Search in sources :

Example 86 with RevisionDTO

use of org.apache.nifi.web.api.dto.RevisionDTO in project nifi by apache.

the class ITOutputPortAccessControl method testNoneUserPutOutputPort.

/**
 * Ensures the NONE user cannot put an output port.
 *
 * @throws Exception ex
 */
@Test
public void testNoneUserPutOutputPort() throws Exception {
    final PortEntity entity = getRandomOutputPort(helper.getNoneUser());
    assertFalse(entity.getPermissions().getCanRead());
    assertFalse(entity.getPermissions().getCanWrite());
    assertNull(entity.getComponent());
    final String updatedName = "Updated Name" + count++;
    // attempt to update the name
    final PortDTO requestDto = new PortDTO();
    requestDto.setId(entity.getId());
    requestDto.setName(updatedName);
    final long version = entity.getRevision().getVersion();
    final RevisionDTO requestRevision = new RevisionDTO();
    requestRevision.setVersion(version);
    requestRevision.setClientId(AccessControlHelper.NONE_CLIENT_ID);
    final PortEntity requestEntity = new PortEntity();
    requestEntity.setId(entity.getId());
    requestEntity.setRevision(requestRevision);
    requestEntity.setComponent(requestDto);
    // perform the request
    final Response response = updateOutputPort(helper.getNoneUser(), requestEntity);
    // ensure forbidden response
    assertEquals(403, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) PortDTO(org.apache.nifi.web.api.dto.PortDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) PortEntity(org.apache.nifi.web.api.entity.PortEntity) Test(org.junit.Test)

Example 87 with RevisionDTO

use of org.apache.nifi.web.api.dto.RevisionDTO in project nifi by apache.

the class ITProcessGroupAccessControl method testNoneUserPutProcessGroup.

/**
 * Ensures the NONE user cannot put a process group.
 *
 * @throws Exception ex
 */
@Test
public void testNoneUserPutProcessGroup() throws Exception {
    final ProcessGroupEntity entity = getRandomProcessGroup(helper.getNoneUser());
    assertFalse(entity.getPermissions().getCanRead());
    assertFalse(entity.getPermissions().getCanWrite());
    assertNull(entity.getComponent());
    final String updatedName = "Updated Name" + count++;
    // attempt to update the name
    final ProcessGroupDTO requestDto = new ProcessGroupDTO();
    requestDto.setId(entity.getId());
    requestDto.setName(updatedName);
    final long version = entity.getRevision().getVersion();
    final RevisionDTO requestRevision = new RevisionDTO();
    requestRevision.setVersion(version);
    requestRevision.setClientId(AccessControlHelper.NONE_CLIENT_ID);
    final ProcessGroupEntity requestEntity = new ProcessGroupEntity();
    requestEntity.setId(entity.getId());
    requestEntity.setRevision(requestRevision);
    requestEntity.setComponent(requestDto);
    // perform the request
    final Response response = updateProcessGroup(helper.getNoneUser(), requestEntity);
    // ensure forbidden response
    assertEquals(403, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Test(org.junit.Test)

Example 88 with RevisionDTO

use of org.apache.nifi.web.api.dto.RevisionDTO in project nifi by apache.

the class ITProcessGroupAccessControl method testWriteUserPutProcessGroup.

/**
 * Ensures the WRITE user can put a process group.
 *
 * @throws Exception ex
 */
@Test
public void testWriteUserPutProcessGroup() throws Exception {
    final ProcessGroupEntity entity = getRandomProcessGroup(helper.getWriteUser());
    assertFalse(entity.getPermissions().getCanRead());
    assertTrue(entity.getPermissions().getCanWrite());
    assertNull(entity.getComponent());
    final String updatedName = "Updated Name" + count++;
    // attempt to update the name
    final ProcessGroupDTO requestDto = new ProcessGroupDTO();
    requestDto.setId(entity.getId());
    requestDto.setName(updatedName);
    final long version = entity.getRevision().getVersion();
    final RevisionDTO requestRevision = new RevisionDTO();
    requestRevision.setVersion(version);
    requestRevision.setClientId(AccessControlHelper.WRITE_CLIENT_ID);
    final ProcessGroupEntity requestEntity = new ProcessGroupEntity();
    requestEntity.setId(entity.getId());
    requestEntity.setRevision(requestRevision);
    requestEntity.setComponent(requestDto);
    // perform the request
    final Response response = updateProcessGroup(helper.getWriteUser(), requestEntity);
    // ensure successful response
    assertEquals(200, response.getStatus());
    // get the response
    final ProcessGroupEntity responseEntity = response.readEntity(ProcessGroupEntity.class);
    // verify
    assertEquals(WRITE_CLIENT_ID, responseEntity.getRevision().getClientId());
    assertEquals(version + 1, responseEntity.getRevision().getVersion().longValue());
}
Also used : Response(javax.ws.rs.core.Response) ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) ProcessGroupDTO(org.apache.nifi.web.api.dto.ProcessGroupDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Test(org.junit.Test)

Example 89 with RevisionDTO

use of org.apache.nifi.web.api.dto.RevisionDTO in project nifi by apache.

the class ITProcessorAccessControl method testNoneUserPutProcessor.

/**
 * Ensures the NONE user cannot put a processor.
 *
 * @throws Exception ex
 */
@Test
public void testNoneUserPutProcessor() throws Exception {
    final ProcessorEntity entity = getRandomProcessor(helper.getNoneUser());
    assertFalse(entity.getPermissions().getCanRead());
    assertFalse(entity.getPermissions().getCanWrite());
    assertNull(entity.getComponent());
    final String updatedName = "Updated Name";
    // attempt to update the name
    final ProcessorDTO requestDto = new ProcessorDTO();
    requestDto.setId(entity.getId());
    requestDto.setName(updatedName);
    final long version = entity.getRevision().getVersion();
    final RevisionDTO requestRevision = new RevisionDTO();
    requestRevision.setVersion(version);
    requestRevision.setClientId(AccessControlHelper.NONE_CLIENT_ID);
    final ProcessorEntity requestEntity = new ProcessorEntity();
    requestEntity.setId(entity.getId());
    requestEntity.setRevision(requestRevision);
    requestEntity.setComponent(requestDto);
    // perform the request
    final Response response = updateProcessor(helper.getNoneUser(), requestEntity);
    // ensure forbidden response
    assertEquals(403, response.getStatus());
}
Also used : Response(javax.ws.rs.core.Response) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Test(org.junit.Test)

Example 90 with RevisionDTO

use of org.apache.nifi.web.api.dto.RevisionDTO in project nifi by apache.

the class ITProcessorAccessControl method testCreateRestrictedProcessor.

/**
 * Tests attempt to create a restricted processor.
 *
 * @throws Exception if there is an error creating this processor
 */
@Test
public void testCreateRestrictedProcessor() throws Exception {
    String url = helper.getBaseUrl() + "/process-groups/root/processors";
    // create the processor
    ProcessorDTO processor = new ProcessorDTO();
    processor.setName("restricted");
    processor.setType(RestrictedProcessor.class.getName());
    // create the revision
    final RevisionDTO revision = new RevisionDTO();
    revision.setClientId(READ_WRITE_CLIENT_ID);
    revision.setVersion(0L);
    // create the entity body
    ProcessorEntity entity = new ProcessorEntity();
    entity.setRevision(revision);
    entity.setComponent(processor);
    // perform the request as a user with read/write but no restricted access
    Response response = helper.getReadWriteUser().testPost(url, entity);
    // ensure the request is successful
    assertEquals(403, response.getStatus());
    // perform the request as a user with read/write and only execute code restricted access
    response = helper.getExecuteCodeUser().testPost(url, entity);
    // ensure the request is successful
    assertEquals(403, response.getStatus());
    // perform the request as a user with read/write and restricted access
    response = helper.getPrivilegedUser().testPost(url, entity);
    // ensure the request is successful
    assertEquals(201, response.getStatus());
    final ProcessorEntity responseEntity = response.readEntity(ProcessorEntity.class);
    // remove the restricted component
    deleteRestrictedComponent(responseEntity, helper.getPrivilegedUser());
}
Also used : Response(javax.ws.rs.core.Response) ProcessorDTO(org.apache.nifi.web.api.dto.ProcessorDTO) ExecuteCodeRestrictedProcessor(org.apache.nifi.integration.util.ExecuteCodeRestrictedProcessor) RestrictedProcessor(org.apache.nifi.integration.util.RestrictedProcessor) ProcessorEntity(org.apache.nifi.web.api.entity.ProcessorEntity) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) Test(org.junit.Test)

Aggregations

RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)91 Response (javax.ws.rs.core.Response)45 Authorizable (org.apache.nifi.authorization.resource.Authorizable)30 PermissionsDTO (org.apache.nifi.web.api.dto.PermissionsDTO)29 ProcessGroupEntity (org.apache.nifi.web.api.entity.ProcessGroupEntity)26 ProcessorEntity (org.apache.nifi.web.api.entity.ProcessorEntity)26 PortEntity (org.apache.nifi.web.api.entity.PortEntity)25 HashMap (java.util.HashMap)24 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)24 Map (java.util.Map)23 ProcessorDTO (org.apache.nifi.web.api.dto.ProcessorDTO)23 Set (java.util.Set)22 Collectors (java.util.stream.Collectors)22 ProcessGroupDTO (org.apache.nifi.web.api.dto.ProcessGroupDTO)22 ControllerServiceEntity (org.apache.nifi.web.api.entity.ControllerServiceEntity)22 ScheduledState (org.apache.nifi.controller.ScheduledState)21 ControllerServiceState (org.apache.nifi.controller.service.ControllerServiceState)21 VersionControlInformationDTO (org.apache.nifi.web.api.dto.VersionControlInformationDTO)21 HashSet (java.util.HashSet)20 Authorizer (org.apache.nifi.authorization.Authorizer)19