Search in sources :

Example 1 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method deleteUser.

@Override
public UserEntity deleteUser(final Revision revision, final String userId) {
    final User user = userDAO.getUser(userId);
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
    final Set<TenantEntity> userGroups = user != null ? userGroupDAO.getUserGroupsForUser(userId).stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null;
    final Set<AccessPolicySummaryEntity> policyEntities = user != null ? userGroupDAO.getAccessPoliciesForUser(userId).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()) : null;
    final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userId;
    final UserDTO snapshot = deleteComponent(revision, new Resource() {

        @Override
        public String getIdentifier() {
            return resourceIdentifier;
        }

        @Override
        public String getName() {
            return resourceIdentifier;
        }

        @Override
        public String getSafeDescription() {
            return "User " + userId;
        }
    }, () -> userDAO.deleteUser(userId), // no user specific policies to remove
    false, dtoFactory.createUserDto(user, userGroups, policyEntities));
    return entityFactory.createUserEntity(snapshot, null, permissions);
}
Also used : EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) ConnectionDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ConnectionDiagnosticsDTO) FlowComparison(org.apache.nifi.registry.flow.diff.FlowComparison) ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess) VersionedFlowSnapshotMetadata(org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) Scope(org.apache.nifi.components.state.Scope) ControllerFacade(org.apache.nifi.web.controller.ControllerFacade) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) Map(java.util.Map) UserGroupDAO(org.apache.nifi.web.dao.UserGroupDAO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Connection(org.apache.nifi.connectable.Connection) RevisionUpdate(org.apache.nifi.web.revision.RevisionUpdate) BulletinDTO(org.apache.nifi.web.api.dto.BulletinDTO) FlowDifferenceFilters(org.apache.nifi.util.FlowDifferenceFilters) NodeEvent(org.apache.nifi.cluster.event.NodeEvent) VersionedFlowDTO(org.apache.nifi.web.api.dto.VersionedFlowDTO) RemoteProcessGroupPortDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO) ComponentReferenceEntity(org.apache.nifi.web.api.entity.ComponentReferenceEntity) PortDTO(org.apache.nifi.web.api.dto.PortDTO) UserDTO(org.apache.nifi.web.api.dto.UserDTO) Stream(java.util.stream.Stream) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) InstantiatedVersionedProcessor(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessor) ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO) ProcessorDiagnosticsEntity(org.apache.nifi.web.api.entity.ProcessorDiagnosticsEntity) RegistryDAO(org.apache.nifi.web.dao.RegistryDAO) UserEntity(org.apache.nifi.web.api.entity.UserEntity) CountersSnapshotDTO(org.apache.nifi.web.api.dto.CountersSnapshotDTO) SnippetUtils(org.apache.nifi.web.util.SnippetUtils) RemoteProcessGroupStatusEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupStatusEntity) PreviousValue(org.apache.nifi.history.PreviousValue) StandardComparableDataFlow(org.apache.nifi.registry.flow.diff.StandardComparableDataFlow) ConnectionDAO(org.apache.nifi.web.dao.ConnectionDAO) ProvenanceEventDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Supplier(java.util.function.Supplier) CollectionUtils(org.apache.commons.collections4.CollectionUtils) LineageDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO) LinkedHashMap(java.util.LinkedHashMap) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) ProcessGroupCounts(org.apache.nifi.groups.ProcessGroupCounts) VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) RegistryDTO(org.apache.nifi.web.api.dto.RegistryDTO) ProvenanceDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceDTO) ClusterRoles(org.apache.nifi.cluster.coordination.node.ClusterRoles) VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState) FlowConfigurationEntity(org.apache.nifi.web.api.entity.FlowConfigurationEntity) ContentDirection(org.apache.nifi.controller.repository.claim.ContentDirection) PortDAO(org.apache.nifi.web.dao.PortDAO) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) RequestAction(org.apache.nifi.authorization.RequestAction) IOException(java.io.IOException) CountersDTO(org.apache.nifi.web.api.dto.CountersDTO) VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot) NiFiRegistryFlowMapper(org.apache.nifi.registry.flow.mapping.NiFiRegistryFlowMapper) HistoryDTO(org.apache.nifi.web.api.dto.action.HistoryDTO) SystemDiagnosticsDTO(org.apache.nifi.web.api.dto.SystemDiagnosticsDTO) ControllerServiceDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ControllerServiceDiagnosticsDTO) BulletinFactory(org.apache.nifi.events.BulletinFactory) VersionedFlowSnapshotMetadataEntity(org.apache.nifi.web.api.entity.VersionedFlowSnapshotMetadataEntity) ProcessorStatusEntity(org.apache.nifi.web.api.entity.ProcessorStatusEntity) ComponentStateDTO(org.apache.nifi.web.api.dto.ComponentStateDTO) UserDAO(org.apache.nifi.web.dao.UserDAO) RemoteProcessGroupDAO(org.apache.nifi.web.dao.RemoteProcessGroupDAO) UnknownNodeException(org.apache.nifi.cluster.manager.exception.UnknownNodeException) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity) BucketEntity(org.apache.nifi.web.api.entity.BucketEntity) ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity) DisconnectionCode(org.apache.nifi.cluster.coordination.node.DisconnectionCode) ProcessGroup(org.apache.nifi.groups.ProcessGroup) BulletinQueryDTO(org.apache.nifi.web.api.dto.BulletinQueryDTO) ListIterator(java.util.ListIterator) Date(java.util.Date) ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO) RegistryClientEntity(org.apache.nifi.web.api.entity.RegistryClientEntity) SnippetDAO(org.apache.nifi.web.dao.SnippetDAO) StandardFlowComparator(org.apache.nifi.registry.flow.diff.StandardFlowComparator) ControllerConfigurationEntity(org.apache.nifi.web.api.entity.ControllerConfigurationEntity) LabelDTO(org.apache.nifi.web.api.dto.LabelDTO) ControllerConfigurationDTO(org.apache.nifi.web.api.dto.ControllerConfigurationDTO) InstantiatedVersionedRemoteGroupPort(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedRemoteGroupPort) ControllerStatusDTO(org.apache.nifi.web.api.dto.status.ControllerStatusDTO) UpdateRevisionTask(org.apache.nifi.web.revision.UpdateRevisionTask) VersionedComponent(org.apache.nifi.registry.flow.VersionedComponent) Label(org.apache.nifi.controller.label.Label) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ControllerServiceReferencingComponentDTO(org.apache.nifi.web.api.dto.ControllerServiceReferencingComponentDTO) RequiredPermission(org.apache.nifi.components.RequiredPermission) EntityFactory(org.apache.nifi.web.api.dto.EntityFactory) Collection(java.util.Collection) RemoteProcessGroupPortEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity) RevisionManager(org.apache.nifi.web.revision.RevisionManager) UUID(java.util.UUID) Snippet(org.apache.nifi.controller.Snippet) PortEntity(org.apache.nifi.web.api.entity.PortEntity) Collectors(java.util.stream.Collectors) ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory) StateMap(org.apache.nifi.components.state.StateMap) Objects(java.util.Objects) Response(javax.ws.rs.core.Response) ComponentReferenceDTO(org.apache.nifi.web.api.dto.ComponentReferenceDTO) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState) ConnectionStatusDTO(org.apache.nifi.web.api.dto.status.ConnectionStatusDTO) ReportingTaskDTO(org.apache.nifi.web.api.dto.ReportingTaskDTO) AuditService(org.apache.nifi.admin.service.AuditService) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) ReportingTaskDAO(org.apache.nifi.web.dao.ReportingTaskDAO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) ProcessorNode(org.apache.nifi.controller.ProcessorNode) Bucket(org.apache.nifi.registry.bucket.Bucket) NodeHeartbeat(org.apache.nifi.cluster.coordination.heartbeat.NodeHeartbeat) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusDTO) Group(org.apache.nifi.authorization.Group) Function(java.util.function.Function) FlowRegistry(org.apache.nifi.registry.flow.FlowRegistry) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO) ControllerServiceReferencingComponentEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity) VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) ValidationResult(org.apache.nifi.components.ValidationResult) ComponentDifferenceDTO(org.apache.nifi.web.api.dto.ComponentDifferenceDTO) Logger(org.slf4j.Logger) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) PropertyHistoryDTO(org.apache.nifi.web.api.dto.PropertyHistoryDTO) FlowFileDTO(org.apache.nifi.web.api.dto.FlowFileDTO) VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity) VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow) IllegalNodeDeletionException(org.apache.nifi.cluster.manager.exception.IllegalNodeDeletionException) DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO) LabelEntity(org.apache.nifi.web.api.entity.LabelEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) BulletinRepository(org.apache.nifi.reporting.BulletinRepository) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) NodeDTO(org.apache.nifi.web.api.dto.NodeDTO) Operation(org.apache.nifi.action.Operation) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) Comparator(java.util.Comparator) CounterDTO(org.apache.nifi.web.api.dto.CounterDTO) InstantiatedVersionedComponent(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedComponent) Arrays(java.util.Arrays) StatusHistoryEntity(org.apache.nifi.web.api.entity.StatusHistoryEntity) FlowChangePurgeDetails(org.apache.nifi.action.details.FlowChangePurgeDetails) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusSnapshotDTO) ControllerServiceDAO(org.apache.nifi.web.dao.ControllerServiceDAO) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) PropertyDescriptorDTO(org.apache.nifi.web.api.dto.PropertyDescriptorDTO) FunnelDAO(org.apache.nifi.web.dao.FunnelDAO) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) RootGroupPort(org.apache.nifi.remote.RootGroupPort) BulletinQuery(org.apache.nifi.reporting.BulletinQuery) Connectable(org.apache.nifi.connectable.Connectable) Bulletin(org.apache.nifi.reporting.Bulletin) FunnelDTO(org.apache.nifi.web.api.dto.FunnelDTO) ProcessorStatus(org.apache.nifi.controller.status.ProcessorStatus) HistoryQueryDTO(org.apache.nifi.web.api.dto.action.HistoryQueryDTO) ControllerServiceReferencingComponentsEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity) FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) AccessPolicyDAO(org.apache.nifi.web.dao.AccessPolicyDAO) ProcessGroupStatus(org.apache.nifi.controller.status.ProcessGroupStatus) History(org.apache.nifi.history.History) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity) Set(java.util.Set) BulletinBoardDTO(org.apache.nifi.web.api.dto.BulletinBoardDTO) VersionedFlowCoordinates(org.apache.nifi.registry.flow.VersionedFlowCoordinates) FlowController(org.apache.nifi.controller.FlowController) ProcessorDAO(org.apache.nifi.web.dao.ProcessorDAO) StandardCharsets(java.nio.charset.StandardCharsets) FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity) ScheduledState(org.apache.nifi.controller.ScheduledState) WebApplicationException(javax.ws.rs.WebApplicationException) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) RemoteProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO) ControllerBulletinsEntity(org.apache.nifi.web.api.entity.ControllerBulletinsEntity) Resource(org.apache.nifi.authorization.Resource) FlowComparator(org.apache.nifi.registry.flow.diff.FlowComparator) StaticDifferenceDescriptor(org.apache.nifi.registry.flow.diff.StaticDifferenceDescriptor) LeaderElectionManager(org.apache.nifi.controller.leader.election.LeaderElectionManager) Counter(org.apache.nifi.controller.Counter) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TemplateDAO(org.apache.nifi.web.dao.TemplateDAO) ArrayList(java.util.ArrayList) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentType(org.apache.nifi.reporting.ComponentType) ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) NodeConnectionState(org.apache.nifi.cluster.coordination.node.NodeConnectionState) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) VersionControlComponentMappingEntity(org.apache.nifi.web.api.entity.VersionControlComponentMappingEntity) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) NodeConnectionStatus(org.apache.nifi.cluster.coordination.node.NodeConnectionStatus) LinkedHashSet(java.util.LinkedHashSet) DocumentedTypeDTO(org.apache.nifi.web.api.dto.DocumentedTypeDTO) FlowConfigurationDTO(org.apache.nifi.web.api.dto.FlowConfigurationDTO) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) ProvenanceOptionsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceOptionsDTO) LabelDAO(org.apache.nifi.web.dao.LabelDAO) InstantiatedVersionedControllerService(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedControllerService) StartVersionControlRequestEntity(org.apache.nifi.web.api.entity.StartVersionControlRequestEntity) ComponentDTO(org.apache.nifi.web.api.dto.ComponentDTO) Authorizer(org.apache.nifi.authorization.Authorizer) NiFiProperties(org.apache.nifi.util.NiFiProperties) ComponentHistoryDTO(org.apache.nifi.web.api.dto.ComponentHistoryDTO) BulletinEntity(org.apache.nifi.web.api.entity.BulletinEntity) VersionedFlowEntity(org.apache.nifi.web.api.entity.VersionedFlowEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Permissions(org.apache.nifi.registry.authorization.Permissions) PreviousValueDTO(org.apache.nifi.web.api.dto.PreviousValueDTO) ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO) LoggerFactory(org.slf4j.LoggerFactory) Port(org.apache.nifi.connectable.Port) ProcessGroupStatusEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusEntity) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity) UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) ConnectionStatusEntity(org.apache.nifi.web.api.entity.ConnectionStatusEntity) JVMDiagnosticsSnapshotDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsSnapshotDTO) ProcessGroupStatusSnapshotEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusSnapshotEntity) DifferenceType(org.apache.nifi.registry.flow.diff.DifferenceType) AccessPolicySummaryDTO(org.apache.nifi.web.api.dto.AccessPolicySummaryDTO) NodeProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.NodeProcessGroupStatusSnapshotDTO) VersionedConnection(org.apache.nifi.registry.flow.VersionedConnection) Template(org.apache.nifi.controller.Template) FlowRegistryClient(org.apache.nifi.registry.flow.FlowRegistryClient) BucketDTO(org.apache.nifi.web.api.dto.BucketDTO) ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO) ReportingTaskEntity(org.apache.nifi.web.api.entity.ReportingTaskEntity) Predicate(java.util.function.Predicate) Sets(com.google.common.collect.Sets) User(org.apache.nifi.authorization.User) JVMDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsDTO) SystemDiagnostics(org.apache.nifi.diagnostics.SystemDiagnostics) List(java.util.List) Result(org.apache.nifi.authorization.AuthorizationResult.Result) VersionControlInformation(org.apache.nifi.registry.flow.VersionControlInformation) StatusHistoryDTO(org.apache.nifi.web.api.dto.status.StatusHistoryDTO) HeartbeatMonitor(org.apache.nifi.cluster.coordination.heartbeat.HeartbeatMonitor) Optional(java.util.Optional) Action(org.apache.nifi.action.Action) Funnel(org.apache.nifi.connectable.Funnel) ClusterDTO(org.apache.nifi.web.api.dto.ClusterDTO) VariableEntity(org.apache.nifi.web.api.entity.VariableEntity) HashMap(java.util.HashMap) ConciseEvolvingDifferenceDescriptor(org.apache.nifi.registry.flow.diff.ConciseEvolvingDifferenceDescriptor) ResourceDTO(org.apache.nifi.web.api.dto.ResourceDTO) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) HistoryQuery(org.apache.nifi.history.HistoryQuery) ExpiredRevisionClaimException(org.apache.nifi.web.revision.ExpiredRevisionClaimException) PortStatusDTO(org.apache.nifi.web.api.dto.status.PortStatusDTO) ComparableDataFlow(org.apache.nifi.registry.flow.diff.ComparableDataFlow) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) Validator(org.apache.nifi.components.Validator) PortStatusEntity(org.apache.nifi.web.api.entity.PortStatusEntity) ControllerDTO(org.apache.nifi.web.api.dto.ControllerDTO) ProcessorDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ProcessorDiagnosticsDTO) ComponentVariableRegistry(org.apache.nifi.registry.ComponentVariableRegistry) FlowDifference(org.apache.nifi.registry.flow.diff.FlowDifference) ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity) UserContextKeys(org.apache.nifi.authorization.UserContextKeys) VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) DeleteRevisionTask(org.apache.nifi.web.revision.DeleteRevisionTask) Component(org.apache.nifi.action.Component) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) SearchResultsDTO(org.apache.nifi.web.api.dto.search.SearchResultsDTO) RegistryEntity(org.apache.nifi.web.api.entity.RegistryEntity) Collections(java.util.Collections) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) User(org.apache.nifi.authorization.User) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) UserDTO(org.apache.nifi.web.api.dto.UserDTO) EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity)

Example 2 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method deleteProcessGroup.

@Override
public ProcessGroupEntity deleteProcessGroup(final Revision revision, final String groupId) {
    final ProcessGroup processGroup = processGroupDAO.getProcessGroup(groupId);
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroup);
    // grab the resources in the snippet so we can delete the policies afterwards
    final Set<Resource> groupResources = new HashSet<>();
    processGroup.findAllProcessors().forEach(processor -> groupResources.add(processor.getResource()));
    processGroup.findAllInputPorts().forEach(inputPort -> groupResources.add(inputPort.getResource()));
    processGroup.findAllOutputPorts().forEach(outputPort -> groupResources.add(outputPort.getResource()));
    processGroup.findAllFunnels().forEach(funnel -> groupResources.add(funnel.getResource()));
    processGroup.findAllLabels().forEach(label -> groupResources.add(label.getResource()));
    processGroup.findAllProcessGroups().forEach(childGroup -> groupResources.add(childGroup.getResource()));
    processGroup.findAllRemoteProcessGroups().forEach(remoteProcessGroup -> groupResources.add(remoteProcessGroup.getResource()));
    processGroup.findAllTemplates().forEach(template -> groupResources.add(template.getResource()));
    processGroup.findAllControllerServices().forEach(controllerService -> groupResources.add(controllerService.getResource()));
    final ProcessGroupDTO snapshot = deleteComponent(revision, processGroup.getResource(), () -> processGroupDAO.deleteProcessGroup(groupId), true, dtoFactory.createProcessGroupDto(processGroup));
    // delete all applicable component policies
    groupResources.forEach(groupResource -> cleanUpPolicies(groupResource));
    return entityFactory.createProcessGroupEntity(snapshot, null, permissions, null, null);
}
Also used : PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) ProcessGroup(org.apache.nifi.groups.ProcessGroup) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 3 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method deleteSnippet.

@Override
public SnippetEntity deleteSnippet(final Set<Revision> revisions, final String snippetId) {
    final Snippet snippet = snippetDAO.getSnippet(snippetId);
    // grab the resources in the snippet so we can delete the policies afterwards
    final Set<Resource> snippetResources = new HashSet<>();
    snippet.getProcessors().keySet().forEach(id -> snippetResources.add(processorDAO.getProcessor(id).getResource()));
    snippet.getInputPorts().keySet().forEach(id -> snippetResources.add(inputPortDAO.getPort(id).getResource()));
    snippet.getOutputPorts().keySet().forEach(id -> snippetResources.add(outputPortDAO.getPort(id).getResource()));
    snippet.getFunnels().keySet().forEach(id -> snippetResources.add(funnelDAO.getFunnel(id).getResource()));
    snippet.getLabels().keySet().forEach(id -> snippetResources.add(labelDAO.getLabel(id).getResource()));
    snippet.getRemoteProcessGroups().keySet().forEach(id -> snippetResources.add(remoteProcessGroupDAO.getRemoteProcessGroup(id).getResource()));
    snippet.getProcessGroups().keySet().forEach(id -> {
        final ProcessGroup processGroup = processGroupDAO.getProcessGroup(id);
        // add the process group
        snippetResources.add(processGroup.getResource());
        // add each encapsulated component
        processGroup.findAllProcessors().forEach(processor -> snippetResources.add(processor.getResource()));
        processGroup.findAllInputPorts().forEach(inputPort -> snippetResources.add(inputPort.getResource()));
        processGroup.findAllOutputPorts().forEach(outputPort -> snippetResources.add(outputPort.getResource()));
        processGroup.findAllFunnels().forEach(funnel -> snippetResources.add(funnel.getResource()));
        processGroup.findAllLabels().forEach(label -> snippetResources.add(label.getResource()));
        processGroup.findAllProcessGroups().forEach(childGroup -> snippetResources.add(childGroup.getResource()));
        processGroup.findAllRemoteProcessGroups().forEach(remoteProcessGroup -> snippetResources.add(remoteProcessGroup.getResource()));
        processGroup.findAllTemplates().forEach(template -> snippetResources.add(template.getResource()));
        processGroup.findAllControllerServices().forEach(controllerService -> snippetResources.add(controllerService.getResource()));
    });
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final RevisionClaim claim = new StandardRevisionClaim(revisions);
    final SnippetDTO dto = revisionManager.deleteRevision(claim, user, new DeleteRevisionTask<SnippetDTO>() {

        @Override
        public SnippetDTO performTask() {
            // delete the components in the snippet
            snippetDAO.deleteSnippetComponents(snippetId);
            // drop the snippet
            snippetDAO.dropSnippet(snippetId);
            // save
            controllerFacade.save();
            // create the dto for the snippet that was just removed
            return dtoFactory.createSnippetDto(snippet);
        }
    });
    // clean up component policies
    snippetResources.forEach(resource -> cleanUpPolicies(resource));
    return entityFactory.createSnippetEntity(dto);
}
Also used : FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) ProcessGroup(org.apache.nifi.groups.ProcessGroup) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) Snippet(org.apache.nifi.controller.Snippet) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 4 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class StandardNiFiServiceFacade method getAccessPolicy.

@Override
public AccessPolicyEntity getAccessPolicy(final RequestAction requestAction, final String resource) {
    Authorizable authorizable;
    try {
        authorizable = authorizableLookup.getAuthorizableFromResource(resource);
    } catch (final ResourceNotFoundException e) {
        // unable to find the underlying authorizable... user authorized based on top level /policies... create
        // an anonymous authorizable to attempt to locate an existing policy for this resource
        authorizable = new Authorizable() {

            @Override
            public Authorizable getParentAuthorizable() {
                return null;
            }

            @Override
            public Resource getResource() {
                return new Resource() {

                    @Override
                    public String getIdentifier() {
                        return resource;
                    }

                    @Override
                    public String getName() {
                        return resource;
                    }

                    @Override
                    public String getSafeDescription() {
                        return "Policy " + resource;
                    }
                };
            }
        };
    }
    final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(requestAction, authorizable);
    return createAccessPolicyEntity(accessPolicy);
}
Also used : EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicy(org.apache.nifi.authorization.AccessPolicy)

Example 5 with Resource

use of org.apache.nifi.authorization.Resource in project nifi by apache.

the class ControllerFacade method getResources.

public List<Resource> getResources() {
    final List<Resource> resources = new ArrayList<>();
    resources.add(ResourceFactory.getFlowResource());
    resources.add(ResourceFactory.getSystemResource());
    resources.add(ResourceFactory.getControllerResource());
    resources.add(ResourceFactory.getCountersResource());
    resources.add(ResourceFactory.getProvenanceResource());
    resources.add(ResourceFactory.getPoliciesResource());
    resources.add(ResourceFactory.getTenantResource());
    resources.add(ResourceFactory.getProxyResource());
    resources.add(ResourceFactory.getResourceResource());
    resources.add(ResourceFactory.getSiteToSiteResource());
    // restricted components
    resources.add(ResourceFactory.getRestrictedComponentsResource());
    Arrays.stream(RequiredPermission.values()).forEach(requiredPermission -> resources.add(ResourceFactory.getRestrictedComponentsResource(requiredPermission)));
    final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
    // include the root group
    final Resource rootResource = root.getResource();
    resources.add(rootResource);
    resources.add(ResourceFactory.getDataResource(rootResource));
    resources.add(ResourceFactory.getPolicyResource(rootResource));
    // add each processor
    for (final ProcessorNode processor : root.findAllProcessors()) {
        final Resource processorResource = processor.getResource();
        resources.add(processorResource);
        resources.add(ResourceFactory.getDataResource(processorResource));
        resources.add(ResourceFactory.getPolicyResource(processorResource));
    }
    // add each label
    for (final Label label : root.findAllLabels()) {
        final Resource labelResource = label.getResource();
        resources.add(labelResource);
        resources.add(ResourceFactory.getPolicyResource(labelResource));
    }
    // add each process group
    for (final ProcessGroup processGroup : root.findAllProcessGroups()) {
        final Resource processGroupResource = processGroup.getResource();
        resources.add(processGroupResource);
        resources.add(ResourceFactory.getDataResource(processGroupResource));
        resources.add(ResourceFactory.getPolicyResource(processGroupResource));
    }
    // add each remote process group
    for (final RemoteProcessGroup remoteProcessGroup : root.findAllRemoteProcessGroups()) {
        final Resource remoteProcessGroupResource = remoteProcessGroup.getResource();
        resources.add(remoteProcessGroupResource);
        resources.add(ResourceFactory.getDataResource(remoteProcessGroupResource));
        resources.add(ResourceFactory.getPolicyResource(remoteProcessGroupResource));
    }
    // add each input port
    for (final Port inputPort : root.findAllInputPorts()) {
        final Resource inputPortResource = inputPort.getResource();
        resources.add(inputPortResource);
        resources.add(ResourceFactory.getDataResource(inputPortResource));
        resources.add(ResourceFactory.getPolicyResource(inputPortResource));
        if (inputPort instanceof RootGroupPort) {
            resources.add(ResourceFactory.getDataTransferResource(inputPortResource));
        }
    }
    // add each output port
    for (final Port outputPort : root.findAllOutputPorts()) {
        final Resource outputPortResource = outputPort.getResource();
        resources.add(outputPortResource);
        resources.add(ResourceFactory.getDataResource(outputPortResource));
        resources.add(ResourceFactory.getPolicyResource(outputPortResource));
        if (outputPort instanceof RootGroupPort) {
            resources.add(ResourceFactory.getDataTransferResource(outputPortResource));
        }
    }
    // add each controller service
    final Consumer<ControllerServiceNode> csConsumer = controllerService -> {
        final Resource controllerServiceResource = controllerService.getResource();
        resources.add(controllerServiceResource);
        resources.add(ResourceFactory.getPolicyResource(controllerServiceResource));
    };
    flowController.getAllControllerServices().forEach(csConsumer);
    root.findAllControllerServices().forEach(csConsumer);
    // add each reporting task
    for (final ReportingTaskNode reportingTask : flowController.getAllReportingTasks()) {
        final Resource reportingTaskResource = reportingTask.getResource();
        resources.add(reportingTaskResource);
        resources.add(ResourceFactory.getPolicyResource(reportingTaskResource));
    }
    // add each template
    for (final Template template : root.findAllTemplates()) {
        final Resource templateResource = template.getResource();
        resources.add(templateResource);
        resources.add(ResourceFactory.getPolicyResource(templateResource));
    }
    return resources;
}
Also used : Bundle(org.apache.nifi.bundle.Bundle) Arrays(java.util.Arrays) SearchableFields(org.apache.nifi.provenance.SearchableFields) StringUtils(org.apache.commons.lang3.StringUtils) QueueSize(org.apache.nifi.controller.queue.QueueSize) ClassUtils(org.apache.commons.lang3.ClassUtils) ROOT_GROUP_ID_ALIAS(org.apache.nifi.controller.FlowController.ROOT_GROUP_ID_ALIAS) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) Map(java.util.Map) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) ProvenanceRepository(org.apache.nifi.provenance.ProvenanceRepository) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Connectable(org.apache.nifi.connectable.Connectable) Connection(org.apache.nifi.connectable.Connection) ProcessorStatus(org.apache.nifi.controller.status.ProcessorStatus) FlowFilePrioritizer(org.apache.nifi.flowfile.FlowFilePrioritizer) ProcessGroupStatus(org.apache.nifi.controller.status.ProcessGroupStatus) Set(java.util.Set) FlowController(org.apache.nifi.controller.FlowController) VariableRegistry(org.apache.nifi.registry.VariableRegistry) AttributeDTO(org.apache.nifi.web.api.dto.provenance.AttributeDTO) ControllerService(org.apache.nifi.controller.ControllerService) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) WebApplicationException(javax.ws.rs.WebApplicationException) ExtensionManager(org.apache.nifi.nar.ExtensionManager) ConnectionStatus(org.apache.nifi.controller.status.ConnectionStatus) ComponentStatusRepository(org.apache.nifi.controller.status.history.ComponentStatusRepository) LineageRequestDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageRequestDTO) ProvenanceRequestDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceRequestDTO) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) Resource(org.apache.nifi.authorization.Resource) Counter(org.apache.nifi.controller.Counter) ProvenanceEventDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) CollectionUtils(org.apache.commons.collections4.CollectionUtils) TreeSet(java.util.TreeSet) LineageDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO) ArrayList(java.util.ArrayList) ContentAvailability(org.apache.nifi.controller.ContentAvailability) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) Relationship(org.apache.nifi.processor.Relationship) ProvenanceEventRecord(org.apache.nifi.provenance.ProvenanceEventRecord) ControllerServiceProvider(org.apache.nifi.controller.service.ControllerServiceProvider) ProcessGroupCounts(org.apache.nifi.groups.ProcessGroupCounts) ProvenanceDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceDTO) Collator(java.text.Collator) DocumentedTypeDTO(org.apache.nifi.web.api.dto.DocumentedTypeDTO) ContentDirection(org.apache.nifi.controller.repository.claim.ContentDirection) RequestAction(org.apache.nifi.authorization.RequestAction) ProvenanceOptionsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceOptionsDTO) IOException(java.io.IOException) Authorizer(org.apache.nifi.authorization.Authorizer) NiFiProperties(org.apache.nifi.util.NiFiProperties) ReportingTask(org.apache.nifi.reporting.ReportingTask) CoreAttributes(org.apache.nifi.flowfile.attributes.CoreAttributes) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) ProcessGroup(org.apache.nifi.groups.ProcessGroup) SortedSet(java.util.SortedSet) BundleCoordinate(org.apache.nifi.bundle.BundleCoordinate) Query(org.apache.nifi.provenance.search.Query) Date(java.util.Date) LoggerFactory(org.slf4j.LoggerFactory) Port(org.apache.nifi.connectable.Port) FlowService(org.apache.nifi.services.FlowService) BundleDTO(org.apache.nifi.web.api.dto.BundleDTO) ControllerStatusDTO(org.apache.nifi.web.api.dto.status.ControllerStatusDTO) Locale(java.util.Locale) SearchableField(org.apache.nifi.provenance.search.SearchableField) Template(org.apache.nifi.controller.Template) Label(org.apache.nifi.controller.label.Label) ProvenanceSearchableFieldDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceSearchableFieldDTO) Authorizable(org.apache.nifi.authorization.resource.Authorizable) RequiredPermission(org.apache.nifi.components.RequiredPermission) TimeZone(java.util.TimeZone) Collection(java.util.Collection) BundleUtils(org.apache.nifi.util.BundleUtils) Collectors(java.util.stream.Collectors) ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory) Processor(org.apache.nifi.processor.Processor) SystemDiagnostics(org.apache.nifi.diagnostics.SystemDiagnostics) List(java.util.List) Result(org.apache.nifi.authorization.AuthorizationResult.Result) StatusHistoryDTO(org.apache.nifi.web.api.dto.status.StatusHistoryDTO) ProvenanceResultsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceResultsDTO) SearchTerms(org.apache.nifi.provenance.search.SearchTerms) ProcessorNode(org.apache.nifi.controller.ProcessorNode) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) HashMap(java.util.HashMap) Function(java.util.function.Function) HashSet(java.util.HashSet) QueryResult(org.apache.nifi.provenance.search.QueryResult) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) SearchTerm(org.apache.nifi.provenance.search.SearchTerm) QuerySubmission(org.apache.nifi.provenance.search.QuerySubmission) ContentNotFoundException(org.apache.nifi.controller.repository.ContentNotFoundException) Logger(org.slf4j.Logger) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) ProcessorDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ProcessorDiagnosticsDTO) TimeUnit(java.util.concurrent.TimeUnit) Consumer(java.util.function.Consumer) RemoteProcessGroupStatus(org.apache.nifi.controller.status.RemoteProcessGroupStatus) NiFiCoreException(org.apache.nifi.web.NiFiCoreException) ComputeLineageSubmission(org.apache.nifi.provenance.lineage.ComputeLineageSubmission) FormatUtils(org.apache.nifi.util.FormatUtils) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) PortStatus(org.apache.nifi.controller.status.PortStatus) SearchResultsDTO(org.apache.nifi.web.api.dto.search.SearchResultsDTO) BulletinRepository(org.apache.nifi.reporting.BulletinRepository) DownloadableContent(org.apache.nifi.web.DownloadableContent) LineageRequestType(org.apache.nifi.web.api.dto.provenance.lineage.LineageRequestDTO.LineageRequestType) Comparator(java.util.Comparator) Collections(java.util.Collections) InputStream(java.io.InputStream) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) RootGroupPort(org.apache.nifi.remote.RootGroupPort) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Port(org.apache.nifi.connectable.Port) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) Resource(org.apache.nifi.authorization.Resource) ArrayList(java.util.ArrayList) Label(org.apache.nifi.controller.label.Label) Template(org.apache.nifi.controller.Template) ProcessorNode(org.apache.nifi.controller.ProcessorNode) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) ProcessGroup(org.apache.nifi.groups.ProcessGroup)

Aggregations

Resource (org.apache.nifi.authorization.Resource)14 EnforcePolicyPermissionsThroughBaseResource (org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource)8 AccessPolicy (org.apache.nifi.authorization.AccessPolicy)7 ArrayList (java.util.ArrayList)6 HashSet (java.util.HashSet)6 RequestAction (org.apache.nifi.authorization.RequestAction)6 HashMap (java.util.HashMap)5 LinkedHashSet (java.util.LinkedHashSet)5 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)5 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)5 IOException (java.io.IOException)4 WebApplicationException (javax.ws.rs.WebApplicationException)4 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)4 ProcessGroup (org.apache.nifi.groups.ProcessGroup)4 RemoteProcessGroup (org.apache.nifi.groups.RemoteProcessGroup)4 VersionedProcessGroup (org.apache.nifi.registry.flow.VersionedProcessGroup)4 Arrays (java.util.Arrays)3 Collection (java.util.Collection)3 Collections (java.util.Collections)3 Comparator (java.util.Comparator)3