On Thu, Aug 17, 2017 at 12:10 PM, Swapnil Bawaskar <sbawas...@pivotal.io> wrote:
> So, it sounds like if we did #1 above: i.e: > 1) externalize SecurityService so that function author can use it in the > function.execute code to check authorization. > > we could get this to work with lambdas: > ResultCollector rc = getExecution().execute(context -> > context.getCache().getSecurityService().authorizeRead(); > // perform read > context.getResultSender().lastResult(result) > ); > I'm a bit confused by this proposal. The current behavior is that a function requires write. Are you saying that we will change that so that anyone can execute a function, and then all functions need to call this method to check for what authorization level they want? I think we should keep the current behavior of requiring write access by default. Which means the develop needs a way override the permission level *before* the function executes. You could technically make marker interfaces work with lambdas, or if we provide annotations, users can create their own marker interfaces. execute((ReadOnlyFunction) context -> ....) -Dan
