diff options
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java index 588aac4e3ad..d3940ac631f 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java @@ -1,8 +1,13 @@ // Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.role; +import com.yahoo.config.provision.SystemName; + +import java.security.Principal; import java.util.Map; import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; /** * A list of roles and their associated contexts. This defines the role membership of a tenant, and in which contexts @@ -12,12 +17,19 @@ import java.util.Set; */ public class RoleMembership { + private static final RoleMembership everyone = new RoleMembership(Map.of(Role.everyone, + Stream.of(SystemName.values()) + .map(Context::unlimitedIn) + .collect(Collectors.toUnmodifiableSet()))); + private final Map<Role, Set<Context>> roles; public RoleMembership(Map<Role, Set<Context>> roles) { this.roles = Map.copyOf(roles); } + public static RoleMembership everyone() { return everyone; } + /** Returns whether any role in this allows action to take place in path */ public boolean allows(Action action, String path) { return roles.entrySet().stream().anyMatch(kv -> { @@ -37,7 +49,7 @@ public class RoleMembership { * membership to a {@link RoleMembership}. */ public interface Resolver { - RoleMembership membership(); + RoleMembership membership(Principal user); } } |