mirror of
https://github.com/datahub-project/datahub.git
synced 2025-11-13 09:52:46 +00:00
feat Add more granular USERS and GROUPS privileges (#12637)
Co-authored-by: Diogo Vala <diogo.vala@swisscom.com> Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com>
This commit is contained in:
DiogoVala
GitHub
parent
3c748c1b3c
commit
4c00e39b96
@ -71,6 +71,18 @@ public class PoliciesConfig {
|
|||||||
"Update Users & Groups",
|
"Update Users & Groups",
|
||||||
"Update users and groups on DataHub.");
|
"Update users and groups on DataHub.");
|
||||||
|
|
||||||
|
static final Privilege CREATE_USERS_PRIVILEGE =
|
||||||
|
Privilege.of("CREATE_USERS", "Create Users", "Create users on DataHub.");
|
||||||
|
|
||||||
|
static final Privilege UPDATE_USERS_PRIVILEGE =
|
||||||
|
Privilege.of("UPDATE_USERS", "Update Users", "Update users on DataHub.");
|
||||||
|
|
||||||
|
static final Privilege CREATE_GROUPS_PRIVILEGE =
|
||||||
|
Privilege.of("CREATE_GROUPS", "Create Groups", "Create groups on DataHub.");
|
||||||
|
|
||||||
|
static final Privilege UPDATE_GROUPS_PRIVILEGE =
|
||||||
|
Privilege.of("UPDATE_GROUPS", "Update Groups", "Update groups on DataHub.");
|
||||||
|
|
||||||
private static final Privilege VIEW_ANALYTICS_PRIVILEGE =
|
private static final Privilege VIEW_ANALYTICS_PRIVILEGE =
|
||||||
Privilege.of("VIEW_ANALYTICS", "View Analytics", "View the DataHub analytics dashboard.");
|
Privilege.of("VIEW_ANALYTICS", "View Analytics", "View the DataHub analytics dashboard.");
|
||||||
|
|
||||||
@ -206,6 +218,10 @@ public class PoliciesConfig {
|
|||||||
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
CREATE_USERS_AND_GROUPS_PRIVILEGE,
|
CREATE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
|
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
CREATE_USERS_PRIVILEGE,
|
||||||
|
UPDATE_USERS_PRIVILEGE,
|
||||||
|
CREATE_GROUPS_PRIVILEGE,
|
||||||
|
UPDATE_GROUPS_PRIVILEGE,
|
||||||
VIEW_ANALYTICS_PRIVILEGE,
|
VIEW_ANALYTICS_PRIVILEGE,
|
||||||
GET_ANALYTICS_PRIVILEGE,
|
GET_ANALYTICS_PRIVILEGE,
|
||||||
MANAGE_DOMAINS_PRIVILEGE,
|
MANAGE_DOMAINS_PRIVILEGE,
|
||||||
@ -1092,17 +1108,23 @@ public class PoliciesConfig {
|
|||||||
.put(
|
.put(
|
||||||
ApiOperation.CREATE,
|
ApiOperation.CREATE,
|
||||||
Disjunctive.disjoint(
|
Disjunctive.disjoint(
|
||||||
CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
|
CREATE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
CREATE_USERS_PRIVILEGE,
|
||||||
|
UPDATE_USERS_PRIVILEGE))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.READ,
|
ApiOperation.READ,
|
||||||
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ))
|
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.UPDATE,
|
ApiOperation.UPDATE,
|
||||||
Disjunctive.disjoint(
|
Disjunctive.disjoint(
|
||||||
UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
|
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
UPDATE_USERS_PRIVILEGE))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.DELETE,
|
ApiOperation.DELETE,
|
||||||
Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE))
|
Disjunctive.disjoint(
|
||||||
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE, UPDATE_USERS_PRIVILEGE))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.EXISTS,
|
ApiOperation.EXISTS,
|
||||||
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.EXISTS))
|
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.EXISTS))
|
||||||
@ -1113,17 +1135,23 @@ public class PoliciesConfig {
|
|||||||
.put(
|
.put(
|
||||||
ApiOperation.CREATE,
|
ApiOperation.CREATE,
|
||||||
Disjunctive.disjoint(
|
Disjunctive.disjoint(
|
||||||
CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
|
CREATE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
CREATE_GROUPS_PRIVILEGE,
|
||||||
|
UPDATE_GROUPS_PRIVILEGE))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.READ,
|
ApiOperation.READ,
|
||||||
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ))
|
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.UPDATE,
|
ApiOperation.UPDATE,
|
||||||
Disjunctive.disjoint(
|
Disjunctive.disjoint(
|
||||||
UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
|
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
|
||||||
|
UPDATE_GROUPS_PRIVILEGE))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.DELETE,
|
ApiOperation.DELETE,
|
||||||
Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE))
|
Disjunctive.disjoint(
|
||||||
|
MANAGE_USERS_AND_GROUPS_PRIVILEGE, UPDATE_GROUPS_PRIVILEGE))
|
||||||
.put(
|
.put(
|
||||||
ApiOperation.EXISTS,
|
ApiOperation.EXISTS,
|
||||||
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.EXISTS))
|
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.EXISTS))
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user