/**
* Removes the role with the given name from the AuthorizationPolicy. Returns the removed role
* with an incremented catalog version, or null if no role with this name exists.
*/
public Role removeRole(String roleName) {
catalogLock_.writeLock().lock();
try {
Role role = authPolicy_.removeRole(roleName);
if (role == null) return null;
role.setCatalogVersion(incrementAndGetCatalogVersion());
return role;
} finally {
catalogLock_.writeLock().unlock();
}
}
/**
* Removes a grant group from the given role name and returns the modified Role with an updated
* catalog version. If the role does not exist a CatalogException is thrown.
*/
public Role removeRoleGrantGroup(String roleName, String groupName) throws CatalogException {
catalogLock_.writeLock().lock();
try {
Role role = authPolicy_.removeGrantGroup(roleName, groupName);
Preconditions.checkNotNull(role);
role.setCatalogVersion(incrementAndGetCatalogVersion());
return role;
} finally {
catalogLock_.writeLock().unlock();
}
}
/**
* Adds a new role with the given name and grant groups to the AuthorizationPolicy. If a role with
* the same name already exists it will be overwritten.
*/
public Role addRole(String roleName, Set<String> grantGroups) {
catalogLock_.writeLock().lock();
try {
Role role = new Role(roleName, grantGroups);
role.setCatalogVersion(incrementAndGetCatalogVersion());
authPolicy_.addRole(role);
return role;
} finally {
catalogLock_.writeLock().unlock();
}
}
