diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java index cd728638ad..3f99556a1e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java @@ -17,8 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -30,8 +29,8 @@ import java.util.Set; public class AccessPolicyDTO extends ComponentDTO { private String resource; - private Set users; - private Set userGroups; + private Set users; + private Set userGroups; private Boolean canRead; private Boolean canWrite; @@ -81,11 +80,11 @@ public class AccessPolicyDTO extends ComponentDTO { * @return The set of user IDs associated with this access policy. */ @ApiModelProperty(value = "The set of user IDs associated with this access policy.") - public Set getUsers() { + public Set getUsers() { return users; } - public void setUsers(Set users) { + public void setUsers(Set users) { this.users = users; } @@ -93,11 +92,11 @@ public class AccessPolicyDTO extends ComponentDTO { * @return The set of user group IDs associated with this access policy. */ @ApiModelProperty(value = "The set of user group IDs associated with this access policy.") - public Set getUserGroups() { + public Set getUserGroups() { return userGroups; } - public void setUserGroups(Set userGroups) { + public void setUserGroups(Set userGroups) { this.userGroups = userGroups; } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java new file mode 100644 index 0000000000..7915ae4791 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.dto; + +import com.wordnik.swagger.annotations.ApiModelProperty; + +import javax.xml.bind.annotation.XmlType; + +/** + * A tenant of this NiFi. + */ +@XmlType(name = "tenant") +public class TenantDTO extends ComponentDTO { + private String identity; + + /** + * @return tenant's identity + */ + @ApiModelProperty(value = "The identity of the tenant.") + public String getIdentity() { + return identity; + } + + public void setIdentity(String identity) { + this.identity = identity; + } + + +} diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java index 0d2ecde845..52da608363 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java @@ -17,7 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -26,34 +26,19 @@ import java.util.Set; * A user of this NiFi. */ @XmlType(name = "user") -public class UserDTO extends ComponentDTO { +public class UserDTO extends TenantDTO { - private String identity; - private Set userGroups; - - /** - * @return users identity - */ - @ApiModelProperty( - value = "The identity of the user." - ) - public String getIdentity() { - return identity; - } - - public void setIdentity(String identity) { - this.identity = identity; - } + private Set userGroups; /** * @return groups to which the user belongs */ @ApiModelProperty(value = "The groups to which the user belongs.") - public Set getUserGroups() { + public Set getUserGroups() { return userGroups; } - public void setUserGroups(Set userGroups) { + public void setUserGroups(Set userGroups) { this.userGroups = userGroups; } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java index bd06368afc..f167f9131a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java @@ -17,7 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -26,35 +26,19 @@ import java.util.Set; * A user group in this NiFi. */ @XmlType(name = "userGroup") -public class UserGroupDTO extends ComponentDTO { +public class UserGroupDTO extends TenantDTO { - private String name; - private Set users; + private Set users; /** * @return users in this group */ - @ApiModelProperty( - value = "The users that belong to the user group." - ) - public Set getUsers() { + @ApiModelProperty(value = "The users that belong to the user group.") + public Set getUsers() { return users; } - public void setUsers(Set users) { + public void setUsers(Set users) { this.users = users; } - - /** - * - * @return name of the user group - */ - @ApiModelProperty(value = "The name of the user group.") - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java index fbeeb7f54c..6d6b022461 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java @@ -24,6 +24,7 @@ import org.apache.nifi.web.api.dto.RevisionDTO; import javax.xml.bind.annotation.XmlRootElement; import java.util.List; +import java.util.Objects; /** * A base type for request/response entities. @@ -117,7 +118,7 @@ public class ComponentEntity extends Entity { @Override public int hashCode() { - return id.hashCode(); + return Objects.hash(id); } @Override @@ -134,6 +135,6 @@ public class ComponentEntity extends Entity { return false; } - return id.equals(((ComponentEntity) obj).getId()); + return Objects.equals(id, ((ComponentEntity)obj).id); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java new file mode 100644 index 0000000000..02d67f016f --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import org.apache.nifi.web.api.dto.TenantDTO; + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a TenantDTO. + */ +@XmlRootElement(name = "tenantEntity") +public class TenantEntity extends ComponentEntity { + + private TenantDTO component; + + /** + * The {@link TenantDTO} that is being serialized. + * + * @return The {@link TenantDTO} object + */ + public TenantDTO getComponent() { + return component; + } + + public void setComponent(TenantDTO component) { + this.component = component; + } +} diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java index 6eaa8d06ca..40361efcd7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java @@ -1215,17 +1215,15 @@ public interface NiFiServiceFacade { /** * Gets the user with the specified ID. * @param userId The user ID - * @param prune If true, the users in the groups to which this user belongs will not be returned * @return The user transfer object */ - UserEntity getUser(String userId, boolean prune); + UserEntity getUser(String userId); /** * Gets all the users. - * @param prune If true, the users in the groups to which the users belong will not be returned * @return The user transfer objects */ - Set getUsers(boolean prune); + Set getUsers(); /** * Updates the specified user. @@ -1257,17 +1255,15 @@ public interface NiFiServiceFacade { /** * Gets the user group with the specified ID. * @param userGroupId The user group ID - * @param prune If true, the user groups of the users in this user group will not be returned * @return The user group transfer object */ - UserGroupEntity getUserGroup(String userGroupId, boolean prune); + UserGroupEntity getUserGroup(String userGroupId); /** * Gets all user groups. - * @param prune If true, the user groups of the users in the user groups will not be returned * @return The user group transfer objects */ - Set getUserGroups(boolean prune); + Set getUserGroups(); /** * Updates the specified user group. diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java index 4373472aba..eb8ea208e7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java @@ -156,6 +156,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity; import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.entity.ScheduleComponentsEntity; import org.apache.nifi.web.api.entity.SnippetEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.api.entity.UserEntity; import org.apache.nifi.web.api.entity.UserGroupEntity; import org.apache.nifi.web.controller.ControllerFacade; @@ -193,7 +194,6 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; @@ -208,6 +208,7 @@ import java.util.UUID; import java.util.function.Function; import java.util.function.Supplier; import java.util.stream.Collectors; +import java.util.stream.Stream; /** * Implementation of NiFiServiceFacade that performs revision checking. @@ -524,8 +525,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { accessPolicyAuthorizable, () -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO), accessPolicy -> { - final Set users = accessPolicy.getUsers().stream().map(userId -> getUser(userId, true) ).collect(Collectors.toSet()); - final Set userGroups = accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true) ).collect(Collectors.toSet()); + final Set users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + final Set userGroups = accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users); }); @@ -539,7 +540,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { final RevisionUpdate snapshot = updateComponent(revision, usersAuthorizable, () -> userDAO.updateUser(userDTO), - user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()))); + user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()))); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy); @@ -551,7 +552,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { final RevisionUpdate snapshot = updateComponent(revision, userGroupsAuthorizable, () -> userGroupDAO.updateUserGroup(userGroupDTO), - userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()))); + userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()))); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy); @@ -832,9 +833,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { controllerFacade.setMaxEventDrivenThreadCount(controllerConfigurationDTO.getMaxEventDrivenThreadCount()); } - return controllerConfigurationDTO; - }, - controller -> dtoFactory.createControllerConfigurationDto(controllerFacade)); + return controllerConfigurationDTO; + }, + controller -> dtoFactory.createControllerConfigurationDto(controllerFacade)); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade); final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(updatedComponent.getLastModification()); @@ -859,7 +860,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { clusterCoordinator.requestNodeConnect(nodeId, userDn); } else if (NodeConnectionState.DISCONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) { clusterCoordinator.requestNodeDisconnect(nodeId, DisconnectionCode.USER_DISCONNECTED, - "User " + userDn + " requested that node be disconnected from cluster"); + "User " + userDn + " requested that node be disconnected from cluster"); } return getNode(nodeId); @@ -982,7 +983,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserEntity deleteUser(final Revision revision, final String userId) { final User user = userDAO.getUser(userId); - final Set userGroups = user != null ? user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null; + final Set userGroups = user != null ? user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null; final UserDTO snapshot = deleteComponent( revision, authorizableLookup.getTenantAuthorizable(), @@ -995,7 +996,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) { final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - final Set users = userGroup != null ? userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : + final Set users = userGroup != null ? userGroup.getUsers().stream() + .map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final UserGroupDTO snapshot = deleteComponent( revision, @@ -1009,8 +1011,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public AccessPolicyEntity deleteAccessPolicy(final Revision revision, final String accessPolicyId) { final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); - final Set userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null; - final Set users = accessPolicy != null ? accessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : null; + final Set userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null; + final Set users = accessPolicy != null ? accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final AccessPolicyDTO snapshot = deleteComponent( revision, authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId), @@ -1267,11 +1269,17 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) { + // TODO read lock on users and groups (and resource+action?) while the policy is being created? + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO); final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, - newAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()), - newAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())); + newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), + newAccessPolicy.getUsers().stream().map(userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(tenantAuthorizable)); + }).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(newAccessPolicy.getIdentifier())); return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -1279,9 +1287,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserEntity createUser(final Revision revision, final UserDTO userDTO) { + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); final User newUser = userDAO.createUser(userDTO); - final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet())); + final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream() + .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -1289,12 +1299,15 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) { + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); - if (revision.getVersion() != 0) { - throw new IllegalArgumentException("The revision must start at 0."); - } final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO); - final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())); + final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream() + .map(userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(tenantAuthorizable)); + }).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -2338,101 +2351,75 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public AccessPolicyEntity getAccessPolicy(final String accessPolicyId) { - return revisionManager.get(accessPolicyId, rev -> { - final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable); + AccessPolicy preRevisionRequestAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); + Set ids = Stream.concat(Stream.of(accessPolicyId), + Stream.concat(preRevisionRequestAccessPolicy.getUsers().stream(), preRevisionRequestAccessPolicy.getGroups().stream())).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO requestedAccessPolicyRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicyId)); final AccessPolicy requestedAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); + final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId)); return entityFactory.createAccessPolicyEntity( dtoFactory.createAccessPolicyDto(requestedAccessPolicy, - requestedAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()), - requestedAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())), - revision, accessPolicy); + requestedAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), + requestedAccessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())), + requestedAccessPolicyRevision, accessPolicy); }); } @Override - public UserEntity getUser(final String userId, final boolean prune) { - return revisionManager.get(userId, rev -> { - final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); + public UserEntity getUser(final String userId) { + final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); + Set ids = Stream.concat(Stream.of(userId), userDAO.getUser(userId).getGroups().stream()).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); final User user = userDAO.getUser(userId); - final Set userGroups = user.getGroups().stream() - .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy); - }); - } - - private UserEntity getUserPruned(final String userId) { - return revisionManager.get(userId, rev -> { - final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); - final User user = userDAO.getUser(userId); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, Collections.emptySet()), revision, accessPolicy); + final Set userGroups = user.getGroups().stream() + .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy); }); } @Override - public Set getUsers(boolean prune) { - final Authorizable userAuthorizable = authorizableLookup.getTenantAuthorizable(); + public Set getUsers() { final Set users = userDAO.getUsers(); - final Set ids = users.stream().map(user -> user.getIdentifier()).collect(Collectors.toSet()); + final Set ids = users.stream().flatMap(user -> Stream.concat(Stream.of(user.getIdentifier()), user.getGroups().stream())).collect(Collectors.toSet()); return revisionManager.get(ids, () -> { return users.stream() .map(user -> { - final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier())); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userAuthorizable); - final Set userGroups = user.getGroups().stream() - .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy); - }) - .collect(Collectors.toSet()); + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier())); + final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); + final Set userGroups = user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy); + }).collect(Collectors.toSet()); }); } @Override - public UserGroupEntity getUserGroup(final String userGroupId, final boolean prune) { - return revisionManager.get(userGroupId, rev -> { - final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); + public UserGroupEntity getUserGroup(final String userGroupId) { + Set ids = Stream.concat(Stream.of(userGroupId), userGroupDAO.getUserGroup(userGroupId).getUsers().stream()).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId)); final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - final Set users = userGroup.getUsers().stream().map(userId -> prune ? getUserPruned(userId) : getUser(userId, false)).collect(Collectors.toSet()); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), - revision, accessPolicy); - }); - } - - private UserGroupEntity getUserGroupPruned(final String userGroupId) { - return revisionManager.get(userGroupId, rev -> { - final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); - final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, Collections.emptySet()), revision, accessPolicy); + final Set users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); }); } @Override - public Set getUserGroups(boolean prune) { + public Set getUserGroups() { final Authorizable userGroupAuthorizable = authorizableLookup.getTenantAuthorizable(); final Set userGroups = userGroupDAO.getUserGroups(); - final Set ids = userGroups.stream().map(userGroup -> userGroup.getIdentifier()).collect(Collectors.toSet()); + final Set ids = userGroups.stream().flatMap(userGroup -> Stream.concat(Stream.of(userGroup.getIdentifier()), userGroup.getUsers().stream())).collect(Collectors.toSet()); return revisionManager.get(ids, () -> { return userGroups.stream() .map(userGroup -> { - final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupAuthorizable); - final Set users = userGroup.getUsers().stream() - .map(userGroupId -> prune ? getUserPruned(userGroupId) : getUser(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), revision, accessPolicy); - }) - .collect(Collectors.toSet()); + final Set users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, accessPolicy); + }).collect(Collectors.toSet()); }); } @@ -2973,6 +2960,24 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { heartbeatMonitor.removeHeartbeat(nodeIdentifier); } + /* reusable function declarations for converting ids to tenant entities */ + private Function mapUserGroupIdToTenantEntity() { + return userGroupId -> { + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userGroupDAO.getUserGroup(userGroupId)), userGroupRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); + }; + } + + private Function mapUserIdToTenantEntity() { + return userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); + }; + } + + /* setters */ public void setProperties(final NiFiProperties properties) { this.properties = properties; @@ -3069,6 +3074,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { public void setAccessPolicyDAO(final AccessPolicyDAO accessPolicyDAO) { this.accessPolicyDAO = accessPolicyDAO; } + public void setClusterCoordinator(final ClusterCoordinator coordinator) { this.clusterCoordinator = coordinator; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java index 2c1129c622..6ccbeeea40 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java @@ -188,7 +188,7 @@ public class AccessPolicyResource extends ApplicationResource { } if (accessPolicyEntity.getRevision() == null || (accessPolicyEntity.getRevision().getVersion() == null || accessPolicyEntity.getRevision().getVersion() != 0)) { - throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor."); + throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Policy."); } if (accessPolicyEntity.getComponent().getId() != null) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java index 37b8c69268..5903b2d79b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java @@ -165,7 +165,7 @@ public class TenantsResource extends ApplicationResource { } if (userEntity.getRevision() == null || (userEntity.getRevision().getVersion() == null || userEntity.getRevision().getVersion() != 0)) { - throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor."); + throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User."); } if (userEntity.getComponent().getId() != null) { @@ -251,7 +251,7 @@ public class TenantsResource extends ApplicationResource { }); // get the user - final UserEntity entity = serviceFacade.getUser(id, true); + final UserEntity entity = serviceFacade.getUser(id); populateRemainingUserEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); @@ -298,7 +298,7 @@ public class TenantsResource extends ApplicationResource { }); // get all the users - final Set users = serviceFacade.getUsers(true); + final Set users = serviceFacade.getUsers(); // create the response entity final UsersEntity entity = new UsersEntity(); @@ -550,7 +550,7 @@ public class TenantsResource extends ApplicationResource { } if (userGroupEntity.getRevision() == null || (userGroupEntity.getRevision().getVersion() == null || userGroupEntity.getRevision().getVersion() != 0)) { - throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor."); + throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User Group."); } if (userGroupEntity.getComponent().getId() != null) { @@ -636,7 +636,7 @@ public class TenantsResource extends ApplicationResource { }); // get the user group - final UserGroupEntity entity = serviceFacade.getUserGroup(id, true); + final UserGroupEntity entity = serviceFacade.getUserGroup(id); populateRemainingUserGroupEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); @@ -683,7 +683,7 @@ public class TenantsResource extends ApplicationResource { }); // get all the user groups - final Set users = serviceFacade.getUserGroups(true); + final Set users = serviceFacade.getUserGroups(); // create the response entity final UserGroupsEntity entity = new UserGroupsEntity(); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java index 0bd275a9ca..80ea9c9634 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java @@ -139,8 +139,7 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusSnapshotDTO; import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO; import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusSnapshotDTO; import org.apache.nifi.web.api.entity.FlowBreadcrumbEntity; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.controller.ControllerFacade; import org.apache.nifi.web.revision.RevisionManager; @@ -691,7 +690,7 @@ public final class DtoFactory { * @param user user * @return dto */ - public UserDTO createUserDto(final User user, final Set groups) { + public UserDTO createUserDto(final User user, final Set groups) { if (user == null) { return null; } @@ -704,13 +703,31 @@ public final class DtoFactory { return dto; } + /** + * Creates a {@link TenantDTO} from the specified {@link User}. + * + * @param user user + * @return dto + */ + public TenantDTO createTenantDTO(User user) { + if (user == null) { + return null; + } + + final TenantDTO dto = new TenantDTO(); + dto.setId(user.getIdentifier()); + dto.setIdentity(user.getIdentity()); + + return dto; + } + /** * Creates a {@link UserGroupDTO} from the specified {@link Group}. * * @param userGroup user group * @return dto */ - public UserGroupDTO createUserGroupDto(final Group userGroup, Set users) { + public UserGroupDTO createUserGroupDto(final Group userGroup, Set users) { if (userGroup == null) { return null; } @@ -718,7 +735,25 @@ public final class DtoFactory { final UserGroupDTO dto = new UserGroupDTO(); dto.setId(userGroup.getIdentifier()); dto.setUsers(users); - dto.setName(userGroup.getName()); + dto.setIdentity(userGroup.getName()); + + return dto; + } + + /** + * Creates a {@link TenantDTO} from the specified {@link User}. + * + * @param userGroup user + * @return dto + */ + public TenantDTO createTenantDTO(Group userGroup) { + if (userGroup == null) { + return null; + } + + final TenantDTO dto = new TenantDTO(); + dto.setId(userGroup.getIdentifier()); + dto.setIdentity(userGroup.getName()); return dto; } @@ -1517,7 +1552,7 @@ public final class DtoFactory { return dto; } - public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set userGroups, Set users) { + public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set userGroups, Set users) { if (accessPolicy == null) { return null; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java index e1c183bad5..c530f41655 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java @@ -39,6 +39,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupEntity; import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity; import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.entity.SnippetEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.api.entity.UserEntity; import org.apache.nifi.web.api.entity.UserGroupEntity; @@ -162,6 +163,20 @@ public final class EntityFactory { return entity; } + public TenantEntity createTenantEntity(final TenantDTO dto, final RevisionDTO revsion, final AccessPolicyDTO accessPolicy) { + final TenantEntity entity = new TenantEntity(); + entity.setRevision(revsion); + if (dto != null) { + entity.setAccessPolicy(accessPolicy); + entity.setId(dto.getId()); + + if (accessPolicy != null && accessPolicy.getCanRead()) { + entity.setComponent(dto); + } + } + return entity; + } + public UserGroupEntity createUserGroupEntity(final UserGroupDTO dto, final RevisionDTO revision, final AccessPolicyDTO accessPolicy) { final UserGroupEntity entity = new UserGroupEntity(); entity.setRevision(revision); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java index ff5f20ed27..845d9f4110 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java @@ -33,8 +33,7 @@ import org.apache.nifi.web.api.dto.AccessPolicyDTO; import org.apache.nifi.web.api.dto.UserDTO; import org.apache.nifi.web.api.dto.UserGroupDTO; import org.apache.nifi.web.api.entity.ComponentEntity; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.dao.AccessPolicyDAO; import org.apache.nifi.web.dao.UserDAO; import org.apache.nifi.web.dao.UserGroupDAO; @@ -182,8 +181,8 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } private AccessPolicy buildAccessPolicy(final String identifier, final AccessPolicyDTO accessPolicyDTO) { - final Set userGroups = accessPolicyDTO.getUserGroups(); - final Set users = accessPolicyDTO.getUsers(); + final Set userGroups = accessPolicyDTO.getUserGroups(); + final Set users = accessPolicyDTO.getUsers(); final AccessPolicy.Builder builder = new AccessPolicy.Builder() .identifier(identifier) .resource(accessPolicyDTO.getResource()); @@ -237,8 +236,8 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } private Group buildUserGroup(final String identifier, final UserGroupDTO userGroupDTO) { - final Set users = userGroupDTO.getUsers(); - final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getName()); + final Set users = userGroupDTO.getUsers(); + final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getIdentity()); if (users != null) { builder.addUsers(users.stream().map(ComponentEntity::getId).collect(Collectors.toSet())); } @@ -280,7 +279,7 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } private User buildUser(final String identifier, final UserDTO userDTO) { - final Set groups = userDTO.getUserGroups(); + final Set groups = userDTO.getUserGroups(); final User.Builder builder = new User.Builder().identifier(identifier).identity(userDTO.getIdentity()); if (groups != null) { builder.addGroups(groups.stream().map(ComponentEntity::getId).collect(Collectors.toSet())); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy index bfffd26110..78e9084738 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy @@ -26,6 +26,7 @@ import org.apache.nifi.web.ResourceNotFoundException import org.apache.nifi.web.api.dto.AccessPolicyDTO import org.apache.nifi.web.api.dto.UserDTO import org.apache.nifi.web.api.dto.UserGroupDTO +import org.apache.nifi.web.api.entity.TenantEntity import org.apache.nifi.web.api.entity.UserEntity import org.apache.nifi.web.api.entity.UserGroupEntity import spock.lang.Specification @@ -46,7 +47,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { method | daoMethod 'createAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) } 'createUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUser(new UserDTO(id: '1', identity: 'a')) } - 'createUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', name: 'a')) } + 'createUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', identity: 'a')) } 'deleteAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteAccessPolicy('1') } 'deleteUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUser('1') } 'deleteUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUserGroup('1') } @@ -58,7 +59,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { 'hasUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).hasUserGroup('1') } 'updateAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) } 'updateUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUser(new UserDTO(id: '1', identity: 'a')) } - 'updateUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', name: 'a')) } + 'updateUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', identity: 'a')) } } @Unroll @@ -89,8 +90,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.createAccessPolicy(requestDTO) @@ -151,8 +152,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.updateAccessPolicy(requestDTO) @@ -176,8 +177,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: dao.updateAccessPolicy(requestDTO) @@ -249,7 +250,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: def result = dao.createUserGroup(requestDTO) @@ -325,7 +326,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: def result = dao.updateUserGroup(requestDTO) @@ -346,7 +347,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: dao.updateUserGroup(requestDTO) @@ -416,7 +417,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.createUser(requestDTO) @@ -492,7 +493,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.updateUser(requestDTO) @@ -513,7 +514,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: dao.updateUser(requestDTO)