Ejemplo n.º 1
0
  // Returns every permission on the resource granted to the user.
  public Set<Permission> authorize(AuthenticatedUser user, IResource resource) {
    if (user.isSuper()) return Permission.ALL;

    UntypedResultSet result;
    try {
      ResultMessage.Rows rows =
          authorizeStatement.execute(
              QueryState.forInternalCalls(),
              new QueryOptions(
                  ConsistencyLevel.ONE,
                  Lists.newArrayList(
                      ByteBufferUtil.bytes(user.getName()),
                      ByteBufferUtil.bytes(resource.getName()))));
      result = UntypedResultSet.create(rows.result);
    } catch (RequestValidationException e) {
      throw new AssertionError(e); // not supposed to happen
    } catch (RequestExecutionException e) {
      logger.warn("CassandraAuthorizer failed to authorize {} for {}", user, resource);
      return Permission.NONE;
    }

    if (result.isEmpty() || !result.one().has(PERMISSIONS)) return Permission.NONE;

    Set<Permission> permissions = EnumSet.noneOf(Permission.class);
    for (String perm : result.one().getSet(PERMISSIONS, UTF8Type.instance))
      permissions.add(Permission.valueOf(perm));
    return permissions;
  }
Ejemplo n.º 2
0
  // 'of' can be null - in that case everyone's permissions have been requested. Otherwise only
  // single user's.
  // If the user requesting 'LIST PERMISSIONS' is not a superuser OR his username doesn't match
  // 'of', we
  // throw UnauthorizedException. So only a superuser can view everybody's permissions. Regular
  // users are only
  // allowed to see their own permissions.
  public Set<PermissionDetails> list(
      AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of)
      throws RequestValidationException, RequestExecutionException {
    if (!performer.isSuper() && !performer.getName().equals(of))
      throw new UnauthorizedException(
          String.format(
              "You are not authorized to view %s's permissions", of == null ? "everyone" : of));

    Set<PermissionDetails> details = new HashSet<PermissionDetails>();

    for (UntypedResultSet.Row row : process(buildListQuery(resource, of))) {
      if (row.has(PERMISSIONS)) {
        for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) {
          Permission permission = Permission.valueOf(p);
          if (permissions.contains(permission))
            details.add(
                new PermissionDetails(
                    row.getString(USERNAME),
                    DataResource.fromName(row.getString(RESOURCE)),
                    permission));
        }
      }
    }

    return details;
  }