// 'of' can be null - in that case everyone's permissions have been requested. Otherwise only
// single user's.
// If the user requesting 'LIST PERMISSIONS' is not a superuser OR his username doesn't match
// 'of', we
// throw UnauthorizedException. So only a superuser can view everybody's permissions. Regular
// users are only
// allowed to see their own permissions.
public Set<PermissionDetails> list(
AuthenticatedUser performer, Set<Permission> permissions, IResource resource, String of)
throws RequestValidationException, RequestExecutionException {
if (!performer.isSuper() && !performer.getName().equals(of))
throw new UnauthorizedException(
String.format(
"You are not authorized to view %s's permissions", of == null ? "everyone" : of));
Set<PermissionDetails> details = new HashSet<PermissionDetails>();
for (UntypedResultSet.Row row : process(buildListQuery(resource, of))) {
if (row.has(PERMISSIONS)) {
for (String p : row.getSet(PERMISSIONS, UTF8Type.instance)) {
Permission permission = Permission.valueOf(p);
if (permissions.contains(permission))
details.add(
new PermissionDetails(
row.getString(USERNAME),
DataResource.fromName(row.getString(RESOURCE)),
permission));
}
}
}
return details;
}
public Set<DataResource> protectedResources() {
return ImmutableSet.of(DataResource.columnFamily(Auth.AUTH_KS, PERMISSIONS_CF));
}