use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class ContentApiImplWithAuthorization method getMultipleContents.
@Override
public GetMultipleContentsResponse getMultipleContents(String namedRef, String hashOnRef, GetMultipleContentsRequest request) throws NessieNotFoundException {
WithHash<NamedRef> ref = namedRefWithHashOrThrow(namedRef, hashOnRef);
BatchAccessChecker check = startAccessCheck();
request.getRequestedKeys().forEach(k -> check.canReadEntityValue(ref.getValue(), k, null));
check.checkAndThrow();
return super.getMultipleContents(namedRef, hashOnRef, request);
}
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method createReference.
@Override
public Reference createReference(@Nullable String sourceRefName, Reference reference) throws NessieNotFoundException, NessieConflictException {
BatchAccessChecker check = startAccessCheck().canCreateReference(RefUtil.toNamedRef(reference));
try {
check.canViewReference(namedRefWithHashOrThrow(sourceRefName, reference.getHash()).getValue());
} catch (NessieNotFoundException e) {
// cases, re-throw the exception.
if (!(reference instanceof Branch && reference.getName().equals(getConfig().getDefaultBranch()) && (null == reference.getHash() || getStore().noAncestorHash().asString().equals(reference.getHash())))) {
throw e;
}
}
check.checkAndThrow();
return super.createReference(sourceRefName, reference);
}
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method deleteReference.
@Override
protected void deleteReference(NamedRef ref, String hash) throws NessieConflictException, NessieNotFoundException {
BatchAccessChecker check = startAccessCheck();
if (ref instanceof BranchName && getConfig().getDefaultBranch().equals(ref.getName())) {
check.canDeleteDefaultBranch();
} else {
check.canDeleteReference(ref);
}
check.checkAndThrow();
super.deleteReference(ref, hash);
}
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method commitMultipleOperations.
@Override
public Branch commitMultipleOperations(String branch, String hash, Operations operations) throws NessieNotFoundException, NessieConflictException {
BranchName branchName = BranchName.of(branch);
BatchAccessChecker check = startAccessCheck().canCommitChangeAgainstReference(branchName);
operations.getOperations().forEach(op -> {
if (op instanceof Delete) {
check.canDeleteEntity(branchName, op.getKey(), null);
} else if (op instanceof Put) {
check.canUpdateEntity(branchName, op.getKey(), null);
}
});
check.checkAndThrow();
return super.commitMultipleOperations(branch, hash, operations);
}
use of org.projectnessie.services.authz.BatchAccessChecker in project nessie by projectnessie.
the class TreeApiImplWithAuthorization method getAllReferences.
@Override
public ReferencesResponse getAllReferences(ReferencesParams params) {
ImmutableReferencesResponse.Builder resp = ReferencesResponse.builder();
BatchAccessChecker check = startAccessCheck();
List<Reference> refs = super.getAllReferences(params).getReferences().stream().peek(ref -> check.canViewReference(RefUtil.toNamedRef(ref))).collect(Collectors.toList());
Set<NamedRef> notAllowed = check.check().keySet().stream().map(Check::ref).filter(Objects::nonNull).collect(Collectors.toSet());
refs.stream().filter(ref -> !notAllowed.contains(RefUtil.toNamedRef(ref))).forEach(resp::addReferences);
return resp.build();
}
Aggregations