Package org.teiid.dqp.internal.process
Interface AuthorizationValidator
-
- All Known Implementing Classes:
DefaultAuthorizationValidator
public interface AuthorizationValidator
Defines a validator that checks for proper authorization.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
AuthorizationValidator.CommandType
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
hasRole(String roleName, CommandContext commandContext)
Uses the context or other information to determine if the current user has the given role name.boolean
isAccessible(AbstractMetadataRecord record, CommandContext commandContext)
Determines if the metadata record is accessible in system queriesboolean
validate(String[] originalSql, Command command, QueryMetadataInterface metadata, CommandContext commandContext, AuthorizationValidator.CommandType commandType)
Validates the given command.
-
-
-
Method Detail
-
validate
boolean validate(String[] originalSql, Command command, QueryMetadataInterface metadata, CommandContext commandContext, AuthorizationValidator.CommandType commandType) throws QueryValidatorException, TeiidComponentException
Validates the given command. If the command is not aAuthorizationValidator.CommandType.USER
command, the command object should not be modified. Any modification must be fully resolved using the associatedQueryMetadataInterface
. Returning true for aAuthorizationValidator.CommandType.PREPARED
orAuthorizationValidator.CommandType.CACHED
commands means that the matching prepared plan or cache entry will not be used.- Parameters:
originalSql
- array of commands will typically contain only a single string, but may have multiple for batched updates.command
- the parsed and resolved command.metadata
-commandContext
-commandType
-- Returns:
- true if the USER command was modified, or if the non-USER command should be modified.
- Throws:
QueryValidatorException
TeiidComponentException
-
hasRole
boolean hasRole(String roleName, CommandContext commandContext)
Uses the context or other information to determine if the current user has the given role name.- Parameters:
roleName
-commandContext
-- Returns:
- true if the current user has the given role
-
isAccessible
boolean isAccessible(AbstractMetadataRecord record, CommandContext commandContext)
Determines if the metadata record is accessible in system queries- Parameters:
record
-commandContext
-- Returns:
-
-