Package com.illumon.iris.security

Class FileACLFilter

java.lang.Object
com.illumon.iris.security.FileACLFilter
All Implemented Interfaces:
SelectFilter
public class FileACLFilter
extends Object
implements SelectFilter
A filter for file paths rather than table rows. Does not authorize access to any rows of any table. Instead, the specified user or group will be granted the specified access to a designated filesystem path. Note that existing filesystem permissions are still in effect as well; the query worker's identity must be able to access the specified path as well.

  • Field Details

    • path

      public final String path
      The filesystem path being granted access to

    • actions

      public final String actions
      The actions being allowed on the specified filesystem path

  • Method Details

    • getColumns

      public List<String> getColumns()
      Get the columns required by this select filter (which is none, since this isn't actually filtering anything in tables).
      Specified by:
      getColumns in interface SelectFilter
      Returns:
      an empty List.

    • getColumnArrays

      public List<String> getColumnArrays()
      Get the array columns required by this select filter (which is none, since this isn't actually filtering anything in tables).
      Specified by:
      getColumnArrays in interface SelectFilter
      Returns:
      an empty List.

    • init

      public void init​(TableDefinition tableDefinition)
      Does nothing.
      Specified by:
      init in interface SelectFilter
      Parameters:
      tableDefinition - the definition of the table that will be filtered

    • filter

      public Index filter​(Index selection, Index fullSet, Table table, boolean usePrev)
      Filter selection to only matching rows. Since this filter isn't limiting rows, but is controlling filesystem access, the filter returns all rows that were provided to it.
      Specified by:
      filter in interface SelectFilter
      Parameters:
      selection - the indices that should be filtered. The selection must be a subset of fullSet; and may not include rows that the engine determines need not be evaluated to produce the result.
      fullSet - the complete Index of the table to filter. The fullSet is used for calculating variables like "i" or "ii".
      table - the table to filter
      usePrev - true if previous values should be used. Implementing previous value filtering is optional, and a SelectFilter.PreviousFilteringNotSupported exception may be thrown. If a PreviousFiltering exception is thrown, then the caller must acquire the LiveTableMonitor lock.
      Returns:
      All the rows initially passed in; this filter does not limit table rows.

    • isSimpleFilter

      public boolean isSimpleFilter()
      Specified by:
      isSimpleFilter in interface SelectFilter
      Returns:
      false. This is not run within the database engine.

    • setRecomputeListener

      public void setRecomputeListener​(SelectFilter.RecomputeListener listener)
      Do nothing.
      Specified by:
      setRecomputeListener in interface SelectFilter
      Parameters:
      listener - Ignored.

    • isAutomatedFilter

      public boolean isAutomatedFilter()
      The database system may automatically generate a filter, for example, when applying an ACL to a table. There are certain operations which may bypass these filters.

      This function returns whether or not this filter is automated.

      Specified by:
      isAutomatedFilter in interface SelectFilter
      Returns:
      true, because it is not a problem to bypass this filter during normal table operation.

    • setAutomatedFilter

      public void setAutomatedFilter​(boolean value)
      Does nothing. This filter is automatically considered 'automated.'
      Specified by:
      setAutomatedFilter in interface SelectFilter
      Parameters:
      value - Ignored.

    • copy

      public SelectFilter copy()
      Create a copy of this SelectFilter.
      Specified by:
      copy in interface SelectFilter
      Returns:
      an independent copy of this SelectFilter.