Package com.netflix.spinnaker.fiat.shared

Class FiatPermissionEvaluator

java.lang.Object

com.netflix.spinnaker.fiat.shared.FiatPermissionEvaluator

All Implemented Interfaces:

com.netflix.spinnaker.security.UserPermissionEvaluator, org.springframework.aop.framework.AopInfrastructureBean, org.springframework.security.access.PermissionEvaluator

@Component
public class FiatPermissionEvaluator
extends Object
implements com.netflix.spinnaker.security.UserPermissionEvaluator

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	FiatPermissionEvaluator.AuthorizationFailure

Constructor Summary

Constructors

Constructor	Description
FiatPermissionEvaluator(com.netflix.spectator.api.Registry registry, FiatService fiatService, FiatClientConfigurationProperties configProps, FiatStatus fiatStatus)

Method Summary

Modifier and Type	Method	Description
boolean	canCreate(String resourceType, Object resource)
static Optional<FiatPermissionEvaluator.AuthorizationFailure>	getAuthorizationFailure()
com.netflix.spinnaker.fiat.model.UserPermission.View	getPermission(String username)
boolean	hasCachedPermission(String username)
boolean	hasPermission(String username, Serializable resourceName, String resourceType, Object authorization)
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Serializable resourceName, String resourceType, Object authorization)
boolean	hasPermission(org.springframework.security.core.Authentication authentication, Object resource, Object authorization)
void	invalidatePermission(String username)	Invalidates the cached permissions for a user.
boolean	isAdmin()
boolean	isAdmin(org.springframework.security.core.Authentication authentication)
boolean	storeWholePermission()	Deprecated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

FiatPermissionEvaluator

@Autowired
public FiatPermissionEvaluator(com.netflix.spectator.api.Registry registry,
 FiatService fiatService,
 FiatClientConfigurationProperties configProps,
 FiatStatus fiatStatus)

Method Details

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
 Object resource,
 Object authorization)

Specified by:

hasPermission in interface org.springframework.security.access.PermissionEvaluator

canCreate

public boolean canCreate(String resourceType,
 Object resource)

hasCachedPermission

public boolean hasCachedPermission(String username)

Parameters:

username - the username to check

Returns:

whether a permission is currently cached for the username

hasPermission

public boolean hasPermission(String username,
 Serializable resourceName,
 String resourceType,
 Object authorization)

Specified by:

hasPermission in interface com.netflix.spinnaker.security.UserPermissionEvaluator

hasPermission

public boolean hasPermission(org.springframework.security.core.Authentication authentication,
 Serializable resourceName,
 String resourceType,
 Object authorization)

Specified by:

hasPermission in interface org.springframework.security.access.PermissionEvaluator

invalidatePermission

public void invalidatePermission(String username)

Invalidates the cached permissions for a user.

Parameters:

username - the username of the user to invalidate from the local cache.

getPermission

public com.netflix.spinnaker.fiat.model.UserPermission.View getPermission(String username)

storeWholePermission

@Deprecated
public boolean storeWholePermission()

Deprecated.

getAuthorizationFailure

public static Optional<FiatPermissionEvaluator.AuthorizationFailure> getAuthorizationFailure()

isAdmin

public boolean isAdmin()

isAdmin

public boolean isAdmin(org.springframework.security.core.Authentication authentication)