mirror of https://github.com/apache/nifi.git
NIFI-12679: (#8306)
- When overriding a policy prompting whether the new policy should copy the users and groups or if it should be empty.
This commit is contained in:
Matt Gilman
GitHub
parent
8e0c68e5cc
commit
03b925629e
|
|
@ -33,7 +33,16 @@ export class AccessPolicyService {
|
|||
private nifiCommon: NiFiCommon
|
||||
) {}
|
||||
|
||||
createAccessPolicy(resourceAction: ResourceAction): Observable<any> {
|
||||
createAccessPolicy(
|
||||
resourceAction: ResourceAction,
|
||||
{
|
||||
userGroups = [],
|
||||
users = []
|
||||
}: {
|
||||
userGroups?: TenantEntity[];
|
||||
users?: TenantEntity[];
|
||||
} = {}
|
||||
): Observable<any> {
|
||||
let resource: string = `/${resourceAction.resource}`;
|
||||
if (resourceAction.resourceIdentifier) {
|
||||
resource += `/${resourceAction.resourceIdentifier}`;
|
||||
|
|
@ -47,8 +56,8 @@ export class AccessPolicyService {
|
|||
component: {
|
||||
action: resourceAction.action,
|
||||
resource,
|
||||
userGroups: [],
|
||||
users: []
|
||||
userGroups,
|
||||
users
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -59,6 +59,13 @@ export const loadAccessPolicySuccess = createAction(
|
|||
|
||||
export const createAccessPolicy = createAction(`${ACCESS_POLICY_PREFIX} Create Access Policy`);
|
||||
|
||||
export const promptOverrideAccessPolicy = createAction(`${ACCESS_POLICY_PREFIX} Prompt Override Access Policy`);
|
||||
|
||||
export const overrideAccessPolicy = createAction(
|
||||
`${ACCESS_POLICY_PREFIX} Override Access Policy`,
|
||||
props<{ request: AddTenantsToPolicyRequest }>()
|
||||
);
|
||||
|
||||
export const createAccessPolicySuccess = createAction(
|
||||
`${ACCESS_POLICY_PREFIX} Create Access Policy Success`,
|
||||
props<{ response: AccessPolicyResponse }>()
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import { isDefinedAndNotNull, TenantEntity } from '../../../../state/shared';
|
|||
import { AddTenantToPolicyDialog } from '../../ui/common/add-tenant-to-policy-dialog/add-tenant-to-policy-dialog.component';
|
||||
import { AddTenantsToPolicyRequest } from './index';
|
||||
import { selectUserGroups, selectUsers } from '../tenants/tenants.selectors';
|
||||
import { OverridePolicyDialog } from '../../ui/common/override-policy-dialog/override-policy-dialog.component';
|
||||
|
||||
@Injectable()
|
||||
export class AccessPolicyEffects {
|
||||
|
|
@ -164,6 +165,80 @@ export class AccessPolicyEffects {
|
|||
)
|
||||
);
|
||||
|
||||
promptOverrideAccessPolicy$ = createEffect(
|
||||
() =>
|
||||
this.actions$.pipe(
|
||||
ofType(AccessPolicyActions.promptOverrideAccessPolicy),
|
||||
concatLatestFrom(() => this.store.select(selectAccessPolicy).pipe(isDefinedAndNotNull())),
|
||||
tap(([action, accessPolicy]) => {
|
||||
const dialogReference = this.dialog.open(OverridePolicyDialog, {
|
||||
panelClass: 'small-dialog'
|
||||
});
|
||||
|
||||
dialogReference.componentInstance.copyInheritedPolicy
|
||||
.pipe(take(1))
|
||||
.subscribe((copyInheritedPolicy: boolean) => {
|
||||
dialogReference.close();
|
||||
|
||||
const users: TenantEntity[] = [];
|
||||
const userGroups: TenantEntity[] = [];
|
||||
|
||||
if (copyInheritedPolicy) {
|
||||
users.push(...accessPolicy.component.users);
|
||||
userGroups.push(...accessPolicy.component.userGroups);
|
||||
}
|
||||
|
||||
this.store.dispatch(
|
||||
AccessPolicyActions.overrideAccessPolicy({
|
||||
request: {
|
||||
users,
|
||||
userGroups
|
||||
}
|
||||
})
|
||||
);
|
||||
});
|
||||
})
|
||||
),
|
||||
{ dispatch: false }
|
||||
);
|
||||
|
||||
overrideAccessPolicy$ = createEffect(() =>
|
||||
this.actions$.pipe(
|
||||
ofType(AccessPolicyActions.overrideAccessPolicy),
|
||||
map((action) => action.request),
|
||||
concatLatestFrom(() => this.store.select(selectResourceAction).pipe(isDefinedAndNotNull())),
|
||||
switchMap(([request, resourceAction]) =>
|
||||
from(
|
||||
this.accessPoliciesService.createAccessPolicy(resourceAction, {
|
||||
userGroups: request.userGroups,
|
||||
users: request.users
|
||||
})
|
||||
).pipe(
|
||||
map((response) => {
|
||||
const accessPolicy: AccessPolicyEntity = response;
|
||||
const policyStatus: PolicyStatus = PolicyStatus.Found;
|
||||
|
||||
return AccessPolicyActions.createAccessPolicySuccess({
|
||||
response: {
|
||||
accessPolicy,
|
||||
policyStatus
|
||||
}
|
||||
});
|
||||
}),
|
||||
catchError((error) =>
|
||||
of(
|
||||
AccessPolicyActions.accessPolicyApiError({
|
||||
response: {
|
||||
error: error.error
|
||||
}
|
||||
})
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
selectGlobalAccessPolicy$ = createEffect(
|
||||
() =>
|
||||
this.actions$.pipe(
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
<!--
|
||||
~ Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
~ contributor license agreements. See the NOTICE file distributed with
|
||||
~ this work for additional information regarding copyright ownership.
|
||||
~ The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
~ (the "License"); you may not use this file except in compliance with
|
||||
~ the License. You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<h2 mat-dialog-title>Override Policy</h2>
|
||||
<form class="override-policy-form" [formGroup]="overridePolicyForm">
|
||||
<mat-dialog-content class="w-96">
|
||||
<div class="mb-5">Do you want to override with a copy of the inherited policy or an empty policy?</div>
|
||||
<mat-radio-group formControlName="override">
|
||||
<mat-radio-button value="copy">Copy</mat-radio-button>
|
||||
<mat-radio-button value="empty">Empty</mat-radio-button>
|
||||
</mat-radio-group>
|
||||
</mat-dialog-content>
|
||||
<mat-dialog-actions align="end">
|
||||
<button mat-raised-button mat-dialog-close color="accent">Cancel</button>
|
||||
<button mat-raised-button [disabled]="overridePolicyForm.invalid" (click)="overrideClicked()" color="primary">
|
||||
Override
|
||||
</button>
|
||||
</mat-dialog-actions>
|
||||
</form>
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
@use '@angular/material' as mat;
|
||||
|
||||
.override-policy-form {
|
||||
@include mat.button-density(-1);
|
||||
|
||||
.mat-mdc-radio-button ~ .mat-mdc-radio-button {
|
||||
margin-left: 16px;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import { ComponentFixture, TestBed } from '@angular/core/testing';
|
||||
|
||||
import { OverridePolicyDialog } from './override-policy-dialog.component';
|
||||
import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
|
||||
|
||||
describe('OverridePolicyDialog', () => {
|
||||
let component: OverridePolicyDialog;
|
||||
let fixture: ComponentFixture<OverridePolicyDialog>;
|
||||
|
||||
beforeEach(() => {
|
||||
TestBed.configureTestingModule({
|
||||
imports: [OverridePolicyDialog, BrowserAnimationsModule]
|
||||
});
|
||||
fixture = TestBed.createComponent(OverridePolicyDialog);
|
||||
component = fixture.componentInstance;
|
||||
fixture.detectChanges();
|
||||
});
|
||||
|
||||
it('should create', () => {
|
||||
expect(component).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import { Component, EventEmitter, Output } from '@angular/core';
|
||||
import { MatDialogModule } from '@angular/material/dialog';
|
||||
import { MatButtonModule } from '@angular/material/button';
|
||||
import { FormBuilder, FormControl, FormGroup, FormsModule, ReactiveFormsModule } from '@angular/forms';
|
||||
import { MatRadioModule } from '@angular/material/radio';
|
||||
|
||||
@Component({
|
||||
selector: 'override-policy-dialog',
|
||||
standalone: true,
|
||||
imports: [MatDialogModule, MatButtonModule, FormsModule, ReactiveFormsModule, MatRadioModule],
|
||||
templateUrl: './override-policy-dialog.component.html',
|
||||
styleUrls: ['./override-policy-dialog.component.scss']
|
||||
})
|
||||
export class OverridePolicyDialog {
|
||||
@Output() copyInheritedPolicy: EventEmitter<boolean> = new EventEmitter<boolean>();
|
||||
|
||||
overridePolicyForm: FormGroup;
|
||||
|
||||
constructor(private formBuilder: FormBuilder) {
|
||||
this.overridePolicyForm = this.formBuilder.group({
|
||||
override: new FormControl()
|
||||
});
|
||||
}
|
||||
|
||||
overrideClicked(): void {
|
||||
const override: string = this.overridePolicyForm.get('override')?.value;
|
||||
this.copyInheritedPolicy.next(override === 'copy');
|
||||
}
|
||||
}
|
||||
|
|
@ -133,7 +133,7 @@
|
|||
<ng-template #inheritedFromController let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
|
||||
Showing effective policy inherited from the controller.
|
||||
<ng-container *ngIf="supportsConfigurableAuthorizer">
|
||||
<a (click)="createNewPolicy()">Override</a> this policy.
|
||||
<a (click)="overridePolicy()">Override</a> this policy.
|
||||
</ng-container>
|
||||
</ng-template>
|
||||
<ng-template
|
||||
|
|
@ -142,12 +142,12 @@
|
|||
let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
|
||||
Showing effective policy inherited from global parameter context policy.
|
||||
<ng-container *ngIf="supportsConfigurableAuthorizer">
|
||||
<a (click)="createNewPolicy()">Override</a> this policy.
|
||||
<a (click)="overridePolicy()">Override</a> this policy.
|
||||
</ng-container>
|
||||
</ng-template>
|
||||
<ng-template #inheritedFromProcessGroup let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
|
||||
Showing effective policy inherited from <a [routerLink]="getInheritedProcessGroupRoute(policy)">Process Group</a>.
|
||||
<ng-container *ngIf="supportsConfigurableAuthorizer">
|
||||
<a (click)="createNewPolicy()">Override</a> this policy.
|
||||
<a (click)="overridePolicy()">Override</a> this policy.
|
||||
</ng-container>
|
||||
</ng-template>
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import { selectCurrentUser } from '../../../../state/current-user/current-user.s
|
|||
import {
|
||||
createAccessPolicy,
|
||||
openAddTenantToPolicyDialog,
|
||||
promptOverrideAccessPolicy,
|
||||
promptDeleteAccessPolicy,
|
||||
promptRemoveTenantFromPolicy,
|
||||
reloadAccessPolicy,
|
||||
|
|
@ -414,6 +415,10 @@ export class ComponentAccessPolicies implements OnInit, OnDestroy {
|
|||
this.store.dispatch(createAccessPolicy());
|
||||
}
|
||||
|
||||
overridePolicy(): void {
|
||||
this.store.dispatch(promptOverrideAccessPolicy());
|
||||
}
|
||||
|
||||
removeTenantFromPolicy(request: RemoveTenantFromPolicyRequest): void {
|
||||
this.store.dispatch(
|
||||
promptRemoveTenantFromPolicy({
|
||||
|
|
|
|||
|
|
@ -140,13 +140,13 @@
|
|||
<ng-template #inheritedFromPolicies let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
|
||||
Showing effective policy inherited from all policies.
|
||||
<ng-container *ngIf="supportsConfigurableAuthorizer">
|
||||
<a (click)="createNewPolicy()">Override</a> this policy.
|
||||
<a (click)="overridePolicy()">Override</a> this policy.
|
||||
</ng-container>
|
||||
</ng-template>
|
||||
<ng-template #inheritedFromController let-policy let-supportsConfigurableAuthorizer="supportsConfigurableAuthorizer">
|
||||
Showing effective policy inherited from the controller.
|
||||
<ng-container *ngIf="supportsConfigurableAuthorizer">
|
||||
<a (click)="createNewPolicy()">Override</a> this policy.
|
||||
<a (click)="overridePolicy()">Override</a> this policy.
|
||||
</ng-container>
|
||||
</ng-template>
|
||||
<ng-template
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import { selectCurrentUser } from '../../../../state/current-user/current-user.s
|
|||
import {
|
||||
createAccessPolicy,
|
||||
openAddTenantToPolicyDialog,
|
||||
promptOverrideAccessPolicy,
|
||||
promptDeleteAccessPolicy,
|
||||
promptRemoveTenantFromPolicy,
|
||||
reloadAccessPolicy,
|
||||
|
|
@ -276,6 +277,10 @@ export class GlobalAccessPolicies implements OnInit, OnDestroy {
|
|||
this.store.dispatch(createAccessPolicy());
|
||||
}
|
||||
|
||||
overridePolicy(): void {
|
||||
this.store.dispatch(promptOverrideAccessPolicy());
|
||||
}
|
||||
|
||||
removeTenantFromPolicy(request: RemoveTenantFromPolicyRequest): void {
|
||||
this.store.dispatch(
|
||||
promptRemoveTenantFromPolicy({
|
||||
|
|
|
|||
Loading…
Reference in New Issue