Return-Path: 
 <user-return-12355-apmail-cassandra-user-archive=cassandra.apache.org@cassandra.apache.org>
Delivered-To: apmail-cassandra-user-archive@www.apache.org
Received: (qmail 77645 invoked from network); 21 Jan 2011 17:09:05 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 21 Jan 2011 17:09:05 -0000
Received: (qmail 2348 invoked by uid 500); 21 Jan 2011 17:09:03 -0000
Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org
Received: (qmail 2293 invoked by uid 500); 21 Jan 2011 17:09:01 -0000
Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@cassandra.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@cassandra.apache.org>
List-Post: <mailto:user@cassandra.apache.org>
List-Id: <user.cassandra.apache.org>
Reply-To: user@cassandra.apache.org
Delivered-To: mailing list user@cassandra.apache.org
Received: (qmail 2285 invoked by uid 99); 21 Jan 2011 17:09:01 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jan 2011 17:09:01 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [67.192.241.161] (HELO smtp161.dfw.emailsrvr.com)
 (67.192.241.161)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Jan 2011 17:08:54 +0000
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp6.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 13CC52702AD
	for <user@cassandra.apache.org>; Fri, 21 Jan 2011 12:08:31 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp6.relay.dfw1a.emailsrvr.com (Authenticated sender:
 eevans-AT-racklabs.com) with ESMTPSA id EB2592701BC
	for <user@cassandra.apache.org>; Fri, 21 Jan 2011 12:08:30 -0500 (EST)
Subject: Re: The authorize method of IAuthority
From: Eric Evans <eevans@rackspace.com>
To: user@cassandra.apache.org
In-Reply-To: <AANLkTinX1WDJhitziVFK-y3kwdKnGsTdkxnrMJYKfDbz@mail.gmail.com>
References: <AANLkTinX1WDJhitziVFK-y3kwdKnGsTdkxnrMJYKfDbz@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 21 Jan 2011 11:11:15 -0600
Message-ID: <1295629875.23628.51.camel@erebus.lan>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3 
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

On Fri, 2011-01-21 at 22:45 +0600, indika kumara wrote:
> Shouldn't the existing method be changed to the following?
> 
> public boolean authorize(AuthenticatedUser user, List<Object>
> resource,
> Permission permission);   // checks the authority for a given user for
> a
> given resource for a given permission

I don't think so, no.  This method is answering the question, "Given a
resource, what is this user allowed to do?".  It's the job of
o.a.c.service.ClientState to call authorize() and determine if the set
of returned Permissions allows a given operation on that resource.

If you don't want the additional granularity you can simple return
Permission.ALL.

> The existing method:
> 
> public EnumSet<Permission> authorize(AuthenticatedUser user,
> List<Object>
> resource);
> 
> I noticed that we retrieved all permissions and checks
> 'perms.contains(perm)'  ... May permissions be cached at later?

Classes implementing IAuthority are free to perform caching as they see
fit, yes.

-- 
Eric Evans
eevans@rackspace.com