use of org.apache.nifi.authorization.AccessPolicy in project nifi by apache.
the class StandardNiFiServiceFacade method updateUserGroup.
@Override
public UserGroupEntity updateUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
final Authorizable userGroupsAuthorizable = authorizableLookup.getTenant();
final Set<AccessPolicy> policies = userGroupDAO.getAccessPoliciesForUserGroup(userGroupDTO.getId());
final RevisionUpdate<UserGroupDTO> snapshot = updateComponent(revision, userGroupsAuthorizable, () -> userGroupDAO.updateUserGroup(userGroupDTO), userGroup -> {
final Set<TenantEntity> tenantEntities = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
final Set<AccessPolicySummaryEntity> policyEntities = policies.stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
return dtoFactory.createUserGroupDto(userGroup, tenantEntities, policyEntities);
});
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(userGroupsAuthorizable);
return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
use of org.apache.nifi.authorization.AccessPolicy in project nifi by apache.
the class StandardNiFiServiceFacade method getAccessPolicy.
@Override
public AccessPolicyEntity getAccessPolicy(final RequestAction requestAction, final String resource) {
Authorizable authorizable;
try {
authorizable = authorizableLookup.getAuthorizableFromResource(resource);
} catch (final ResourceNotFoundException e) {
// unable to find the underlying authorizable... user authorized based on top level /policies... create
// an anonymous authorizable to attempt to locate an existing policy for this resource
authorizable = new Authorizable() {
@Override
public Authorizable getParentAuthorizable() {
return null;
}
@Override
public Resource getResource() {
return new Resource() {
@Override
public String getIdentifier() {
return resource;
}
@Override
public String getName() {
return resource;
}
@Override
public String getSafeDescription() {
return "Policy " + resource;
}
};
}
};
}
final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(requestAction, authorizable);
return createAccessPolicyEntity(accessPolicy);
}
use of org.apache.nifi.authorization.AccessPolicy in project nifi by apache.
the class DtoFactory method createFlowDto.
public FlowDTO createFlowDto(final ProcessGroup group, final ProcessGroupStatus groupStatus, final FlowSnippetDTO snippet, final RevisionManager revisionManager, final Function<ProcessGroup, List<BulletinEntity>> getProcessGroupBulletins) {
if (snippet == null) {
return null;
}
final FlowDTO flow = new FlowDTO();
for (final ConnectionDTO snippetConnection : snippet.getConnections()) {
final Connection connection = group.getConnection(snippetConnection.getId());
// marshal the actual connection as the snippet is pruned
final ConnectionDTO dto = createConnectionDto(connection);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(connection.getIdentifier()));
final PermissionsDTO accessPolicy = createPermissionsDto(connection);
final ConnectionStatusDTO status = getComponentStatus(() -> groupStatus.getConnectionStatus().stream().filter(connectionStatus -> connection.getIdentifier().equals(connectionStatus.getId())).findFirst().orElse(null), connectionStatus -> createConnectionStatusDto(connectionStatus));
flow.getConnections().add(entityFactory.createConnectionEntity(dto, revision, accessPolicy, status));
}
for (final FunnelDTO snippetFunnel : snippet.getFunnels()) {
final Funnel funnel = group.getFunnel(snippetFunnel.getId());
// marshal the actual funnel as the snippet is pruned
final FunnelDTO dto = createFunnelDto(funnel);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(funnel.getIdentifier()));
final PermissionsDTO accessPolicy = createPermissionsDto(funnel);
flow.getFunnels().add(entityFactory.createFunnelEntity(dto, revision, accessPolicy));
}
for (final PortDTO snippetInputPort : snippet.getInputPorts()) {
final Port inputPort = group.getInputPort(snippetInputPort.getId());
// marshal the actual port as the snippet is pruned
final PortDTO dto = createPortDto(inputPort);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(inputPort.getIdentifier()));
final PermissionsDTO permissions = createPermissionsDto(inputPort);
final PortStatusDTO status = getComponentStatus(() -> groupStatus.getInputPortStatus().stream().filter(inputPortStatus -> inputPort.getIdentifier().equals(inputPortStatus.getId())).findFirst().orElse(null), inputPortStatus -> createPortStatusDto(inputPortStatus));
final List<BulletinDTO> bulletins = createBulletinDtos(bulletinRepository.findBulletinsForSource(inputPort.getIdentifier()));
final List<BulletinEntity> bulletinEntities = bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissions.getCanRead())).collect(Collectors.toList());
flow.getInputPorts().add(entityFactory.createPortEntity(dto, revision, permissions, status, bulletinEntities));
}
for (final PortDTO snippetOutputPort : snippet.getOutputPorts()) {
final Port outputPort = group.getOutputPort(snippetOutputPort.getId());
// marshal the actual port as the snippet is pruned
final PortDTO dto = createPortDto(outputPort);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(outputPort.getIdentifier()));
final PermissionsDTO permissions = createPermissionsDto(outputPort);
final PortStatusDTO status = getComponentStatus(() -> groupStatus.getOutputPortStatus().stream().filter(outputPortStatus -> outputPort.getIdentifier().equals(outputPortStatus.getId())).findFirst().orElse(null), outputPortStatus -> createPortStatusDto(outputPortStatus));
final List<BulletinDTO> bulletins = createBulletinDtos(bulletinRepository.findBulletinsForSource(outputPort.getIdentifier()));
final List<BulletinEntity> bulletinEntities = bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissions.getCanRead())).collect(Collectors.toList());
flow.getOutputPorts().add(entityFactory.createPortEntity(dto, revision, permissions, status, bulletinEntities));
}
for (final LabelDTO snippetLabel : snippet.getLabels()) {
final Label label = group.getLabel(snippetLabel.getId());
// marshal the actual label as the snippet is pruned
final LabelDTO dto = createLabelDto(label);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(label.getIdentifier()));
final PermissionsDTO accessPolicy = createPermissionsDto(label);
flow.getLabels().add(entityFactory.createLabelEntity(dto, revision, accessPolicy));
}
for (final ProcessGroupDTO snippetProcessGroup : snippet.getProcessGroups()) {
final ProcessGroup processGroup = group.getProcessGroup(snippetProcessGroup.getId());
// marshal the actual group as the snippet is pruned
final ProcessGroupDTO dto = createProcessGroupDto(processGroup);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(processGroup.getIdentifier()));
final PermissionsDTO permissions = createPermissionsDto(processGroup);
final ProcessGroupStatusDTO status = getComponentStatus(() -> groupStatus.getProcessGroupStatus().stream().filter(processGroupStatus -> processGroup.getIdentifier().equals(processGroupStatus.getId())).findFirst().orElse(null), processGroupStatus -> createConciseProcessGroupStatusDto(processGroupStatus));
final List<BulletinEntity> bulletins = getProcessGroupBulletins.apply(processGroup);
flow.getProcessGroups().add(entityFactory.createProcessGroupEntity(dto, revision, permissions, status, bulletins));
}
for (final ProcessorDTO snippetProcessor : snippet.getProcessors()) {
final ProcessorNode processor = group.getProcessor(snippetProcessor.getId());
// marshal the actual processor as the snippet is pruned
final ProcessorDTO dto = createProcessorDto(processor);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(processor.getIdentifier()));
final PermissionsDTO permissions = createPermissionsDto(processor);
final ProcessorStatusDTO status = getComponentStatus(() -> groupStatus.getProcessorStatus().stream().filter(processorStatus -> processor.getIdentifier().equals(processorStatus.getId())).findFirst().orElse(null), processorStatus -> createProcessorStatusDto(processorStatus));
final List<BulletinDTO> bulletins = createBulletinDtos(bulletinRepository.findBulletinsForSource(processor.getIdentifier()));
final List<BulletinEntity> bulletinEntities = bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissions.getCanRead())).collect(Collectors.toList());
flow.getProcessors().add(entityFactory.createProcessorEntity(dto, revision, permissions, status, bulletinEntities));
}
for (final RemoteProcessGroupDTO snippetRemoteProcessGroup : snippet.getRemoteProcessGroups()) {
final RemoteProcessGroup remoteProcessGroup = group.getRemoteProcessGroup(snippetRemoteProcessGroup.getId());
// marshal the actual rpm as the snippet is pruned
final RemoteProcessGroupDTO dto = createRemoteProcessGroupDto(remoteProcessGroup);
final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(remoteProcessGroup.getIdentifier()));
final PermissionsDTO permissions = createPermissionsDto(remoteProcessGroup);
final RemoteProcessGroupStatusDTO status = getComponentStatus(() -> groupStatus.getRemoteProcessGroupStatus().stream().filter(rpgStatus -> remoteProcessGroup.getIdentifier().equals(rpgStatus.getId())).findFirst().orElse(null), remoteProcessGroupStatus -> createRemoteProcessGroupStatusDto(remoteProcessGroupStatus));
final List<BulletinDTO> bulletins = createBulletinDtos(bulletinRepository.findBulletinsForSource(remoteProcessGroup.getIdentifier()));
final List<BulletinEntity> bulletinEntities = bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, permissions.getCanRead())).collect(Collectors.toList());
flow.getRemoteProcessGroups().add(entityFactory.createRemoteProcessGroupEntity(dto, revision, permissions, status, bulletinEntities));
}
return flow;
}
use of org.apache.nifi.authorization.AccessPolicy in project nifi by apache.
the class StandardNiFiServiceFacade method createAccessPolicy.
@Override
public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
final Authorizable tenantAuthorizable = authorizableLookup.getTenant();
final String creator = NiFiUserUtils.getNiFiUserIdentity();
final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO);
final ComponentReferenceEntity componentReference = createComponentReferenceEntity(newAccessPolicy.getResource());
final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), newAccessPolicy.getUsers().stream().map(userId -> {
final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, dtoFactory.createPermissionsDto(tenantAuthorizable));
}).collect(Collectors.toSet()), componentReference);
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId()));
return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions);
}
use of org.apache.nifi.authorization.AccessPolicy in project nifi by apache.
the class StandardPolicyBasedAuthorizerDAO method updateAccessPolicy.
@Override
public AccessPolicy updateAccessPolicy(final AccessPolicyDTO accessPolicyDTO) {
if (supportsConfigurableAuthorizer()) {
final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider;
final AccessPolicy currentAccessPolicy = getAccessPolicy(accessPolicyDTO.getId());
return configurableAccessPolicyProvider.updateAccessPolicy(buildAccessPolicy(currentAccessPolicy.getIdentifier(), currentAccessPolicy.getResource(), currentAccessPolicy.getAction(), accessPolicyDTO));
} else {
throw new IllegalStateException(MSG_NON_CONFIGURABLE_POLICIES);
}
}
Aggregations