Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Example 6 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class SystemDiagnosticsResource method authorizeSystem.

private void authorizeSystem() {
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable system = lookup.getSystem();
        system.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
}

Example 7 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TemplateResource method removeTemplate.

/**
 * Removes the specified template.
 *
 * @param httpServletRequest request
 * @param id                 The id of the template to remove.
 * @return A templateEntity.
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Deletes a template", response = TemplateEntity.class, authorizations = { @Authorization(value = "Write - /templates/{uuid}"), @Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeTemplate(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The template id.", required = true) @PathParam("id") final String id) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    final TemplateEntity requestTemplateEntity = new TemplateEntity();
    requestTemplateEntity.setId(id);
    return withWriteLock(serviceFacade, requestTemplateEntity, lookup -> {
        final Authorizable template = lookup.getTemplate(id);
        // ensure write permission to the template
        template.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        // ensure write permission to the parent process group
        template.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (templateEntity) -> {
        // delete the specified template
        serviceFacade.deleteTemplate(templateEntity.getId());
        // build the response entity
        final TemplateEntity entity = new TemplateEntity();
        return generateOkResponse(entity).build();
    });
}

Example 8 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TemplateResource method exportTemplate.

/**
 * Retrieves the specified template.
 *
 * @param id The id of the template to retrieve
 * @return A templateEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_XML)
@Path("{id}/download")
@ApiOperation(value = "Exports a template", response = String.class, authorizations = { @Authorization(value = "Read - /templates/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response exportTemplate(@ApiParam(value = "The template id.", required = true) @PathParam("id") final String id) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable template = lookup.getTemplate(id);
        template.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the template
    final TemplateDTO template = serviceFacade.exportTemplate(id);
    // prune the template id
    template.setId(null);
    // determine the name of the attachement - possible issues with spaces in file names
    String attachmentName = template.getName();
    if (StringUtils.isBlank(attachmentName)) {
        attachmentName = "template";
    } else {
        attachmentName = attachmentName.replaceAll("\\s", "_");
    }
    // generate the response
    /*
         * Here instead of relying on default JAXB marshalling we are simply
         * serializing template to String (formatted, indented etc) and sending
         * it as part of the response.
         */
    String serializedTemplate = new String(TemplateSerializer.serialize(template), StandardCharsets.UTF_8);
    return generateOkResponse(serializedTemplate).header("Content-Disposition", String.format("attachment; filename=\"%s.xml\"", attachmentName)).build();
}

Example 9 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method removeUser.

/**
 * Removes the specified user.
 *
 * @param httpServletRequest request
 * @param version            The revision is used to verify the client is working with
 *                           the latest version of the flow.
 * @param clientId           Optional client id. If the client id is not specified, a
 *                           new one will be generated. This value (whether specified or generated) is
 *                           included in the response.
 * @param id                 The id of the user to remove.
 * @return A entity containing the client id and an updated revision.
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("users/{id}")
@ApiOperation(value = "Deletes a user", notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The user id.", required = true) @PathParam("id") final String id) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    final UserEntity requestUserEntity = new UserEntity();
    requestUserEntity.setId(id);
    // handle expects request (usually from the cluster manager)
    final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
    return withWriteLock(serviceFacade, requestUserEntity, requestRevision, lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (revision, userEntity) -> {
        // delete the specified user
        final UserEntity entity = serviceFacade.deleteUser(revision, userEntity.getId());
        return generateOkResponse(entity).build();
    });
}

Example 10 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method getUser.

/**
 * Retrieves the specified user.
 *
 * @param id The id of the user to retrieve
 * @return An userEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("users/{id}")
@ApiOperation(value = "Gets a user", notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { @Authorization(value = "Read - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getUser(@ApiParam(value = "The user id.", required = true) @PathParam("id") final String id) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the user
    final UserEntity entity = serviceFacade.getUser(id);
    populateRemainingUserEntityContent(entity);
    return generateOkResponse(entity).build();
}