Thanks Stu for the information. I have not still looked deeper at the internals of the Cassandra. I just thought the operations such as insert, system_add_column_family, system_add_keyspace in 'Cassandra.Iface' imply an 'add' operation. I just wanted to pass that action to the 'authrorize' method, so that I can give the authority to the user for the resource dynamically prior to do adding. Like a creating a file in the file system - owner gets the read/write authority implicitly.  Is it incorrect to decide the 'action' going to be done based on the operations(methods) in 'Cassandra.Iface'? I would glad to know your opinion.

Thanks,

Indika

On Tue, Feb 1, 2011 at 3:45 AM, Stu Hood <stuhood@gmail.com> wrote:
Our intention was that if you wanted to add another permission like "update" (a subset of "write") then you would return it from the method as part of the EnumSet<Permission> for that resource. I would see how much trouble it would be to add a new Permission value for "update".

Note that Cassandra itself doesn't make a distinction between "update" and "add", because we don't (and probably can't, without locking?) look for an existing value while doing an insert. This would probably be a larger patch than you think.

On Mon, Jan 31, 2011 at 1:54 AM, indika kumara <indika@apache.org> wrote:
Hi All,

Currently, there are two permissions - read and write, and there is no way to know the current operation being performed such as add, update, etc. If the operation is 'add', as the user is already logged into the system, I would like to authorize the user for the resource going to add. I think it is a valid use case, as the creator of a resource implicitly need to have the authority to access it.

Current method

public EnumSet<Permission> authorize(AuthenticatedUser user, List<Object> resource);

Purposed method

ission> authorize(AuthenticatedUser user, List<Object> resource, Action action);    // Action is a enum and can be 'add', 'update', 'delete', etc.

WDYT?

Thanks,

Indika