Package com.illumon.iris.db.v2.permissions

Interface DbAclProvider

All Known Subinterfaces:
DbAclGuiHelper
All Known Implementing Classes:
EtcdDbAclGuiHelper, EtcdDbAclProvider, MysqlDbAclGuiHelper, MysqlDbAclProvider, PermissionFilterProviderEtcdImpl, PermissionFilterProviderMysqlImpl, UnauthenticatedPermissionFilterProviderEtcdImpl, UnauthenticatedPermissionFilterProviderMysqlImpl
public interface DbAclProvider
interface that defines the various get methods that an Acl Provider should support

  • Method Details

    • getFilterDetailsForUser

      @NotNull List<PermissionFilterProvider.FilterDetails> getFilterDetailsForUser(io.deephaven.enterprise.auth.UserContext userContext)
      Gets the tableacls permissions filters for an effective user
      Parameters:
      userContext - The UserContext from which the effective username to filter will be obtained
      Returns:
      A List of PermissionFilterProvider.FilterDetails for the effective user

    • retrieveRowAcls

      @NotNull Collection<String> retrieveRowAcls(String effectiveUser, String namespace, String tableName)
      Returns the most specific tableacl per group for a specific user, namespace, and table.
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in tableacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in tableacls
      Returns:
      A Collection of tableacls filters.

    • retrieveColumnAcls

      @NotNull Map<String,List<com.fishlib.base.Pair<String,String>>> retrieveColumnAcls(String effectiveUser, String namespace, String tableName)
      Returns the most specific Column ACL per group for a specific user, namespace, and table.
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in columnacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in columnacls
      Returns:
      A Map of group names to Lists of columns and filter pairs.

    • canEditInputTable

      boolean canEditInputTable(String effectiveUser, String namespace, String tableName)
      Checks whether a user has rights to edit an input table
      Parameters:
      effectiveUser - The user for whom permissions should be checked
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the user has an effective canedit grant, otherwise false

    • canAnyoneEditInputTable

      boolean canAnyoneEditInputTable(String namespace, String tableName)
      Checks whether an input table can be edited by all users
      Parameters:
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the input table can be edited by all users, otherwise false

    • getAccountsForUser

      @NotNull String[] getAccountsForUser(String effectiveUser)
      Retrieves all strategy accounts associated with a user, directly or through group membership
      Parameters:
      effectiveUser - The user for whom strategy account access should be checked
      Returns:
      An array of String of associated strategy accounts

    • getAllUsers

      @NotNull String[] getAllUsers()
      Retrieves all user accounts in the system
      Returns:
      An array of String of usernames

    • getAllGroups

      @NotNull String[] getAllGroups()
      Retrieves all groups accounts in the system
      Returns:
      An array of String of groups names

    • getAllStrategies

      @NotNull String[] getAllStrategies() throws AclStoreException
      Retrieves all strategy names by unioning strategies in strategyaccount with those in groupstrategy
      Returns:
      An array of String of strategy names
      Throws:
      AclStoreException - when operation results in backing store errors

    • getAllAccounts

      @NotNull String[] getAllAccounts() throws AclStoreException
      Retrieves all strategy accounts in the system
      Returns:
      An array of String of strategy account names
      Throws:
      AclStoreException - when operation results in backing store errors

    • getAccountsForStrategy

      @NotNull String[] getAccountsForStrategy(String strategy)
      Retrieves all strategy accounts associated with a particular strategy
      Parameters:
      strategy - The strategy name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategyForAccount

      @NotNull String[] getStrategyForAccount(String account)
      Retrieves all strategies associated with a particular strategy account
      Parameters:
      account - The strategy account name for which to filter strategies
      Returns:
      An array of String of strategy account names

    • getAccountsForGroup

      @NotNull String[] getAccountsForGroup(String group)
      Retrieves all strategy accounts associated with a particular group
      Parameters:
      group - The group name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategiesForGroup

      @NotNull String[] getStrategiesForGroup(String group)
      Retrieves all strategies associated with a particular group
      Parameters:
      group - The group name for which to filter strategies
      Returns:
      An array of String of strategy names

    • groupStrategyExists

      boolean groupStrategyExists(String groupName, String strategy)
      Checks whether a particular association of a group and a strategy exists
      Parameters:
      groupName - The group name to check
      strategy - The strategy name to check
      Returns:
      True if the mapping exists, false if it does not

    • getGroupsForUser

      @NotNull String[] getGroupsForUser(String effectiveUser)
      Get the groups to which a user is mapped
      Parameters:
      effectiveUser - The String name of the user to find groups for
      Returns:
      A String array of groups mapped to this user

    • getStrategiesForUser

      @NotNull String[] getStrategiesForUser(String effectiveUser)
      Retrieves all strategies associated with a particular user, either directly or through group membership
      Parameters:
      effectiveUser - The user for whom strategy access should be checked
      Returns:
      An array of String of strategy names

    • getUsersForGroup

      @NotNull String[] getUsersForGroup(String group)
      Get the users that are members of a group
      Parameters:
      group - The String name of the group to find users for
      Returns:
      A String array of users with membership in this group

    • changePassword

      void changePassword(String user, String passwordHash) throws AclStoreException
      Changes the password of a user entry in passwd
      Parameters:
      user - The user for which the password should be updated
      passwordHash - The new password value to store
      Throws:
      AclStoreException - when operation results in backing store errors

    • getSystemUsers

      @NotNull String[] getSystemUsers()
      Returns an array of systemusers.
      Returns:
      A String array of distinct systemuser names, sorted.

    • getPasswdsForMigration

      @NotNull List<com.fishlib.base.Pair<String,String>> getPasswdsForMigration()
      Returns user and password entries from the passwd table. Intended for use during ACL exports and/or data migration between MySQL and Etcd ACL stores.
      Returns:
      A List of Pair&lt;String,String&gt; objects which contain a user and password entry.

    • getRunAsUserMap

      @NotNull Map<String,String> getRunAsUserMap()
      Returns a map of usernames to systemuser names
      Returns:
      a map of usernames to systemuser names

    • getRunAsUser

      String getRunAsUser(String effectiveUser)
      Returns the systemuser to which the effectiveUser is mapped, or null if no mapping exists.
      Parameters:
      effectiveUser - The user for which a mapped systemuser name should be retrieved.
      Returns:
      the String systemuser to which the effectiveUser is mapped, or null if no mapping exists.

    • getPublicKeys

      @NotNull List<PublicKeyRecord> getPublicKeys(String user)
      Retrieve the public key data in the ACL database for the user. If the user is null then all keys are retrieved.
      Parameters:
      user - The user identifier.
      Returns:
      A list of PublicKeyRecord objects containing the user, the base64-encoded PublicKey key value, and a comment.

    • getPublicKeys

      @NotNull List<PublicKeyRecord> getPublicKeys()
      Retrieve all public key data in the ACL database. Has the same effect as calling getPublicKeys(String) with a null user parameter.
      Returns:
      A list of PublicKeyRecord objects containing the user, the base64-encoded PublicKey key value, and a comment.

    • close

      void close()
      For MySql, used when a ContextAwareRemoteQuery needs a connection that is discarded quickly. No effect for etcd.