cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stu Hood <stuh...@gmail.com>
Subject Re: A Question about authorize method of IAuthority
Date Mon, 31 Jan 2011 21:45:03 GMT
Our intention was that if you wanted to add another permission like "update"
(a subset of "write") then you would return it from the method as part of
the EnumSet<Permission> for that resource. I would see how much trouble it
would be to add a new Permission value for "update".

Note that Cassandra itself doesn't make a distinction between "update" and
"add", because we don't (and probably can't, without locking?) look for an
existing value while doing an insert. This would probably be a larger patch
than you think.

On Mon, Jan 31, 2011 at 1:54 AM, indika kumara <indika@apache.org> wrote:

> Hi All,
>
> Currently, there are two permissions - read and write, and there is no way
> to know the current operation being performed such as add, update, etc. If
> the operation is 'add', as the user is already logged into the system, I
> would like to authorize the user for the resource going to add. I think it
> is a valid use case, as the creator of a resource implicitly need to have
> the authority to access it.
>
> Current method
>
> public EnumSet<Permission> authorize(AuthenticatedUser user, List<Object>
> resource);
>
> Purposed method
>
> ission> authorize(AuthenticatedUser user, List<Object> resource, Action
> action);    // Action is a enum and can be 'add', 'update', 'delete', etc.
>
> WDYT?
>
> Thanks,
>
> Indika
>

Mime
View raw message