Search in sources :

Example 26 with AuthorizationResult

use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.

the class ControllerFacade method checkAuthorizationForReplay.

/**
 * Authorizes access to replay a specified provenance event.
 *
 * @param event event
 */
private AuthorizationResult checkAuthorizationForReplay(final ProvenanceEventRecord event) {
    // if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it`
    if (event.getSourceQueueIdentifier() == null) {
        return AuthorizationResult.denied("The connection id in the provenance event is unknown.");
    }
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final Authorizable dataAuthorizable;
    if (event.isRemotePortType()) {
        dataAuthorizable = flowController.createRemoteDataAuthorizable(event.getComponentId());
    } else {
        dataAuthorizable = flowController.createLocalDataAuthorizable(event.getComponentId());
    }
    final Map<String, String> eventAttributes = event.getAttributes();
    // ensure we can read the data
    final AuthorizationResult result = dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes);
    if (!Result.Approved.equals(result.getResult())) {
        return result;
    }
    // ensure we can write the data
    return dataAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, eventAttributes);
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Aggregations

AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)26 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)11 Test (org.junit.Test)9 Authorizable (org.apache.nifi.authorization.resource.Authorizable)8 HashMap (java.util.HashMap)7 RequestAction (org.apache.nifi.authorization.RequestAction)7 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)6 ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)5 RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)5 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)5 FlowChangeAction (org.apache.nifi.action.FlowChangeAction)3 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)3 Resource (org.apache.nifi.authorization.Resource)3 Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)3 ArrayList (java.util.ArrayList)2 Action (org.apache.nifi.action.Action)2 Authorizer (org.apache.nifi.authorization.Authorizer)2 History (org.apache.nifi.history.History)2 HistoryQuery (org.apache.nifi.history.HistoryQuery)2 MockPropertyValue (org.apache.nifi.util.MockPropertyValue)2