use of org.apache.nifi.web.api.entity.TenantEntity in project nifi by apache.
the class StandardNiFiServiceFacade method updateUser.
@Override
public UserEntity updateUser(final Revision revision, final UserDTO userDTO) {
final Authorizable usersAuthorizable = authorizableLookup.getTenant();
final Set<Group> groups = userGroupDAO.getUserGroupsForUser(userDTO.getId());
final Set<AccessPolicy> policies = userGroupDAO.getAccessPoliciesForUser(userDTO.getId());
final RevisionUpdate<UserDTO> snapshot = updateComponent(revision, usersAuthorizable, () -> userDAO.updateUser(userDTO), user -> {
final Set<TenantEntity> tenantEntities = groups.stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
final Set<AccessPolicySummaryEntity> policyEntities = policies.stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
return dtoFactory.createUserDto(user, tenantEntities, policyEntities);
});
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(usersAuthorizable);
return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
use of org.apache.nifi.web.api.entity.TenantEntity in project nifi by apache.
the class StandardNiFiServiceFacade method createUserEntity.
private UserEntity createUserEntity(final User user) {
final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier()));
final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
final Set<TenantEntity> userGroups = userGroupDAO.getUserGroupsForUser(user.getIdentifier()).stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUser(user.getIdentifier()).stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups, policyEntities), userRevision, permissions);
}
use of org.apache.nifi.web.api.entity.TenantEntity in project nifi by apache.
the class TenantsResource method searchTenants.
// ------------
// search users
// ------------
/**
* Searches for a tenant with a given identity.
*
* @param value Search value that will be matched against a user/group identity
* @return Tenants match the specified criteria
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("search-results")
@ApiOperation(value = "Searches for a tenant with the specified identity", notes = NON_GUARANTEED_ENDPOINT, response = TenantsEntity.class, authorizations = { @Authorization(value = "Read - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response searchTenants(@ApiParam(value = "Identity to search for.", required = true) @QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.GET);
}
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
});
final List<TenantEntity> userMatches = new ArrayList<>();
final List<TenantEntity> userGroupMatches = new ArrayList<>();
// get the users
for (final UserEntity userEntity : serviceFacade.getUsers()) {
final UserDTO user = userEntity.getComponent();
if (StringUtils.isBlank(value) || StringUtils.containsIgnoreCase(user.getIdentity(), value)) {
final TenantDTO tenant = new TenantDTO();
tenant.setId(user.getId());
tenant.setIdentity(user.getIdentity());
tenant.setConfigurable(user.getConfigurable());
final TenantEntity entity = new TenantEntity();
entity.setPermissions(userEntity.getPermissions());
entity.setRevision(userEntity.getRevision());
entity.setId(userEntity.getId());
entity.setComponent(tenant);
userMatches.add(entity);
}
}
// get the user groups
for (final UserGroupEntity userGroupEntity : serviceFacade.getUserGroups()) {
final UserGroupDTO userGroup = userGroupEntity.getComponent();
if (StringUtils.isBlank(value) || StringUtils.containsIgnoreCase(userGroup.getIdentity(), value)) {
final TenantDTO tenant = new TenantDTO();
tenant.setId(userGroup.getId());
tenant.setIdentity(userGroup.getIdentity());
tenant.setConfigurable(userGroup.getConfigurable());
final TenantEntity entity = new TenantEntity();
entity.setPermissions(userGroupEntity.getPermissions());
entity.setRevision(userGroupEntity.getRevision());
entity.setId(userGroupEntity.getId());
entity.setComponent(tenant);
userGroupMatches.add(entity);
}
}
// build the response
final TenantsEntity results = new TenantsEntity();
results.setUsers(userMatches);
results.setUserGroups(userGroupMatches);
// generate an 200 - OK response
return noCache(Response.ok(results)).build();
}
use of org.apache.nifi.web.api.entity.TenantEntity in project nifi by apache.
the class EntityFactory method createTenantEntity.
public TenantEntity createTenantEntity(final TenantDTO dto, final RevisionDTO revision, final PermissionsDTO permissions) {
final TenantEntity entity = new TenantEntity();
entity.setRevision(revision);
if (dto != null) {
entity.setPermissions(permissions);
entity.setId(dto.getId());
if (permissions != null && permissions.getCanRead()) {
entity.setComponent(dto);
}
}
return entity;
}
use of org.apache.nifi.web.api.entity.TenantEntity in project nifi by apache.
the class SnippetUtils method cloneComponentSpecificPolicies.
/**
* Clones all the component specified policies for the specified original component. This will include the component resource, data resource
* for the component, data transfer resource for the component, and policy resource for the component.
*
* @param originalComponentResource original component resource
* @param clonedComponentResource cloned component resource
* @param idGenerationSeed id generation seed
*/
private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) {
if (!accessPolicyDAO.supportsConfigurableAuthorizer()) {
return;
}
final Map<Resource, Resource> resources = new HashMap<>();
resources.put(originalComponentResource, clonedComponentResource);
resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource));
resources.put(ResourceFactory.getDataTransferResource(originalComponentResource), ResourceFactory.getDataTransferResource(clonedComponentResource));
resources.put(ResourceFactory.getPolicyResource(originalComponentResource), ResourceFactory.getPolicyResource(clonedComponentResource));
for (final Entry<Resource, Resource> entry : resources.entrySet()) {
final Resource originalResource = entry.getKey();
final Resource cloneResource = entry.getValue();
for (final RequestAction action : RequestAction.values()) {
final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(action, originalResource.getIdentifier());
// if there is a component specific policy we want to clone it for the new component
if (accessPolicy != null) {
final AccessPolicyDTO cloneAccessPolicy = new AccessPolicyDTO();
cloneAccessPolicy.setId(generateId(accessPolicy.getIdentifier(), idGenerationSeed, true));
cloneAccessPolicy.setAction(accessPolicy.getAction().toString());
cloneAccessPolicy.setResource(cloneResource.getIdentifier());
final Set<TenantEntity> users = new HashSet<>();
accessPolicy.getUsers().forEach(userId -> {
final TenantEntity entity = new TenantEntity();
entity.setId(userId);
users.add(entity);
});
cloneAccessPolicy.setUsers(users);
final Set<TenantEntity> groups = new HashSet<>();
accessPolicy.getGroups().forEach(groupId -> {
final TenantEntity entity = new TenantEntity();
entity.setId(groupId);
groups.add(entity);
});
cloneAccessPolicy.setUserGroups(groups);
// create the access policy for the cloned policy
accessPolicyDAO.createAccessPolicy(cloneAccessPolicy);
}
}
}
}
Aggregations