You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2014/12/23 15:35:02 UTC
[5/7] incubator-nifi git commit: NIFI-65: - Calling the userService to verify the user has authorization to download content.

NIFI-65:
- Calling the userService to verify the user has authorization to download content.

Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/2fed1388
Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/2fed1388
Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/2fed1388

Branch: refs/heads/NIFI-65
Commit: 2fed138888fbc4d4ae4c93f13c9f9cf81dfcae92
Parents: e1ffbdf
Author: Matt Gilman <ma...@gmail.com>
Authored: Tue Dec 23 09:32:54 2014 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Tue Dec 23 09:32:54 2014 -0500

----------------------------------------------------------------------
 .../nifi/web/controller/ControllerFacade.java   | 31 ++++++++++++++++++++
 .../src/main/resources/nifi-web-api-context.xml |  1 +
 2 files changed, 32 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/2fed1388/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
----------------------------------------------------------------------
diff --git a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
index 2c2d4dc..99440bc 100644
--- a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
+++ b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
@@ -26,6 +26,7 @@ import java.util.Comparator;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -111,8 +112,11 @@ import org.apache.nifi.web.util.DownloadableContent;
 
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.authorization.DownloadAuthorization;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.access.AccessDeniedException;
 
 /**
  *
@@ -124,6 +128,7 @@ public class ControllerFacade implements ControllerServiceProvider {
     // nifi components
     private FlowController flowController;
     private FlowService flowService;
+    private UserService userService;
 
     // properties
     private NiFiProperties properties;
@@ -787,6 +792,28 @@ public class ControllerFacade implements ControllerServiceProvider {
                 throw new ResourceNotFoundException("Unable to find the specified event.");
             }
 
+            // get the flowfile attributes
+            final Map<String, String> attributes = event.getAttributes();
+
+            // calculate the dn chain
+            final LinkedList<String> dnChain = new LinkedList<>();
+
+            // build the dn chain
+            NiFiUser chainedUser = user;
+            do {
+                // add the entry for this user
+                dnChain.push(chainedUser.getDn());
+
+                // go to the next user in the chain
+                chainedUser = chainedUser.getChain();
+            } while (chainedUser != null);
+
+            // ensure the users in this chain are allowed to download this content
+            final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
+            if (!downloadAuthorization.isApproved()) {
+                throw new AccessDeniedException(downloadAuthorization.getExplanation());
+            }
+            
             // get the filename and fall back to the idnetifier (should never happen)
             String filename = event.getAttributes().get(CoreAttributes.FILENAME.key());
             if (filename == null) {
@@ -1329,6 +1356,10 @@ public class ControllerFacade implements ControllerServiceProvider {
         this.properties = properties;
     }
 
+    public void setUserService(UserService userService) {
+        this.userService = userService;
+    }
+
     public void setFlowService(FlowService flowService) {
         this.flowService = flowService;
     }

http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/2fed1388/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
----------------------------------------------------------------------
diff --git a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
index 484ceff..39677ca 100644
--- a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
+++ b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
@@ -80,6 +80,7 @@
         <property name="properties" ref="nifiProperties"/>
         <property name="flowController" ref="flowController"/>
         <property name="flowService" ref="flowService"/>
+        <property name="userService" ref="userService"/>
         <property name="dtoFactory" ref="dtoFactory"/>
     </bean>
     <bean id="serviceFacade" class="org.apache.nifi.web.StandardNiFiServiceFacade">