Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Example 56 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessGroupResource method createInputPort.

// -----------
// input ports
// -----------
/**
 * Creates a new input port.
 *
 * @param httpServletRequest request
 * @param groupId            The group id
 * @param requestPortEntity         A inputPortEntity.
 * @return A inputPortEntity.
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/input-ports")
@ApiOperation(value = "Creates an input port", response = PortEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createInputPort(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") final String groupId, @ApiParam(value = "The input port configuration details.", required = true) final PortEntity requestPortEntity) {
    if (requestPortEntity == null || requestPortEntity.getComponent() == null) {
        throw new IllegalArgumentException("Port details must be specified.");
    }
    if (requestPortEntity.getRevision() == null || (requestPortEntity.getRevision().getVersion() == null || requestPortEntity.getRevision().getVersion() != 0)) {
        throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Input port.");
    }
    if (requestPortEntity.getComponent().getId() != null) {
        throw new IllegalArgumentException("Input port ID cannot be specified.");
    }
    final PositionDTO proposedPosition = requestPortEntity.getComponent().getPosition();
    if (proposedPosition != null) {
        if (proposedPosition.getX() == null || proposedPosition.getY() == null) {
            throw new IllegalArgumentException("The x and y coordinate of the proposed position must be specified.");
        }
    }
    if (requestPortEntity.getComponent().getParentGroupId() != null && !groupId.equals(requestPortEntity.getComponent().getParentGroupId())) {
        throw new IllegalArgumentException(String.format("If specified, the parent process group id %s must be the same as specified in the URI %s", requestPortEntity.getComponent().getParentGroupId(), groupId));
    }
    requestPortEntity.getComponent().setParentGroupId(groupId);
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST, requestPortEntity);
    }
    return withWriteLock(serviceFacade, requestPortEntity, lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, portEntity -> {
        // set the processor id as appropriate
        portEntity.getComponent().setId(generateUuid());
        // create the input port and generate the json
        final Revision revision = getRevision(portEntity, portEntity.getComponent().getId());
        final PortEntity entity = serviceFacade.createInputPort(revision, groupId, portEntity.getComponent());
        inputPortResource.populateRemainingInputPortEntityContent(entity);
        // build the response
        return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
    });
}

Example 57 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessorResource method getPropertyDescriptor.

/**
 * Returns the descriptor for the specified property.
 *
 * @param id           The id of the processor
 * @param propertyName The property
 * @return a propertyDescriptorEntity
 * @throws InterruptedException if interrupted
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/descriptors")
@ApiOperation(value = "Gets the descriptor for a processor property", response = PropertyDescriptorEntity.class, authorizations = { @Authorization(value = "Read - /processors/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getPropertyDescriptor(@ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The processor id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The property name.", required = true) @QueryParam("propertyName") final String propertyName) throws InterruptedException {
    // ensure the property name is specified
    if (propertyName == null) {
        throw new IllegalArgumentException("The property name must be specified.");
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processor = lookup.getProcessor(id).getAuthorizable();
        processor.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the property descriptor
    final PropertyDescriptorDTO descriptor = serviceFacade.getProcessorPropertyDescriptor(id, propertyName);
    // generate the response entity
    final PropertyDescriptorEntity entity = new PropertyDescriptorEntity();
    entity.setPropertyDescriptor(descriptor);
    // generate the response
    return generateOkResponse(entity).build();
}

Example 58 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessorResource method getProcessor.

/**
 * Retrieves the specified processor.
 *
 * @param id The id of the processor to retrieve.
 * @return A processorEntity.
 * @throws InterruptedException if interrupted
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
@ApiOperation(value = "Gets a processor", response = ProcessorEntity.class, authorizations = { @Authorization(value = "Read - /processors/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getProcessor(@ApiParam(value = "The processor id.", required = true) @PathParam("id") final String id) throws InterruptedException {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processor = lookup.getProcessor(id).getAuthorizable();
        processor.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the specified processor
    final ProcessorEntity entity = serviceFacade.getProcessor(id);
    populateRemainingProcessorEntityContent(entity);
    // generate the response
    return generateOkResponse(entity).build();
}

Example 59 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProcessorResource method clearState.

/**
 * Clears the state for a processor.
 *
 * @param httpServletRequest servlet request
 * @param id                 The id of the processor
 * @return a componentStateEntity
 * @throws InterruptedException if interrupted
 */
@POST
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/state/clear-requests")
@ApiOperation(value = "Clears the state for a processor", response = ComponentStateEntity.class, authorizations = { @Authorization(value = "Write - /processors/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response clearState(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The processor id.", required = true) @PathParam("id") final String id) throws InterruptedException {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST);
    }
    final ProcessorEntity requestProcessorEntity = new ProcessorEntity();
    requestProcessorEntity.setId(id);
    return withWriteLock(serviceFacade, requestProcessorEntity, lookup -> {
        final Authorizable processor = lookup.getProcessor(id).getAuthorizable();
        processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, () -> serviceFacade.verifyCanClearProcessorState(id), (processorEntity) -> {
        // get the component state
        serviceFacade.clearProcessorState(processorEntity.getId());
        // generate the response entity
        final ComponentStateEntity entity = new ComponentStateEntity();
        // generate the response
        return generateOkResponse(entity).build();
    });
}

Example 60 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ProvenanceResource method authorizeProvenanceRequest.

private void authorizeProvenanceRequest() {
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable provenance = lookup.getProvenance();
        provenance.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
}