Package org.teiid.dqp.internal.process
Class DataRolePolicyDecider
- java.lang.Object
-
- org.teiid.dqp.internal.process.DataRolePolicyDecider
-
- All Implemented Interfaces:
PolicyDecider
public class DataRolePolicyDecider extends Object implements PolicyDecider
-
-
Constructor Summary
Constructors Constructor Description DataRolePolicyDecider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<AbstractMetadataRecord>getInaccessibleResources(DataPolicy.PermissionType action, Set<AbstractMetadataRecord> resources, DataPolicy.Context context, CommandContext commandContext)Returns the set of resources not allowed to be accessed by the current user.DataPolicy.ResourceTypegetResourceType(AbstractMetadataRecord record)booleanhasRole(String roleName, CommandContext context)Called by the system hasRole function to determine role membership.booleanisLanguageAllowed(String language, CommandContext commandContext)Returns true if the given language is allowedbooleanisTempAccessible(DataPolicy.PermissionType action, AbstractMetadataRecord resource, DataPolicy.Context context, CommandContext commandContext)Checks if the temp table are accessible.voidsetAllowCreateTemporaryTablesByDefault(boolean allowCreateTemporaryTablesByDefault)voidsetAllowFunctionCallsByDefault(boolean allowFunctionCallsDefault)booleanvalidateCommand(CommandContext commandContext)Determines if an authorization check should proceed
-
-
-
Method Detail
-
getInaccessibleResources
public Set<AbstractMetadataRecord> getInaccessibleResources(DataPolicy.PermissionType action, Set<AbstractMetadataRecord> resources, DataPolicy.Context context, CommandContext commandContext)
Description copied from interface:PolicyDeciderReturns the set of resources not allowed to be accessed by the current user.- Specified by:
getInaccessibleResourcesin interfacePolicyDecider- Parameters:
action- if context is METADATA, then action execute means a procedure or function, and read some other resourcecontext- in which the action is performed. For example you can have a context ofDataPolicy.Context.UPDATEfor aDataPolicy.PermissionType.READfor columns used in an UPDATE condition.- Returns:
- the set of inaccessible resources, never null
-
isLanguageAllowed
public boolean isLanguageAllowed(String language, CommandContext commandContext)
Description copied from interface:PolicyDeciderReturns true if the given language is allowed- Specified by:
isLanguageAllowedin interfacePolicyDecider- Returns:
-
hasRole
public boolean hasRole(String roleName, CommandContext context)
Description copied from interface:PolicyDeciderCalled by the system hasRole function to determine role membership.- Specified by:
hasRolein interfacePolicyDecider- Returns:
- true if the user has the given role name, otherwise false
-
isTempAccessible
public boolean isTempAccessible(DataPolicy.PermissionType action, AbstractMetadataRecord resource, DataPolicy.Context context, CommandContext commandContext)
Description copied from interface:PolicyDeciderChecks if the temp table are accessible. Typically as long as temp tables can be created, all operations are allowed.- Specified by:
isTempAccessiblein interfacePolicyDeciderresource- will be null for general temp accesscontext- in which the action is performed. For example you can have a context ofDataPolicy.Context.UPDATEfor aDataPolicy.PermissionType.READfor columns used in an UPDATE condition.- Returns:
- true if the access is allowed, otherwise false
-
setAllowCreateTemporaryTablesByDefault
public void setAllowCreateTemporaryTablesByDefault(boolean allowCreateTemporaryTablesByDefault)
-
setAllowFunctionCallsByDefault
public void setAllowFunctionCallsByDefault(boolean allowFunctionCallsDefault)
-
validateCommand
public boolean validateCommand(CommandContext commandContext)
Description copied from interface:PolicyDeciderDetermines if an authorization check should proceed- Specified by:
validateCommandin interfacePolicyDecider- Returns:
-
getResourceType
public DataPolicy.ResourceType getResourceType(AbstractMetadataRecord record)
-
-