rename isUserWithNoRestriction to allowAccessWithNoRestriction

extensions-contrib/grpc-query/src/main/java/org/apache/druid/grpc/server/QueryDriver.java

@@ -148,7 +148,7 @@ private QueryResponse runNativeQuery(QueryRequest request, AuthenticationResult
     try {
       queryLifecycle.initialize(query);
       AuthorizationResult authorizationResult = queryLifecycle.authorize(authResult);
-      if (!authorizationResult.isUserWithNoRestriction()) {
+      if (!authorizationResult.allowAccessWithNoRestriction()) {
         throw new ForbiddenException(Access.DEFAULT_ERROR_MESSAGE);
       }
       queryResponse = queryLifecycle.execute();

extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/BasicSecurityResourceFilter.java

@@ -60,7 +60,7 @@ public ContainerRequest filter(ContainerRequest request)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new WebApplicationException(
           Response.status(Response.Status.FORBIDDEN)
                   .type(MediaType.TEXT_PLAIN)

extensions-core/druid-catalog/src/main/java/org/apache/druid/catalog/http/CatalogResource.java

@@ -581,7 +581,7 @@ private void authorizeTable(
   private void authorize(String resource, String key, Action action, HttpServletRequest request)
   {
     final AuthorizationResult authResult = authorizeAccess(resource, key, action, request);
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
   }

extensions-core/multi-stage-query/src/main/java/org/apache/druid/msq/dart/controller/http/DartSqlResource.java

@@ -175,7 +175,7 @@ public GetQueriesResponse doGetRunningQueries(
     queries.sort(Comparator.comparing(DartQueryInfo::getStartTime).thenComparing(DartQueryInfo::getDartQueryId));
 
     final GetQueriesResponse response;
-    if (stateReadAccess.isUserWithNoRestriction()) {
+    if (stateReadAccess.allowAccessWithNoRestriction()) {
       // User can READ STATE, so they can see all running queries, as well as authentication details.
       response = new GetQueriesResponse(queries);
     } else {
@@ -247,7 +247,7 @@ public Response cancelQuery(
 
     final AuthorizationResult authResult = authorizeCancellation(req, cancelables);
 
-    if (authResult.isUserWithNoRestriction()) {
+    if (authResult.allowAccessWithNoRestriction()) {
       sqlLifecycleManager.removeAll(sqlQueryId, cancelables);
 
       // Don't call cancel() on the cancelables. That just cancels native queries, which is useless here. Instead,

extensions-core/multi-stage-query/src/main/java/org/apache/druid/msq/dart/controller/sql/DartQueryMaker.java

@@ -128,7 +128,7 @@ public DartQueryMaker(
   @Override
   public QueryResponse<Object[]> runQuery(DruidQuery druidQuery)
   {
-    if (!plannerContext.getAuthorizationResult().isUserWithNoRestriction()) {
+    if (!plannerContext.getAuthorizationResult().allowAccessWithNoRestriction()) {
       throw new ForbiddenException(plannerContext.getAuthorizationResult().getErrorMessage());
     }
     final MSQSpec querySpec = MSQTaskQueryMaker.makeQuerySpec(

extensions-core/multi-stage-query/src/main/java/org/apache/druid/msq/rpc/MSQResourceUtils.java

@@ -47,7 +47,7 @@ public static void authorizeAdminRequest(
         authorizerMapper
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
   }
@@ -67,7 +67,7 @@ public static void authorizeQueryRequest(
         authorizerMapper
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
   }

extensions-core/multi-stage-query/src/main/java/org/apache/druid/msq/sql/MSQTaskQueryMaker.java

@@ -117,7 +117,7 @@ public class MSQTaskQueryMaker implements QueryMaker
   @Override
   public QueryResponse<Object[]> runQuery(final DruidQuery druidQuery)
   {
-    if (!plannerContext.getAuthorizationResult().isUserWithNoRestriction()) {
+    if (!plannerContext.getAuthorizationResult().allowAccessWithNoRestriction()) {
       throw new ForbiddenException(plannerContext.getAuthorizationResult().getErrorMessage());
     }
     Hook.QUERY_PLAN.run(druidQuery.getQuery());

extensions-core/multi-stage-query/src/main/java/org/apache/druid/msq/sql/resources/SqlStatementResource.java

@@ -681,7 +681,7 @@ private MSQControllerTask getMSQControllerTaskAndCheckPermission(
         authorizerMapper
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(StringUtils.format(
           "The current user[%s] cannot view query id[%s] since the query is owned by another user",
           currentUser,

indexing-service/src/main/java/org/apache/druid/indexing/common/task/IndexTaskUtils.java

@@ -80,7 +80,7 @@ public static AuthorizationResult datasourceAuthorizationCheck(
     );
 
     AuthorizationResult authResult = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
     return authResult;

indexing-service/src/main/java/org/apache/druid/indexing/overlord/http/OverlordResource.java

@@ -182,7 +182,7 @@ public Response taskPost(
         resourceActions,
         authorizerMapper
     );
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 
@@ -614,7 +614,7 @@ public Response getTasks(
           authorizerMapper
       );
 
-      if (!authResult.isUserWithNoRestriction()) {
+      if (!authResult.allowAccessWithNoRestriction()) {
         throw new WebApplicationException(
             Response.status(Response.Status.FORBIDDEN)
                     .type(MediaType.TEXT_PLAIN)
@@ -663,7 +663,7 @@ public Response killPendingSegments(
         authorizerMapper
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

indexing-service/src/main/java/org/apache/druid/indexing/overlord/http/security/SupervisorResourceFilter.java

@@ -103,7 +103,7 @@ public boolean apply(PathSegment input)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

indexing-service/src/main/java/org/apache/druid/indexing/overlord/http/security/TaskResourceFilter.java

@@ -98,7 +98,7 @@ public ContainerRequest filter(ContainerRequest request)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

indexing-service/src/main/java/org/apache/druid/indexing/overlord/sampler/SamplerResource.java

@@ -78,7 +78,7 @@ public SamplerResponse post(final SamplerSpec sampler, @Context final HttpServle
         authorizerMapper
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
     return sampler.sample();

indexing-service/src/main/java/org/apache/druid/indexing/overlord/supervisor/SupervisorResource.java

@@ -148,7 +148,7 @@ public Response specPost(final SupervisorSpec spec, @Context final HttpServletRe
               authorizerMapper
           );
 
-          if (!authResult.isUserWithNoRestriction()) {
+          if (!authResult.allowAccessWithNoRestriction()) {
             throw new ForbiddenException(authResult.getErrorMessage());
           }
 

server/src/main/java/org/apache/druid/segment/realtime/ChatHandlers.java

@@ -50,7 +50,7 @@ public static AuthorizationResult authorizationCheck(
     );
 
     AuthorizationResult authResult = AuthorizationUtils.authorizeResourceAction(req, resourceAction, authorizerMapper);
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

server/src/main/java/org/apache/druid/server/QueryLifecycle.java

@@ -321,7 +321,7 @@ private AuthorizationResult doAuthorize(
       transition(State.AUTHORIZING, State.UNAUTHORIZED);
     } else {
       transition(State.AUTHORIZING, State.AUTHORIZED);
-      if (this.baseQuery instanceof SegmentMetadataQuery && authorizationResult.isUserWithNoRestriction()) {
+      if (this.baseQuery instanceof SegmentMetadataQuery && authorizationResult.allowAccessWithNoRestriction()) {
         // skip restrictions mapping for SegmentMetadataQuery from user with no restriction
       } else {
         this.baseQuery = this.baseQuery.withDataSource(this.baseQuery.getDataSource()

server/src/main/java/org/apache/druid/server/QueryResource.java

@@ -158,7 +158,7 @@ public Response cancelQuery(@PathParam("id") String queryId, @Context final Http
         authorizerMapper
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

server/src/main/java/org/apache/druid/server/http/security/ConfigResourceFilter.java

@@ -62,7 +62,7 @@ public ContainerRequest filter(ContainerRequest request)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

server/src/main/java/org/apache/druid/server/http/security/DatasourceResourceFilter.java

@@ -63,7 +63,7 @@ public ContainerRequest filter(ContainerRequest request)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

server/src/main/java/org/apache/druid/server/http/security/RulesResourceFilter.java

@@ -81,7 +81,7 @@ public boolean apply(PathSegment input)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

server/src/main/java/org/apache/druid/server/http/security/StateResourceFilter.java

@@ -66,7 +66,7 @@ public ContainerRequest filter(ContainerRequest request)
         getAuthorizerMapper()
     );
 
-    if (!authResult.isUserWithNoRestriction()) {
+    if (!authResult.allowAccessWithNoRestriction()) {
       throw new ForbiddenException(authResult.getErrorMessage());
     }
 

server/src/main/java/org/apache/druid/server/security/AuthorizationResult.java

@@ -132,7 +132,7 @@ public boolean allowBasicAccess()
    * <li> no policy found
    * <li> the user has a no-restriction policy
    */
-  public boolean isUserWithNoRestriction()
+  public boolean allowAccessWithNoRestriction()
   {
     return PERMISSION.ALLOW_NO_RESTRICTION.equals(permission) || (PERMISSION.ALLOW_WITH_RESTRICTION.equals(permission)
                                                                   && policyRestrictions.values()
@@ -151,7 +151,7 @@ public String getErrorMessage()
       case DENY:
         return Objects.requireNonNull(failureMessage);
       case ALLOW_WITH_RESTRICTION:
-        if (!isUserWithNoRestriction()) {
+        if (!allowAccessWithNoRestriction()) {
           return Access.DEFAULT_ERROR_MESSAGE;
         }
       default:

server/src/test/java/org/apache/druid/initialization/AuthorizationResultTest.java

@@ -77,33 +77,33 @@ public void testNoAccess()
   {
     AuthorizationResult result = AuthorizationResult.deny("this data source is not permitted");
     assertFalse(result.allowBasicAccess());
-    assertFalse(result.isUserWithNoRestriction());
+    assertFalse(result.allowAccessWithNoRestriction());
     assertEquals("this data source is not permitted", result.getErrorMessage());
-    assertFalse(result.isUserWithNoRestriction());
+    assertFalse(result.allowAccessWithNoRestriction());
   }
 
   @Test
   public void testFullAccess()
   {
     AuthorizationResult result = AuthorizationResult.allowWithRestriction(ImmutableMap.of());
     assertTrue(result.allowBasicAccess());
-    assertTrue(result.isUserWithNoRestriction());
+    assertTrue(result.allowAccessWithNoRestriction());
     assertThrows(DruidException.class, result::getErrorMessage);
 
     AuthorizationResult resultWithEmptyPolicy = AuthorizationResult.allowWithRestriction(ImmutableMap.of(
         "table1",
         Optional.empty()
     ));
     assertTrue(resultWithEmptyPolicy.allowBasicAccess());
-    assertTrue(resultWithEmptyPolicy.isUserWithNoRestriction());
+    assertTrue(resultWithEmptyPolicy.allowAccessWithNoRestriction());
     assertThrows(DruidException.class, resultWithEmptyPolicy::getErrorMessage);
 
     AuthorizationResult resultWithNoRestrictionPolicy = AuthorizationResult.allowWithRestriction(ImmutableMap.of(
         "table1",
         Optional.of(NoRestrictionPolicy.INSTANCE)
     ));
     assertTrue(resultWithNoRestrictionPolicy.allowBasicAccess());
-    assertTrue(resultWithNoRestrictionPolicy.isUserWithNoRestriction());
+    assertTrue(resultWithNoRestrictionPolicy.allowAccessWithNoRestriction());
     assertThrows(DruidException.class, resultWithNoRestrictionPolicy::getErrorMessage);
   }
 
@@ -120,7 +120,7 @@ public void testRestrictedAccess()
         )))
     ));
     assertTrue(result.allowBasicAccess());
-    assertFalse(result.isUserWithNoRestriction());
+    assertFalse(result.allowAccessWithNoRestriction());
     assertEquals("Unauthorized", result.getErrorMessage());
   }
 }

server/src/test/java/org/apache/druid/server/QueryLifecycleTest.java

@@ -518,11 +518,11 @@ public void testAuthorizeQueryContext_authorized()
         revisedContext
     );
 
-    Assert.assertTrue(lifecycle.authorize(mockRequest()).isUserWithNoRestriction());
+    Assert.assertTrue(lifecycle.authorize(mockRequest()).allowAccessWithNoRestriction());
 
     lifecycle = createLifecycle(authConfig);
     lifecycle.initialize(query);
-    Assert.assertTrue(lifecycle.authorize(authenticationResult).isUserWithNoRestriction());
+    Assert.assertTrue(lifecycle.authorize(authenticationResult).allowAccessWithNoRestriction());
   }
 
   @Test
@@ -610,11 +610,11 @@ public void testAuthorizeQueryContext_unsecuredKeys()
         revisedContext
     );
 
-    Assert.assertTrue(lifecycle.authorize(mockRequest()).isUserWithNoRestriction());
+    Assert.assertTrue(lifecycle.authorize(mockRequest()).allowAccessWithNoRestriction());
 
     lifecycle = createLifecycle(authConfig);
     lifecycle.initialize(query);
-    Assert.assertTrue(lifecycle.authorize(authenticationResult).isUserWithNoRestriction());
+    Assert.assertTrue(lifecycle.authorize(authenticationResult).allowAccessWithNoRestriction());
   }
 
   @Test