brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ahgittin <>
Subject [GitHub] incubator-brooklyn pull request: entitlements scheme proposal
Date Mon, 30 Jun 2014 09:24:00 GMT
Github user ahgittin commented on a diff in the pull request:
    --- Diff: api/src/main/java/brooklyn/management/entitlement/ ---
    @@ -0,0 +1,16 @@
    +import javax.annotation.Nonnull;
    +import javax.annotation.Nullable;
    + * Entitlement lookup relies on:
    + * <li>an "entitlement context", consisting of at minimum a string identifier of
the user/actor for which entitlement is being requested
    + * <li>an "entitlement class", representing the category of activity for which
entitlement is being requested
    + * <li>an "entitlement class argument", representing the specifics of the activity
for which entitlement is being requested 
    + */
    +public interface EntitlementManager {
    +    public <T> boolean isEntitled(@Nullable EntitlementContext context, @Nonnull
EntitlementClass<T> entitlementClass, @Nullable T entitlementClassArgument);
    --- End diff --
    whatever initiates the outermost activity needs to set the `EntitlementContext` on a task
or other `ThreadLocal`.  for REST calls there is a clear temporal wrap around this.
    but for other calls there is not.  there is not even any identifiable user logged in at
that point.  e.g. if when launching we've said to launch `--app Foo` ... so i think it is
another (big) chunk of work to apply entitlements to contexts other than REST.
    we could have some logic which says `if (threadLocalEntitlementContext==null) then use
SystemEntitlementContext` but that feels messy, I'd rather say it's null for now, and then
in time perhaps find a way to say something better

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message