geode-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Smith <dsm...@pivotal.io>
Subject Re: [DISCUSS] authorizing function execution
Date Thu, 17 Aug 2017 20:41:23 GMT
On Thu, Aug 17, 2017 at 12:10 PM, Swapnil Bawaskar <sbawaskar@pivotal.io>
wrote:

> So, it sounds like if we did #1 above: i.e:
> 1) externalize SecurityService so that function author can use it in the
> function.execute code to check authorization.
>
> we could get this to work with lambdas:
> ResultCollector rc = getExecution().execute(context ->
>   context.getCache().getSecurityService().authorizeRead();
>   // perform read
>   context.getResultSender().lastResult(result)
> );
>

I'm a bit confused by this proposal. The current behavior is that a
function requires write. Are you saying that we will change that so that
anyone can execute a function, and then all functions need to call this
method to check for what authorization level they want? I think we should
keep the current behavior of requiring write access by default. Which means
the develop needs a way override the permission level *before* the function
executes.

You could technically make marker interfaces work with lambdas, or if we
provide annotations, users can create their own marker interfaces.

execute((ReadOnlyFunction) context -> ....)

-Dan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message