use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.
the class StandardNiFiServiceFacade method getCurrentUser.
@Override
public CurrentUserEntity getCurrentUser() {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final CurrentUserEntity entity = new CurrentUserEntity();
entity.setIdentity(user.getIdentity());
entity.setAnonymous(user.isAnonymous());
entity.setProvenancePermissions(dtoFactory.createPermissionsDto(authorizableLookup.getProvenance()));
entity.setCountersPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getCounters()));
entity.setTenantsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
entity.setControllerPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getController()));
entity.setPoliciesPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getPolicies()));
entity.setSystemPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getSystem()));
entity.setCanVersionFlows(CollectionUtils.isNotEmpty(flowRegistryClient.getRegistryIdentifiers()));
entity.setRestrictedComponentsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents()));
final Set<ComponentRestrictionPermissionDTO> componentRestrictionPermissions = new HashSet<>();
Arrays.stream(RequiredPermission.values()).forEach(requiredPermission -> {
final PermissionsDTO restrictionPermissions = dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents(requiredPermission));
final RequiredPermissionDTO requiredPermissionDto = new RequiredPermissionDTO();
requiredPermissionDto.setId(requiredPermission.getPermissionIdentifier());
requiredPermissionDto.setLabel(requiredPermission.getPermissionLabel());
final ComponentRestrictionPermissionDTO componentRestrictionPermissionDto = new ComponentRestrictionPermissionDTO();
componentRestrictionPermissionDto.setRequiredPermission(requiredPermissionDto);
componentRestrictionPermissionDto.setPermissions(restrictionPermissions);
componentRestrictionPermissions.add(componentRestrictionPermissionDto);
});
entity.setComponentRestrictionPermissions(componentRestrictionPermissions);
return entity;
}
use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.
the class CurrentUser method doExecute.
@Override
public CurrentUserEntityResult doExecute(NiFiClient client, Properties properties) throws NiFiClientException, IOException {
final FlowClient flowClient = client.getFlowClient();
final CurrentUserEntity currentUserEntity = flowClient.getCurrentUser();
return new CurrentUserEntityResult(getResultType(properties), currentUserEntity);
}
use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.
the class CurrentUserEndpointMergerTest method testMergeUserPermissions.
@Test
public void testMergeUserPermissions() {
final NodeIdentifier nodeId1 = new NodeIdentifier("1", "localhost", 9000, "localhost", 9001, "localhost", 9002, 9003, false);
final CurrentUserEntity userNode1 = new CurrentUserEntity();
userNode1.setControllerPermissions(buildPermissions(true, false));
userNode1.setCountersPermissions(buildPermissions(true, true));
userNode1.setPoliciesPermissions(buildPermissions(true, true));
userNode1.setProvenancePermissions(buildPermissions(false, false));
userNode1.setRestrictedComponentsPermissions(buildPermissions(false, false));
userNode1.setSystemPermissions(buildPermissions(true, true));
userNode1.setTenantsPermissions(buildPermissions(false, true));
final Set<ComponentRestrictionPermissionDTO> componentRestrictionsNode1 = new HashSet<>();
componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.ACCESS_KEYTAB, true, true));
componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.WRITE_FILESYSTEM, false, true));
componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.READ_FILESYSTEM, true, true));
userNode1.setComponentRestrictionPermissions(componentRestrictionsNode1);
final NodeIdentifier nodeId2 = new NodeIdentifier("2", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false);
final CurrentUserEntity userNode2 = new CurrentUserEntity();
userNode2.setControllerPermissions(buildPermissions(false, true));
userNode2.setCountersPermissions(buildPermissions(true, false));
userNode2.setPoliciesPermissions(buildPermissions(true, true));
userNode2.setProvenancePermissions(buildPermissions(false, false));
userNode2.setRestrictedComponentsPermissions(buildPermissions(true, true));
userNode2.setSystemPermissions(buildPermissions(false, false));
userNode2.setTenantsPermissions(buildPermissions(true, true));
final Set<ComponentRestrictionPermissionDTO> componentRestrictionsNode2 = new HashSet<>();
componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.ACCESS_KEYTAB, true, false));
componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.WRITE_FILESYSTEM, true, false));
componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.EXECUTE_CODE, true, true));
userNode2.setComponentRestrictionPermissions(componentRestrictionsNode2);
final Map<NodeIdentifier, CurrentUserEntity> entityMap = new HashMap<>();
entityMap.put(nodeId1, userNode1);
entityMap.put(nodeId2, userNode2);
final CurrentUserEndpointMerger merger = new CurrentUserEndpointMerger();
merger.mergeResponses(userNode1, entityMap, Collections.emptySet(), Collections.emptySet());
assertFalse(userNode1.getControllerPermissions().getCanRead());
assertFalse(userNode1.getControllerPermissions().getCanWrite());
assertTrue(userNode1.getCountersPermissions().getCanRead());
assertFalse(userNode1.getCountersPermissions().getCanWrite());
assertTrue(userNode1.getPoliciesPermissions().getCanRead());
assertTrue(userNode1.getPoliciesPermissions().getCanWrite());
assertFalse(userNode1.getProvenancePermissions().getCanRead());
assertFalse(userNode1.getProvenancePermissions().getCanWrite());
assertFalse(userNode1.getRestrictedComponentsPermissions().getCanRead());
assertFalse(userNode1.getRestrictedComponentsPermissions().getCanWrite());
assertFalse(userNode1.getSystemPermissions().getCanRead());
assertFalse(userNode1.getSystemPermissions().getCanWrite());
assertFalse(userNode1.getTenantsPermissions().getCanRead());
assertTrue(userNode1.getTenantsPermissions().getCanWrite());
userNode1.getComponentRestrictionPermissions().forEach(componentRestriction -> {
if (RequiredPermission.ACCESS_KEYTAB.getPermissionIdentifier().equals(componentRestriction.getRequiredPermission().getId())) {
assertTrue(componentRestriction.getPermissions().getCanRead());
assertFalse(componentRestriction.getPermissions().getCanWrite());
} else if (RequiredPermission.WRITE_FILESYSTEM.getPermissionIdentifier().equals(componentRestriction.getRequiredPermission().getId())) {
assertFalse(componentRestriction.getPermissions().getCanRead());
assertFalse(componentRestriction.getPermissions().getCanWrite());
} else {
fail();
}
});
}
use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.
the class CurrentUserEndpointMerger method mergeResponses.
@Override
protected void mergeResponses(final CurrentUserEntity clientEntity, final Map<NodeIdentifier, CurrentUserEntity> entityMap, final Set<NodeResponse> successfulResponses, final Set<NodeResponse> problematicResponses) {
for (final Map.Entry<NodeIdentifier, CurrentUserEntity> entry : entityMap.entrySet()) {
final CurrentUserEntity entity = entry.getValue();
if (entity != clientEntity) {
mergePermissions(clientEntity.getControllerPermissions(), entity.getControllerPermissions());
mergePermissions(clientEntity.getCountersPermissions(), entity.getCountersPermissions());
mergePermissions(clientEntity.getPoliciesPermissions(), entity.getPoliciesPermissions());
mergePermissions(clientEntity.getProvenancePermissions(), entity.getProvenancePermissions());
mergePermissions(clientEntity.getTenantsPermissions(), entity.getTenantsPermissions());
mergePermissions(clientEntity.getSystemPermissions(), entity.getSystemPermissions());
mergePermissions(clientEntity.getTenantsPermissions(), entity.getTenantsPermissions());
final Set<ComponentRestrictionPermissionDTO> clientEntityComponentRestrictionsPermissions = clientEntity.getComponentRestrictionPermissions();
final Set<ComponentRestrictionPermissionDTO> entityComponentRestrictionsPermissions = entity.getComponentRestrictionPermissions();
// only retain the component restriction permissions in common
clientEntityComponentRestrictionsPermissions.retainAll(entityComponentRestrictionsPermissions);
// merge the component restriction permissions
clientEntityComponentRestrictionsPermissions.forEach(clientEntityPermission -> {
final ComponentRestrictionPermissionDTO entityPermission = entityComponentRestrictionsPermissions.stream().filter(entityComponentRestrictionsPermission -> {
return entityComponentRestrictionsPermission.getRequiredPermission().getId().equals(clientEntityPermission.getRequiredPermission().getId());
}).findFirst().orElse(null);
mergePermissions(clientEntityPermission.getPermissions(), entityPermission.getPermissions());
});
}
}
}
use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.
the class FlowResource method getCurrentUser.
/**
* Retrieves the identity of the user making the request.
*
* @return An identityEntity
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("current-user")
@ApiOperation(value = "Retrieves the user identity of the user making the request", response = CurrentUserEntity.class, authorizations = { @Authorization(value = "Read - /flow") })
public Response getCurrentUser() {
authorizeFlow();
if (isReplicateRequest()) {
return replicate(HttpMethod.GET);
}
// note that the cluster manager will handle this request directly
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
// create the response entity
final CurrentUserEntity entity = serviceFacade.getCurrentUser();
// generate the response
return generateOkResponse(entity).build();
}
Aggregations