use of org.teiid.adminapi.DataPolicy.PermissionType in project teiid by teiid.
the class DefaultAuthorizationValidator method isAccessible.
@Override
public boolean isAccessible(AbstractMetadataRecord record, CommandContext commandContext) {
if (policyDecider == null || !policyDecider.validateCommand(commandContext) || // TODO - schemas cannot be hidden - unless we traverse them and find that nothing is accessible
record instanceof Schema) {
return true;
}
AbstractMetadataRecord parent = record;
while (parent.getParent() != null) {
parent = parent.getParent();
if (parent instanceof Procedure) {
// don't check procedure params/rs columns
return true;
}
}
if (!(parent instanceof Schema) || (CoreConstants.SYSTEM_MODEL.equalsIgnoreCase(parent.getName()) || CoreConstants.ODBC_MODEL.equalsIgnoreCase(parent.getName()))) {
// access is always allowed to system tables / procedures or unrooted objects
return true;
}
PermissionType action = PermissionType.READ;
if (record instanceof FunctionMethod || record instanceof Procedure) {
action = PermissionType.EXECUTE;
}
// cache permission check
Boolean result = commandContext.isAccessible(record);
if (result != null) {
return result;
}
HashSet<String> resources = new HashSet<String>(2);
resources.add(record.getFullName());
result = this.policyDecider.getInaccessibleResources(action, resources, Context.METADATA, commandContext).isEmpty();
commandContext.setAccessible(record, result);
return result;
}
Aggregations