Package io.stargate.auth

Interface AuthorizationProcessor

public interface AuthorizationProcessor

An abstraction of the authorization command processor in Stargate.

This interface is intended to broadly cover the functionality of CQL GRANT/REVOKE commands in a programmatic API.

Method Summary

Modifier and Type	Method	Description
CompletionStage<Void>	addPermissions(Actor performer, AuthorizationOutcome outcome, PermissionKind kind, Collection<AccessPermission> permissions, AuthorizedResource resource, EntitySelector grantee)	Grants grantee the specified access permissions on the specified resource.
CompletionStage<Void>	removePermissions(Actor performer, AuthorizationOutcome outcome, PermissionKind kind, Collection<AccessPermission> permissions, AuthorizedResource resource, EntitySelector grantee)	Revokes the specified access permissions on the specified resource from the grantee.

Method Detail

addPermissions

CompletionStage<Void> addPermissions(Actor performer,
                                     AuthorizationOutcome outcome,
                                     PermissionKind kind,
                                     Collection<AccessPermission> permissions,
                                     AuthorizedResource resource,
                                     EntitySelector grantee)

Grants grantee the specified access permissions on the specified resource. Note that access can be positive (AuthorizationOutcome.ALLOW or negative AuthorizationOutcome.DENY. Negative permissions have precedence over positive permissions.

Parameters:

performer - the user under whose authority the grant operation is performed

outcome - whether operations under the specified permissions are allowed or denied

kind - whether permission is granted to access the resource or control access to it

permissions - the list of permissions to be granted

resource - the resource whose access permissions are granted

grantee - the role receiving the permissions

Returns:

the CompletionStage tracking the progress of the grant operation.

removePermissions

CompletionStage<Void> removePermissions(Actor performer,
                                        AuthorizationOutcome outcome,
                                        PermissionKind kind,
                                        Collection<AccessPermission> permissions,
                                        AuthorizedResource resource,
                                        EntitySelector grantee)

Revokes the specified access permissions on the specified resource from the grantee. Note that revoking a negative permission is essentially widening access to the resource.

Parameters:

performer - the user under whose authority the revocation operation is performed

outcome - whether operations under the specified permissions are allowed or denied

kind - whether permission is granted to access the resource or control access to it

permissions - the list of permissions to be revoked

resource - the resource whose access permissions are revoked

grantee - the role whose permissions are revoked

Returns:

the CompletionStage tracking the progress of the grant operation.