You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sqoop.apache.org by ab...@apache.org on 2015/02/18 01:29:38 UTC
sqoop git commit: SQOOP-2080: Sqoop2: Combine privileges into READ
and WRITE
Repository: sqoop
Updated Branches:
refs/heads/sqoop2 2b3ca36b1 -> 170ab67bb
SQOOP-2080: Sqoop2: Combine privileges into READ and WRITE
(Richard Zhou via Abraham Elmahrek)
Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/170ab67b
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/170ab67b
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/170ab67b
Branch: refs/heads/sqoop2
Commit: 170ab67bbb0d68f2d1108359764db475345d76e1
Parents: 2b3ca36
Author: Abraham Elmahrek <ab...@apache.org>
Authored: Tue Feb 17 13:08:02 2015 -0800
Committer: Abraham Elmahrek <ab...@apache.org>
Committed: Tue Feb 17 13:08:02 2015 -0800
----------------------------------------------------------------------
.../Authorization/AuthorizationEngine.java | 48 ++++++++------------
1 file changed, 20 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sqoop/blob/170ab67b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
index bb1ce3b..b84c79b 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
@@ -48,14 +48,14 @@ public class AuthorizationEngine {
* Resource type
*/
public enum ResourceType {
- CONNECTOR, LINK, JOB
+ SERVER, CONNECTOR, LINK, JOB
}
/**
* Action type in Privilege
*/
public enum PrivilegeActionType {
- VIEW, USE, CREATE, UPDATE, DELETE, ENABlE_DISABLE, START_STOP, STATUS
+ ALL, READ, WRITE
}
/**
@@ -67,7 +67,7 @@ public class AuthorizationEngine {
public boolean apply(T input) {
try {
String name = String.valueOf(input.getPersistenceId());
- checkPrivilege(getPrivilege(type, name, PrivilegeActionType.VIEW));
+ checkPrivilege(getPrivilege(type, name, PrivilegeActionType.READ));
// add valid resource
return true;
} catch (Exception e) {
@@ -83,63 +83,58 @@ public class AuthorizationEngine {
* Link related function
*/
public static void createLink(String connectorId) throws SqoopException {
- MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.USE);
- // resource id is empty, means it is a global privilege
- MPrivilege privilege2 = getPrivilege(ResourceType.LINK, StringUtils.EMPTY, PrivilegeActionType.CREATE);
- checkPrivilege(privilege1, privilege2);
+ checkPrivilege(getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ));
}
public static void updateLink(String connectorId, String linkId) throws SqoopException {
- MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.USE);
- MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.UPDATE);
+ MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ);
+ MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE);
checkPrivilege(privilege1, privilege2);
}
public static void deleteLink(String linkId) throws SqoopException {
- checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.DELETE));
+ checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE));
}
public static void enableDisableLink(String linkId) throws SqoopException {
- checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.ENABlE_DISABLE));
+ checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE));
}
/**
* Job related function
*/
public static void createJob(String linkId1, String linkId2) throws SqoopException {
- MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.USE);
- MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.USE);
- // resource id is empty, means it is a global privilege
- MPrivilege privilege3 = getPrivilege(ResourceType.JOB, StringUtils.EMPTY, PrivilegeActionType.CREATE);
- checkPrivilege(privilege1, privilege2, privilege3);
+ MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ);
+ MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ);
+ checkPrivilege(privilege1, privilege2);
}
public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException {
- MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.USE);
- MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.USE);
- MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.UPDATE);
+ MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ);
+ MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ);
+ MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE);
checkPrivilege(privilege1, privilege2, privilege3);
}
public static void deleteJob(String jobId) throws SqoopException {
- checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.DELETE));
+ checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
}
public static void enableDisableJob(String jobId) throws SqoopException {
- checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.ENABlE_DISABLE));
+ checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
}
public static void startJob(String jobId) throws SqoopException {
;
- checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.START_STOP));
+ checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
}
public static void stopJob(String jobId) throws SqoopException {
- checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.START_STOP));
+ checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
}
public static void statusJob(String jobId) throws SqoopException {
- checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.STATUS));
+ checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ));
}
/**
@@ -151,7 +146,7 @@ public class AuthorizationEngine {
public boolean apply(MSubmission input) {
try {
String jobId = String.valueOf(input.getJobId());
- checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.STATUS));
+ checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ));
// add valid submission
return true;
} catch (Exception e) {
@@ -169,9 +164,6 @@ public class AuthorizationEngine {
private static MPrivilege getPrivilege(ResourceType resourceType,
String resourceId,
PrivilegeActionType privilegeActionType) {
- // Do a transfer. "all" means global instances in Restful API, whilst empty
- // string means global instances in role based access controller.
- resourceId = (resourceId == null || resourceId.equals("all")) ? StringUtils.EMPTY : resourceId;
return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name(), false);
}