use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.
the class AuthorizationService method deleteUserGroup.
public UserGroup deleteUserGroup(String identifier) {
verifyUserGroupProviderIsConfigurable();
writeLock.lock();
try {
final UserGroup userGroupDTO = getUserGroup(identifier);
if (userGroupDTO != null) {
((ConfigurableUserGroupProvider) userGroupProvider).deleteGroup(identifier);
}
return userGroupDTO;
} finally {
writeLock.unlock();
}
}
use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.
the class SecureFileIT method testCreateUserGroup.
@Test
public void testCreateUserGroup() throws Exception {
// Given: the server has been configured with FileUserGroupProvider, which is configurable,
// and: the initial admin client wants to create a tenant
Tenant tenant = new Tenant();
tenant.setIdentity("New Group");
// When: the POST /tenants/user-groups endpoint is used
final Response createUserGroupResponse = client.target(createURL("tenants/user-groups")).request().post(Entity.entity(tenant, MediaType.APPLICATION_JSON_TYPE), Response.class);
// Then: 201 created is returned with the expected group
assertEquals(201, createUserGroupResponse.getStatus());
UserGroup actualUserGroup = createUserGroupResponse.readEntity(UserGroup.class);
assertNotNull(actualUserGroup.getIdentifier());
try {
assertEquals(tenant.getIdentity(), actualUserGroup.getIdentity());
assertEquals(true, actualUserGroup.getConfigurable());
assertEquals(0, actualUserGroup.getUsers().size());
assertEquals(0, actualUserGroup.getAccessPolicies().size());
assertEquals(new ResourcePermissions(), actualUserGroup.getResourcePermissions());
} finally {
// cleanup user for other tests
client.target(createURL("tenants/user-groups/" + actualUserGroup.getIdentifier())).request().delete();
}
}
use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.
the class TenantResource method removeUserGroup.
/**
* Removes the specified user group.
*
* @param httpServletRequest request
* @param identifier The id of the user group to remove.
* @return The deleted user group.
*/
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Deletes a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroup.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "delete"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response removeUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String identifier) {
verifyAuthorizerSupportsConfigurableUserGroups();
authorizeAccess(RequestAction.DELETE);
final UserGroup userGroup = authorizationService.deleteUserGroup(identifier);
if (userGroup == null) {
logger.warn("The specified user group id [{}] does not exist.", identifier);
throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
}
return generateOkResponse(userGroup).build();
}
use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.
the class TenantResource method updateUserGroup.
/**
* Updates a user group.
*
* @param httpServletRequest request
* @param identifier The id of the user group to update.
* @param requestUserGroup The user group with updated fields.
* @return The resulting, updated user group.
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Updates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroup.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response updateUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String identifier, @ApiParam(value = "The user group configuration details.", required = true) final UserGroup requestUserGroup) {
verifyAuthorizerSupportsConfigurableUserGroups();
if (requestUserGroup == null) {
throw new IllegalArgumentException("User group details must be specified to update a user group.");
}
if (!identifier.equals(requestUserGroup.getIdentifier())) {
throw new IllegalArgumentException(String.format("The user group id in the request body (%s) does not equal the " + "user group id of the requested resource (%s).", requestUserGroup.getIdentifier(), identifier));
}
authorizeAccess(RequestAction.WRITE);
UserGroup updatedUserGroup = authorizationService.updateUserGroup(requestUserGroup);
if (updatedUserGroup == null) {
logger.warn("The specified user group id [{}] does not exist.", identifier);
throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
}
return generateOkResponse(updatedUserGroup).build();
}
use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.
the class TenantResource method createUserGroup.
// ---------- User Group endpoints --------------------------------------------------------------------------------
/**
* Creates a new user group.
*
* @param httpServletRequest request
* @param requestUserGroup the user group to create
* @return the created user group
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups")
@ApiOperation(value = "Creates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroup.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response createUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group configuration details.", required = true) final UserGroup requestUserGroup) {
verifyAuthorizerSupportsConfigurableUserGroups();
authorizeAccess(RequestAction.WRITE);
if (requestUserGroup == null) {
throw new IllegalArgumentException("User group details must be specified when creating a new group.");
}
if (requestUserGroup.getIdentifier() != null) {
throw new IllegalArgumentException("User group ID cannot be specified when creating a new group.");
}
if (StringUtils.isBlank(requestUserGroup.getIdentity())) {
throw new IllegalArgumentException("User group identity must be specified when creating a new group.");
}
UserGroup createdGroup = authorizationService.createUserGroup(requestUserGroup);
String locationUri = generateUserGroupUri(createdGroup);
return generateCreatedResponse(URI.create(locationUri), createdGroup).build();
}
Aggregations