Search in sources :

Example 1 with ComponentRestrictionPermissionDTO

use of org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO in project nifi by apache.

the class StandardNiFiServiceFacade method getCurrentUser.

@Override
public CurrentUserEntity getCurrentUser() {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final CurrentUserEntity entity = new CurrentUserEntity();
    entity.setIdentity(user.getIdentity());
    entity.setAnonymous(user.isAnonymous());
    entity.setProvenancePermissions(dtoFactory.createPermissionsDto(authorizableLookup.getProvenance()));
    entity.setCountersPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getCounters()));
    entity.setTenantsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
    entity.setControllerPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getController()));
    entity.setPoliciesPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getPolicies()));
    entity.setSystemPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getSystem()));
    entity.setCanVersionFlows(CollectionUtils.isNotEmpty(flowRegistryClient.getRegistryIdentifiers()));
    entity.setRestrictedComponentsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents()));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionPermissions = new HashSet<>();
    Arrays.stream(RequiredPermission.values()).forEach(requiredPermission -> {
        final PermissionsDTO restrictionPermissions = dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents(requiredPermission));
        final RequiredPermissionDTO requiredPermissionDto = new RequiredPermissionDTO();
        requiredPermissionDto.setId(requiredPermission.getPermissionIdentifier());
        requiredPermissionDto.setLabel(requiredPermission.getPermissionLabel());
        final ComponentRestrictionPermissionDTO componentRestrictionPermissionDto = new ComponentRestrictionPermissionDTO();
        componentRestrictionPermissionDto.setRequiredPermission(requiredPermissionDto);
        componentRestrictionPermissionDto.setPermissions(restrictionPermissions);
        componentRestrictionPermissions.add(componentRestrictionPermissionDto);
    });
    entity.setComponentRestrictionPermissions(componentRestrictionPermissions);
    return entity;
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 2 with ComponentRestrictionPermissionDTO

use of org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO in project nifi by apache.

the class CurrentUserEndpointMergerTest method testMergeUserPermissions.

@Test
public void testMergeUserPermissions() {
    final NodeIdentifier nodeId1 = new NodeIdentifier("1", "localhost", 9000, "localhost", 9001, "localhost", 9002, 9003, false);
    final CurrentUserEntity userNode1 = new CurrentUserEntity();
    userNode1.setControllerPermissions(buildPermissions(true, false));
    userNode1.setCountersPermissions(buildPermissions(true, true));
    userNode1.setPoliciesPermissions(buildPermissions(true, true));
    userNode1.setProvenancePermissions(buildPermissions(false, false));
    userNode1.setRestrictedComponentsPermissions(buildPermissions(false, false));
    userNode1.setSystemPermissions(buildPermissions(true, true));
    userNode1.setTenantsPermissions(buildPermissions(false, true));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionsNode1 = new HashSet<>();
    componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.ACCESS_KEYTAB, true, true));
    componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.WRITE_FILESYSTEM, false, true));
    componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.READ_FILESYSTEM, true, true));
    userNode1.setComponentRestrictionPermissions(componentRestrictionsNode1);
    final NodeIdentifier nodeId2 = new NodeIdentifier("2", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false);
    final CurrentUserEntity userNode2 = new CurrentUserEntity();
    userNode2.setControllerPermissions(buildPermissions(false, true));
    userNode2.setCountersPermissions(buildPermissions(true, false));
    userNode2.setPoliciesPermissions(buildPermissions(true, true));
    userNode2.setProvenancePermissions(buildPermissions(false, false));
    userNode2.setRestrictedComponentsPermissions(buildPermissions(true, true));
    userNode2.setSystemPermissions(buildPermissions(false, false));
    userNode2.setTenantsPermissions(buildPermissions(true, true));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionsNode2 = new HashSet<>();
    componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.ACCESS_KEYTAB, true, false));
    componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.WRITE_FILESYSTEM, true, false));
    componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.EXECUTE_CODE, true, true));
    userNode2.setComponentRestrictionPermissions(componentRestrictionsNode2);
    final Map<NodeIdentifier, CurrentUserEntity> entityMap = new HashMap<>();
    entityMap.put(nodeId1, userNode1);
    entityMap.put(nodeId2, userNode2);
    final CurrentUserEndpointMerger merger = new CurrentUserEndpointMerger();
    merger.mergeResponses(userNode1, entityMap, Collections.emptySet(), Collections.emptySet());
    assertFalse(userNode1.getControllerPermissions().getCanRead());
    assertFalse(userNode1.getControllerPermissions().getCanWrite());
    assertTrue(userNode1.getCountersPermissions().getCanRead());
    assertFalse(userNode1.getCountersPermissions().getCanWrite());
    assertTrue(userNode1.getPoliciesPermissions().getCanRead());
    assertTrue(userNode1.getPoliciesPermissions().getCanWrite());
    assertFalse(userNode1.getProvenancePermissions().getCanRead());
    assertFalse(userNode1.getProvenancePermissions().getCanWrite());
    assertFalse(userNode1.getRestrictedComponentsPermissions().getCanRead());
    assertFalse(userNode1.getRestrictedComponentsPermissions().getCanWrite());
    assertFalse(userNode1.getSystemPermissions().getCanRead());
    assertFalse(userNode1.getSystemPermissions().getCanWrite());
    assertFalse(userNode1.getTenantsPermissions().getCanRead());
    assertTrue(userNode1.getTenantsPermissions().getCanWrite());
    userNode1.getComponentRestrictionPermissions().forEach(componentRestriction -> {
        if (RequiredPermission.ACCESS_KEYTAB.getPermissionIdentifier().equals(componentRestriction.getRequiredPermission().getId())) {
            assertTrue(componentRestriction.getPermissions().getCanRead());
            assertFalse(componentRestriction.getPermissions().getCanWrite());
        } else if (RequiredPermission.WRITE_FILESYSTEM.getPermissionIdentifier().equals(componentRestriction.getRequiredPermission().getId())) {
            assertFalse(componentRestriction.getPermissions().getCanRead());
            assertFalse(componentRestriction.getPermissions().getCanWrite());
        } else {
            fail();
        }
    });
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) HashMap(java.util.HashMap) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 3 with ComponentRestrictionPermissionDTO

use of org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO in project nifi by apache.

the class CurrentUserEndpointMergerTest method buildComponentRestriction.

private ComponentRestrictionPermissionDTO buildComponentRestriction(final RequiredPermission requiredPermission, final boolean canRead, final boolean canWrite) {
    final RequiredPermissionDTO requiredPermissionDto = new RequiredPermissionDTO();
    requiredPermissionDto.setId(requiredPermission.getPermissionIdentifier());
    requiredPermissionDto.setLabel(requiredPermission.getPermissionLabel());
    final ComponentRestrictionPermissionDTO componentRestrictionPermissionDto = new ComponentRestrictionPermissionDTO();
    componentRestrictionPermissionDto.setRequiredPermission(requiredPermissionDto);
    componentRestrictionPermissionDto.setPermissions(buildPermissions(canRead, canWrite));
    return componentRestrictionPermissionDto;
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO)

Example 4 with ComponentRestrictionPermissionDTO

use of org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO in project nifi by apache.

the class CurrentUserEndpointMerger method mergeResponses.

@Override
protected void mergeResponses(final CurrentUserEntity clientEntity, final Map<NodeIdentifier, CurrentUserEntity> entityMap, final Set<NodeResponse> successfulResponses, final Set<NodeResponse> problematicResponses) {
    for (final Map.Entry<NodeIdentifier, CurrentUserEntity> entry : entityMap.entrySet()) {
        final CurrentUserEntity entity = entry.getValue();
        if (entity != clientEntity) {
            mergePermissions(clientEntity.getControllerPermissions(), entity.getControllerPermissions());
            mergePermissions(clientEntity.getCountersPermissions(), entity.getCountersPermissions());
            mergePermissions(clientEntity.getPoliciesPermissions(), entity.getPoliciesPermissions());
            mergePermissions(clientEntity.getProvenancePermissions(), entity.getProvenancePermissions());
            mergePermissions(clientEntity.getTenantsPermissions(), entity.getTenantsPermissions());
            mergePermissions(clientEntity.getSystemPermissions(), entity.getSystemPermissions());
            mergePermissions(clientEntity.getTenantsPermissions(), entity.getTenantsPermissions());
            final Set<ComponentRestrictionPermissionDTO> clientEntityComponentRestrictionsPermissions = clientEntity.getComponentRestrictionPermissions();
            final Set<ComponentRestrictionPermissionDTO> entityComponentRestrictionsPermissions = entity.getComponentRestrictionPermissions();
            // only retain the component restriction permissions in common
            clientEntityComponentRestrictionsPermissions.retainAll(entityComponentRestrictionsPermissions);
            // merge the component restriction permissions
            clientEntityComponentRestrictionsPermissions.forEach(clientEntityPermission -> {
                final ComponentRestrictionPermissionDTO entityPermission = entityComponentRestrictionsPermissions.stream().filter(entityComponentRestrictionsPermission -> {
                    return entityComponentRestrictionsPermission.getRequiredPermission().getId().equals(clientEntityPermission.getRequiredPermission().getId());
                }).findFirst().orElse(null);
                mergePermissions(clientEntityPermission.getPermissions(), entityPermission.getPermissions());
            });
        }
    }
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Map(java.util.Map)

Aggregations

ComponentRestrictionPermissionDTO (org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO)4 CurrentUserEntity (org.apache.nifi.web.api.entity.CurrentUserEntity)3 HashSet (java.util.HashSet)2 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)2 RequiredPermissionDTO (org.apache.nifi.web.api.dto.RequiredPermissionDTO)2 HashMap (java.util.HashMap)1 LinkedHashSet (java.util.LinkedHashSet)1 Map (java.util.Map)1 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)1 PermissionsDTO (org.apache.nifi.web.api.dto.PermissionsDTO)1 Test (org.junit.Test)1