NIFI-12679: (#8306)

- When overriding a policy prompting whether the new policy should copy the users and groups or if it should be empty.

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/service/access-policy.service.ts

@@ -33,7 +33,16 @@ export class AccessPolicyService {
         private nifiCommon: NiFiCommon
     ) {}
 
-    createAccessPolicy(resourceAction: ResourceAction): Observable<any> {
+    createAccessPolicy(
+        resourceAction: ResourceAction,
+        {
+            userGroups = [],
+            users = []
+        }: {
+            userGroups?: TenantEntity[];
+            users?: TenantEntity[];
+        } = {}
+    ): Observable<any> {
         let resource: string = `/${resourceAction.resource}`;
         if (resourceAction.resourceIdentifier) {
             resource += `/${resourceAction.resourceIdentifier}`;
@@ -47,8 +56,8 @@ export class AccessPolicyService {
             component: {
                 action: resourceAction.action,
                 resource,
-                userGroups: [],
+                userGroups,
-                users: []
+                users
             }
         };
 

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/state/access-policy/access-policy.actions.ts

@@ -59,6 +59,13 @@ export const loadAccessPolicySuccess = createAction(
 
 export const createAccessPolicy = createAction(`${ACCESS_POLICY_PREFIX} Create Access Policy`);
 
+export const promptOverrideAccessPolicy = createAction(`${ACCESS_POLICY_PREFIX} Prompt Override Access Policy`);
+
+export const overrideAccessPolicy = createAction(
+    `${ACCESS_POLICY_PREFIX} Override Access Policy`,
+    props<{ request: AddTenantsToPolicyRequest }>()
+);
+
 export const createAccessPolicySuccess = createAction(
     `${ACCESS_POLICY_PREFIX} Create Access Policy Success`,
     props<{ response: AccessPolicyResponse }>()

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/state/access-policy/access-policy.effects.ts

@@ -31,6 +31,7 @@ import { isDefinedAndNotNull, TenantEntity } from '../../../../state/shared';
 import { AddTenantToPolicyDialog } from '../../ui/common/add-tenant-to-policy-dialog/add-tenant-to-policy-dialog.component';
 import { AddTenantsToPolicyRequest } from './index';
 import { selectUserGroups, selectUsers } from '../tenants/tenants.selectors';
+import { OverridePolicyDialog } from '../../ui/common/override-policy-dialog/override-policy-dialog.component';
 
 @Injectable()
 export class AccessPolicyEffects {
@@ -164,6 +165,80 @@ export class AccessPolicyEffects {
         )
     );
 
+    promptOverrideAccessPolicy$ = createEffect(
+        () =>
+            this.actions$.pipe(
+                ofType(AccessPolicyActions.promptOverrideAccessPolicy),
+                concatLatestFrom(() => this.store.select(selectAccessPolicy).pipe(isDefinedAndNotNull())),
+                tap(([action, accessPolicy]) => {
+                    const dialogReference = this.dialog.open(OverridePolicyDialog, {
+                        panelClass: 'small-dialog'
+                    });
+
+                    dialogReference.componentInstance.copyInheritedPolicy
+                        .pipe(take(1))
+                        .subscribe((copyInheritedPolicy: boolean) => {
+                            dialogReference.close();
+
+                            const users: TenantEntity[] = [];
+                            const userGroups: TenantEntity[] = [];
+
+                            if (copyInheritedPolicy) {
+                                users.push(...accessPolicy.component.users);
+                                userGroups.push(...accessPolicy.component.userGroups);
+                            }
+
+                            this.store.dispatch(
+                                AccessPolicyActions.overrideAccessPolicy({
+                                    request: {
+                                        users,
+                                        userGroups
+                                    }
+                                })
+                            );
+                        });
+                })
+            ),
+        { dispatch: false }
+    );
+
+    overrideAccessPolicy$ = createEffect(() =>
+        this.actions$.pipe(
+            ofType(AccessPolicyActions.overrideAccessPolicy),
+            map((action) => action.request),
+            concatLatestFrom(() => this.store.select(selectResourceAction).pipe(isDefinedAndNotNull())),
+            switchMap(([request, resourceAction]) =>
+                from(
+                    this.accessPoliciesService.createAccessPolicy(resourceAction, {
+                        userGroups: request.userGroups,
+                        users: request.users
+                    })
+                ).pipe(
+                    map((response) => {
+                        const accessPolicy: AccessPolicyEntity = response;
+                        const policyStatus: PolicyStatus = PolicyStatus.Found;
+
+                        return AccessPolicyActions.createAccessPolicySuccess({
+                            response: {
+                                accessPolicy,
+                                policyStatus
+                            }
+                        });
+                    }),
+                    catchError((error) =>
+                        of(
+                            AccessPolicyActions.accessPolicyApiError({
+                                response: {
+                                    error: error.error
+                                }
+                            })
+                        )
+                    )
+                )
+            )
+        )
+    );
+
     selectGlobalAccessPolicy$ = createEffect(
         () =>
             this.actions$.pipe(

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/common/override-policy-dialog/override-policy-dialog.component.html

@@ -0,0 +1,33 @@
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<h2 mat-dialog-title>Override Policy</h2>
+<form class="override-policy-form" [formGroup]="overridePolicyForm">
+    <mat-dialog-content class="w-96">
+        <div class="mb-5">Do you want to override with a copy of the inherited policy or an empty policy?</div>
+        <mat-radio-group formControlName="override">
+            <mat-radio-button value="copy">Copy</mat-radio-button>
+            <mat-radio-button value="empty">Empty</mat-radio-button>
+        </mat-radio-group>
+    </mat-dialog-content>
+    <mat-dialog-actions align="end">
+        <button mat-raised-button mat-dialog-close color="accent">Cancel</button>
+        <button mat-raised-button [disabled]="overridePolicyForm.invalid" (click)="overrideClicked()" color="primary">
+            Override
+        </button>
+    </mat-dialog-actions>
+</form>

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/common/override-policy-dialog/override-policy-dialog.component.scss

@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+@use '@angular/material' as mat;
+
+.override-policy-form {
+    @include mat.button-density(-1);
+
+    .mat-mdc-radio-button ~ .mat-mdc-radio-button {
+        margin-left: 16px;
+    }
+}

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/common/override-policy-dialog/override-policy-dialog.component.spec.ts

@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { OverridePolicyDialog } from './override-policy-dialog.component';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+
+describe('OverridePolicyDialog', () => {
+    let component: OverridePolicyDialog;
+    let fixture: ComponentFixture<OverridePolicyDialog>;
+
+    beforeEach(() => {
+        TestBed.configureTestingModule({
+            imports: [OverridePolicyDialog, BrowserAnimationsModule]
+        });
+        fixture = TestBed.createComponent(OverridePolicyDialog);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+    });
+
+    it('should create', () => {
+        expect(component).toBeTruthy();
+    });
+});

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/common/override-policy-dialog/override-policy-dialog.component.ts

@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { Component, EventEmitter, Output } from '@angular/core';
+import { MatDialogModule } from '@angular/material/dialog';
+import { MatButtonModule } from '@angular/material/button';
+import { FormBuilder, FormControl, FormGroup, FormsModule, ReactiveFormsModule } from '@angular/forms';
+import { MatRadioModule } from '@angular/material/radio';
+
+@Component({
+    selector: 'override-policy-dialog',
+    standalone: true,
+    imports: [MatDialogModule, MatButtonModule, FormsModule, ReactiveFormsModule, MatRadioModule],
+    templateUrl: './override-policy-dialog.component.html',
+    styleUrls: ['./override-policy-dialog.component.scss']
+})
+export class OverridePolicyDialog {
+    @Output() copyInheritedPolicy: EventEmitter<boolean> = new EventEmitter<boolean>();
+
+    overridePolicyForm: FormGroup;
+
+    constructor(private formBuilder: FormBuilder) {
+        this.overridePolicyForm = this.formBuilder.group({
+            override: new FormControl()
+        });
+    }
+
+    overrideClicked(): void {
+        const override: string = this.overridePolicyForm.get('override')?.value;
+        this.copyInheritedPolicy.next(override === 'copy');
+    }
+}

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/component-access-policies/component-access-policies.component.html

@@ -133,7 +133,7 @@
 <ng-template #inheritedFromController let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
     Showing effective policy inherited from the controller.
     <ng-container *ngIf="supportsConfigurableAuthorizer">
-        <a (click)="createNewPolicy()">Override</a> this policy.
+        <a (click)="overridePolicy()">Override</a> this policy.
     </ng-container>
 </ng-template>
 <ng-template
@@ -142,12 +142,12 @@
     let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
     Showing effective policy inherited from global parameter context policy.
     <ng-container *ngIf="supportsConfigurableAuthorizer">
-        <a (click)="createNewPolicy()">Override</a> this policy.
+        <a (click)="overridePolicy()">Override</a> this policy.
     </ng-container>
 </ng-template>
 <ng-template #inheritedFromProcessGroup let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
     Showing effective policy inherited from <a [routerLink]="getInheritedProcessGroupRoute(policy)">Process Group</a>.
     <ng-container *ngIf="supportsConfigurableAuthorizer">
-        <a (click)="createNewPolicy()">Override</a> this policy.
+        <a (click)="overridePolicy()">Override</a> this policy.
     </ng-container>
 </ng-template>

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/component-access-policies/component-access-policies.component.ts

@@ -21,6 +21,7 @@ import { selectCurrentUser } from '../../../../state/current-user/current-user.s
 import {
     createAccessPolicy,
     openAddTenantToPolicyDialog,
+    promptOverrideAccessPolicy,
     promptDeleteAccessPolicy,
     promptRemoveTenantFromPolicy,
     reloadAccessPolicy,
@@ -414,6 +415,10 @@ export class ComponentAccessPolicies implements OnInit, OnDestroy {
         this.store.dispatch(createAccessPolicy());
     }
 
+    overridePolicy(): void {
+        this.store.dispatch(promptOverrideAccessPolicy());
+    }
+
     removeTenantFromPolicy(request: RemoveTenantFromPolicyRequest): void {
         this.store.dispatch(
             promptRemoveTenantFromPolicy({

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/global-access-policies/global-access-policies.component.html

@@ -140,13 +140,13 @@
 <ng-template #inheritedFromPolicies let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
     Showing effective policy inherited from all policies.
     <ng-container *ngIf="supportsConfigurableAuthorizer">
-        <a (click)="createNewPolicy()">Override</a> this policy.
+        <a (click)="overridePolicy()">Override</a> this policy.
     </ng-container>
 </ng-template>
 <ng-template #inheritedFromController let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
     Showing effective policy inherited from the controller.
     <ng-container *ngIf="supportsConfigurableAuthorizer">
-        <a (click)="createNewPolicy()">Override</a> this policy.
+        <a (click)="overridePolicy()">Override</a> this policy.
     </ng-container>
 </ng-template>
 <ng-template

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/global-access-policies/global-access-policies.component.ts

@@ -21,6 +21,7 @@ import { selectCurrentUser } from '../../../../state/current-user/current-user.s
 import {
     createAccessPolicy,
     openAddTenantToPolicyDialog,
+    promptOverrideAccessPolicy,
     promptDeleteAccessPolicy,
     promptRemoveTenantFromPolicy,
     reloadAccessPolicy,
@@ -276,6 +277,10 @@ export class GlobalAccessPolicies implements OnInit, OnDestroy {
         this.store.dispatch(createAccessPolicy());
     }
 
+    overridePolicy(): void {
+        this.store.dispatch(promptOverrideAccessPolicy());
+    }
+
     removeTenantFromPolicy(request: RemoveTenantFromPolicyRequest): void {
         this.store.dispatch(
             promptRemoveTenantFromPolicy({