AuthorizationManager.java example

Explorer
hydra-master
/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.addthis.hydra.job.auth;

import java.io.Closeable;
import java.io.IOException;

/**
 * Clients outside this package should not communicate
 * directly with AuthorizationManagers. They should use the
 * {@link PermissionsManager} API for authentication.
 */
abstract class AuthorizationManager implements Closeable {

    /**
     * Returns true if the user is able to update the asset.
     * The user is either authorized to update the asset through
     * the permissions model of this authorization manager,
     * or optionally the sudo token can be tested to grant sudo
     * access to update the asset.
     * @param user
     * @param sudoToken
     * @param asset
     * @return true if write permission is granted
     */
    abstract boolean isWritable(User user, String sudoToken, WritableAsset asset);

    /**
     * Returns true if the user is able to start or stop the asset.
     * The user is either authorized to update the asset through
     * the permissions model of this authorization manager,
     * or optionally the sudo token can be tested to grant sudo
     * access to update the asset.
     * @param user
     * @param sudoToken
     * @param asset
     * @return true if write permission is granted
     */
    abstract boolean isExecutable(User user, String sudoToken, ExecutableAsset asset);

    /**
     * Returns true if the user is able to modify permissions on the asset.
     * The authorization manager is allowed to be more permissive than the POSIX specification
     * which only allows the user or typically root to modify permissions.
     *
     * @param user
     * @param sudoToken
     * @param asset
     * @return true if write permission is granted
     */
    abstract boolean canModifyPermissions(User user, String sudoToken, WritableAsset asset);

    /**
     * Tests the provided sudo token and returns true
     * if the user is allowed to perform an administrative action,
     * such as quiescing the cluster.
     *
     * @param user
     * @param sudoToken
     * @return true if admin permission is granted
     */
    abstract boolean adminAction(User user, String sudoToken);

    /**
     * Grant a sudo token to the user or return null if no token
     * is granted. The {@code admin} parameter informs the authorization
     * manager if the user is an administrative user.
     *
     * @param user
     * @param admin
     * @return either token or null value to deny
     */
    abstract String sudo(User user, boolean admin);

    /**
     * Performs any logout activities such as clearing
     * the sudo cache.
     */
    abstract void logout(String username);

    @Override
    public void close() throws IOException {}

}