You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2016/07/12 21:00:11 UTC
[8/9] nifi git commit: NIFI-2095: - Adding a page for managing users
and groups. - Adding a page for managing access policies. - Renaming
accessPolicy in entity to permissions to avoid confusion with the
accessPolicy model. - Adding an Authorizable for a
http://git-wip-us.apache.org/repos/asf/nifi/blob/e0c96794/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
index 4139888..7b9da19 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
@@ -16,11 +16,15 @@
*/
package org.apache.nifi.web;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authorization.AccessPolicy;
import org.apache.nifi.authorization.Resource;
-import org.apache.nifi.authorization.resource.AccessPoliciesAuthorizable;
import org.apache.nifi.authorization.resource.AccessPolicyAuthorizable;
import org.apache.nifi.authorization.resource.Authorizable;
+import org.apache.nifi.authorization.resource.DataTransferAuthorizable;
+import org.apache.nifi.authorization.resource.ProvenanceEventAuthorizable;
import org.apache.nifi.authorization.resource.ResourceFactory;
+import org.apache.nifi.authorization.resource.ResourceType;
import org.apache.nifi.authorization.resource.TenantAuthorizable;
import org.apache.nifi.controller.ConfiguredComponent;
import org.apache.nifi.controller.Snippet;
@@ -46,7 +50,17 @@ import org.apache.nifi.web.dao.TemplateDAO;
class StandardAuthorizableLookup implements AuthorizableLookup {
private static final TenantAuthorizable TENANT_AUTHORIZABLE = new TenantAuthorizable();
- private static final Authorizable ACCESS_POLICIES_AUTHORIZABLE = new AccessPoliciesAuthorizable();
+ private static final Authorizable POLICIES_AUTHORIZABLE = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getPoliciesResource();
+ }
+ };
private static final Authorizable PROVENANCE_AUTHORIZABLE = new Authorizable() {
@Override
@@ -193,18 +207,243 @@ class StandardAuthorizableLookup implements AuthorizableLookup {
}
@Override
- public Authorizable getTenantAuthorizable() {
+ public Authorizable getTenant() {
return TENANT_AUTHORIZABLE;
}
@Override
- public Authorizable getAccessPoliciesAuthorizable() {
- return ACCESS_POLICIES_AUTHORIZABLE;
+ public Authorizable getPolicies() {
+ return POLICIES_AUTHORIZABLE;
}
@Override
- public Authorizable getAccessPolicyAuthorizable(String id) {
- return new AccessPolicyAuthorizable(accessPolicyDAO.getAccessPolicy(id));
+ public Authorizable getAccessPolicyById(final String id) {
+ final AccessPolicy policy = accessPolicyDAO.getAccessPolicy(id);
+ return getAccessPolicyByResource(policy.getResource());
+ }
+
+ @Override
+ public Authorizable getAccessPolicyByResource(final String resource) {
+ try {
+ return new AccessPolicyAuthorizable(getAuthorizableFromResource(resource));
+ } catch (final ResourceNotFoundException e) {
+ // the underlying component has been removed or resource is invalid... require /policies permissions
+ return POLICIES_AUTHORIZABLE;
+ }
+ }
+
+ @Override
+ public Authorizable getAuthorizableFromResource(String resource) {
+ // parse the resource type
+ ResourceType resourceType = null;
+ for (ResourceType type : ResourceType.values()) {
+ if (resource.equals(type.getValue()) || resource.startsWith(type.getValue() + "/")) {
+ resourceType = type;
+ }
+ }
+
+ if (resourceType == null) {
+ throw new ResourceNotFoundException("Unrecognized resource: " + resource);
+ }
+
+ // if this is a policy or a provenance event resource, there should be another resource type
+ if (ResourceType.Policy.equals(resourceType) || ResourceType.ProvenanceEvent.equals(resourceType) || ResourceType.DataTransfer.equals(resourceType)) {
+ final ResourceType primaryResourceType = resourceType;
+
+ // get the resource type
+ resource = StringUtils.substringAfter(resource, resourceType.getValue());
+
+ for (ResourceType type : ResourceType.values()) {
+ if (resource.equals(type.getValue()) || resource.startsWith(type.getValue() + "/")) {
+ resourceType = type;
+ }
+ }
+
+ if (resourceType == null) {
+ throw new ResourceNotFoundException("Unrecognized resource: " + resource);
+ }
+
+ // must either be a policy, event, or data transfer
+ if (ResourceType.Policy.equals(primaryResourceType)) {
+ return new AccessPolicyAuthorizable(getAccessPolicy(resourceType, resource));
+ } else if (ResourceType.ProvenanceEvent.equals(primaryResourceType)) {
+ return new ProvenanceEventAuthorizable(getAccessPolicy(resourceType, resource));
+ } else {
+ return new DataTransferAuthorizable(getAccessPolicy(resourceType, resource));
+ }
+ } else {
+ return getAccessPolicy(resourceType, resource);
+ }
+ }
+
+ private Authorizable getAccessPolicy(final ResourceType resourceType, final String resource) {
+ final String slashComponentId = StringUtils.substringAfter(resource, resourceType.getValue());
+ if (slashComponentId.startsWith("/")) {
+ return getAccessPolicyByResource(resourceType, slashComponentId.substring(1));
+ } else {
+ return getAccessPolicyByResource(resourceType);
+ }
+ }
+
+ private Authorizable getAccessPolicyByResource(final ResourceType resourceType, final String componentId) {
+ Authorizable authorizable = null;
+ switch (resourceType) {
+ case Connection:
+ authorizable = getConnection(componentId);
+ break;
+ case ControllerService:
+ authorizable = getControllerService(componentId);
+ break;
+ case Funnel:
+ authorizable = getFunnel(componentId);
+ break;
+ case InputPort:
+ authorizable = getInputPort(componentId);
+ break;
+ case Label:
+ authorizable = getLabel(componentId);
+ break;
+ case OutputPort:
+ authorizable = getOutputPort(componentId);
+ break;
+ case Processor:
+ authorizable = getProcessor(componentId);
+ break;
+ case ProcessGroup:
+ authorizable = getProcessGroup(componentId);
+ break;
+ case RemoteProcessGroup:
+ authorizable = getRemoteProcessGroup(componentId);
+ break;
+ case ReportingTask:
+ authorizable = getReportingTask(componentId);
+ break;
+ case Template:
+ authorizable = getTemplate(componentId);
+ break;
+ case ProvenanceEvent:
+ authorizable = controllerFacade.getProvenanceEventAuthorizable(componentId);
+ break;
+ }
+
+ if (authorizable == null) {
+ throw new IllegalArgumentException("An unexpected type of resource in this policy " + resourceType.getValue());
+ }
+
+ return authorizable;
+ }
+
+ private Authorizable getAccessPolicyByResource(final ResourceType resourceType) {
+ Authorizable authorizable = null;
+ switch (resourceType) {
+ case Controller:
+ authorizable = getController();
+ break;
+ case Counters:
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getCountersResource();
+ }
+ };
+ break;
+ case Flow:
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getFlowResource();
+ }
+ };
+ break;
+ case Provenance:
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getProvenanceResource();
+ }
+ };
+ break;
+ case Proxy:
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getProxyResource();
+ }
+ };
+ break;
+ case Policy:
+ authorizable = POLICIES_AUTHORIZABLE;
+ break;
+ case Resource:
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getResourceResource();
+ }
+ };
+ break;
+ case SiteToSite:
+ // TODO - new site-to-site and port specific site-to-site
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getSiteToSiteResource();
+ }
+ };
+ break;
+ case System:
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return ResourceFactory.getSystemResource();
+ }
+ };
+ break;
+ case Tenant:
+ authorizable = getTenant();
+ break;
+ }
+
+ if (authorizable == null) {
+ throw new IllegalArgumentException("An unexpected type of resource in this policy " + resourceType.getValue());
+ }
+
+ return authorizable;
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/e0c96794/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index 490a9bb..3875f22 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -16,29 +16,7 @@
*/
package org.apache.nifi.web;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Map;
-import java.util.Optional;
-import java.util.Set;
-import java.util.UUID;
-import java.util.function.Function;
-import java.util.function.Supplier;
-import java.util.stream.Collectors;
-
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-
+import com.google.common.collect.Sets;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -55,6 +33,7 @@ import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.Resource;
import org.apache.nifi.authorization.User;
import org.apache.nifi.authorization.resource.Authorizable;
+import org.apache.nifi.authorization.resource.DataTransferAuthorizable;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.cluster.coordination.ClusterCoordinator;
@@ -101,6 +80,7 @@ import org.apache.nifi.reporting.BulletinQuery;
import org.apache.nifi.reporting.BulletinRepository;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.api.dto.AccessPolicyDTO;
+import org.apache.nifi.web.api.dto.AccessPolicySummaryDTO;
import org.apache.nifi.web.api.dto.BulletinBoardDTO;
import org.apache.nifi.web.api.dto.BulletinDTO;
import org.apache.nifi.web.api.dto.BulletinQueryDTO;
@@ -127,6 +107,7 @@ import org.apache.nifi.web.api.dto.FunnelDTO;
import org.apache.nifi.web.api.dto.LabelDTO;
import org.apache.nifi.web.api.dto.ListingRequestDTO;
import org.apache.nifi.web.api.dto.NodeDTO;
+import org.apache.nifi.web.api.dto.PermissionsDTO;
import org.apache.nifi.web.api.dto.PortDTO;
import org.apache.nifi.web.api.dto.PreviousValueDTO;
import org.apache.nifi.web.api.dto.ProcessGroupDTO;
@@ -160,6 +141,7 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
import org.apache.nifi.web.api.entity.AccessPolicyEntity;
+import org.apache.nifi.web.api.entity.AccessPolicySummaryEntity;
import org.apache.nifi.web.api.entity.ConnectionEntity;
import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
import org.apache.nifi.web.api.entity.ControllerServiceEntity;
@@ -210,7 +192,27 @@ import org.apache.nifi.web.util.SnippetUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.collect.Sets;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.UUID;
+import java.util.function.Function;
+import java.util.function.Supplier;
+import java.util.stream.Collectors;
/**
* Implementation of NiFiServiceFacade that performs revision checking.
@@ -451,11 +453,12 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// -----------------------------------------
// Write Operations
// -----------------------------------------
+
@Override
public AccessPolicyEntity updateAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
- final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDTO.getId());
+ final Authorizable authorizable = authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId());
final RevisionUpdate<AccessPolicyDTO> snapshot = updateComponent(revision,
- accessPolicyAuthorizable,
+ authorizable,
() -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO),
accessPolicy -> {
final Set<TenantEntity> users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
@@ -463,33 +466,38 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users);
});
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable);
- return entityFactory.createAccessPolicyEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizable);
+ return entityFactory.createAccessPolicyEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
@Override
public UserEntity updateUser(final Revision revision, final UserDTO userDTO) {
- final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable();
+ final Authorizable usersAuthorizable = authorizableLookup.getTenant();
final Set<Group> groups = userGroupDAO.getUserGroupsForUser(userDTO.getId());
+ final Set<AccessPolicy> policies = userGroupDAO.getAccessPoliciesForUser(userDTO.getId());
final RevisionUpdate<UserDTO> snapshot = updateComponent(revision,
usersAuthorizable,
() -> userDAO.updateUser(userDTO),
- user -> dtoFactory.createUserDto(user, groups.stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet())));
+ user -> {
+ final Set<TenantEntity> tenantEntities = groups.stream().map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
+ final Set<AccessPolicySummaryEntity> policyEntities = policies.stream().map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
+ return dtoFactory.createUserDto(user, tenantEntities, policyEntities);
+ });
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
- return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(usersAuthorizable);
+ return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
@Override
public UserGroupEntity updateUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
- final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable();
+ final Authorizable userGroupsAuthorizable = authorizableLookup.getTenant();
final RevisionUpdate<UserGroupDTO> snapshot = updateComponent(revision,
userGroupsAuthorizable,
() -> userGroupDAO.updateUserGroup(userGroupDTO),
userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
- return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(userGroupsAuthorizable);
+ return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
@Override
@@ -502,9 +510,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> connectionDAO.updateConnection(connectionDTO),
connection -> dtoFactory.createConnectionDto(connection));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(connectionNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(connectionNode);
final ConnectionStatusDTO status = dtoFactory.createConnectionStatusDto(controllerFacade.getConnectionStatus(connectionNode.getIdentifier()));
- return entityFactory.createConnectionEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status);
+ return entityFactory.createConnectionEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status);
}
@Override
@@ -516,10 +524,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> processorDAO.updateProcessor(processorDTO),
proc -> dtoFactory.createProcessorDto(proc));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processorNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processorNode);
final ProcessorStatusDTO status = dtoFactory.createProcessorStatusDto(controllerFacade.getProcessorStatus(processorNode.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processorNode.getIdentifier()));
- return entityFactory.createProcessorEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createProcessorEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -530,8 +538,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> labelDAO.updateLabel(labelDTO),
label -> dtoFactory.createLabelDto(label));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(labelNode);
- return entityFactory.createLabelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(labelNode);
+ return entityFactory.createLabelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
@Override
@@ -542,8 +550,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> funnelDAO.updateFunnel(funnelDTO),
funnel -> dtoFactory.createFunnelDto(funnel));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(funnelNode);
- return entityFactory.createFunnelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(funnelNode);
+ return entityFactory.createFunnelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
@@ -638,10 +646,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> inputPortDAO.updatePort(inputPortDTO),
port -> dtoFactory.createPortDto(port));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(inputPortNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(inputPortNode);
final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getInputPortStatus(inputPortNode.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(inputPortNode.getIdentifier()));
- return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -652,10 +660,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> outputPortDAO.updatePort(outputPortDTO),
port -> dtoFactory.createPortDto(port));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(outputPortNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(outputPortNode);
final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getOutputPortStatus(outputPortNode.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(outputPortNode.getIdentifier()));
- return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -667,11 +675,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> remoteProcessGroupDAO.updateRemoteProcessGroup(remoteProcessGroupDTO),
remoteProcessGroup -> dtoFactory.createRemoteProcessGroupDto(remoteProcessGroup));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(remoteProcessGroupNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(remoteProcessGroupNode);
final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
final RemoteProcessGroupStatusDTO status = dtoFactory.createRemoteProcessGroupStatusDto(controllerFacade.getRemoteProcessGroupStatus(remoteProcessGroupNode.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(remoteProcessGroupNode.getIdentifier()));
- return entityFactory.createRemoteProcessGroupEntity(snapshot.getComponent(), updateRevision, accessPolicy, status, bulletins);
+ return entityFactory.createRemoteProcessGroupEntity(snapshot.getComponent(), updateRevision, permissions, status, bulletins);
}
@Override
@@ -685,9 +693,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> remoteProcessGroupDAO.updateRemoteProcessGroupInputPort(remoteProcessGroupId, remoteProcessGroupPortDTO),
remoteGroupPort -> dtoFactory.createRemoteProcessGroupPortDto(remoteGroupPort));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(remoteProcessGroupNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(remoteProcessGroupNode);
final RevisionDTO updatedRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
- return entityFactory.createRemoteProcessGroupPortEntity(snapshot.getComponent(), updatedRevision, accessPolicy);
+ return entityFactory.createRemoteProcessGroupPortEntity(snapshot.getComponent(), updatedRevision, permissions);
}
@Override
@@ -701,9 +709,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> remoteProcessGroupDAO.updateRemoteProcessGroupOutputPort(remoteProcessGroupId, remoteProcessGroupPortDTO),
remoteGroupPort -> dtoFactory.createRemoteProcessGroupPortDto(remoteGroupPort));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(remoteProcessGroupNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(remoteProcessGroupNode);
final RevisionDTO updatedRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
- return entityFactory.createRemoteProcessGroupPortEntity(snapshot.getComponent(), updatedRevision, accessPolicy);
+ return entityFactory.createRemoteProcessGroupPortEntity(snapshot.getComponent(), updatedRevision, permissions);
}
@Override
@@ -714,11 +722,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> processGroupDAO.updateProcessGroup(processGroupDTO),
processGroup -> dtoFactory.createProcessGroupDto(processGroup));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processGroupNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroupNode);
final RevisionDTO updatedRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
final ProcessGroupStatusDTO status = dtoFactory.createConciseProcessGroupStatusDto(controllerFacade.getProcessGroupStatus(processGroupNode.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processGroupNode.getIdentifier()));
- return entityFactory.createProcessGroupEntity(snapshot.getComponent(), updatedRevision, accessPolicy, status, bulletins);
+ return entityFactory.createProcessGroupEntity(snapshot.getComponent(), updatedRevision, permissions, status, bulletins);
}
@Override
@@ -766,9 +774,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
},
controller -> dtoFactory.createControllerConfigurationDto(controllerFacade));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(controllerFacade);
final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(updatedComponent.getLastModification());
- return entityFactory.createControllerConfigurationEntity(updatedComponent.getComponent(), updateRevision, accessPolicy);
+ return entityFactory.createControllerConfigurationEntity(updatedComponent.getComponent(), updateRevision, permissions);
}
@Override
@@ -892,11 +900,13 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final User user = userDAO.getUser(userId);
final Set<TenantEntity> userGroups = user != null ? userGroupDAO.getUserGroupsForUser(userId).stream()
.map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null;
+ final Set<AccessPolicySummaryEntity> policyEntities = user != null ? userGroupDAO.getAccessPoliciesForUser(userId).stream()
+ .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()) : null;
final UserDTO snapshot = deleteComponent(
revision,
- authorizableLookup.getTenantAuthorizable(),
+ authorizableLookup.getTenant(),
() -> userDAO.deleteUser(userId),
- dtoFactory.createUserDto(user, userGroups));
+ dtoFactory.createUserDto(user, userGroups, policyEntities));
return entityFactory.createUserEntity(snapshot, null, null);
}
@@ -909,7 +919,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
null;
final UserGroupDTO snapshot = deleteComponent(
revision,
- authorizableLookup.getTenantAuthorizable(),
+ authorizableLookup.getTenant(),
() -> userGroupDAO.deleteUserGroup(userGroupId),
dtoFactory.createUserGroupDto(userGroup, users));
@@ -923,7 +933,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final Set<TenantEntity> users = accessPolicy != null ? accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null;
final AccessPolicyDTO snapshot = deleteComponent(
revision,
- authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId),
+ authorizableLookup.getAccessPolicyById(accessPolicyId),
() -> accessPolicyDAO.deleteAccessPolicy(accessPolicyId),
dtoFactory.createAccessPolicyDto(accessPolicy, userGroups,
users));
@@ -1064,9 +1074,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
connection -> dtoFactory.createConnectionDto(connection));
final Connection connection = connectionDAO.getConnection(connectionDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(connection);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(connection);
final ConnectionStatusDTO status = dtoFactory.createConnectionStatusDto(controllerFacade.getConnectionStatus(connectionDTO.getId()));
- return entityFactory.createConnectionEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status);
+ return entityFactory.createConnectionEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status);
}
@Override
@@ -1099,10 +1109,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
processor -> dtoFactory.createProcessorDto(processor));
final ProcessorNode processor = processorDAO.getProcessor(processorDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processor);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processor);
final ProcessorStatusDTO status = dtoFactory.createProcessorStatusDto(controllerFacade.getProcessorStatus(processorDTO.getId()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processorDTO.getId()));
- return entityFactory.createProcessorEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createProcessorEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -1114,8 +1124,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
label -> dtoFactory.createLabelDto(label));
final Label label = labelDAO.getLabel(labelDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(label);
- return entityFactory.createLabelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(label);
+ return entityFactory.createLabelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
/**
@@ -1159,55 +1169,63 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
funnel -> dtoFactory.createFunnelDto(funnel));
final Funnel funnel = funnelDAO.getFunnel(funnelDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(funnel);
- return entityFactory.createFunnelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(funnel);
+ return entityFactory.createFunnelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions);
}
@Override
public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
- // TODO read lock on users and groups (and resource+action?) while the policy is being created?
- final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable();
+ final Authorizable tenantAuthorizable = authorizableLookup.getTenant();
final String creator = NiFiUserUtils.getNiFiUserIdentity();
+
final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO);
final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy,
newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()),
newAccessPolicy.getUsers().stream().map(userId -> {
final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision,
- dtoFactory.createAccessPolicyDto(tenantAuthorizable));
+ dtoFactory.createPermissionsDto(tenantAuthorizable));
}).collect(Collectors.toSet()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(newAccessPolicy.getIdentifier()));
- return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId()));
+ return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions);
}
@Override
public UserEntity createUser(final Revision revision, final UserDTO userDTO) {
- final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable();
final String creator = NiFiUserUtils.getNiFiUserIdentity();
final User newUser = userDAO.createUser(userDTO);
- final Set<Group> groups = userGroupDAO.getUserGroupsForUser(newUser.getIdentifier());
- final UserDTO newUserDto = dtoFactory.createUserDto(newUser, groups.stream()
- .map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()));
+ final Set<TenantEntity> tenantEntities = userGroupDAO.getUserGroupsForUser(newUser.getIdentifier()).stream()
+ .map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
+ final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUser(newUser.getIdentifier()).stream()
+ .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
+ final UserDTO newUserDto = dtoFactory.createUserDto(newUser, tenantEntities, policyEntities);
+
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
+ return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions);
+ }
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable());
- return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy);
+ private AccessPolicySummaryEntity createAccessPolicySummaryEntity(final AccessPolicy ap) {
+ final AccessPolicySummaryDTO apSummary = dtoFactory.createAccessPolicySummaryDto(ap);
+ final PermissionsDTO apPermissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(ap.getIdentifier()));
+ final RevisionDTO apRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(ap.getIdentifier()));
+ return entityFactory.createAccessPolicySummaryEntity(apSummary, apRevision, apPermissions);
}
@Override
public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
- final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable();
+ final Authorizable tenantAuthorizable = authorizableLookup.getTenant();
final String creator = NiFiUserUtils.getNiFiUserIdentity();
final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO);
final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream()
.map(userId -> {
final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision,
- dtoFactory.createAccessPolicyDto(tenantAuthorizable));
+ dtoFactory.createPermissionsDto(tenantAuthorizable));
}).collect(Collectors.toSet()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable());
- return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
+ return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions);
}
private void validateSnippetContents(final FlowSnippetDTO flow) {
@@ -1308,10 +1326,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
port -> dtoFactory.createPortDto(port));
final Port port = inputPortDAO.getPort(inputPortDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(port);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(port);
final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getInputPortStatus(port.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(port.getIdentifier()));
- return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -1323,10 +1341,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
port -> dtoFactory.createPortDto(port));
final Port port = outputPortDAO.getPort(outputPortDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(port);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(port);
final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getOutputPortStatus(port.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(port.getIdentifier()));
- return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -1338,10 +1356,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
processGroup -> dtoFactory.createProcessGroupDto(processGroup));
final ProcessGroup processGroup = processGroupDAO.getProcessGroup(processGroupDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processGroup);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroup);
final ProcessGroupStatusDTO status = dtoFactory.createConciseProcessGroupStatusDto(controllerFacade.getProcessGroupStatus(processGroup.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processGroup.getIdentifier()));
- return entityFactory.createProcessGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createProcessGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -1353,10 +1371,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
remoteProcessGroup -> dtoFactory.createRemoteProcessGroupDto(remoteProcessGroup));
final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(remoteProcessGroup);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(remoteProcessGroup);
final RemoteProcessGroupStatusDTO status = dtoFactory.createRemoteProcessGroupStatusDto(controllerFacade.getRemoteProcessGroupStatus(remoteProcessGroup.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(remoteProcessGroup.getIdentifier()));
- return entityFactory.createRemoteProcessGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
+ return entityFactory.createRemoteProcessGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, status, bulletins);
}
@Override
@@ -1515,9 +1533,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
final ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerService);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(controllerService);
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(controllerServiceDTO.getId()));
- return entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
+ return entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, bulletins);
}
@Override
@@ -1529,9 +1547,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> controllerServiceDAO.updateControllerService(controllerServiceDTO),
cs -> dtoFactory.createControllerServiceDto(cs));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerService);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(controllerService);
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(controllerServiceDTO.getId()));
- return entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
+ return entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, bulletins);
}
@Override
@@ -1567,18 +1585,16 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
* Finds the identifiers for all components referencing a ControllerService.
*
* @param reference ControllerServiceReference
- * @param referencingIds Collection of identifiers
* @param visited ControllerServices we've already visited
*/
- private void findControllerServiceReferencingComponentIdentifiers(final ControllerServiceReference reference, final Set<String> referencingIds, final Set<ControllerServiceNode> visited) {
+ private void findControllerServiceReferencingComponentIdentifiers(final ControllerServiceReference reference, final Set<ControllerServiceNode> visited) {
for (final ConfiguredComponent component : reference.getReferencingComponents()) {
- referencingIds.add(component.getIdentifier());
// if this is a ControllerService consider it's referencing components
if (component instanceof ControllerServiceNode) {
final ControllerServiceNode node = (ControllerServiceNode) component;
if (!visited.contains(node)) {
- findControllerServiceReferencingComponentIdentifiers(node.getReferences(), referencingIds, visited);
+ findControllerServiceReferencingComponentIdentifiers(node.getReferences(), visited);
}
visited.add(node);
}
@@ -1592,13 +1608,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
* @return The entity
*/
private ControllerServiceReferencingComponentsEntity createControllerServiceReferencingComponentsEntity(final ControllerServiceReference reference, final Set<String> lockedIds) {
- final Set<String> referencingIds = new HashSet<>();
final Set<ControllerServiceNode> visited = new HashSet<>();
visited.add(reference.getReferencedComponent());
- findControllerServiceReferencingComponentIdentifiers(reference, referencingIds, visited);
-
- // TODO remove once we can update a read lock
- referencingIds.removeAll(lockedIds);
+ findControllerServiceReferencingComponentIdentifiers(reference, visited);
final Map<String, Revision> referencingRevisions = new HashMap<>();
for (final ConfiguredComponent component : reference.getReferencingComponents()) {
@@ -1635,9 +1647,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final Set<ControllerServiceReferencingComponentEntity> componentEntities = new HashSet<>();
for (final ConfiguredComponent refComponent : referencingComponents) {
- AccessPolicyDTO accessPolicy = null;
+ PermissionsDTO permissions = null;
if (refComponent instanceof Authorizable) {
- accessPolicy = dtoFactory.createAccessPolicyDto(refComponent);
+ permissions = dtoFactory.createPermissionsDto(refComponent);
}
final Revision revision = revisions.get(refComponent.getIdentifier());
@@ -1661,7 +1673,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
visited.add(node);
}
- componentEntities.add(entityFactory.createControllerServiceReferencingComponentEntity(dto, revisionDto, accessPolicy));
+ componentEntities.add(entityFactory.createControllerServiceReferencingComponentEntity(dto, revisionDto, permissions));
}
final ControllerServiceReferencingComponentsEntity entity = new ControllerServiceReferencingComponentsEntity();
@@ -1703,9 +1715,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
});
final ReportingTaskNode reportingTask = reportingTaskDAO.getReportingTask(reportingTaskDTO.getId());
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(reportingTask);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(reportingTask);
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(reportingTask.getIdentifier()));
- return entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
+ return entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, bulletins);
}
@Override
@@ -1717,9 +1729,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
() -> reportingTaskDAO.updateReportingTask(reportingTaskDTO),
rt -> dtoFactory.createReportingTaskDto(rt));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(reportingTask);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(reportingTask);
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(reportingTask.getIdentifier()));
- return entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
+ return entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions, bulletins);
}
@Override
@@ -1881,9 +1893,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private ConnectionEntity createConnectionEntity(final Connection connection) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(connection.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(connection);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(connection);
final ConnectionStatusDTO status = dtoFactory.createConnectionStatusDto(controllerFacade.getConnectionStatus(connection.getIdentifier()));
- return entityFactory.createConnectionEntity(dtoFactory.createConnectionDto(connection), revision, accessPolicy, status);
+ return entityFactory.createConnectionEntity(dtoFactory.createConnectionDto(connection), revision, permissions, status);
}
@Override
@@ -1938,7 +1950,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private ProcessorEntity createProcessorEntity(final ProcessorNode processor) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(processor.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processor);
+ final PermissionsDTO accessPolicy = dtoFactory.createPermissionsDto(processor);
final ProcessorStatusDTO status = dtoFactory.createProcessorStatusDto(controllerFacade.getProcessorStatus(processor.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processor.getIdentifier()));
return entityFactory.createProcessorEntity(dtoFactory.createProcessorDto(processor), revision, accessPolicy, status, bulletins);
@@ -1972,11 +1984,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return templateDAO.getTemplates().stream()
.map(template -> {
final TemplateDTO dto = dtoFactory.createTemplateDTO(template);
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(template);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(template);
final TemplateEntity entity = new TemplateEntity();
entity.setId(dto.getId());
- entity.setAccessPolicy(accessPolicy);
+ entity.setPermissions(permissions);
entity.setTemplate(dto);
return entity;
}).collect(Collectors.toSet());
@@ -2087,21 +2099,19 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return true;
}
- // TODO - defer to authorizer to see if user is able to retrieve site-to-site details for the specified port
- return true;
+ // authorize this port for data transfer
+ final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(port);
+ final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user);
+ return Result.Approved.equals(result.getResult());
}
@Override
- public ControllerDTO getController() {
+ public ControllerDTO getSiteToSiteDetails() {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
- // TODO - defer to authorizer to see if user is able to retrieve site-to-site details
-
- // TODO - filter response for access to specific ports
-
// serialize the input ports this NiFi has access to
final Set<PortDTO> inputPortDtos = new LinkedHashSet<>();
final Set<RootGroupPort> inputPorts = controllerFacade.getInputPorts();
@@ -2164,9 +2174,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
public ControllerConfigurationEntity getControllerConfiguration() {
final Revision rev = revisionManager.getRevision(FlowController.class.getSimpleName());
final ControllerConfigurationDTO dto = dtoFactory.createControllerConfigurationDto(controllerFacade);
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(controllerFacade);
final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
- return entityFactory.createControllerConfigurationEntity(dto, revision, accessPolicy);
+ return entityFactory.createControllerConfigurationEntity(dto, revision, permissions);
}
@Override
@@ -2179,14 +2189,53 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
@Override
public AccessPolicyEntity getAccessPolicy(final String accessPolicyId) {
- final RevisionDTO requestedAccessPolicyRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicyId));
- final AccessPolicy requestedAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId);
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId));
+ final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId);
+ return createAccessPolicyEntity(accessPolicy);
+ }
+
+ @Override
+ public AccessPolicyEntity getAccessPolicy(final RequestAction requestAction, final String resource) {
+ Authorizable authorizable;
+ try {
+ authorizable = authorizableLookup.getAuthorizableFromResource(resource);
+ } catch (final ResourceNotFoundException e) {
+ // unable to find the underlying authorizable... user authorized based on top level /policies... create
+ // an anonymous authorizable to attempt to locate an existing policy for this resource
+ authorizable = new Authorizable() {
+ @Override
+ public Authorizable getParentAuthorizable() {
+ return null;
+ }
+
+ @Override
+ public Resource getResource() {
+ return new Resource() {
+ @Override
+ public String getIdentifier() {
+ return resource;
+ }
+
+ @Override
+ public String getName() {
+ return resource;
+ }
+ };
+ }
+ };
+ }
+
+ final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(requestAction, authorizable);
+ return createAccessPolicyEntity(accessPolicy);
+ }
+
+ private AccessPolicyEntity createAccessPolicyEntity(final AccessPolicy accessPolicy) {
+ final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicy.getIdentifier()));
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicy.getIdentifier()));
return entityFactory.createAccessPolicyEntity(
- dtoFactory.createAccessPolicyDto(requestedAccessPolicy,
- requestedAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()),
- requestedAccessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())),
- requestedAccessPolicyRevision, accessPolicy);
+ dtoFactory.createAccessPolicyDto(accessPolicy,
+ accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()),
+ accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())),
+ revision, permissions);
}
@Override
@@ -2205,17 +2254,19 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private UserEntity createUserEntity(final User user) {
final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable());
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant());
final Set<TenantEntity> userGroups = userGroupDAO.getUserGroupsForUser(user.getIdentifier()).stream()
.map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
- return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy);
+ final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUser(user.getIdentifier()).stream()
+ .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet());
+ return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups, policyEntities), userRevision, permissions);
}
private UserGroupEntity createUserGroupEntity(final Group userGroup) {
final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier()));
final Set<TenantEntity> users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision,
- dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
+ dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
}
@Override
@@ -2234,8 +2285,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private LabelEntity createLabelEntity(final Label label) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(label.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(label);
- return entityFactory.createLabelEntity(dtoFactory.createLabelDto(label), revision, accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(label);
+ return entityFactory.createLabelEntity(dtoFactory.createLabelDto(label), revision, permissions);
}
@Override
@@ -2254,8 +2305,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private FunnelEntity createFunnelEntity(final Funnel funnel) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(funnel.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(funnel);
- return entityFactory.createFunnelEntity(dtoFactory.createFunnelDto(funnel), revision, accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(funnel);
+ return entityFactory.createFunnelEntity(dtoFactory.createFunnelDto(funnel), revision, permissions);
}
@Override
@@ -2274,18 +2325,18 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private PortEntity createInputPortEntity(final Port port) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(port.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(port);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(port);
final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getInputPortStatus(port.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(port.getIdentifier()));
- return entityFactory.createPortEntity(dtoFactory.createPortDto(port), revision, accessPolicy, status, bulletins);
+ return entityFactory.createPortEntity(dtoFactory.createPortDto(port), revision, permissions, status, bulletins);
}
private PortEntity createOutputPortEntity(final Port port) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(port.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(port);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(port);
final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getOutputPortStatus(port.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(port.getIdentifier()));
- return entityFactory.createPortEntity(dtoFactory.createPortDto(port), revision, accessPolicy, status, bulletins);
+ return entityFactory.createPortEntity(dtoFactory.createPortDto(port), revision, permissions, status, bulletins);
}
@Override
@@ -2306,10 +2357,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private ProcessGroupEntity createProcessGroupEntity(final ProcessGroup group) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(group.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(group);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(group);
final ProcessGroupStatusDTO status = dtoFactory.createConciseProcessGroupStatusDto(controllerFacade.getProcessGroupStatus(group.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(group.getIdentifier()));
- return entityFactory.createProcessGroupEntity(dtoFactory.createProcessGroupDto(group), revision, accessPolicy, status, bulletins);
+ return entityFactory.createProcessGroupEntity(dtoFactory.createProcessGroupDto(group), revision, permissions, status, bulletins);
}
@Override
@@ -2322,10 +2373,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private RemoteProcessGroupEntity createRemoteGroupEntity(final RemoteProcessGroup rpg) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(rpg.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(rpg);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(rpg);
final RemoteProcessGroupStatusDTO status = dtoFactory.createRemoteProcessGroupStatusDto(controllerFacade.getRemoteProcessGroupStatus(rpg.getIdentifier()));
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(rpg.getIdentifier()));
- return entityFactory.createRemoteProcessGroupEntity(dtoFactory.createRemoteProcessGroupDto(rpg), revision, accessPolicy, status, bulletins);
+ return entityFactory.createRemoteProcessGroupEntity(dtoFactory.createRemoteProcessGroupDto(rpg), revision, permissions, status, bulletins);
}
@Override
@@ -2380,10 +2431,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final CurrentUserEntity entity = new CurrentUserEntity();
entity.setIdentity(user.getIdentity());
entity.setAnonymous(user.isAnonymous());
- entity.setProvenancePermissions(dtoFactory.createAccessPolicyDto(authorizableLookup.getProvenance()));
- entity.setCountersPermissions(dtoFactory.createAccessPolicyDto(authorizableLookup.getCounters()));
- entity.setTenantsPermissions(dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
- entity.setControllerPermissions(dtoFactory.createAccessPolicyDto(authorizableLookup.getController()));
+ entity.setProvenancePermissions(dtoFactory.createPermissionsDto(authorizableLookup.getProvenance()));
+ entity.setCountersPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getCounters()));
+ entity.setTenantsPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
+ entity.setControllerPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getController()));
+ entity.setPoliciesPermissions(dtoFactory.createPermissionsDto(authorizableLookup.getPolicies()));
return entity;
}
@@ -2421,8 +2473,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// read lock on every component being accessed in the dto conversion
final ProcessGroupStatus groupStatus = controllerFacade.getProcessGroupStatus(groupId);
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processGroup);
- return entityFactory.createProcessGroupFlowEntity(dtoFactory.createProcessGroupFlowDto(processGroup, groupStatus, revisionManager), accessPolicy);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroup);
+ return entityFactory.createProcessGroupFlowEntity(dtoFactory.createProcessGroupFlowDto(processGroup, groupStatus, revisionManager), permissions);
}
@Override
@@ -2439,9 +2491,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
dto.setReferencingComponents(referencingComponentsEntity.getControllerServiceReferencingComponents());
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(serviceNode.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(serviceNode);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(serviceNode);
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(serviceNode.getIdentifier()));
- return entityFactory.createControllerServiceEntity(dto, revision, accessPolicy, bulletins);
+ return entityFactory.createControllerServiceEntity(dto, revision, permissions, bulletins);
}
@Override
@@ -2483,9 +2535,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
private ReportingTaskEntity createReportingTaskEntity(final ReportingTaskNode reportingTask) {
final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(reportingTask.getIdentifier()));
- final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(reportingTask);
+ final PermissionsDTO permissions = dtoFactory.createPermissionsDto(reportingTask);
final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(reportingTask.getIdentifier()));
- return entityFactory.createReportingTaskEntity(dtoFactory.createReportingTaskDto(reportingTask), revision, accessPolicy, bulletins);
+ return entityFactory.createReportingTaskEntity(dtoFactory.createReportingTaskDto(reportingTask), revision, permissions, bulletins);
}
@Override
@@ -2734,7 +2786,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return userGroupId -> {
final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId));
return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userGroupDAO.getUserGroup(userGroupId)), userGroupRevision,
- dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
+ dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
};
}
@@ -2742,7 +2794,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return userId -> {
final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision,
- dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
+ dtoFactory.createPermissionsDto(authorizableLookup.getTenant()));
};
}