use of org.apache.nifi.registry.authorization.User in project nifi-registry by apache.
the class AuthorizationService method userToDTO.
private User userToDTO(final org.apache.nifi.registry.security.authorization.User user) {
if (user == null) {
return null;
}
String userIdentifier = user.getIdentifier();
Collection<Tenant> groupsContainingUser = userGroupProvider.getGroups().stream().filter(group -> group.getUsers().contains(userIdentifier)).map(this::tenantToDTO).collect(Collectors.toList());
Collection<AccessPolicySummary> accessPolicySummaries = getAccessPolicySummariesForUser(userIdentifier);
User userDTO = new User(user.getIdentifier(), user.getIdentity());
userDTO.setConfigurable(AuthorizerCapabilityDetection.isUserConfigurable(authorizer, user));
userDTO.setResourcePermissions(getTopLevelPermissions(userDTO.getIdentifier()));
userDTO.addUserGroups(groupsContainingUser);
userDTO.addAccessPolicies(accessPolicySummaries);
return userDTO;
}
use of org.apache.nifi.registry.authorization.User in project nifi-registry by apache.
the class AuthorizationService method deleteUser.
public User deleteUser(String identifier) {
verifyUserGroupProviderIsConfigurable();
this.writeLock.lock();
try {
User deletedUserDTO = getUser(identifier);
if (deletedUserDTO != null) {
((ConfigurableUserGroupProvider) userGroupProvider).deleteUser(identifier);
}
return deletedUserDTO;
} finally {
this.writeLock.unlock();
}
}
use of org.apache.nifi.registry.authorization.User in project nifi-registry by apache.
the class TenantResource method createUser.
// ---------- User endpoints --------------------------------------------------------------------------------------
/**
* Creates a new user.
*
* @param httpServletRequest request
* @param requestUser the user to create
* @return the user that was created
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("users")
@ApiOperation(value = "Creates a user", notes = NON_GUARANTEED_ENDPOINT, response = User.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response createUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user configuration details.", required = true) final User requestUser) {
verifyAuthorizerSupportsConfigurableUserGroups();
if (requestUser == null) {
throw new IllegalArgumentException("User details must be specified when creating a new user.");
}
if (requestUser.getIdentifier() != null) {
throw new IllegalArgumentException("User identifier cannot be specified when creating a new user.");
}
if (StringUtils.isBlank(requestUser.getIdentity())) {
throw new IllegalArgumentException("User identity must be specified when creating a new user.");
}
authorizeAccess(RequestAction.WRITE);
User createdUser = authorizationService.createUser(requestUser);
String locationUri = generateUserUri(createdUser);
return generateCreatedResponse(URI.create(locationUri), createdUser).build();
}
use of org.apache.nifi.registry.authorization.User in project nifi-registry by apache.
the class SecureFileIT method testCreateUser.
@Test
public void testCreateUser() throws Exception {
// Given: the server has been configured with FileUserGroupProvider, which is configurable,
// and: the initial admin client wants to create a tenant
Tenant tenant = new Tenant();
tenant.setIdentity("New User");
// When: the POST /tenants/users endpoint is accessed
final Response createUserResponse = client.target(createURL("tenants/users")).request().post(Entity.entity(tenant, MediaType.APPLICATION_JSON_TYPE), Response.class);
// Then: "201 created" is returned with the expected user
assertEquals(201, createUserResponse.getStatus());
User actualUser = createUserResponse.readEntity(User.class);
assertNotNull(actualUser.getIdentifier());
try {
assertEquals(tenant.getIdentity(), actualUser.getIdentity());
assertEquals(true, actualUser.getConfigurable());
assertEquals(0, actualUser.getUserGroups().size());
assertEquals(0, actualUser.getAccessPolicies().size());
assertEquals(new ResourcePermissions(), actualUser.getResourcePermissions());
} finally {
// cleanup user for other tests
client.target(createURL("tenants/users/" + actualUser.getIdentifier())).request().delete();
}
}
use of org.apache.nifi.registry.authorization.User in project nifi-registry by apache.
the class TenantResource method updateUser.
/**
* Updates a user.
*
* @param httpServletRequest request
* @param identifier The id of the user to update
* @param requestUser The user with updated fields.
* @return The updated user
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("users/{id}")
@ApiOperation(value = "Updates a user", notes = NON_GUARANTEED_ENDPOINT, response = User.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response updateUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user id.", required = true) @PathParam("id") final String identifier, @ApiParam(value = "The user configuration details.", required = true) final User requestUser) {
verifyAuthorizerSupportsConfigurableUserGroups();
authorizeAccess(RequestAction.WRITE);
if (requestUser == null) {
throw new IllegalArgumentException("User details must be specified when updating a user.");
}
if (!identifier.equals(requestUser.getIdentifier())) {
throw new IllegalArgumentException(String.format("The user id in the request body (%s) does not equal the " + "user id of the requested resource (%s).", requestUser.getIdentifier(), identifier));
}
final User updatedUser = authorizationService.updateUser(requestUser);
if (updatedUser == null) {
logger.warn("The specified user id [{}] does not exist.", identifier);
throw new ResourceNotFoundException("The specified user ID does not exist in this registry.");
}
return generateOkResponse(updatedUser).build();
}
Aggregations