You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@cassandra.apache.org by indika kumara <in...@gmail.com> on 2011/02/01 06:45:50 UTC

Re: A Question about authorize method of IAuthority

Thanks Stu for the information. I have not still looked deeper at the
internals of the Cassandra. I just thought the operations such as insert,
system_add_column_family, system_add_keyspace in 'Cassandra.Iface' imply an
'add' operation. I just wanted to pass that action to the 'authrorize'
method, so that I can give the authority to the user for the resource
dynamically prior to do adding. Like a creating a file in the file system -
owner gets the read/write authority implicitly.  Is it incorrect to decide
the 'action' going to be done based on the operations(methods) in
'Cassandra.Iface'? I would glad to know your opinion.

Thanks,

Indika

On Tue, Feb 1, 2011 at 3:45 AM, Stu Hood <st...@gmail.com> wrote:

> Our intention was that if you wanted to add another permission like
> "update" (a subset of "write") then you would return it from the method as
> part of the EnumSet<Permission> for that resource. I would see how much
> trouble it would be to add a new Permission value for "update".
>
> Note that Cassandra itself doesn't make a distinction between "update" and
> "add", because we don't (and probably can't, without locking?) look for an
> existing value while doing an insert. This would probably be a larger patch
> than you think.
>
> On Mon, Jan 31, 2011 at 1:54 AM, indika kumara <in...@apache.org> wrote:
>
>> Hi All,
>>
>> Currently, there are two permissions - read and write, and there is no way
>> to know the current operation being performed such as add, update, etc. If
>> the operation is 'add', as the user is already logged into the system, I
>> would like to authorize the user for the resource going to add. I think it
>> is a valid use case, as the creator of a resource implicitly need to have
>> the authority to access it.
>>
>> Current method
>>
>> public EnumSet<Permission> authorize(AuthenticatedUser user, List<Object>
>> resource);
>>
>> Purposed method
>>
>> ission> authorize(AuthenticatedUser user, List<Object> resource, Action
>> action);    // Action is a enum and can be 'add', 'update', 'delete', etc.
>>
>> WDYT?
>>
>> Thanks,
>>
>> Indika
>>
>
>