Search in sources :

Example 6 with ProcessGroupAuthorizable

use of org.apache.nifi.authorization.ProcessGroupAuthorizable in project nifi by apache.

the class ProcessGroupResource method removeProcessGroup.

/**
 * Removes the specified process group reference.
 *
 * @param httpServletRequest request
 * @param version            The revision is used to verify the client is working with the latest version of the flow.
 * @param clientId           Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
 * @param id                 The id of the process group to be removed.
 * @return A processGroupEntity.
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes a process group", response = ProcessGroupEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}"), @Authorization(value = "Read - any referenced Controller Services by any encapsulated components - /controller-services/{uuid}"), @Authorization(value = "Write - /{component-type}/{uuid} - For all encapsulated components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeProcessGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The process group id.", required = true) @PathParam("id") final String id) {
    // replicate if cluster manager
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    final ProcessGroupEntity requestProcessGroupEntity = new ProcessGroupEntity();
    requestProcessGroupEntity.setId(id);
    // handle expects request (usually from the cluster manager)
    final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
    return withWriteLock(serviceFacade, requestProcessGroupEntity, requestRevision, lookup -> {
        final ProcessGroupAuthorizable processGroupAuthorizable = lookup.getProcessGroup(id);
        // ensure write to this process group and all encapsulated components including templates and controller services. additionally, ensure
        // read to any referenced services by encapsulated components
        authorizeProcessGroup(processGroupAuthorizable, authorizer, lookup, RequestAction.WRITE, true, true, true, false);
        // ensure write permission to the parent process group, if applicable... if this is the root group the
        // request will fail later but still need to handle authorization here
        final Authorizable parentAuthorizable = processGroupAuthorizable.getAuthorizable().getParentAuthorizable();
        if (parentAuthorizable != null) {
            parentAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        }
    }, () -> serviceFacade.verifyDeleteProcessGroup(id), (revision, processGroupEntity) -> {
        // delete the process group
        final ProcessGroupEntity entity = serviceFacade.deleteProcessGroup(revision, processGroupEntity.getId());
        // create the response
        return generateOkResponse(entity).build();
    });
}
Also used : ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) Revision(org.apache.nifi.web.Revision) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) SnippetAuthorizable(org.apache.nifi.authorization.SnippetAuthorizable) TemplateContentsAuthorizable(org.apache.nifi.authorization.TemplateContentsAuthorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

ApiOperation (io.swagger.annotations.ApiOperation)6 ApiResponses (io.swagger.annotations.ApiResponses)6 Consumes (javax.ws.rs.Consumes)6 Path (javax.ws.rs.Path)6 Produces (javax.ws.rs.Produces)6 ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)6 ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)5 Authorizable (org.apache.nifi.authorization.resource.Authorizable)5 Revision (org.apache.nifi.web.Revision)5 ProcessGroupEntity (org.apache.nifi.web.api.entity.ProcessGroupEntity)5 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)4 VersionControlInformationEntity (org.apache.nifi.web.api.entity.VersionControlInformationEntity)4 URI (java.net.URI)3 URISyntaxException (java.net.URISyntaxException)3 DELETE (javax.ws.rs.DELETE)3 POST (javax.ws.rs.POST)3 PUT (javax.ws.rs.PUT)3 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)3 Bucket (org.apache.nifi.registry.bucket.Bucket)3 VersionedFlow (org.apache.nifi.registry.flow.VersionedFlow)3