Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Example 11 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method getUserGroup.

/**
 * Retrieves the specified user group.
 *
 * @param id The id of the user group to retrieve
 * @return An userGroupEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Gets a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { @Authorization(value = "Read - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getUserGroup(@ApiParam(value = "The user group id.", required = true) @PathParam("id") final String id) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the user group
    final UserGroupEntity entity = serviceFacade.getUserGroup(id);
    populateRemainingUserGroupEntityContent(entity);
    return generateOkResponse(entity).build();
}

Example 12 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method createUser.

/**
 * Creates a new user.
 *
 * @param httpServletRequest request
 * @param requestUserEntity         An userEntity.
 * @return An userEntity.
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("users")
@ApiOperation(value = "Creates a user", notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user configuration details.", required = true) final UserEntity requestUserEntity) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }
    if (requestUserEntity == null || requestUserEntity.getComponent() == null) {
        throw new IllegalArgumentException("User details must be specified.");
    }
    if (requestUserEntity.getRevision() == null || (requestUserEntity.getRevision().getVersion() == null || requestUserEntity.getRevision().getVersion() != 0)) {
        throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User.");
    }
    if (requestUserEntity.getComponent().getId() != null) {
        throw new IllegalArgumentException("User ID cannot be specified.");
    }
    if (StringUtils.isBlank(requestUserEntity.getComponent().getIdentity())) {
        throw new IllegalArgumentException("User identity must be specified.");
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST, requestUserEntity);
    }
    return withWriteLock(serviceFacade, requestUserEntity, lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, userEntity -> {
        // set the user id as appropriate
        userEntity.getComponent().setId(generateUuid());
        // get revision from the config
        final RevisionDTO revisionDTO = userEntity.getRevision();
        Revision revision = new Revision(revisionDTO.getVersion(), revisionDTO.getClientId(), userEntity.getComponent().getId());
        // create the user and generate the json
        final UserEntity entity = serviceFacade.createUser(revision, userEntity.getComponent());
        populateRemainingUserEntityContent(entity);
        // build the response
        return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
    });
}

Example 13 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method getUsers.

/**
 * Retrieves all the of users in this NiFi.
 *
 * @return A UsersEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("users")
@ApiOperation(value = "Gets all users", notes = NON_GUARANTEED_ENDPOINT, response = UsersEntity.class, authorizations = { @Authorization(value = "Read - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getUsers() {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get all the users
    final Set<UserEntity> users = serviceFacade.getUsers();
    // create the response entity
    final UsersEntity entity = new UsersEntity();
    entity.setGenerated(new Date());
    entity.setUsers(populateRemainingUserEntitiesContent(users));
    // generate the response
    return generateOkResponse(entity).build();
}

Example 14 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method updateUserGroup.

/**
 * Updates a user group.
 *
 * @param httpServletRequest request
 * @param id                 The id of the user group to update.
 * @param requestUserGroupEntity    An userGroupEntity.
 * @return An userGroupEntity.
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Updates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The user group configuration details.", required = true) final UserGroupEntity requestUserGroupEntity) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }
    if (requestUserGroupEntity == null || requestUserGroupEntity.getComponent() == null) {
        throw new IllegalArgumentException("User group details must be specified.");
    }
    if (requestUserGroupEntity.getRevision() == null) {
        throw new IllegalArgumentException("Revision must be specified.");
    }
    // ensure the ids are the same
    final UserGroupDTO requestUserGroupDTO = requestUserGroupEntity.getComponent();
    if (!id.equals(requestUserGroupDTO.getId())) {
        throw new IllegalArgumentException(String.format("The user group id (%s) in the request body does not equal the " + "user group id of the requested resource (%s).", requestUserGroupDTO.getId(), id));
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.PUT, requestUserGroupEntity);
    }
    // Extract the revision
    final Revision requestRevision = getRevision(requestUserGroupEntity, id);
    return withWriteLock(serviceFacade, requestUserGroupEntity, requestRevision, lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (revision, userGroupEntity) -> {
        // update the user group
        final UserGroupEntity entity = serviceFacade.updateUserGroup(revision, userGroupEntity.getComponent());
        populateRemainingUserGroupEntityContent(entity);
        return generateOkResponse(entity).build();
    });
}

Example 15 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class TenantsResource method removeUserGroup.

/**
 * Removes the specified user group.
 *
 * @param httpServletRequest request
 * @param version            The revision is used to verify the client is working with
 *                           the latest version of the flow.
 * @param clientId           Optional client id. If the client id is not specified, a
 *                           new one will be generated. This value (whether specified or generated) is
 *                           included in the response.
 * @param id                 The id of the user group to remove.
 * @return A entity containing the client id and an updated revision.
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Deletes a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response removeUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The revision is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String id) {
    // ensure we're running with a configurable authorizer
    if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
        throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    final UserGroupEntity requestUserGroupEntity = new UserGroupEntity();
    requestUserGroupEntity.setId(id);
    // handle expects request (usually from the cluster manager)
    final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
    return withWriteLock(serviceFacade, requestUserGroupEntity, requestRevision, lookup -> {
        final Authorizable tenants = lookup.getTenant();
        tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, null, (revision, userGroupEntity) -> {
        // delete the specified user group
        final UserGroupEntity entity = serviceFacade.deleteUserGroup(revision, userGroupEntity.getId());
        return generateOkResponse(entity).build();
    });
}