Search in sources :

Example 1 with CurrentUserEntity

use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.

the class StandardNiFiServiceFacade method getCurrentUser.

@Override
public CurrentUserEntity getCurrentUser() {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final CurrentUserEntity entity = new CurrentUserEntity();
    entity.setIdentity(user.getIdentity());
    entity.setAnonymous(user.isAnonymous());
    entity.setProvenancePermissions(dtoFactory.createPermissionsDto(authorizableLookup.getProvenance()));
    entity.setCountersPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getCounters()));
    entity.setTenantsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
    entity.setControllerPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getController()));
    entity.setPoliciesPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getPolicies()));
    entity.setSystemPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getSystem()));
    entity.setCanVersionFlows(CollectionUtils.isNotEmpty(flowRegistryClient.getRegistryIdentifiers()));
    entity.setRestrictedComponentsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents()));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionPermissions = new HashSet<>();
    Arrays.stream(RequiredPermission.values()).forEach(requiredPermission -> {
        final PermissionsDTO restrictionPermissions = dtoFactory.createPermissionsDto(authorizableLookup.getRestrictedComponents(requiredPermission));
        final RequiredPermissionDTO requiredPermissionDto = new RequiredPermissionDTO();
        requiredPermissionDto.setId(requiredPermission.getPermissionIdentifier());
        requiredPermissionDto.setLabel(requiredPermission.getPermissionLabel());
        final ComponentRestrictionPermissionDTO componentRestrictionPermissionDto = new ComponentRestrictionPermissionDTO();
        componentRestrictionPermissionDto.setRequiredPermission(requiredPermissionDto);
        componentRestrictionPermissionDto.setPermissions(restrictionPermissions);
        componentRestrictionPermissions.add(componentRestrictionPermissionDto);
    });
    entity.setComponentRestrictionPermissions(componentRestrictionPermissions);
    return entity;
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) RequiredPermissionDTO(org.apache.nifi.web.api.dto.RequiredPermissionDTO) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 2 with CurrentUserEntity

use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.

the class CurrentUser method doExecute.

@Override
public CurrentUserEntityResult doExecute(NiFiClient client, Properties properties) throws NiFiClientException, IOException {
    final FlowClient flowClient = client.getFlowClient();
    final CurrentUserEntity currentUserEntity = flowClient.getCurrentUser();
    return new CurrentUserEntityResult(getResultType(properties), currentUserEntity);
}
Also used : CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) CurrentUserEntityResult(org.apache.nifi.toolkit.cli.impl.result.CurrentUserEntityResult) FlowClient(org.apache.nifi.toolkit.cli.impl.client.nifi.FlowClient)

Example 3 with CurrentUserEntity

use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.

the class CurrentUserEndpointMergerTest method testMergeUserPermissions.

@Test
public void testMergeUserPermissions() {
    final NodeIdentifier nodeId1 = new NodeIdentifier("1", "localhost", 9000, "localhost", 9001, "localhost", 9002, 9003, false);
    final CurrentUserEntity userNode1 = new CurrentUserEntity();
    userNode1.setControllerPermissions(buildPermissions(true, false));
    userNode1.setCountersPermissions(buildPermissions(true, true));
    userNode1.setPoliciesPermissions(buildPermissions(true, true));
    userNode1.setProvenancePermissions(buildPermissions(false, false));
    userNode1.setRestrictedComponentsPermissions(buildPermissions(false, false));
    userNode1.setSystemPermissions(buildPermissions(true, true));
    userNode1.setTenantsPermissions(buildPermissions(false, true));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionsNode1 = new HashSet<>();
    componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.ACCESS_KEYTAB, true, true));
    componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.WRITE_FILESYSTEM, false, true));
    componentRestrictionsNode1.add(buildComponentRestriction(RequiredPermission.READ_FILESYSTEM, true, true));
    userNode1.setComponentRestrictionPermissions(componentRestrictionsNode1);
    final NodeIdentifier nodeId2 = new NodeIdentifier("2", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false);
    final CurrentUserEntity userNode2 = new CurrentUserEntity();
    userNode2.setControllerPermissions(buildPermissions(false, true));
    userNode2.setCountersPermissions(buildPermissions(true, false));
    userNode2.setPoliciesPermissions(buildPermissions(true, true));
    userNode2.setProvenancePermissions(buildPermissions(false, false));
    userNode2.setRestrictedComponentsPermissions(buildPermissions(true, true));
    userNode2.setSystemPermissions(buildPermissions(false, false));
    userNode2.setTenantsPermissions(buildPermissions(true, true));
    final Set<ComponentRestrictionPermissionDTO> componentRestrictionsNode2 = new HashSet<>();
    componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.ACCESS_KEYTAB, true, false));
    componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.WRITE_FILESYSTEM, true, false));
    componentRestrictionsNode2.add(buildComponentRestriction(RequiredPermission.EXECUTE_CODE, true, true));
    userNode2.setComponentRestrictionPermissions(componentRestrictionsNode2);
    final Map<NodeIdentifier, CurrentUserEntity> entityMap = new HashMap<>();
    entityMap.put(nodeId1, userNode1);
    entityMap.put(nodeId2, userNode2);
    final CurrentUserEndpointMerger merger = new CurrentUserEndpointMerger();
    merger.mergeResponses(userNode1, entityMap, Collections.emptySet(), Collections.emptySet());
    assertFalse(userNode1.getControllerPermissions().getCanRead());
    assertFalse(userNode1.getControllerPermissions().getCanWrite());
    assertTrue(userNode1.getCountersPermissions().getCanRead());
    assertFalse(userNode1.getCountersPermissions().getCanWrite());
    assertTrue(userNode1.getPoliciesPermissions().getCanRead());
    assertTrue(userNode1.getPoliciesPermissions().getCanWrite());
    assertFalse(userNode1.getProvenancePermissions().getCanRead());
    assertFalse(userNode1.getProvenancePermissions().getCanWrite());
    assertFalse(userNode1.getRestrictedComponentsPermissions().getCanRead());
    assertFalse(userNode1.getRestrictedComponentsPermissions().getCanWrite());
    assertFalse(userNode1.getSystemPermissions().getCanRead());
    assertFalse(userNode1.getSystemPermissions().getCanWrite());
    assertFalse(userNode1.getTenantsPermissions().getCanRead());
    assertTrue(userNode1.getTenantsPermissions().getCanWrite());
    userNode1.getComponentRestrictionPermissions().forEach(componentRestriction -> {
        if (RequiredPermission.ACCESS_KEYTAB.getPermissionIdentifier().equals(componentRestriction.getRequiredPermission().getId())) {
            assertTrue(componentRestriction.getPermissions().getCanRead());
            assertFalse(componentRestriction.getPermissions().getCanWrite());
        } else if (RequiredPermission.WRITE_FILESYSTEM.getPermissionIdentifier().equals(componentRestriction.getRequiredPermission().getId())) {
            assertFalse(componentRestriction.getPermissions().getCanRead());
            assertFalse(componentRestriction.getPermissions().getCanWrite());
        } else {
            fail();
        }
    });
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) HashMap(java.util.HashMap) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with CurrentUserEntity

use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.

the class CurrentUserEndpointMerger method mergeResponses.

@Override
protected void mergeResponses(final CurrentUserEntity clientEntity, final Map<NodeIdentifier, CurrentUserEntity> entityMap, final Set<NodeResponse> successfulResponses, final Set<NodeResponse> problematicResponses) {
    for (final Map.Entry<NodeIdentifier, CurrentUserEntity> entry : entityMap.entrySet()) {
        final CurrentUserEntity entity = entry.getValue();
        if (entity != clientEntity) {
            mergePermissions(clientEntity.getControllerPermissions(), entity.getControllerPermissions());
            mergePermissions(clientEntity.getCountersPermissions(), entity.getCountersPermissions());
            mergePermissions(clientEntity.getPoliciesPermissions(), entity.getPoliciesPermissions());
            mergePermissions(clientEntity.getProvenancePermissions(), entity.getProvenancePermissions());
            mergePermissions(clientEntity.getTenantsPermissions(), entity.getTenantsPermissions());
            mergePermissions(clientEntity.getSystemPermissions(), entity.getSystemPermissions());
            mergePermissions(clientEntity.getTenantsPermissions(), entity.getTenantsPermissions());
            final Set<ComponentRestrictionPermissionDTO> clientEntityComponentRestrictionsPermissions = clientEntity.getComponentRestrictionPermissions();
            final Set<ComponentRestrictionPermissionDTO> entityComponentRestrictionsPermissions = entity.getComponentRestrictionPermissions();
            // only retain the component restriction permissions in common
            clientEntityComponentRestrictionsPermissions.retainAll(entityComponentRestrictionsPermissions);
            // merge the component restriction permissions
            clientEntityComponentRestrictionsPermissions.forEach(clientEntityPermission -> {
                final ComponentRestrictionPermissionDTO entityPermission = entityComponentRestrictionsPermissions.stream().filter(entityComponentRestrictionsPermission -> {
                    return entityComponentRestrictionsPermission.getRequiredPermission().getId().equals(clientEntityPermission.getRequiredPermission().getId());
                }).findFirst().orElse(null);
                mergePermissions(clientEntityPermission.getPermissions(), entityPermission.getPermissions());
            });
        }
    }
}
Also used : ComponentRestrictionPermissionDTO(org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO) NodeIdentifier(org.apache.nifi.cluster.protocol.NodeIdentifier) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Map(java.util.Map)

Example 5 with CurrentUserEntity

use of org.apache.nifi.web.api.entity.CurrentUserEntity in project nifi by apache.

the class FlowResource method getCurrentUser.

/**
 * Retrieves the identity of the user making the request.
 *
 * @return An identityEntity
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("current-user")
@ApiOperation(value = "Retrieves the user identity of the user making the request", response = CurrentUserEntity.class, authorizations = { @Authorization(value = "Read - /flow") })
public Response getCurrentUser() {
    authorizeFlow();
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // note that the cluster manager will handle this request directly
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    if (user == null) {
        throw new WebApplicationException(new Throwable("Unable to access details for current user."));
    }
    // create the response entity
    final CurrentUserEntity entity = serviceFacade.getCurrentUser();
    // generate the response
    return generateOkResponse(entity).build();
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) WebApplicationException(javax.ws.rs.WebApplicationException) CurrentUserEntity(org.apache.nifi.web.api.entity.CurrentUserEntity) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

CurrentUserEntity (org.apache.nifi.web.api.entity.CurrentUserEntity)5 ComponentRestrictionPermissionDTO (org.apache.nifi.web.api.dto.ComponentRestrictionPermissionDTO)3 HashSet (java.util.HashSet)2 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)2 NodeIdentifier (org.apache.nifi.cluster.protocol.NodeIdentifier)2 ApiOperation (io.swagger.annotations.ApiOperation)1 HashMap (java.util.HashMap)1 LinkedHashSet (java.util.LinkedHashSet)1 Map (java.util.Map)1 Consumes (javax.ws.rs.Consumes)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 Produces (javax.ws.rs.Produces)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 FlowClient (org.apache.nifi.toolkit.cli.impl.client.nifi.FlowClient)1 CurrentUserEntityResult (org.apache.nifi.toolkit.cli.impl.result.CurrentUserEntityResult)1 PermissionsDTO (org.apache.nifi.web.api.dto.PermissionsDTO)1 RequiredPermissionDTO (org.apache.nifi.web.api.dto.RequiredPermissionDTO)1 Test (org.junit.Test)1