Search in sources :

Example 31 with Permissions

use of org.apache.nifi.registry.authorization.Permissions in project nifi by apache.

the class StandardNiFiServiceFacade method deleteUserGroup.

@Override
public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) {
    final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
    final Set<TenantEntity> users = userGroup != null ? userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null;
    final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(userGroup.getIdentifier()).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
    final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userGroupId;
    final UserGroupDTO snapshot = deleteComponent(revision, new Resource() {

        @Override
        public String getIdentifier() {
            return resourceIdentifier;
        }

        @Override
        public String getName() {
            return resourceIdentifier;
        }

        @Override
        public String getSafeDescription() {
            return "User Group " + userGroupId;
        }
    }, () -> userGroupDAO.deleteUserGroup(userGroupId), // no user group specific policies to remove
    false, dtoFactory.createUserGroupDto(userGroup, users, policyEntities));
    return entityFactory.createUserGroupEntity(snapshot, null, permissions);
}
Also used : EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) ConnectionDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ConnectionDiagnosticsDTO) FlowComparison(org.apache.nifi.registry.flow.diff.FlowComparison) ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess) VersionedFlowSnapshotMetadata(org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) Scope(org.apache.nifi.components.state.Scope) ControllerFacade(org.apache.nifi.web.controller.ControllerFacade) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) Map(java.util.Map) UserGroupDAO(org.apache.nifi.web.dao.UserGroupDAO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Connection(org.apache.nifi.connectable.Connection) RevisionUpdate(org.apache.nifi.web.revision.RevisionUpdate) BulletinDTO(org.apache.nifi.web.api.dto.BulletinDTO) FlowDifferenceFilters(org.apache.nifi.util.FlowDifferenceFilters) NodeEvent(org.apache.nifi.cluster.event.NodeEvent) VersionedFlowDTO(org.apache.nifi.web.api.dto.VersionedFlowDTO) RemoteProcessGroupPortDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO) ComponentReferenceEntity(org.apache.nifi.web.api.entity.ComponentReferenceEntity) PortDTO(org.apache.nifi.web.api.dto.PortDTO) UserDTO(org.apache.nifi.web.api.dto.UserDTO) Stream(java.util.stream.Stream) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) InstantiatedVersionedProcessor(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessor) ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO) ProcessorDiagnosticsEntity(org.apache.nifi.web.api.entity.ProcessorDiagnosticsEntity) RegistryDAO(org.apache.nifi.web.dao.RegistryDAO) UserEntity(org.apache.nifi.web.api.entity.UserEntity) CountersSnapshotDTO(org.apache.nifi.web.api.dto.CountersSnapshotDTO) SnippetUtils(org.apache.nifi.web.util.SnippetUtils) RemoteProcessGroupStatusEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupStatusEntity) PreviousValue(org.apache.nifi.history.PreviousValue) StandardComparableDataFlow(org.apache.nifi.registry.flow.diff.StandardComparableDataFlow) ConnectionDAO(org.apache.nifi.web.dao.ConnectionDAO) ProvenanceEventDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Supplier(java.util.function.Supplier) CollectionUtils(org.apache.commons.collections4.CollectionUtils) LineageDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO) LinkedHashMap(java.util.LinkedHashMap) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) ProcessGroupCounts(org.apache.nifi.groups.ProcessGroupCounts) VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) RegistryDTO(org.apache.nifi.web.api.dto.RegistryDTO) ProvenanceDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceDTO) ClusterRoles(org.apache.nifi.cluster.coordination.node.ClusterRoles) VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState) FlowConfigurationEntity(org.apache.nifi.web.api.entity.FlowConfigurationEntity) ContentDirection(org.apache.nifi.controller.repository.claim.ContentDirection) PortDAO(org.apache.nifi.web.dao.PortDAO) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) RequestAction(org.apache.nifi.authorization.RequestAction) IOException(java.io.IOException) CountersDTO(org.apache.nifi.web.api.dto.CountersDTO) VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot) NiFiRegistryFlowMapper(org.apache.nifi.registry.flow.mapping.NiFiRegistryFlowMapper) HistoryDTO(org.apache.nifi.web.api.dto.action.HistoryDTO) SystemDiagnosticsDTO(org.apache.nifi.web.api.dto.SystemDiagnosticsDTO) ControllerServiceDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ControllerServiceDiagnosticsDTO) BulletinFactory(org.apache.nifi.events.BulletinFactory) VersionedFlowSnapshotMetadataEntity(org.apache.nifi.web.api.entity.VersionedFlowSnapshotMetadataEntity) ProcessorStatusEntity(org.apache.nifi.web.api.entity.ProcessorStatusEntity) ComponentStateDTO(org.apache.nifi.web.api.dto.ComponentStateDTO) UserDAO(org.apache.nifi.web.dao.UserDAO) RemoteProcessGroupDAO(org.apache.nifi.web.dao.RemoteProcessGroupDAO) UnknownNodeException(org.apache.nifi.cluster.manager.exception.UnknownNodeException) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity) BucketEntity(org.apache.nifi.web.api.entity.BucketEntity) ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity) DisconnectionCode(org.apache.nifi.cluster.coordination.node.DisconnectionCode) ProcessGroup(org.apache.nifi.groups.ProcessGroup) BulletinQueryDTO(org.apache.nifi.web.api.dto.BulletinQueryDTO) ListIterator(java.util.ListIterator) Date(java.util.Date) ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO) RegistryClientEntity(org.apache.nifi.web.api.entity.RegistryClientEntity) SnippetDAO(org.apache.nifi.web.dao.SnippetDAO) StandardFlowComparator(org.apache.nifi.registry.flow.diff.StandardFlowComparator) ControllerConfigurationEntity(org.apache.nifi.web.api.entity.ControllerConfigurationEntity) LabelDTO(org.apache.nifi.web.api.dto.LabelDTO) ControllerConfigurationDTO(org.apache.nifi.web.api.dto.ControllerConfigurationDTO) InstantiatedVersionedRemoteGroupPort(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedRemoteGroupPort) ControllerStatusDTO(org.apache.nifi.web.api.dto.status.ControllerStatusDTO) UpdateRevisionTask(org.apache.nifi.web.revision.UpdateRevisionTask) VersionedComponent(org.apache.nifi.registry.flow.VersionedComponent) Label(org.apache.nifi.controller.label.Label) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ControllerServiceReferencingComponentDTO(org.apache.nifi.web.api.dto.ControllerServiceReferencingComponentDTO) RequiredPermission(org.apache.nifi.components.RequiredPermission) EntityFactory(org.apache.nifi.web.api.dto.EntityFactory) Collection(java.util.Collection) RemoteProcessGroupPortEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity) RevisionManager(org.apache.nifi.web.revision.RevisionManager) UUID(java.util.UUID) Snippet(org.apache.nifi.controller.Snippet) PortEntity(org.apache.nifi.web.api.entity.PortEntity) Collectors(java.util.stream.Collectors) ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory) StateMap(org.apache.nifi.components.state.StateMap) Objects(java.util.Objects) Response(javax.ws.rs.core.Response) ComponentReferenceDTO(org.apache.nifi.web.api.dto.ComponentReferenceDTO) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState) ConnectionStatusDTO(org.apache.nifi.web.api.dto.status.ConnectionStatusDTO) ReportingTaskDTO(org.apache.nifi.web.api.dto.ReportingTaskDTO) AuditService(org.apache.nifi.admin.service.AuditService) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) ReportingTaskDAO(org.apache.nifi.web.dao.ReportingTaskDAO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) ProcessorNode(org.apache.nifi.controller.ProcessorNode) Bucket(org.apache.nifi.registry.bucket.Bucket) NodeHeartbeat(org.apache.nifi.cluster.coordination.heartbeat.NodeHeartbeat) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusDTO) Group(org.apache.nifi.authorization.Group) Function(java.util.function.Function) FlowRegistry(org.apache.nifi.registry.flow.FlowRegistry) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO) ControllerServiceReferencingComponentEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity) VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) ValidationResult(org.apache.nifi.components.ValidationResult) ComponentDifferenceDTO(org.apache.nifi.web.api.dto.ComponentDifferenceDTO) Logger(org.slf4j.Logger) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) PropertyHistoryDTO(org.apache.nifi.web.api.dto.PropertyHistoryDTO) FlowFileDTO(org.apache.nifi.web.api.dto.FlowFileDTO) VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity) VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow) IllegalNodeDeletionException(org.apache.nifi.cluster.manager.exception.IllegalNodeDeletionException) DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO) LabelEntity(org.apache.nifi.web.api.entity.LabelEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) BulletinRepository(org.apache.nifi.reporting.BulletinRepository) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) NodeDTO(org.apache.nifi.web.api.dto.NodeDTO) Operation(org.apache.nifi.action.Operation) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) Comparator(java.util.Comparator) CounterDTO(org.apache.nifi.web.api.dto.CounterDTO) InstantiatedVersionedComponent(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedComponent) Arrays(java.util.Arrays) StatusHistoryEntity(org.apache.nifi.web.api.entity.StatusHistoryEntity) FlowChangePurgeDetails(org.apache.nifi.action.details.FlowChangePurgeDetails) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusSnapshotDTO) ControllerServiceDAO(org.apache.nifi.web.dao.ControllerServiceDAO) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) PropertyDescriptorDTO(org.apache.nifi.web.api.dto.PropertyDescriptorDTO) FunnelDAO(org.apache.nifi.web.dao.FunnelDAO) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) RootGroupPort(org.apache.nifi.remote.RootGroupPort) BulletinQuery(org.apache.nifi.reporting.BulletinQuery) Connectable(org.apache.nifi.connectable.Connectable) Bulletin(org.apache.nifi.reporting.Bulletin) FunnelDTO(org.apache.nifi.web.api.dto.FunnelDTO) ProcessorStatus(org.apache.nifi.controller.status.ProcessorStatus) HistoryQueryDTO(org.apache.nifi.web.api.dto.action.HistoryQueryDTO) ControllerServiceReferencingComponentsEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity) FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) AccessPolicyDAO(org.apache.nifi.web.dao.AccessPolicyDAO) ProcessGroupStatus(org.apache.nifi.controller.status.ProcessGroupStatus) History(org.apache.nifi.history.History) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity) Set(java.util.Set) BulletinBoardDTO(org.apache.nifi.web.api.dto.BulletinBoardDTO) VersionedFlowCoordinates(org.apache.nifi.registry.flow.VersionedFlowCoordinates) FlowController(org.apache.nifi.controller.FlowController) ProcessorDAO(org.apache.nifi.web.dao.ProcessorDAO) StandardCharsets(java.nio.charset.StandardCharsets) FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity) ScheduledState(org.apache.nifi.controller.ScheduledState) WebApplicationException(javax.ws.rs.WebApplicationException) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) RemoteProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO) ControllerBulletinsEntity(org.apache.nifi.web.api.entity.ControllerBulletinsEntity) Resource(org.apache.nifi.authorization.Resource) FlowComparator(org.apache.nifi.registry.flow.diff.FlowComparator) StaticDifferenceDescriptor(org.apache.nifi.registry.flow.diff.StaticDifferenceDescriptor) LeaderElectionManager(org.apache.nifi.controller.leader.election.LeaderElectionManager) Counter(org.apache.nifi.controller.Counter) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TemplateDAO(org.apache.nifi.web.dao.TemplateDAO) ArrayList(java.util.ArrayList) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentType(org.apache.nifi.reporting.ComponentType) ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) NodeConnectionState(org.apache.nifi.cluster.coordination.node.NodeConnectionState) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) VersionControlComponentMappingEntity(org.apache.nifi.web.api.entity.VersionControlComponentMappingEntity) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) NodeConnectionStatus(org.apache.nifi.cluster.coordination.node.NodeConnectionStatus) LinkedHashSet(java.util.LinkedHashSet) DocumentedTypeDTO(org.apache.nifi.web.api.dto.DocumentedTypeDTO) FlowConfigurationDTO(org.apache.nifi.web.api.dto.FlowConfigurationDTO) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) ProvenanceOptionsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceOptionsDTO) LabelDAO(org.apache.nifi.web.dao.LabelDAO) InstantiatedVersionedControllerService(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedControllerService) StartVersionControlRequestEntity(org.apache.nifi.web.api.entity.StartVersionControlRequestEntity) ComponentDTO(org.apache.nifi.web.api.dto.ComponentDTO) Authorizer(org.apache.nifi.authorization.Authorizer) NiFiProperties(org.apache.nifi.util.NiFiProperties) ComponentHistoryDTO(org.apache.nifi.web.api.dto.ComponentHistoryDTO) BulletinEntity(org.apache.nifi.web.api.entity.BulletinEntity) VersionedFlowEntity(org.apache.nifi.web.api.entity.VersionedFlowEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Permissions(org.apache.nifi.registry.authorization.Permissions) PreviousValueDTO(org.apache.nifi.web.api.dto.PreviousValueDTO) ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO) LoggerFactory(org.slf4j.LoggerFactory) Port(org.apache.nifi.connectable.Port) ProcessGroupStatusEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusEntity) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity) UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) ConnectionStatusEntity(org.apache.nifi.web.api.entity.ConnectionStatusEntity) JVMDiagnosticsSnapshotDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsSnapshotDTO) ProcessGroupStatusSnapshotEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusSnapshotEntity) DifferenceType(org.apache.nifi.registry.flow.diff.DifferenceType) AccessPolicySummaryDTO(org.apache.nifi.web.api.dto.AccessPolicySummaryDTO) NodeProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.NodeProcessGroupStatusSnapshotDTO) VersionedConnection(org.apache.nifi.registry.flow.VersionedConnection) Template(org.apache.nifi.controller.Template) FlowRegistryClient(org.apache.nifi.registry.flow.FlowRegistryClient) BucketDTO(org.apache.nifi.web.api.dto.BucketDTO) ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO) ReportingTaskEntity(org.apache.nifi.web.api.entity.ReportingTaskEntity) Predicate(java.util.function.Predicate) Sets(com.google.common.collect.Sets) User(org.apache.nifi.authorization.User) JVMDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsDTO) SystemDiagnostics(org.apache.nifi.diagnostics.SystemDiagnostics) List(java.util.List) Result(org.apache.nifi.authorization.AuthorizationResult.Result) VersionControlInformation(org.apache.nifi.registry.flow.VersionControlInformation) StatusHistoryDTO(org.apache.nifi.web.api.dto.status.StatusHistoryDTO) HeartbeatMonitor(org.apache.nifi.cluster.coordination.heartbeat.HeartbeatMonitor) Optional(java.util.Optional) Action(org.apache.nifi.action.Action) Funnel(org.apache.nifi.connectable.Funnel) ClusterDTO(org.apache.nifi.web.api.dto.ClusterDTO) VariableEntity(org.apache.nifi.web.api.entity.VariableEntity) HashMap(java.util.HashMap) ConciseEvolvingDifferenceDescriptor(org.apache.nifi.registry.flow.diff.ConciseEvolvingDifferenceDescriptor) ResourceDTO(org.apache.nifi.web.api.dto.ResourceDTO) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) HistoryQuery(org.apache.nifi.history.HistoryQuery) ExpiredRevisionClaimException(org.apache.nifi.web.revision.ExpiredRevisionClaimException) PortStatusDTO(org.apache.nifi.web.api.dto.status.PortStatusDTO) ComparableDataFlow(org.apache.nifi.registry.flow.diff.ComparableDataFlow) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) Validator(org.apache.nifi.components.Validator) PortStatusEntity(org.apache.nifi.web.api.entity.PortStatusEntity) ControllerDTO(org.apache.nifi.web.api.dto.ControllerDTO) ProcessorDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ProcessorDiagnosticsDTO) ComponentVariableRegistry(org.apache.nifi.registry.ComponentVariableRegistry) FlowDifference(org.apache.nifi.registry.flow.diff.FlowDifference) ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity) UserContextKeys(org.apache.nifi.authorization.UserContextKeys) VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) DeleteRevisionTask(org.apache.nifi.web.revision.DeleteRevisionTask) Component(org.apache.nifi.action.Component) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) SearchResultsDTO(org.apache.nifi.web.api.dto.search.SearchResultsDTO) RegistryEntity(org.apache.nifi.web.api.entity.RegistryEntity) Collections(java.util.Collections) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) ProcessGroup(org.apache.nifi.groups.ProcessGroup) Group(org.apache.nifi.authorization.Group) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) Resource(org.apache.nifi.authorization.Resource) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity)

Example 32 with Permissions

use of org.apache.nifi.registry.authorization.Permissions in project nifi by apache.

the class StandardNiFiServiceFacade method updateUser.

@Override
public UserEntity updateUser(final Revision revision, final UserDTO userDTO) {
    final Authorizable usersAuthorizable = authorizableLookup.getTenant();
    final Set<Group> groups = userGroupDAO.getUserGroupsForUser(userDTO.getId());
    final Set<AccessPolicy> policies = userGroupDAO.getAccessPoliciesForUser(userDTO.getId());
    final RevisionUpdate<UserDTO> snapshot = updateComponent(revision, usersAuthorizable, () -> userDAO.updateUser(userDTO), user -> {
        final Set<TenantEntity> tenantEntities = groups.stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
        final Set<AccessPolicySummaryEntity> policyEntities = policies.stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
        return dtoFactory.createUserDto(user, tenantEntities, policyEntities);
    });
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(usersAuthorizable);
    return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
Also used : EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) ConnectionDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ConnectionDiagnosticsDTO) FlowComparison(org.apache.nifi.registry.flow.diff.FlowComparison) ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess) VersionedFlowSnapshotMetadata(org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) Scope(org.apache.nifi.components.state.Scope) ControllerFacade(org.apache.nifi.web.controller.ControllerFacade) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) Map(java.util.Map) UserGroupDAO(org.apache.nifi.web.dao.UserGroupDAO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Connection(org.apache.nifi.connectable.Connection) RevisionUpdate(org.apache.nifi.web.revision.RevisionUpdate) BulletinDTO(org.apache.nifi.web.api.dto.BulletinDTO) FlowDifferenceFilters(org.apache.nifi.util.FlowDifferenceFilters) NodeEvent(org.apache.nifi.cluster.event.NodeEvent) VersionedFlowDTO(org.apache.nifi.web.api.dto.VersionedFlowDTO) RemoteProcessGroupPortDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO) ComponentReferenceEntity(org.apache.nifi.web.api.entity.ComponentReferenceEntity) PortDTO(org.apache.nifi.web.api.dto.PortDTO) UserDTO(org.apache.nifi.web.api.dto.UserDTO) Stream(java.util.stream.Stream) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) InstantiatedVersionedProcessor(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessor) ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO) ProcessorDiagnosticsEntity(org.apache.nifi.web.api.entity.ProcessorDiagnosticsEntity) RegistryDAO(org.apache.nifi.web.dao.RegistryDAO) UserEntity(org.apache.nifi.web.api.entity.UserEntity) CountersSnapshotDTO(org.apache.nifi.web.api.dto.CountersSnapshotDTO) SnippetUtils(org.apache.nifi.web.util.SnippetUtils) RemoteProcessGroupStatusEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupStatusEntity) PreviousValue(org.apache.nifi.history.PreviousValue) StandardComparableDataFlow(org.apache.nifi.registry.flow.diff.StandardComparableDataFlow) ConnectionDAO(org.apache.nifi.web.dao.ConnectionDAO) ProvenanceEventDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Supplier(java.util.function.Supplier) CollectionUtils(org.apache.commons.collections4.CollectionUtils) LineageDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO) LinkedHashMap(java.util.LinkedHashMap) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) ProcessGroupCounts(org.apache.nifi.groups.ProcessGroupCounts) VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) RegistryDTO(org.apache.nifi.web.api.dto.RegistryDTO) ProvenanceDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceDTO) ClusterRoles(org.apache.nifi.cluster.coordination.node.ClusterRoles) VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState) FlowConfigurationEntity(org.apache.nifi.web.api.entity.FlowConfigurationEntity) ContentDirection(org.apache.nifi.controller.repository.claim.ContentDirection) PortDAO(org.apache.nifi.web.dao.PortDAO) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) RequestAction(org.apache.nifi.authorization.RequestAction) IOException(java.io.IOException) CountersDTO(org.apache.nifi.web.api.dto.CountersDTO) VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot) NiFiRegistryFlowMapper(org.apache.nifi.registry.flow.mapping.NiFiRegistryFlowMapper) HistoryDTO(org.apache.nifi.web.api.dto.action.HistoryDTO) SystemDiagnosticsDTO(org.apache.nifi.web.api.dto.SystemDiagnosticsDTO) ControllerServiceDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ControllerServiceDiagnosticsDTO) BulletinFactory(org.apache.nifi.events.BulletinFactory) VersionedFlowSnapshotMetadataEntity(org.apache.nifi.web.api.entity.VersionedFlowSnapshotMetadataEntity) ProcessorStatusEntity(org.apache.nifi.web.api.entity.ProcessorStatusEntity) ComponentStateDTO(org.apache.nifi.web.api.dto.ComponentStateDTO) UserDAO(org.apache.nifi.web.dao.UserDAO) RemoteProcessGroupDAO(org.apache.nifi.web.dao.RemoteProcessGroupDAO) UnknownNodeException(org.apache.nifi.cluster.manager.exception.UnknownNodeException) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity) BucketEntity(org.apache.nifi.web.api.entity.BucketEntity) ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity) DisconnectionCode(org.apache.nifi.cluster.coordination.node.DisconnectionCode) ProcessGroup(org.apache.nifi.groups.ProcessGroup) BulletinQueryDTO(org.apache.nifi.web.api.dto.BulletinQueryDTO) ListIterator(java.util.ListIterator) Date(java.util.Date) ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO) RegistryClientEntity(org.apache.nifi.web.api.entity.RegistryClientEntity) SnippetDAO(org.apache.nifi.web.dao.SnippetDAO) StandardFlowComparator(org.apache.nifi.registry.flow.diff.StandardFlowComparator) ControllerConfigurationEntity(org.apache.nifi.web.api.entity.ControllerConfigurationEntity) LabelDTO(org.apache.nifi.web.api.dto.LabelDTO) ControllerConfigurationDTO(org.apache.nifi.web.api.dto.ControllerConfigurationDTO) InstantiatedVersionedRemoteGroupPort(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedRemoteGroupPort) ControllerStatusDTO(org.apache.nifi.web.api.dto.status.ControllerStatusDTO) UpdateRevisionTask(org.apache.nifi.web.revision.UpdateRevisionTask) VersionedComponent(org.apache.nifi.registry.flow.VersionedComponent) Label(org.apache.nifi.controller.label.Label) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ControllerServiceReferencingComponentDTO(org.apache.nifi.web.api.dto.ControllerServiceReferencingComponentDTO) RequiredPermission(org.apache.nifi.components.RequiredPermission) EntityFactory(org.apache.nifi.web.api.dto.EntityFactory) Collection(java.util.Collection) RemoteProcessGroupPortEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity) RevisionManager(org.apache.nifi.web.revision.RevisionManager) UUID(java.util.UUID) Snippet(org.apache.nifi.controller.Snippet) PortEntity(org.apache.nifi.web.api.entity.PortEntity) Collectors(java.util.stream.Collectors) ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory) StateMap(org.apache.nifi.components.state.StateMap) Objects(java.util.Objects) Response(javax.ws.rs.core.Response) ComponentReferenceDTO(org.apache.nifi.web.api.dto.ComponentReferenceDTO) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState) ConnectionStatusDTO(org.apache.nifi.web.api.dto.status.ConnectionStatusDTO) ReportingTaskDTO(org.apache.nifi.web.api.dto.ReportingTaskDTO) AuditService(org.apache.nifi.admin.service.AuditService) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) ReportingTaskDAO(org.apache.nifi.web.dao.ReportingTaskDAO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) ProcessorNode(org.apache.nifi.controller.ProcessorNode) Bucket(org.apache.nifi.registry.bucket.Bucket) NodeHeartbeat(org.apache.nifi.cluster.coordination.heartbeat.NodeHeartbeat) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusDTO) Group(org.apache.nifi.authorization.Group) Function(java.util.function.Function) FlowRegistry(org.apache.nifi.registry.flow.FlowRegistry) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO) ControllerServiceReferencingComponentEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity) VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) ValidationResult(org.apache.nifi.components.ValidationResult) ComponentDifferenceDTO(org.apache.nifi.web.api.dto.ComponentDifferenceDTO) Logger(org.slf4j.Logger) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) PropertyHistoryDTO(org.apache.nifi.web.api.dto.PropertyHistoryDTO) FlowFileDTO(org.apache.nifi.web.api.dto.FlowFileDTO) VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity) VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow) IllegalNodeDeletionException(org.apache.nifi.cluster.manager.exception.IllegalNodeDeletionException) DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO) LabelEntity(org.apache.nifi.web.api.entity.LabelEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) BulletinRepository(org.apache.nifi.reporting.BulletinRepository) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) NodeDTO(org.apache.nifi.web.api.dto.NodeDTO) Operation(org.apache.nifi.action.Operation) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) Comparator(java.util.Comparator) CounterDTO(org.apache.nifi.web.api.dto.CounterDTO) InstantiatedVersionedComponent(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedComponent) Arrays(java.util.Arrays) StatusHistoryEntity(org.apache.nifi.web.api.entity.StatusHistoryEntity) FlowChangePurgeDetails(org.apache.nifi.action.details.FlowChangePurgeDetails) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusSnapshotDTO) ControllerServiceDAO(org.apache.nifi.web.dao.ControllerServiceDAO) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) PropertyDescriptorDTO(org.apache.nifi.web.api.dto.PropertyDescriptorDTO) FunnelDAO(org.apache.nifi.web.dao.FunnelDAO) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) RootGroupPort(org.apache.nifi.remote.RootGroupPort) BulletinQuery(org.apache.nifi.reporting.BulletinQuery) Connectable(org.apache.nifi.connectable.Connectable) Bulletin(org.apache.nifi.reporting.Bulletin) FunnelDTO(org.apache.nifi.web.api.dto.FunnelDTO) ProcessorStatus(org.apache.nifi.controller.status.ProcessorStatus) HistoryQueryDTO(org.apache.nifi.web.api.dto.action.HistoryQueryDTO) ControllerServiceReferencingComponentsEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity) FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) AccessPolicyDAO(org.apache.nifi.web.dao.AccessPolicyDAO) ProcessGroupStatus(org.apache.nifi.controller.status.ProcessGroupStatus) History(org.apache.nifi.history.History) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity) Set(java.util.Set) BulletinBoardDTO(org.apache.nifi.web.api.dto.BulletinBoardDTO) VersionedFlowCoordinates(org.apache.nifi.registry.flow.VersionedFlowCoordinates) FlowController(org.apache.nifi.controller.FlowController) ProcessorDAO(org.apache.nifi.web.dao.ProcessorDAO) StandardCharsets(java.nio.charset.StandardCharsets) FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity) ScheduledState(org.apache.nifi.controller.ScheduledState) WebApplicationException(javax.ws.rs.WebApplicationException) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) RemoteProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO) ControllerBulletinsEntity(org.apache.nifi.web.api.entity.ControllerBulletinsEntity) Resource(org.apache.nifi.authorization.Resource) FlowComparator(org.apache.nifi.registry.flow.diff.FlowComparator) StaticDifferenceDescriptor(org.apache.nifi.registry.flow.diff.StaticDifferenceDescriptor) LeaderElectionManager(org.apache.nifi.controller.leader.election.LeaderElectionManager) Counter(org.apache.nifi.controller.Counter) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TemplateDAO(org.apache.nifi.web.dao.TemplateDAO) ArrayList(java.util.ArrayList) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentType(org.apache.nifi.reporting.ComponentType) ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) NodeConnectionState(org.apache.nifi.cluster.coordination.node.NodeConnectionState) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) VersionControlComponentMappingEntity(org.apache.nifi.web.api.entity.VersionControlComponentMappingEntity) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) NodeConnectionStatus(org.apache.nifi.cluster.coordination.node.NodeConnectionStatus) LinkedHashSet(java.util.LinkedHashSet) DocumentedTypeDTO(org.apache.nifi.web.api.dto.DocumentedTypeDTO) FlowConfigurationDTO(org.apache.nifi.web.api.dto.FlowConfigurationDTO) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) ProvenanceOptionsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceOptionsDTO) LabelDAO(org.apache.nifi.web.dao.LabelDAO) InstantiatedVersionedControllerService(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedControllerService) StartVersionControlRequestEntity(org.apache.nifi.web.api.entity.StartVersionControlRequestEntity) ComponentDTO(org.apache.nifi.web.api.dto.ComponentDTO) Authorizer(org.apache.nifi.authorization.Authorizer) NiFiProperties(org.apache.nifi.util.NiFiProperties) ComponentHistoryDTO(org.apache.nifi.web.api.dto.ComponentHistoryDTO) BulletinEntity(org.apache.nifi.web.api.entity.BulletinEntity) VersionedFlowEntity(org.apache.nifi.web.api.entity.VersionedFlowEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Permissions(org.apache.nifi.registry.authorization.Permissions) PreviousValueDTO(org.apache.nifi.web.api.dto.PreviousValueDTO) ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO) LoggerFactory(org.slf4j.LoggerFactory) Port(org.apache.nifi.connectable.Port) ProcessGroupStatusEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusEntity) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity) UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) ConnectionStatusEntity(org.apache.nifi.web.api.entity.ConnectionStatusEntity) JVMDiagnosticsSnapshotDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsSnapshotDTO) ProcessGroupStatusSnapshotEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusSnapshotEntity) DifferenceType(org.apache.nifi.registry.flow.diff.DifferenceType) AccessPolicySummaryDTO(org.apache.nifi.web.api.dto.AccessPolicySummaryDTO) NodeProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.NodeProcessGroupStatusSnapshotDTO) VersionedConnection(org.apache.nifi.registry.flow.VersionedConnection) Template(org.apache.nifi.controller.Template) FlowRegistryClient(org.apache.nifi.registry.flow.FlowRegistryClient) BucketDTO(org.apache.nifi.web.api.dto.BucketDTO) ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO) ReportingTaskEntity(org.apache.nifi.web.api.entity.ReportingTaskEntity) Predicate(java.util.function.Predicate) Sets(com.google.common.collect.Sets) User(org.apache.nifi.authorization.User) JVMDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsDTO) SystemDiagnostics(org.apache.nifi.diagnostics.SystemDiagnostics) List(java.util.List) Result(org.apache.nifi.authorization.AuthorizationResult.Result) VersionControlInformation(org.apache.nifi.registry.flow.VersionControlInformation) StatusHistoryDTO(org.apache.nifi.web.api.dto.status.StatusHistoryDTO) HeartbeatMonitor(org.apache.nifi.cluster.coordination.heartbeat.HeartbeatMonitor) Optional(java.util.Optional) Action(org.apache.nifi.action.Action) Funnel(org.apache.nifi.connectable.Funnel) ClusterDTO(org.apache.nifi.web.api.dto.ClusterDTO) VariableEntity(org.apache.nifi.web.api.entity.VariableEntity) HashMap(java.util.HashMap) ConciseEvolvingDifferenceDescriptor(org.apache.nifi.registry.flow.diff.ConciseEvolvingDifferenceDescriptor) ResourceDTO(org.apache.nifi.web.api.dto.ResourceDTO) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) HistoryQuery(org.apache.nifi.history.HistoryQuery) ExpiredRevisionClaimException(org.apache.nifi.web.revision.ExpiredRevisionClaimException) PortStatusDTO(org.apache.nifi.web.api.dto.status.PortStatusDTO) ComparableDataFlow(org.apache.nifi.registry.flow.diff.ComparableDataFlow) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) Validator(org.apache.nifi.components.Validator) PortStatusEntity(org.apache.nifi.web.api.entity.PortStatusEntity) ControllerDTO(org.apache.nifi.web.api.dto.ControllerDTO) ProcessorDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ProcessorDiagnosticsDTO) ComponentVariableRegistry(org.apache.nifi.registry.ComponentVariableRegistry) FlowDifference(org.apache.nifi.registry.flow.diff.FlowDifference) ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity) UserContextKeys(org.apache.nifi.authorization.UserContextKeys) VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) DeleteRevisionTask(org.apache.nifi.web.revision.DeleteRevisionTask) Component(org.apache.nifi.action.Component) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) SearchResultsDTO(org.apache.nifi.web.api.dto.search.SearchResultsDTO) RegistryEntity(org.apache.nifi.web.api.entity.RegistryEntity) Collections(java.util.Collections) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) ProcessGroup(org.apache.nifi.groups.ProcessGroup) Group(org.apache.nifi.authorization.Group) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) UserDTO(org.apache.nifi.web.api.dto.UserDTO) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) Authorizable(org.apache.nifi.authorization.resource.Authorizable)

Example 33 with Permissions

use of org.apache.nifi.registry.authorization.Permissions in project nifi by apache.

the class StandardNiFiServiceFacade method createUserEntity.

private UserEntity createUserEntity(final User user) {
    final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier()));
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
    final Set<TenantEntity> userGroups = userGroupDAO.getUserGroupsForUser(user.getIdentifier()).stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
    final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUser(user.getIdentifier()).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
    return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups, policyEntities), userRevision, permissions);
}
Also used : EnforcePolicyPermissionsThroughBaseResource(org.apache.nifi.authorization.resource.EnforcePolicyPermissionsThroughBaseResource) ConnectionDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ConnectionDiagnosticsDTO) FlowComparison(org.apache.nifi.registry.flow.diff.FlowComparison) ConnectionDTO(org.apache.nifi.web.api.dto.ConnectionDTO) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) AuthorizeAccess(org.apache.nifi.authorization.AuthorizeAccess) VersionedFlowSnapshotMetadata(org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata) SnippetEntity(org.apache.nifi.web.api.entity.SnippetEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) NiFiRegistryException(org.apache.nifi.registry.client.NiFiRegistryException) Scope(org.apache.nifi.components.state.Scope) ControllerFacade(org.apache.nifi.web.controller.ControllerFacade) VersionedProcessGroup(org.apache.nifi.registry.flow.VersionedProcessGroup) Map(java.util.Map) UserGroupDAO(org.apache.nifi.web.dao.UserGroupDAO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Connection(org.apache.nifi.connectable.Connection) RevisionUpdate(org.apache.nifi.web.revision.RevisionUpdate) BulletinDTO(org.apache.nifi.web.api.dto.BulletinDTO) FlowDifferenceFilters(org.apache.nifi.util.FlowDifferenceFilters) NodeEvent(org.apache.nifi.cluster.event.NodeEvent) VersionedFlowDTO(org.apache.nifi.web.api.dto.VersionedFlowDTO) RemoteProcessGroupPortDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO) ComponentReferenceEntity(org.apache.nifi.web.api.entity.ComponentReferenceEntity) PortDTO(org.apache.nifi.web.api.dto.PortDTO) UserDTO(org.apache.nifi.web.api.dto.UserDTO) Stream(java.util.stream.Stream) RemoteProcessGroup(org.apache.nifi.groups.RemoteProcessGroup) InstantiatedVersionedProcessor(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessor) ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO) ProcessorDiagnosticsEntity(org.apache.nifi.web.api.entity.ProcessorDiagnosticsEntity) RegistryDAO(org.apache.nifi.web.dao.RegistryDAO) UserEntity(org.apache.nifi.web.api.entity.UserEntity) CountersSnapshotDTO(org.apache.nifi.web.api.dto.CountersSnapshotDTO) SnippetUtils(org.apache.nifi.web.util.SnippetUtils) RemoteProcessGroupStatusEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupStatusEntity) PreviousValue(org.apache.nifi.history.PreviousValue) StandardComparableDataFlow(org.apache.nifi.registry.flow.diff.StandardComparableDataFlow) ConnectionDAO(org.apache.nifi.web.dao.ConnectionDAO) ProvenanceEventDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO) ControllerServiceEntity(org.apache.nifi.web.api.entity.ControllerServiceEntity) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) TemplateEntity(org.apache.nifi.web.api.entity.TemplateEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Supplier(java.util.function.Supplier) CollectionUtils(org.apache.commons.collections4.CollectionUtils) LineageDTO(org.apache.nifi.web.api.dto.provenance.lineage.LineageDTO) LinkedHashMap(java.util.LinkedHashMap) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) ProcessGroupCounts(org.apache.nifi.groups.ProcessGroupCounts) VariableRegistryDTO(org.apache.nifi.web.api.dto.VariableRegistryDTO) FlowDTO(org.apache.nifi.web.api.dto.flow.FlowDTO) RegistryDTO(org.apache.nifi.web.api.dto.RegistryDTO) ProvenanceDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceDTO) ClusterRoles(org.apache.nifi.cluster.coordination.node.ClusterRoles) VersionedFlowState(org.apache.nifi.registry.flow.VersionedFlowState) FlowConfigurationEntity(org.apache.nifi.web.api.entity.FlowConfigurationEntity) ContentDirection(org.apache.nifi.controller.repository.claim.ContentDirection) PortDAO(org.apache.nifi.web.dao.PortDAO) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) RequestAction(org.apache.nifi.authorization.RequestAction) IOException(java.io.IOException) CountersDTO(org.apache.nifi.web.api.dto.CountersDTO) VersionedFlowSnapshot(org.apache.nifi.registry.flow.VersionedFlowSnapshot) NiFiRegistryFlowMapper(org.apache.nifi.registry.flow.mapping.NiFiRegistryFlowMapper) HistoryDTO(org.apache.nifi.web.api.dto.action.HistoryDTO) SystemDiagnosticsDTO(org.apache.nifi.web.api.dto.SystemDiagnosticsDTO) ControllerServiceDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ControllerServiceDiagnosticsDTO) BulletinFactory(org.apache.nifi.events.BulletinFactory) VersionedFlowSnapshotMetadataEntity(org.apache.nifi.web.api.entity.VersionedFlowSnapshotMetadataEntity) ProcessorStatusEntity(org.apache.nifi.web.api.entity.ProcessorStatusEntity) ComponentStateDTO(org.apache.nifi.web.api.dto.ComponentStateDTO) UserDAO(org.apache.nifi.web.dao.UserDAO) RemoteProcessGroupDAO(org.apache.nifi.web.dao.RemoteProcessGroupDAO) UnknownNodeException(org.apache.nifi.cluster.manager.exception.UnknownNodeException) FlowEntity(org.apache.nifi.web.api.entity.FlowEntity) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity) BucketEntity(org.apache.nifi.web.api.entity.BucketEntity) ScheduleComponentsEntity(org.apache.nifi.web.api.entity.ScheduleComponentsEntity) DisconnectionCode(org.apache.nifi.cluster.coordination.node.DisconnectionCode) ProcessGroup(org.apache.nifi.groups.ProcessGroup) BulletinQueryDTO(org.apache.nifi.web.api.dto.BulletinQueryDTO) ListIterator(java.util.ListIterator) Date(java.util.Date) ProcessorStatusDTO(org.apache.nifi.web.api.dto.status.ProcessorStatusDTO) RegistryClientEntity(org.apache.nifi.web.api.entity.RegistryClientEntity) SnippetDAO(org.apache.nifi.web.dao.SnippetDAO) StandardFlowComparator(org.apache.nifi.registry.flow.diff.StandardFlowComparator) ControllerConfigurationEntity(org.apache.nifi.web.api.entity.ControllerConfigurationEntity) LabelDTO(org.apache.nifi.web.api.dto.LabelDTO) ControllerConfigurationDTO(org.apache.nifi.web.api.dto.ControllerConfigurationDTO) InstantiatedVersionedRemoteGroupPort(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedRemoteGroupPort) ControllerStatusDTO(org.apache.nifi.web.api.dto.status.ControllerStatusDTO) UpdateRevisionTask(org.apache.nifi.web.revision.UpdateRevisionTask) VersionedComponent(org.apache.nifi.registry.flow.VersionedComponent) Label(org.apache.nifi.controller.label.Label) RevisionClaim(org.apache.nifi.web.revision.RevisionClaim) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ControllerServiceReferencingComponentDTO(org.apache.nifi.web.api.dto.ControllerServiceReferencingComponentDTO) RequiredPermission(org.apache.nifi.components.RequiredPermission) EntityFactory(org.apache.nifi.web.api.dto.EntityFactory) Collection(java.util.Collection) RemoteProcessGroupPortEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity) RevisionManager(org.apache.nifi.web.revision.RevisionManager) UUID(java.util.UUID) Snippet(org.apache.nifi.controller.Snippet) PortEntity(org.apache.nifi.web.api.entity.PortEntity) Collectors(java.util.stream.Collectors) ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory) StateMap(org.apache.nifi.components.state.StateMap) Objects(java.util.Objects) Response(javax.ws.rs.core.Response) ComponentReferenceDTO(org.apache.nifi.web.api.dto.ComponentReferenceDTO) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ControllerServiceState(org.apache.nifi.controller.service.ControllerServiceState) ConnectionStatusDTO(org.apache.nifi.web.api.dto.status.ConnectionStatusDTO) ReportingTaskDTO(org.apache.nifi.web.api.dto.ReportingTaskDTO) AuditService(org.apache.nifi.admin.service.AuditService) FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO) ReportingTaskDAO(org.apache.nifi.web.dao.ReportingTaskDAO) RemoteProcessGroupDTO(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO) ProcessorNode(org.apache.nifi.controller.ProcessorNode) Bucket(org.apache.nifi.registry.bucket.Bucket) NodeHeartbeat(org.apache.nifi.cluster.coordination.heartbeat.NodeHeartbeat) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusDTO) Group(org.apache.nifi.authorization.Group) Function(java.util.function.Function) FlowRegistry(org.apache.nifi.registry.flow.FlowRegistry) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) ListingRequestDTO(org.apache.nifi.web.api.dto.ListingRequestDTO) ControllerServiceReferencingComponentEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity) VersionControlInformationDTO(org.apache.nifi.web.api.dto.VersionControlInformationDTO) ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode) ValidationResult(org.apache.nifi.components.ValidationResult) ComponentDifferenceDTO(org.apache.nifi.web.api.dto.ComponentDifferenceDTO) Logger(org.slf4j.Logger) RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort) PropertyHistoryDTO(org.apache.nifi.web.api.dto.PropertyHistoryDTO) FlowFileDTO(org.apache.nifi.web.api.dto.FlowFileDTO) VariableRegistryEntity(org.apache.nifi.web.api.entity.VariableRegistryEntity) VersionedFlow(org.apache.nifi.registry.flow.VersionedFlow) IllegalNodeDeletionException(org.apache.nifi.cluster.manager.exception.IllegalNodeDeletionException) DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO) LabelEntity(org.apache.nifi.web.api.entity.LabelEntity) RemoteProcessGroupEntity(org.apache.nifi.web.api.entity.RemoteProcessGroupEntity) NiFiUserUtils(org.apache.nifi.authorization.user.NiFiUserUtils) BulletinRepository(org.apache.nifi.reporting.BulletinRepository) AccessPolicyEntity(org.apache.nifi.web.api.entity.AccessPolicyEntity) NodeDTO(org.apache.nifi.web.api.dto.NodeDTO) Operation(org.apache.nifi.action.Operation) SnippetDTO(org.apache.nifi.web.api.dto.SnippetDTO) Comparator(java.util.Comparator) CounterDTO(org.apache.nifi.web.api.dto.CounterDTO) InstantiatedVersionedComponent(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedComponent) Arrays(java.util.Arrays) StatusHistoryEntity(org.apache.nifi.web.api.entity.StatusHistoryEntity) FlowChangePurgeDetails(org.apache.nifi.action.details.FlowChangePurgeDetails) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.ProcessGroupStatusSnapshotDTO) ControllerServiceDAO(org.apache.nifi.web.dao.ControllerServiceDAO) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) PropertyDescriptorDTO(org.apache.nifi.web.api.dto.PropertyDescriptorDTO) FunnelDAO(org.apache.nifi.web.dao.FunnelDAO) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) ProcessGroupFlowEntity(org.apache.nifi.web.api.entity.ProcessGroupFlowEntity) RootGroupPort(org.apache.nifi.remote.RootGroupPort) BulletinQuery(org.apache.nifi.reporting.BulletinQuery) Connectable(org.apache.nifi.connectable.Connectable) Bulletin(org.apache.nifi.reporting.Bulletin) FunnelDTO(org.apache.nifi.web.api.dto.FunnelDTO) ProcessorStatus(org.apache.nifi.controller.status.ProcessorStatus) HistoryQueryDTO(org.apache.nifi.web.api.dto.action.HistoryQueryDTO) ControllerServiceReferencingComponentsEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity) FunnelEntity(org.apache.nifi.web.api.entity.FunnelEntity) AccessPolicyDAO(org.apache.nifi.web.dao.AccessPolicyDAO) ProcessGroupStatus(org.apache.nifi.controller.status.ProcessGroupStatus) History(org.apache.nifi.history.History) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity) Set(java.util.Set) BulletinBoardDTO(org.apache.nifi.web.api.dto.BulletinBoardDTO) VersionedFlowCoordinates(org.apache.nifi.registry.flow.VersionedFlowCoordinates) FlowController(org.apache.nifi.controller.FlowController) ProcessorDAO(org.apache.nifi.web.dao.ProcessorDAO) StandardCharsets(java.nio.charset.StandardCharsets) FlowComparisonEntity(org.apache.nifi.web.api.entity.FlowComparisonEntity) ScheduledState(org.apache.nifi.controller.ScheduledState) WebApplicationException(javax.ws.rs.WebApplicationException) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) RemoteProcessGroupStatusDTO(org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO) ControllerBulletinsEntity(org.apache.nifi.web.api.entity.ControllerBulletinsEntity) Resource(org.apache.nifi.authorization.Resource) FlowComparator(org.apache.nifi.registry.flow.diff.FlowComparator) StaticDifferenceDescriptor(org.apache.nifi.registry.flow.diff.StaticDifferenceDescriptor) LeaderElectionManager(org.apache.nifi.controller.leader.election.LeaderElectionManager) Counter(org.apache.nifi.controller.Counter) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) InstantiatedVersionedProcessGroup(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedProcessGroup) TemplateDAO(org.apache.nifi.web.dao.TemplateDAO) ArrayList(java.util.ArrayList) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) ComponentType(org.apache.nifi.reporting.ComponentType) ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference) StandardRevisionClaim(org.apache.nifi.web.revision.StandardRevisionClaim) NodeConnectionState(org.apache.nifi.cluster.coordination.node.NodeConnectionState) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) VersionControlComponentMappingEntity(org.apache.nifi.web.api.entity.VersionControlComponentMappingEntity) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) NodeConnectionStatus(org.apache.nifi.cluster.coordination.node.NodeConnectionStatus) LinkedHashSet(java.util.LinkedHashSet) DocumentedTypeDTO(org.apache.nifi.web.api.dto.DocumentedTypeDTO) FlowConfigurationDTO(org.apache.nifi.web.api.dto.FlowConfigurationDTO) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) ProvenanceOptionsDTO(org.apache.nifi.web.api.dto.provenance.ProvenanceOptionsDTO) LabelDAO(org.apache.nifi.web.dao.LabelDAO) InstantiatedVersionedControllerService(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedControllerService) StartVersionControlRequestEntity(org.apache.nifi.web.api.entity.StartVersionControlRequestEntity) ComponentDTO(org.apache.nifi.web.api.dto.ComponentDTO) Authorizer(org.apache.nifi.authorization.Authorizer) NiFiProperties(org.apache.nifi.util.NiFiProperties) ComponentHistoryDTO(org.apache.nifi.web.api.dto.ComponentHistoryDTO) BulletinEntity(org.apache.nifi.web.api.entity.BulletinEntity) VersionedFlowEntity(org.apache.nifi.web.api.entity.VersionedFlowEntity) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) Permissions(org.apache.nifi.registry.authorization.Permissions) PreviousValueDTO(org.apache.nifi.web.api.dto.PreviousValueDTO) ProcessorConfigDTO(org.apache.nifi.web.api.dto.ProcessorConfigDTO) LoggerFactory(org.slf4j.LoggerFactory) Port(org.apache.nifi.connectable.Port) ProcessGroupStatusEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusEntity) TemplateDTO(org.apache.nifi.web.api.dto.TemplateDTO) ActivateControllerServicesEntity(org.apache.nifi.web.api.entity.ActivateControllerServicesEntity) UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity) UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO) ConnectionStatusEntity(org.apache.nifi.web.api.entity.ConnectionStatusEntity) JVMDiagnosticsSnapshotDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsSnapshotDTO) ProcessGroupStatusSnapshotEntity(org.apache.nifi.web.api.entity.ProcessGroupStatusSnapshotEntity) DifferenceType(org.apache.nifi.registry.flow.diff.DifferenceType) AccessPolicySummaryDTO(org.apache.nifi.web.api.dto.AccessPolicySummaryDTO) NodeProcessGroupStatusSnapshotDTO(org.apache.nifi.web.api.dto.status.NodeProcessGroupStatusSnapshotDTO) VersionedConnection(org.apache.nifi.registry.flow.VersionedConnection) Template(org.apache.nifi.controller.Template) FlowRegistryClient(org.apache.nifi.registry.flow.FlowRegistryClient) BucketDTO(org.apache.nifi.web.api.dto.BucketDTO) ControllerServiceDTO(org.apache.nifi.web.api.dto.ControllerServiceDTO) ReportingTaskEntity(org.apache.nifi.web.api.entity.ReportingTaskEntity) Predicate(java.util.function.Predicate) Sets(com.google.common.collect.Sets) User(org.apache.nifi.authorization.User) JVMDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.JVMDiagnosticsDTO) SystemDiagnostics(org.apache.nifi.diagnostics.SystemDiagnostics) List(java.util.List) Result(org.apache.nifi.authorization.AuthorizationResult.Result) VersionControlInformation(org.apache.nifi.registry.flow.VersionControlInformation) StatusHistoryDTO(org.apache.nifi.web.api.dto.status.StatusHistoryDTO) HeartbeatMonitor(org.apache.nifi.cluster.coordination.heartbeat.HeartbeatMonitor) Optional(java.util.Optional) Action(org.apache.nifi.action.Action) Funnel(org.apache.nifi.connectable.Funnel) ClusterDTO(org.apache.nifi.web.api.dto.ClusterDTO) VariableEntity(org.apache.nifi.web.api.entity.VariableEntity) HashMap(java.util.HashMap) ConciseEvolvingDifferenceDescriptor(org.apache.nifi.registry.flow.diff.ConciseEvolvingDifferenceDescriptor) ResourceDTO(org.apache.nifi.web.api.dto.ResourceDTO) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) HistoryQuery(org.apache.nifi.history.HistoryQuery) ExpiredRevisionClaimException(org.apache.nifi.web.revision.ExpiredRevisionClaimException) PortStatusDTO(org.apache.nifi.web.api.dto.status.PortStatusDTO) ComparableDataFlow(org.apache.nifi.registry.flow.diff.ComparableDataFlow) ClusterCoordinator(org.apache.nifi.cluster.coordination.ClusterCoordinator) StandardRevisionUpdate(org.apache.nifi.web.revision.StandardRevisionUpdate) ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) Validator(org.apache.nifi.components.Validator) PortStatusEntity(org.apache.nifi.web.api.entity.PortStatusEntity) ControllerDTO(org.apache.nifi.web.api.dto.ControllerDTO) ProcessorDiagnosticsDTO(org.apache.nifi.web.api.dto.diagnostics.ProcessorDiagnosticsDTO) ComponentVariableRegistry(org.apache.nifi.registry.ComponentVariableRegistry) FlowDifference(org.apache.nifi.registry.flow.diff.FlowDifference) ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity) UserContextKeys(org.apache.nifi.authorization.UserContextKeys) VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) DeleteRevisionTask(org.apache.nifi.web.revision.DeleteRevisionTask) Component(org.apache.nifi.action.Component) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) SearchResultsDTO(org.apache.nifi.web.api.dto.search.SearchResultsDTO) RegistryEntity(org.apache.nifi.web.api.entity.RegistryEntity) Collections(java.util.Collections) TenantEntity(org.apache.nifi.web.api.entity.TenantEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) AccessPolicySummaryEntity(org.apache.nifi.web.api.entity.AccessPolicySummaryEntity)

Example 34 with Permissions

use of org.apache.nifi.registry.authorization.Permissions in project nifi-registry by apache.

the class SecureLdapIT method testAccessPolicyCreation.

@Test
public void testAccessPolicyCreation() throws Exception {
    // Given: the server has been configured with an initial admin "nifiadmin" and a user with no accessPolicies "nobel"
    String nobelId = getTenantIdentifierByIdentity("nobel");
    // a group containing user "nobel"
    String chemistsId = getTenantIdentifierByIdentity("chemists");
    final String basicAuthCredentials = encodeCredentialsForBasicAuth("nobel", "password");
    final String nobelAuthToken = client.target(createURL(tokenIdentityProviderPath)).request().header("Authorization", "Basic " + basicAuthCredentials).post(null, String.class);
    // When: user nobel re-checks top-level permissions
    final CurrentUser currentUser = client.target(createURL("/access")).request().header("Authorization", "Bearer " + nobelAuthToken).get(CurrentUser.class);
    // Then: 200 OK is returned indicating user has access to no top-level resources
    assertEquals(new Permissions(), currentUser.getResourcePermissions().getBuckets());
    assertEquals(new Permissions(), currentUser.getResourcePermissions().getTenants());
    assertEquals(new Permissions(), currentUser.getResourcePermissions().getPolicies());
    assertEquals(new Permissions(), currentUser.getResourcePermissions().getProxy());
    // When: nifiadmin creates a bucket
    final Bucket bucket = new Bucket();
    bucket.setName("Integration Test Bucket");
    bucket.setDescription("A bucket created by an integration test.");
    Response adminCreatesBucketResponse = client.target(createURL("buckets")).request().header("Authorization", "Bearer " + adminAuthToken).post(Entity.entity(bucket, MediaType.APPLICATION_JSON), Response.class);
    // Then: the server returns a 200 OK
    assertEquals(200, adminCreatesBucketResponse.getStatus());
    Bucket createdBucket = adminCreatesBucketResponse.readEntity(Bucket.class);
    // When: user nobel initial queries /buckets
    final Bucket[] buckets1 = client.target(createURL("buckets")).request().header("Authorization", "Bearer " + nobelAuthToken).get(Bucket[].class);
    // Then: an empty list is returned (nobel has no read access yet)
    assertNotNull(buckets1);
    assertEquals(0, buckets1.length);
    // When: nifiadmin grants read access on createdBucket to 'chemists' a group containing nobel
    AccessPolicy readPolicy = new AccessPolicy();
    readPolicy.setResource("/buckets/" + createdBucket.getIdentifier());
    readPolicy.setAction("read");
    readPolicy.addUserGroups(Arrays.asList(new Tenant(chemistsId, "chemists")));
    Response adminGrantsReadAccessResponse = client.target(createURL("policies")).request().header("Authorization", "Bearer " + adminAuthToken).post(Entity.entity(readPolicy, MediaType.APPLICATION_JSON), Response.class);
    // Then: the server returns a 201 Created
    assertEquals(201, adminGrantsReadAccessResponse.getStatus());
    // When: nifiadmin tries to list all buckets
    final Bucket[] adminBuckets = client.target(createURL("buckets")).request().header("Authorization", "Bearer " + adminAuthToken).get(Bucket[].class);
    // Then: the full list is returned (verifies that per-bucket access policies are additive to base /buckets policy)
    assertNotNull(adminBuckets);
    assertEquals(1, adminBuckets.length);
    assertEquals(createdBucket.getIdentifier(), adminBuckets[0].getIdentifier());
    assertEquals(new Permissions().withCanRead(true).withCanWrite(true).withCanDelete(true), adminBuckets[0].getPermissions());
    // When: user nobel re-queries /buckets
    final Bucket[] buckets2 = client.target(createURL("buckets")).request().header("Authorization", "Bearer " + nobelAuthToken).get(Bucket[].class);
    // Then: the created bucket is now present
    assertNotNull(buckets2);
    assertEquals(1, buckets2.length);
    assertEquals(createdBucket.getIdentifier(), buckets2[0].getIdentifier());
    assertEquals(new Permissions().withCanRead(true), buckets2[0].getPermissions());
    // When: nifiadmin grants write access on createdBucket to user 'nobel'
    AccessPolicy writePolicy = new AccessPolicy();
    writePolicy.setResource("/buckets/" + createdBucket.getIdentifier());
    writePolicy.setAction("write");
    writePolicy.addUsers(Arrays.asList(new Tenant(nobelId, "nobel")));
    Response adminGrantsWriteAccessResponse = client.target(createURL("policies")).request().header("Authorization", "Bearer " + adminAuthToken).post(Entity.entity(writePolicy, MediaType.APPLICATION_JSON), Response.class);
    // Then: the server returns a 201 Created
    assertEquals(201, adminGrantsWriteAccessResponse.getStatus());
    // When: user nobel re-queries /buckets
    final Bucket[] buckets3 = client.target(createURL("buckets")).request().header("Authorization", "Bearer " + nobelAuthToken).get(Bucket[].class);
    // Then: the authorizedActions are updated
    assertNotNull(buckets3);
    assertEquals(1, buckets3.length);
    assertEquals(createdBucket.getIdentifier(), buckets3[0].getIdentifier());
    assertEquals(new Permissions().withCanRead(true).withCanWrite(true), buckets3[0].getPermissions());
}
Also used : Response(javax.ws.rs.core.Response) Tenant(org.apache.nifi.registry.authorization.Tenant) CurrentUser(org.apache.nifi.registry.authorization.CurrentUser) Bucket(org.apache.nifi.registry.bucket.Bucket) Permissions(org.apache.nifi.registry.authorization.Permissions) AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 35 with Permissions

use of org.apache.nifi.registry.authorization.Permissions in project nifi-registry by apache.

the class SecureNiFiRegistryClientIT method testGetAccessStatus.

@Test
public void testGetAccessStatus() throws IOException, NiFiRegistryException {
    final UserClient userClient = client.getUserClient();
    final CurrentUser currentUser = userClient.getAccessStatus();
    Assert.assertEquals("CN=user1, OU=nifi", currentUser.getIdentity());
    Assert.assertFalse(currentUser.isAnonymous());
    Assert.assertNotNull(currentUser.getResourcePermissions());
    Permissions fullAccess = new Permissions().withCanRead(true).withCanWrite(true).withCanDelete(true);
    Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getAnyTopLevelResource());
    Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getBuckets());
    Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getTenants());
    Assert.assertEquals(fullAccess, currentUser.getResourcePermissions().getPolicies());
    Assert.assertEquals(new Permissions().withCanWrite(true), currentUser.getResourcePermissions().getProxy());
}
Also used : UserClient(org.apache.nifi.registry.client.UserClient) CurrentUser(org.apache.nifi.registry.authorization.CurrentUser) Permissions(org.apache.nifi.registry.authorization.Permissions) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

Permissions (org.apache.nifi.registry.authorization.Permissions)43 Response (javax.ws.rs.core.Response)31 Sets (com.google.common.collect.Sets)30 IOException (java.io.IOException)30 StandardCharsets (java.nio.charset.StandardCharsets)30 ArrayList (java.util.ArrayList)30 Arrays (java.util.Arrays)30 Collection (java.util.Collection)30 Collections (java.util.Collections)30 Comparator (java.util.Comparator)30 Date (java.util.Date)30 HashMap (java.util.HashMap)30 HashSet (java.util.HashSet)30 LinkedHashMap (java.util.LinkedHashMap)30 LinkedHashSet (java.util.LinkedHashSet)30 List (java.util.List)30 ListIterator (java.util.ListIterator)30 Map (java.util.Map)30 Objects (java.util.Objects)30 Optional (java.util.Optional)30