use of org.apache.nifi.authorization.ProcessGroupAuthorizable in project nifi by apache.
the class ProcessGroupResource method removeProcessGroup.
/**
* Removes the specified process group reference.
*
* @param httpServletRequest request
* @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
* @param id The id of the process group to be removed.
* @return A processGroupEntity.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes a process group", response = ProcessGroupEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}"), @Authorization(value = "Read - any referenced Controller Services by any encapsulated components - /controller-services/{uuid}"), @Authorization(value = "Write - /{component-type}/{uuid} - For all encapsulated components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeProcessGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The process group id.", required = true) @PathParam("id") final String id) {
// replicate if cluster manager
if (isReplicateRequest()) {
return replicate(HttpMethod.DELETE);
}
final ProcessGroupEntity requestProcessGroupEntity = new ProcessGroupEntity();
requestProcessGroupEntity.setId(id);
// handle expects request (usually from the cluster manager)
final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
return withWriteLock(serviceFacade, requestProcessGroupEntity, requestRevision, lookup -> {
final ProcessGroupAuthorizable processGroupAuthorizable = lookup.getProcessGroup(id);
// ensure write to this process group and all encapsulated components including templates and controller services. additionally, ensure
// read to any referenced services by encapsulated components
authorizeProcessGroup(processGroupAuthorizable, authorizer, lookup, RequestAction.WRITE, true, true, true, false);
// ensure write permission to the parent process group, if applicable... if this is the root group the
// request will fail later but still need to handle authorization here
final Authorizable parentAuthorizable = processGroupAuthorizable.getAuthorizable().getParentAuthorizable();
if (parentAuthorizable != null) {
parentAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}
}, () -> serviceFacade.verifyDeleteProcessGroup(id), (revision, processGroupEntity) -> {
// delete the process group
final ProcessGroupEntity entity = serviceFacade.deleteProcessGroup(revision, processGroupEntity.getId());
// create the response
return generateOkResponse(entity).build();
});
}
Aggregations