public boolean isAccessAllowed()

in authorization/src/main/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizer.java [120:180]

• 57 lines of code
• 19 McCabe index (conditional complexity)

    public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException {
        if (isDebugEnabled) {
            LOG.debug("==> SimpleAtlasAuthorizer isAccessAllowed");
            LOG.debug("isAccessAllowd({})", request);
        }
        String user = request.getUser();
        Set<String> groups = request.getUserGroups();
        AtlasActionTypes action = request.getAction();
        String resource = request.getResource();
        Set<AtlasResourceTypes> resourceTypes = request.getResourceTypes();
        if (isDebugEnabled)
            LOG.debug("Checking for :: \nUser :: {}\nGroups :: {}\nAction :: {}\nResource :: {}", user, groups, action, resource);

        boolean isAccessAllowed = false;
        boolean isUser = user != null;
        boolean isGroup = groups != null;

        if ((!isUser && !isGroup) || action == null || resource == null) {
            if (isDebugEnabled) {
                LOG.debug("Please check the formation AtlasAccessRequest.");
            }
            return isAccessAllowed;
        } else {
            if (isDebugEnabled) {
                LOG.debug("checkAccess for Operation :: {} on Resource {}:{}", action, resourceTypes, resource);
            }
            switch (action) {
                case READ:
                    isAccessAllowed = checkAccess(user, resourceTypes, resource, userReadMap);
                    isAccessAllowed =
                            isAccessAllowed || checkAccessForGroups(groups, resourceTypes, resource, groupReadMap);
                    break;
                case CREATE:
                    isAccessAllowed = checkAccess(user, resourceTypes, resource, userWriteMap);
                    isAccessAllowed =
                            isAccessAllowed || checkAccessForGroups(groups, resourceTypes, resource, groupWriteMap);
                    break;
                case UPDATE:
                    isAccessAllowed = checkAccess(user, resourceTypes, resource, userUpdateMap);
                    isAccessAllowed =
                            isAccessAllowed || checkAccessForGroups(groups, resourceTypes, resource, groupUpdateMap);
                    break;
                case DELETE:
                    isAccessAllowed = checkAccess(user, resourceTypes, resource, userDeleteMap);
                    isAccessAllowed =
                            isAccessAllowed || checkAccessForGroups(groups, resourceTypes, resource, groupDeleteMap);
                    break;
                default:
                    if (isDebugEnabled) {
                        LOG.debug("Invalid Action {}\nRaising AtlasAuthorizationException!!!", action);
                    }
                    throw new AtlasAuthorizationException("Invalid Action :: " + action);
            }
        }

        if (isDebugEnabled) {
            LOG.debug("<== SimpleAtlasAuthorizer isAccessAllowed = {}", isAccessAllowed);
        }

        return isAccessAllowed;
    }