public override bool CheckPermission(AccessType accessType, PrivilegedEntity target , UserGroupInformation user) { bool ret = false; IDictionary <AccessType, AccessControlList> acls = allAcls[target]; if (acls != null) { AccessControlList list = acls[accessType]; if (list != null) { ret = list.IsUserAllowed(user); } } // recursively look up the queue to see if parent queue has the permission. if (target.GetType() == PrivilegedEntity.EntityType.Queue && !ret) { string queueName = target.GetName(); if (!queueName.Contains(".")) { return(ret); } string parentQueueName = Sharpen.Runtime.Substring(queueName, 0, queueName.LastIndexOf (".")); return(CheckPermission(accessType, new PrivilegedEntity(target.GetType(), parentQueueName ), user)); } return(ret); }
/// <summary>Set ACLs for the target object.</summary> /// <remarks> /// Set ACLs for the target object. AccessControlList class encapsulate the /// users and groups who can access the target. /// </remarks> /// <param name="target">The target object.</param> /// <param name="acls"> /// A map from access method to a list of users and/or groups who has /// permission to do the access. /// </param> /// <param name="ugi">User who sets the permissions.</param> public abstract void SetPermission(PrivilegedEntity target, IDictionary <AccessType , AccessControlList> acls, UserGroupInformation ugi);
/// <summary>Check if user has the permission to access the target object.</summary> /// <param name="accessType">The type of accessing method.</param> /// <param name="target">The target object being accessed, e.g. app/queue</param> /// <param name="user">User who access the target</param> /// <returns>true if user can access the object, otherwise false.</returns> public abstract bool CheckPermission(AccessType accessType, PrivilegedEntity target , UserGroupInformation user);
public override void SetPermission(PrivilegedEntity target, IDictionary <AccessType , AccessControlList> acls, UserGroupInformation ugi) { allAcls[target] = acls; }