Github user vanzin commented on a diff in the pull request: https://github.com/apache/incubator-livy/pull/107#discussion_r219612538 --- Diff: server/src/main/scala/org/apache/livy/sessions/Session.scala --- @@ -133,6 +134,40 @@ object Session { resolved } + + /** + * Checks that the requesting user can impersonate the target user. + * If the user does not have permission to impersonate, then throws an `AccessControlException`. + * + * @return The user that should be impersonated. That can be the target user if defined, the + * request's user - which may not be defined - otherwise, or `None` if impersonation is + * disabled. + */ + def checkImpersonation( --- End diff -- Since this method requires an `accessManager`, wouldn't it be better as a method in the `AccessManager` class itself? (Same for `hasSuperAccess`.)
---