chore(core): auth framework refactoring (#3697)

ef652a43 · Bolek Ziobrowski · GitHub · b957091a · ef652a43 · ef652a43
5 changed file
--- a/core/src/main/java/io/questdb/cairo/SecurityContext.java
+++ b/core/src/main/java/io/questdb/cairo/SecurityContext.java
@@ -109,21 +109,25 @@ public interface SecurityContext {
    void authorizeSelect(TableToken tableToken, @NotNull ObjList<CharSequence> columnNames);
-    void authorizeShowUser(CharSequence userName);
+    default void authorizeSelectOnAnyColumn(TableToken tableToken) {
+        //TODO: make non-default 
-    void authorizeShowUsers();
+    }
    void authorizeShowGroups();
    void authorizeShowGroups(CharSequence userName);
+    void authorizeShowPermissions(CharSequence entityName);
    void authorizeShowServiceAccount(CharSequence serviceAccountName);
    void authorizeShowServiceAccounts();
    void authorizeShowServiceAccounts(CharSequence userOrGroupName);
-    void authorizeShowPermissions(CharSequence entityName);
+    void authorizeShowUser(CharSequence userName);
+    void authorizeShowUsers();
    void authorizeTableBackup(ObjHashSet<TableToken> tableTokens);

--- a/core/src/main/java/io/questdb/cairo/security/AllowAllSecurityContext.java
+++ b/core/src/main/java/io/questdb/cairo/security/AllowAllSecurityContext.java
@@ -183,19 +183,19 @@ public class AllowAllSecurityContext implements SecurityContext {
    }
    @Override
-    public void authorizeShowUser(CharSequence userName) {
+    public void authorizeSelectOnAnyColumn(TableToken tableToken) {
    }
    @Override
-    public void authorizeShowUsers() {
+    public void authorizeShowGroups() {
    }
    @Override
-    public void authorizeShowGroups() {
+    public void authorizeShowGroups(CharSequence userName) {
    }
    @Override
-    public void authorizeShowGroups(CharSequence userName) {
+    public void authorizeShowPermissions(CharSequence entityName) {
    }
    @Override
@@ -211,7 +211,11 @@ public class AllowAllSecurityContext implements SecurityContext {
    }
    @Override
-    public void authorizeShowPermissions(CharSequence entityName) {
+    public void authorizeShowUser(CharSequence userName) {
+    }
+    @Override
+    public void authorizeShowUsers() {
    }
    @Override

--- a/core/src/main/java/io/questdb/cairo/security/DenyAllSecurityContext.java
+++ b/core/src/main/java/io/questdb/cairo/security/DenyAllSecurityContext.java
@@ -38,22 +38,22 @@ public class DenyAllSecurityContext extends ReadOnlySecurityContext {
    }
    @Override
-    public void authorizeShowUser(CharSequence userName) {
+    public void authorizeSelectOnAnyColumn(TableToken tableToken) {
        throw CairoException.nonCritical().put("permission denied");
    }
    @Override
-    public void authorizeShowUsers() {
+    public void authorizeShowGroups() {
        throw CairoException.nonCritical().put("permission denied");
    }
    @Override
-    public void authorizeShowGroups() {
+    public void authorizeShowGroups(CharSequence userName) {
        throw CairoException.nonCritical().put("permission denied");
    }
    @Override
-    public void authorizeShowGroups(CharSequence userName) {
+    public void authorizeShowPermissions(CharSequence entityName) {
        throw CairoException.nonCritical().put("permission denied");
    }
@@ -73,7 +73,12 @@ public class DenyAllSecurityContext extends ReadOnlySecurityContext {
    }
    @Override
-    public void authorizeShowPermissions(CharSequence entityName) {
+    public void authorizeShowUser(CharSequence userName) {
+        throw CairoException.nonCritical().put("permission denied");
+    }
+    @Override
+    public void authorizeShowUsers() {
        throw CairoException.nonCritical().put("permission denied");
    }
 }
--- a/core/src/main/java/io/questdb/cairo/security/ReadOnlySecurityContext.java
+++ b/core/src/main/java/io/questdb/cairo/security/ReadOnlySecurityContext.java
@@ -219,19 +219,19 @@ public class ReadOnlySecurityContext implements SecurityContext {
    }
    @Override
-    public void authorizeShowUser(CharSequence userName) {
+    public void authorizeSelectOnAnyColumn(TableToken tableToken) {
    }
    @Override
-    public void authorizeShowUsers() {
+    public void authorizeShowGroups() {
    }
    @Override
-    public void authorizeShowGroups() {
+    public void authorizeShowGroups(CharSequence userName) {
    }
    @Override
-    public void authorizeShowGroups(CharSequence userName) {
+    public void authorizeShowPermissions(CharSequence entityName) {
    }
    @Override
@@ -247,7 +247,11 @@ public class ReadOnlySecurityContext implements SecurityContext {
    }
    @Override
-    public void authorizeShowPermissions(CharSequence entityName) {
+    public void authorizeShowUser(CharSequence userName) {
+    }
+    @Override
+    public void authorizeShowUsers() {
    }
    @Override

--- a/core/src/test/java/io/questdb/test/cairo/SecurityContextTest.java
+++ b/core/src/test/java/io/questdb/test/cairo/SecurityContextTest.java
@@ -151,7 +151,8 @@ public class SecurityContextTest {
                            } else {
                                method.invoke(sc, ONE_PARAM_ARGS);
                            }
-                            if (name.startsWith("authorizeShow")) {
+                            if (name.startsWith("authorizeShow")
+                                    || name.startsWith("authorizeSelect")) {
                                continue;
                            }
                            Assert.fail();