public class BlobStoreAclHandler extends Object
Provides common handling of acls for Blobstores. Also contains some static utility functions related to Blobstores.
Modifier and Type | Field and Description |
---|---|
static int |
ADMIN |
static List<AccessControl> |
DEFAULT |
static org.slf4j.Logger |
LOG |
static int |
READ |
static List<AccessControl> |
WORLD_EVERYTHING |
static int |
WRITE |
Constructor and Description |
---|
BlobStoreAclHandler(Map<String,Object> conf) |
Modifier and Type | Method and Description |
---|---|
static String |
accessControlToString(AccessControl ac) |
boolean |
checkForValidUsers(Subject who,
int mask) |
void |
hasAnyPermissions(List<AccessControl> acl,
int mask,
Subject who,
String key)
Validates if the user has any of the permissions mentioned in the mask.
|
void |
hasPermissions(List<AccessControl> acl,
int mask,
Subject who,
String key)
Validates if the user has at least the set of permissions mentioned in the mask.
|
void |
normalizeSettableBlobMeta(String key,
SettableBlobMeta meta,
Subject who,
int opMask) |
static AccessControl |
parseAccessControl(String str) |
static void |
validateSettableACLs(String key,
List<AccessControl> acls) |
void |
validateUserCanReadMeta(List<AccessControl> acl,
Subject who,
String key)
The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
|
public static final org.slf4j.Logger LOG
public static final int READ
public static final int WRITE
public static final int ADMIN
public static final List<AccessControl> WORLD_EVERYTHING
public static final List<AccessControl> DEFAULT
public static AccessControl parseAccessControl(String str)
public static String accessControlToString(AccessControl ac)
public static void validateSettableACLs(String key, List<AccessControl> acls) throws AuthorizationException
AuthorizationException
public boolean checkForValidUsers(Subject who, int mask)
public void validateUserCanReadMeta(List<AccessControl> acl, Subject who, String key) throws AuthorizationException
The user should be able to see the metadata if and only if they have any of READ, WRITE, or ADMIN.
AuthorizationException
public void hasAnyPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
Validates if the user has any of the permissions mentioned in the mask.
acl
- ACL for the key.mask
- mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who
- Is the user against whom the permissions are validated for a key using the ACL and the mask.key
- Key used to identify the blob.AuthorizationException
public void hasPermissions(List<AccessControl> acl, int mask, Subject who, String key) throws AuthorizationException
Validates if the user has at least the set of permissions mentioned in the mask.
acl
- ACL for the key.mask
- mask holds the cumulative value of READ = 1, WRITE = 2 or ADMIN = 4 permissions. mask = 1 implies READ privilege. mask = 5 implies READ and ADMIN privileges.who
- Is the user against whom the permissions are validated for a key using the ACL and the mask.key
- Key used to identify the blob.AuthorizationException
public void normalizeSettableBlobMeta(String key, SettableBlobMeta meta, Subject who, int opMask)
Copyright © 2020 The Apache Software Foundation. All rights reserved.