You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Gregory Chanan (JIRA)" <ji...@apache.org> on 2013/11/05 00:25:17 UTC
[jira] [Created] (SENTRY-59) Doc that ResourceAuthorizationProvider
checks actions as ORs, add support for AND
Gregory Chanan created SENTRY-59:
------------------------------------
Summary: Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND
Key: SENTRY-59
URL: https://issues.apache.org/jira/browse/SENTRY-59
Project: Sentry
Issue Type: Improvement
Affects Versions: 1.3.0
Reporter: Gregory Chanan
Fix For: 1.3.0
Currently, it is not clear from the javadoc how multiple actions are handled in the function:
{code}
/***
* Returns validate subject privileges on given Authorizable object
*
* @param subject: UserID to validate privileges
* @param authorizableHierarchy : List of object accroding to namespace hierarchy.
* eg. Server->Db->Table or Server->Function
* The privileges will be validated from the higher to lower scope
* @param actions : Privileges to validate
* @return
* True if the subject is authorized to perform requested action on the given object
*/
public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, Set<? extends Action> actions);
{code}
but at least in ResourceAuthorizationProvider, OR semantics are used. We should document this and perhaps add an interface for AND semantics.
--
This message was sent by Atlassian JIRA
(v6.1#6144)