse getAllReferences(ReferencesParams params) {
ImmutableReferencesResponse.Builder resp = ReferencesResponse.builder();
BatchAccessChecker check = startAccessCheck();
List<Reference> refs = super.getAllReferences(params).getReferences().stream().peek(ref -> check.canViewReference(RefUtil.toNamedRef(ref))).collect(Collectors.toList());
Set<NamedRef> notAllowed = check.check().keySet().stream().map(Check::ref).filter(Objects::nonNull).collect(Collectors.toSet());
refs.stream().filter(ref -> !notAllowed.contains(RefUtil.toNamedRef(ref))).forEach(resp::addReferences);
return resp.build();
}
Also used :
LogResponse(org.projectnessie.model.LogResponse)
Put(org.projectnessie.model.Operation.Put)
ServerConfig(org.projectnessie.services.config.ServerConfig)
Authorizer(org.projectnessie.services.authz.Authorizer)
BatchAccessChecker(org.projectnessie.services.authz.BatchAccessChecker)
Reference(org.projectnessie.model.Reference)
NessieConflictException(org.projectnessie.error.NessieConflictException)
VersionStore(org.projectnessie.versioned.VersionStore)
GetReferenceParams(org.projectnessie.api.params.GetReferenceParams)
ReferencesParams(org.projectnessie.api.params.ReferencesParams)
Merge(org.projectnessie.model.Merge)
Type(org.projectnessie.model.Content.Type)
Content(org.projectnessie.model.Content)
CommitMeta(org.projectnessie.model.CommitMeta)
Check(org.projectnessie.services.authz.Check)
Nullable(javax.annotation.Nullable)
NamedRef(org.projectnessie.versioned.NamedRef)
CommitLogParams(org.projectnessie.api.params.CommitLogParams)
ReferencesResponse(org.projectnessie.model.ReferencesResponse)
Branch(org.projectnessie.model.Branch)
Set(java.util.Set)
EntriesResponse(org.projectnessie.model.EntriesResponse)
Collectors(java.util.stream.Collectors)
Objects(java.util.Objects)
BranchName(org.projectnessie.versioned.BranchName)
List(java.util.List)
EntriesParams(org.projectnessie.api.params.EntriesParams)
Principal(java.security.Principal)
Delete(org.projectnessie.model.Operation.Delete)
Operations(org.projectnessie.model.Operations)
Transplant(org.projectnessie.model.Transplant)
ImmutableReferencesResponse(org.projectnessie.model.ImmutableReferencesResponse)
NessieNotFoundException(org.projectnessie.error.NessieNotFoundException)
BatchAccessChecker(org.projectnessie.services.authz.BatchAccessChecker)
Reference(org.projectnessie.model.Reference)
Check(org.projectnessie.services.authz.Check)
ImmutableReferencesResponse(org.projectnessie.model.ImmutableReferencesResponse)
NamedRef(org.projectnessie.versioned.NamedRef)
Aggregations
BatchAccessChecker (org.projectnessie.services.authz.BatchAccessChecker)5
BranchName (org.projectnessie.versioned.BranchName)3
NessieNotFoundException (org.projectnessie.error.NessieNotFoundException)2
Branch (org.projectnessie.model.Branch)2
Delete (org.projectnessie.model.Operation.Delete)2
Put (org.projectnessie.model.Operation.Put)2
NamedRef (org.projectnessie.versioned.NamedRef)2
Principal (java.security.Principal)1
List (java.util.List)1
Objects (java.util.Objects)1
Set (java.util.Set)1
Collectors (java.util.stream.Collectors)1
Nullable (javax.annotation.Nullable)1
CommitLogParams (org.projectnessie.api.params.CommitLogParams)1
EntriesParams (org.projectnessie.api.params.EntriesParams)1
GetReferenceParams (org.projectnessie.api.params.GetReferenceParams)1
ReferencesParams (org.projectnessie.api.params.ReferencesParams)1
NessieConflictException (org.projectnessie.error.NessieConflictException)1
CommitMeta (org.projectnessie.model.CommitMeta)1
Content (org.projectnessie.model.Content)1
