Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Example 1 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method updateAccessPolicy.

// -----------------------------------------
// Write Operations
// -----------------------------------------
@Override
public AccessPolicyEntity updateAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
    final Authorizable authorizable = authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId());
    final RevisionUpdate<AccessPolicyDTO> snapshot = updateComponent(revision, authorizable, () -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO), accessPolicy -> {
        final Set<TenantEntity> users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
        final Set<TenantEntity> userGroups = accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
        final ComponentReferenceEntity componentReference = createComponentReferenceEntity(accessPolicy.getResource());
        return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users, componentReference);
    });
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizable);
    return entityFactory.createAccessPolicyEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}

Example 2 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method updateUserGroup.

@Override
public UserGroupEntity updateUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
    final Authorizable userGroupsAuthorizable = authorizableLookup.getTenant();
    final Set<AccessPolicy> policies = userGroupDAO.getAccessPoliciesForUserGroup(userGroupDTO.getId());
    final RevisionUpdate<UserGroupDTO> snapshot = updateComponent(revision, userGroupsAuthorizable, () -> userGroupDAO.updateUserGroup(userGroupDTO), userGroup -> {
        final Set<TenantEntity> tenantEntities = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
        final Set<AccessPolicySummaryEntity> policyEntities = policies.stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
        return dtoFactory.createUserGroupDto(userGroup, tenantEntities, policyEntities);
    });
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(userGroupsAuthorizable);
    return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}

Example 3 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method createComponentReferenceEntity.

private ComponentReferenceEntity createComponentReferenceEntity(final String resource) {
    ComponentReferenceEntity componentReferenceEntity = null;
    try {
        // get the component authorizable
        Authorizable componentAuthorizable = authorizableLookup.getAuthorizableFromResource(resource);
        // get the underlying base authorizable for the component reference
        if (componentAuthorizable instanceof EnforcePolicyPermissionsThroughBaseResource) {
            componentAuthorizable = ((EnforcePolicyPermissionsThroughBaseResource) componentAuthorizable).getBaseAuthorizable();
        }
        final ComponentReferenceDTO componentReference = dtoFactory.createComponentReferenceDto(componentAuthorizable);
        if (componentReference != null) {
            final PermissionsDTO componentReferencePermissions = dtoFactory.createPermissionsDto(componentAuthorizable);
            final RevisionDTO componentReferenceRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(componentReference.getId()));
            componentReferenceEntity = entityFactory.createComponentReferenceEntity(componentReference, componentReferenceRevision, componentReferencePermissions);
        }
    } catch (final ResourceNotFoundException e) {
    // component not found for the specified resource
    }
    return componentReferenceEntity;
}

Example 4 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method authorizeBulletin.

private boolean authorizeBulletin(final Bulletin bulletin) {
    final String sourceId = bulletin.getSourceId();
    final ComponentType type = bulletin.getSourceType();
    final Authorizable authorizable;
    try {
        switch(type) {
            case PROCESSOR:
                authorizable = authorizableLookup.getProcessor(sourceId).getAuthorizable();
                break;
            case REPORTING_TASK:
                authorizable = authorizableLookup.getReportingTask(sourceId).getAuthorizable();
                break;
            case CONTROLLER_SERVICE:
                authorizable = authorizableLookup.getControllerService(sourceId).getAuthorizable();
                break;
            case FLOW_CONTROLLER:
                authorizable = controllerFacade;
                break;
            case INPUT_PORT:
                authorizable = authorizableLookup.getInputPort(sourceId);
                break;
            case OUTPUT_PORT:
                authorizable = authorizableLookup.getOutputPort(sourceId);
                break;
            case REMOTE_PROCESS_GROUP:
                authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
                break;
            default:
                throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this bulletin.").build());
        }
    } catch (final ResourceNotFoundException e) {
        // if the underlying component is gone, disallow
        return false;
    }
    // perform the authorization
    final AuthorizationResult result = authorizable.checkAuthorization(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    return Result.Approved.equals(result.getResult());
}

Example 5 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method getAccessPolicy.

@Override
public AccessPolicyEntity getAccessPolicy(final RequestAction requestAction, final String resource) {
    Authorizable authorizable;
    try {
        authorizable = authorizableLookup.getAuthorizableFromResource(resource);
    } catch (final ResourceNotFoundException e) {
        // unable to find the underlying authorizable... user authorized based on top level /policies... create
        // an anonymous authorizable to attempt to locate an existing policy for this resource
        authorizable = new Authorizable() {

            @Override
            public Authorizable getParentAuthorizable() {
                return null;
            }

            @Override
            public Resource getResource() {
                return new Resource() {

                    @Override
                    public String getIdentifier() {
                        return resource;
                    }

                    @Override
                    public String getName() {
                        return resource;
                    }

                    @Override
                    public String getSafeDescription() {
                        return "Policy " + resource;
                    }
                };
            }
        };
    }
    final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(requestAction, authorizable);
    return createAccessPolicyEntity(accessPolicy);
}