Search in sources :

Example 1 with UserGroup

use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.

the class AuthorizationService method deleteUserGroup.

public UserGroup deleteUserGroup(String identifier) {
    verifyUserGroupProviderIsConfigurable();
    writeLock.lock();
    try {
        final UserGroup userGroupDTO = getUserGroup(identifier);
        if (userGroupDTO != null) {
            ((ConfigurableUserGroupProvider) userGroupProvider).deleteGroup(identifier);
        }
        return userGroupDTO;
    } finally {
        writeLock.unlock();
    }
}
Also used : ConfigurableUserGroupProvider(org.apache.nifi.registry.security.authorization.ConfigurableUserGroupProvider) UserGroup(org.apache.nifi.registry.authorization.UserGroup)

Example 2 with UserGroup

use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.

the class SecureFileIT method testCreateUserGroup.

@Test
public void testCreateUserGroup() throws Exception {
    // Given: the server has been configured with FileUserGroupProvider, which is configurable,
    // and: the initial admin client wants to create a tenant
    Tenant tenant = new Tenant();
    tenant.setIdentity("New Group");
    // When: the POST /tenants/user-groups endpoint is used
    final Response createUserGroupResponse = client.target(createURL("tenants/user-groups")).request().post(Entity.entity(tenant, MediaType.APPLICATION_JSON_TYPE), Response.class);
    // Then: 201 created is returned with the expected group
    assertEquals(201, createUserGroupResponse.getStatus());
    UserGroup actualUserGroup = createUserGroupResponse.readEntity(UserGroup.class);
    assertNotNull(actualUserGroup.getIdentifier());
    try {
        assertEquals(tenant.getIdentity(), actualUserGroup.getIdentity());
        assertEquals(true, actualUserGroup.getConfigurable());
        assertEquals(0, actualUserGroup.getUsers().size());
        assertEquals(0, actualUserGroup.getAccessPolicies().size());
        assertEquals(new ResourcePermissions(), actualUserGroup.getResourcePermissions());
    } finally {
        // cleanup user for other tests
        client.target(createURL("tenants/user-groups/" + actualUserGroup.getIdentifier())).request().delete();
    }
}
Also used : Response(javax.ws.rs.core.Response) Tenant(org.apache.nifi.registry.authorization.Tenant) UserGroup(org.apache.nifi.registry.authorization.UserGroup) ResourcePermissions(org.apache.nifi.registry.authorization.ResourcePermissions) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 3 with UserGroup

use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.

the class TenantResource method removeUserGroup.

/**
 * Removes the specified user group.
 *
 * @param httpServletRequest request
 * @param identifier                 The id of the user group to remove.
 * @return The deleted user group.
 */
@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Deletes a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroup.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "delete"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response removeUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String identifier) {
    verifyAuthorizerSupportsConfigurableUserGroups();
    authorizeAccess(RequestAction.DELETE);
    final UserGroup userGroup = authorizationService.deleteUserGroup(identifier);
    if (userGroup == null) {
        logger.warn("The specified user group id [{}] does not exist.", identifier);
        throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
    }
    return generateOkResponse(userGroup).build();
}
Also used : ResourceNotFoundException(org.apache.nifi.registry.exception.ResourceNotFoundException) UserGroup(org.apache.nifi.registry.authorization.UserGroup) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 4 with UserGroup

use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.

the class TenantResource method updateUserGroup.

/**
 * Updates a user group.
 *
 * @param httpServletRequest request
 * @param identifier The id of the user group to update.
 * @param requestUserGroup The user group with updated fields.
 * @return The resulting, updated user group.
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups/{id}")
@ApiOperation(value = "Updates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroup.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response updateUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group id.", required = true) @PathParam("id") final String identifier, @ApiParam(value = "The user group configuration details.", required = true) final UserGroup requestUserGroup) {
    verifyAuthorizerSupportsConfigurableUserGroups();
    if (requestUserGroup == null) {
        throw new IllegalArgumentException("User group details must be specified to update a user group.");
    }
    if (!identifier.equals(requestUserGroup.getIdentifier())) {
        throw new IllegalArgumentException(String.format("The user group id in the request body (%s) does not equal the " + "user group id of the requested resource (%s).", requestUserGroup.getIdentifier(), identifier));
    }
    authorizeAccess(RequestAction.WRITE);
    UserGroup updatedUserGroup = authorizationService.updateUserGroup(requestUserGroup);
    if (updatedUserGroup == null) {
        logger.warn("The specified user group id [{}] does not exist.", identifier);
        throw new ResourceNotFoundException("The specified user group ID does not exist in this registry.");
    }
    return generateOkResponse(updatedUserGroup).build();
}
Also used : ResourceNotFoundException(org.apache.nifi.registry.exception.ResourceNotFoundException) UserGroup(org.apache.nifi.registry.authorization.UserGroup) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) PUT(javax.ws.rs.PUT) ApiResponses(io.swagger.annotations.ApiResponses)

Example 5 with UserGroup

use of org.apache.nifi.registry.authorization.UserGroup in project nifi-registry by apache.

the class TenantResource method createUserGroup.

// ---------- User Group endpoints --------------------------------------------------------------------------------
/**
 * Creates a new user group.
 *
 * @param httpServletRequest request
 * @param requestUserGroup the user group to create
 * @return the created user group
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups")
@ApiOperation(value = "Creates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroup.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "write"), @ExtensionProperty(name = "resource", value = "/tenants") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response createUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group configuration details.", required = true) final UserGroup requestUserGroup) {
    verifyAuthorizerSupportsConfigurableUserGroups();
    authorizeAccess(RequestAction.WRITE);
    if (requestUserGroup == null) {
        throw new IllegalArgumentException("User group details must be specified when creating a new group.");
    }
    if (requestUserGroup.getIdentifier() != null) {
        throw new IllegalArgumentException("User group ID cannot be specified when creating a new group.");
    }
    if (StringUtils.isBlank(requestUserGroup.getIdentity())) {
        throw new IllegalArgumentException("User group identity must be specified when creating a new group.");
    }
    UserGroup createdGroup = authorizationService.createUserGroup(requestUserGroup);
    String locationUri = generateUserGroupUri(createdGroup);
    return generateCreatedResponse(URI.create(locationUri), createdGroup).build();
}
Also used : UserGroup(org.apache.nifi.registry.authorization.UserGroup) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

UserGroup (org.apache.nifi.registry.authorization.UserGroup)7 ApiOperation (io.swagger.annotations.ApiOperation)4 ApiResponses (io.swagger.annotations.ApiResponses)4 Consumes (javax.ws.rs.Consumes)4 Path (javax.ws.rs.Path)4 Produces (javax.ws.rs.Produces)4 ResourceNotFoundException (org.apache.nifi.registry.exception.ResourceNotFoundException)3 Tenant (org.apache.nifi.registry.authorization.Tenant)2 DELETE (javax.ws.rs.DELETE)1 GET (javax.ws.rs.GET)1 POST (javax.ws.rs.POST)1 PUT (javax.ws.rs.PUT)1 Response (javax.ws.rs.core.Response)1 AccessPolicySummary (org.apache.nifi.registry.authorization.AccessPolicySummary)1 ResourcePermissions (org.apache.nifi.registry.authorization.ResourcePermissions)1 ConfigurableUserGroupProvider (org.apache.nifi.registry.security.authorization.ConfigurableUserGroupProvider)1 Test (org.junit.Test)1 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)1