cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Evans <eev...@rackspace.com>
Subject Re: The authorize method of IAuthority
Date Fri, 21 Jan 2011 17:11:15 GMT
On Fri, 2011-01-21 at 22:45 +0600, indika kumara wrote:
> Shouldn't the existing method be changed to the following?
> 
> public boolean authorize(AuthenticatedUser user, List<Object>
> resource,
> Permission permission);   // checks the authority for a given user for
> a
> given resource for a given permission

I don't think so, no.  This method is answering the question, "Given a
resource, what is this user allowed to do?".  It's the job of
o.a.c.service.ClientState to call authorize() and determine if the set
of returned Permissions allows a given operation on that resource.

If you don't want the additional granularity you can simple return
Permission.ALL.

> The existing method:
> 
> public EnumSet<Permission> authorize(AuthenticatedUser user,
> List<Object>
> resource);
> 
> I noticed that we retrieved all permissions and checks
> 'perms.contains(perm)'  ... May permissions be cached at later?

Classes implementing IAuthority are free to perform caching as they see
fit, yes.

-- 
Eric Evans
eevans@rackspace.com


Mime
View raw message