sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-2080: Sqoop2: Combine privileges into READ and WRITE
Date Wed, 18 Feb 2015 00:29:38 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 2b3ca36b1 -> 170ab67bb


SQOOP-2080: Sqoop2: Combine privileges into READ and WRITE

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/170ab67b
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/170ab67b
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/170ab67b

Branch: refs/heads/sqoop2
Commit: 170ab67bbb0d68f2d1108359764db475345d76e1
Parents: 2b3ca36
Author: Abraham Elmahrek <abe@apache.org>
Authored: Tue Feb 17 13:08:02 2015 -0800
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Tue Feb 17 13:08:02 2015 -0800

----------------------------------------------------------------------
 .../Authorization/AuthorizationEngine.java      | 48 ++++++++------------
 1 file changed, 20 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/170ab67b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
index bb1ce3b..b84c79b 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
@@ -48,14 +48,14 @@ public class AuthorizationEngine {
    * Resource type
    */
   public enum ResourceType {
-    CONNECTOR, LINK, JOB
+    SERVER, CONNECTOR, LINK, JOB
   }
 
   /**
    * Action type in Privilege
    */
   public enum PrivilegeActionType {
-    VIEW, USE, CREATE, UPDATE, DELETE, ENABlE_DISABLE, START_STOP, STATUS
+    ALL, READ, WRITE
   }
 
   /**
@@ -67,7 +67,7 @@ public class AuthorizationEngine {
       public boolean apply(T input) {
         try {
           String name = String.valueOf(input.getPersistenceId());
-          checkPrivilege(getPrivilege(type, name, PrivilegeActionType.VIEW));
+          checkPrivilege(getPrivilege(type, name, PrivilegeActionType.READ));
           // add valid resource
           return true;
         } catch (Exception e) {
@@ -83,63 +83,58 @@ public class AuthorizationEngine {
    * Link related function
    */
   public static void createLink(String connectorId) throws SqoopException {
-    MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.USE);
-    // resource id is empty, means it is a global privilege
-    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, StringUtils.EMPTY, PrivilegeActionType.CREATE);
-    checkPrivilege(privilege1, privilege2);
+    checkPrivilege(getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ));
   }
 
   public static void updateLink(String connectorId, String linkId) throws SqoopException
{
-    MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.USE);
-    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.UPDATE);
+    MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ);
+    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE);
     checkPrivilege(privilege1, privilege2);
   }
 
   public static void deleteLink(String linkId) throws SqoopException {
-    checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.DELETE));
+    checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE));
   }
 
   public static void enableDisableLink(String linkId) throws SqoopException {
-    checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.ENABlE_DISABLE));
+    checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE));
   }
 
   /**
    * Job related function
    */
   public static void createJob(String linkId1, String linkId2) throws SqoopException {
-    MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.USE);
-    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.USE);
-    // resource id is empty, means it is a global privilege
-    MPrivilege privilege3 = getPrivilege(ResourceType.JOB, StringUtils.EMPTY, PrivilegeActionType.CREATE);
-    checkPrivilege(privilege1, privilege2, privilege3);
+    MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ);
+    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ);
+    checkPrivilege(privilege1, privilege2);
   }
 
   public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException
{
-    MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.USE);
-    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.USE);
-    MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.UPDATE);
+    MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ);
+    MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ);
+    MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE);
     checkPrivilege(privilege1, privilege2, privilege3);
   }
 
   public static void deleteJob(String jobId) throws SqoopException {
-    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.DELETE));
+    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
   }
 
   public static void enableDisableJob(String jobId) throws SqoopException {
-    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.ENABlE_DISABLE));
+    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
   }
 
   public static void startJob(String jobId) throws SqoopException {
     ;
-    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.START_STOP));
+    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
   }
 
   public static void stopJob(String jobId) throws SqoopException {
-    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.START_STOP));
+    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE));
   }
 
   public static void statusJob(String jobId) throws SqoopException {
-    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.STATUS));
+    checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ));
   }
 
   /**
@@ -151,7 +146,7 @@ public class AuthorizationEngine {
       public boolean apply(MSubmission input) {
         try {
           String jobId = String.valueOf(input.getJobId());
-          checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.STATUS));
+          checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ));
           // add valid submission
           return true;
         } catch (Exception e) {
@@ -169,9 +164,6 @@ public class AuthorizationEngine {
   private static MPrivilege getPrivilege(ResourceType resourceType,
                                          String resourceId,
                                          PrivilegeActionType privilegeActionType) {
-    // Do a transfer. "all" means global instances in Restful API, whilst empty
-    // string means global instances in role based access controller.
-    resourceId = (resourceId == null || resourceId.equals("all")) ? StringUtils.EMPTY : resourceId;
     return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name(),
false);
   }
 


Mime
View raw message