use of org.apache.nifi.authorization.ConfigurableUserGroupProvider in project nifi by apache.
the class StandardPolicyBasedAuthorizerDAO method deleteUserGroup.
@Override
public Group deleteUserGroup(final String userGroupId) {
if (userGroupProvider instanceof ConfigurableUserGroupProvider) {
final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) userGroupProvider;
final Group group = getUserGroup(userGroupId);
final Group removedGroup = configurableUserGroupProvider.deleteGroup(group);
// ensure the user was removed
if (removedGroup == null) {
throw new ResourceNotFoundException(String.format("Unable to find user group with id '%s'.", removedGroup));
}
// remove any references to the user group being deleted from policies if possible
if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) {
for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) {
final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider;
// ensure this policy contains a reference to the user group and this policy is configurable (check proactively to prevent an exception)
if (policy.getGroups().contains(removedGroup.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) {
final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeGroup(removedGroup.getIdentifier());
configurableAccessPolicyProvider.updateAccessPolicy(builder.build());
}
}
}
return removedGroup;
} else {
throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS);
}
}
Aggregations