Package com.illumon.iris.db.v2.permissions

Interface DbAclProvider

All Superinterfaces:
DbAclWriter
All Known Implementing Classes:
EtcdDbAclGuiHelper, EtcdDbAclProvider, MysqlDbAclGuiHelper, MysqlDbAclProvider, PermissionFilterProviderEtcdImpl, PermissionFilterProviderMysqlImpl, UnauthenticatedPermissionFilterProviderEtcdImpl, UnauthenticatedPermissionFilterProviderMysqlImpl
public interface DbAclProvider
extends DbAclWriter

  • Method Details

    • getFilterDetailsForUser

      @NotNull List<PermissionFilterProvider.FilterDetails> getFilterDetailsForUser​(com.fishlib.auth.UserContext userContext)
      Gets the tableacls permissions filters for an effective user
      Parameters:
      userContext - The UserContext from which the effective user name to filter will be obtained
      Returns:
      A List of PermissionFilterProvider.FilterDetails for the effective user

    • retrieveRowAcls

      @NotNull Collection<String> retrieveRowAcls​(String effectiveUser, String namespace, String tableName)
      Returns the most specific tableacl per group for a specific user, namespace, and table.
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in tableacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in tableacls
      Returns:
      A Collection of tableacls filters.

    • retrieveColumnAcls

      @NotNull Map<String,​List<com.fishlib.base.Pair<String,​String>>> retrieveColumnAcls​(String effectiveUser, String namespace, String tableName)
      Returns the most specific columnacl per group for a specific user, namespace, and table.
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in columnacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in columnacls
      Returns:
      A Map of group names to Lists of columns and filter pairs.

    • retrieveSystemAcls

      @NotNull Collection<String> retrieveSystemAcls​(String effectiveUser, String key)
      Retrieve the set of system ACLs that modify system behavior rather than table access.
      Parameters:
      effectiveUser - The user to get ACLs for
      key - The lookup value that applies
      Returns:
      A collection of strings representing the applicable ACLs.

    • canEditInputTable

      boolean canEditInputTable​(String effectiveUser, String namespace, String tableName)
      Checks whether a user has rights to edit an input table
      Parameters:
      effectiveUser - The user for whom permissions should be checked
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the user has an effective canedit grant, otherwise false

    • canAnyoneEditInputTable

      boolean canAnyoneEditInputTable​(String namespace, String tableName)
      Checks whether an input table can be edited by all users
      Parameters:
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the input table can be edited by all users, otherwise false

    • getAccountsForUser

      @NotNull String[] getAccountsForUser​(String effectiveUser)
      Retrieves all strategy accounts associated with a user, directly or through group membership
      Parameters:
      effectiveUser - The user for whom strategy account access should be checked
      Returns:
      An array of String of associated strategy accounts

    • getAllUsers

      @NotNull String[] getAllUsers()
      Retrieves all user accounts in the system
      Returns:
      An array of String of user names

    • getAllGroups

      @NotNull String[] getAllGroups()
      Retrieves all groups accounts in the system
      Returns:
      An array of String of groups names

    • getAllStrategies

      @NotNull String[] getAllStrategies() throws SQLException
      Retrieves all strategy names by unioning strategies in strategyaccount with those in groupstrategy
      Returns:
      An array of String of strategy names
      Throws:
      SQLException - In the case of SQL implementations of this interface if something goes wrong

    • getAllAccounts

      @NotNull String[] getAllAccounts() throws SQLException
      Retrieves all strategy accounts in the system
      Returns:
      An array of String of strategy account names
      Throws:
      SQLException - In the case of SQL implementations of this interface if something goes wrong

    • getAccountsForStrategy

      @NotNull String[] getAccountsForStrategy​(String strategy)
      Retrieves all strategy accounts associated with a particular strategy
      Parameters:
      strategy - The strategy name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategyForAccount

      @NotNull String[] getStrategyForAccount​(String account)
      Retrieves all strategies associated with a particular strategy account
      Parameters:
      account - The strategy account name for which to filter strategies
      Returns:
      An array of String of strategy account names

    • getAccountsForGroup

      @NotNull String[] getAccountsForGroup​(String group)
      Retrieves all strategy accounts associated with a particular group
      Parameters:
      group - The group name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategiesForGroup

      @NotNull String[] getStrategiesForGroup​(String group)
      Retrieves all strategies associated with a particular group
      Parameters:
      group - The group name for which to filter strategies
      Returns:
      An array of String of strategy names

    • groupStrategyExists

      boolean groupStrategyExists​(String groupName, String strategy)
      Checks whether a particular association of a group and a strategy exists
      Parameters:
      groupName - The group name to check
      strategy - The strategy name to check
      Returns:
      True if the mapping exists, false if it does not

    • getGroupsForUser

      @NotNull String[] getGroupsForUser​(String effectiveUser)
      Get the groups to which a user is mapped
      Parameters:
      effectiveUser - The String name of the user to find groups for
      Returns:
      A String array of groups mapped to this user

    • getStrategiesForUser

      @NotNull String[] getStrategiesForUser​(String effectiveUser)
      Retrieves all strategies associated with a particular user, either directly or through group membership
      Parameters:
      effectiveUser - The user for whom strategy access should be checked
      Returns:
      An array of String of strategy names

    • getUsersForGroup

      @NotNull String[] getUsersForGroup​(String group)
      Get the users that are members of a group
      Parameters:
      group - The String name of the group to find users for
      Returns:
      A String array of users with membership in this group

    • changePassword

      void changePassword​(String user, String passwordHash) throws SQLException
      Changes the password of a user entry in passwd
      Specified by:
      changePassword in interface DbAclWriter
      Parameters:
      user - The user for which the password should be updated
      passwordHash - The new password value to store
      Throws:
      SQLException - In the case of SQL implementations of this interface if something goes wrong

    • getSystemUsers

      @NotNull String[] getSystemUsers()
      Returns an array of systemusers.
      Returns:
      A String array of distinct systemuser names, sorted.

    • getPasswdsForMigration

      @NotNull List<com.fishlib.base.Pair<String,​String>> getPasswdsForMigration()
      Returns user and password entries from the passwd table. Intended for use during ACL exports and/or data migration between MySQL and Etcd ACL stores.
      Returns:
      A List of Pair&lt;String,String&gt; objects which contain a user and password entry.

    • getRunAsUserMap

      @NotNull Map<String,​String> getRunAsUserMap()
      Returns a map of user names to systemuser names
      Returns:
      a map of user names to systemuser names

    • getRunAsUser

      String getRunAsUser​(String effectiveUser)
      Returns the systemuser to which the effectiveUser is mapped, or null if no mapping exists.
      Parameters:
      effectiveUser - The user for which a mapped systemuser name should be retrieved.
      Returns:
      the String systemuser to which the effectiveUser is mapped, or null if no mapping exists.

    • close

      void close()