aboutsummaryrefslogtreecommitdiffstats
path: root/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java
diff options
context:
space:
mode:
Diffstat (limited to 'controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java14
1 files changed, 13 insertions, 1 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java
index 588aac4e3ad..d3940ac631f 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/role/RoleMembership.java
@@ -1,8 +1,13 @@
// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.role;
+import com.yahoo.config.provision.SystemName;
+
+import java.security.Principal;
import java.util.Map;
import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
/**
* A list of roles and their associated contexts. This defines the role membership of a tenant, and in which contexts
@@ -12,12 +17,19 @@ import java.util.Set;
*/
public class RoleMembership {
+ private static final RoleMembership everyone = new RoleMembership(Map.of(Role.everyone,
+ Stream.of(SystemName.values())
+ .map(Context::unlimitedIn)
+ .collect(Collectors.toUnmodifiableSet())));
+
private final Map<Role, Set<Context>> roles;
public RoleMembership(Map<Role, Set<Context>> roles) {
this.roles = Map.copyOf(roles);
}
+ public static RoleMembership everyone() { return everyone; }
+
/** Returns whether any role in this allows action to take place in path */
public boolean allows(Action action, String path) {
return roles.entrySet().stream().anyMatch(kv -> {
@@ -37,7 +49,7 @@ public class RoleMembership {
* membership to a {@link RoleMembership}.
*/
public interface Resolver {
- RoleMembership membership();
+ RoleMembership membership(Principal user);
}
}