From 41f32534450f9331487120a1e68c08c77f1c755d Mon Sep 17 00:00:00 2001 From: Jeff Storck Date: Mon, 27 Jun 2016 19:49:34 -0400 Subject: [PATCH] NIFI-1952 Update to revision-locking for users and groups Adding user and group summary objects (TenantEntity) Fixed ComponentEntity JSON mapping issues when the id field is null Removing unecessary revision checking. Fixing error message when checking user, group, and policy revision. This closes #589 --- .../nifi/web/api/dto/AccessPolicyDTO.java | 15 +- .../apache/nifi/web/api/dto/TenantDTO.java | 43 +++++ .../org/apache/nifi/web/api/dto/UserDTO.java | 25 +-- .../apache/nifi/web/api/dto/UserGroupDTO.java | 28 +-- .../nifi/web/api/entity/ComponentEntity.java | 5 +- .../nifi/web/api/entity/TenantEntity.java | 43 +++++ .../apache/nifi/web/NiFiServiceFacade.java | 12 +- .../nifi/web/StandardNiFiServiceFacade.java | 172 +++++++++--------- .../nifi/web/api/AccessPolicyResource.java | 2 +- .../apache/nifi/web/api/TenantsResource.java | 12 +- .../apache/nifi/web/api/dto/DtoFactory.java | 47 ++++- .../nifi/web/api/dto/EntityFactory.java | 15 ++ .../StandardPolicyBasedAuthorizerDAO.java | 13 +- ...tandardPolicyBasedAuthorizerDAOSpec.groovy | 29 +-- 14 files changed, 284 insertions(+), 177 deletions(-) create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java index cd728638ad..3f99556a1e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java @@ -17,8 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -30,8 +29,8 @@ import java.util.Set; public class AccessPolicyDTO extends ComponentDTO { private String resource; - private Set users; - private Set userGroups; + private Set users; + private Set userGroups; private Boolean canRead; private Boolean canWrite; @@ -81,11 +80,11 @@ public class AccessPolicyDTO extends ComponentDTO { * @return The set of user IDs associated with this access policy. */ @ApiModelProperty(value = "The set of user IDs associated with this access policy.") - public Set getUsers() { + public Set getUsers() { return users; } - public void setUsers(Set users) { + public void setUsers(Set users) { this.users = users; } @@ -93,11 +92,11 @@ public class AccessPolicyDTO extends ComponentDTO { * @return The set of user group IDs associated with this access policy. */ @ApiModelProperty(value = "The set of user group IDs associated with this access policy.") - public Set getUserGroups() { + public Set getUserGroups() { return userGroups; } - public void setUserGroups(Set userGroups) { + public void setUserGroups(Set userGroups) { this.userGroups = userGroups; } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java new file mode 100644 index 0000000000..7915ae4791 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.dto; + +import com.wordnik.swagger.annotations.ApiModelProperty; + +import javax.xml.bind.annotation.XmlType; + +/** + * A tenant of this NiFi. + */ +@XmlType(name = "tenant") +public class TenantDTO extends ComponentDTO { + private String identity; + + /** + * @return tenant's identity + */ + @ApiModelProperty(value = "The identity of the tenant.") + public String getIdentity() { + return identity; + } + + public void setIdentity(String identity) { + this.identity = identity; + } + + +} diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java index 0d2ecde845..52da608363 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java @@ -17,7 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -26,34 +26,19 @@ import java.util.Set; * A user of this NiFi. */ @XmlType(name = "user") -public class UserDTO extends ComponentDTO { +public class UserDTO extends TenantDTO { - private String identity; - private Set userGroups; - - /** - * @return users identity - */ - @ApiModelProperty( - value = "The identity of the user." - ) - public String getIdentity() { - return identity; - } - - public void setIdentity(String identity) { - this.identity = identity; - } + private Set userGroups; /** * @return groups to which the user belongs */ @ApiModelProperty(value = "The groups to which the user belongs.") - public Set getUserGroups() { + public Set getUserGroups() { return userGroups; } - public void setUserGroups(Set userGroups) { + public void setUserGroups(Set userGroups) { this.userGroups = userGroups; } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java index bd06368afc..f167f9131a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java @@ -17,7 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -26,35 +26,19 @@ import java.util.Set; * A user group in this NiFi. */ @XmlType(name = "userGroup") -public class UserGroupDTO extends ComponentDTO { +public class UserGroupDTO extends TenantDTO { - private String name; - private Set users; + private Set users; /** * @return users in this group */ - @ApiModelProperty( - value = "The users that belong to the user group." - ) - public Set getUsers() { + @ApiModelProperty(value = "The users that belong to the user group.") + public Set getUsers() { return users; } - public void setUsers(Set users) { + public void setUsers(Set users) { this.users = users; } - - /** - * - * @return name of the user group - */ - @ApiModelProperty(value = "The name of the user group.") - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java index fbeeb7f54c..6d6b022461 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java @@ -24,6 +24,7 @@ import org.apache.nifi.web.api.dto.RevisionDTO; import javax.xml.bind.annotation.XmlRootElement; import java.util.List; +import java.util.Objects; /** * A base type for request/response entities. @@ -117,7 +118,7 @@ public class ComponentEntity extends Entity { @Override public int hashCode() { - return id.hashCode(); + return Objects.hash(id); } @Override @@ -134,6 +135,6 @@ public class ComponentEntity extends Entity { return false; } - return id.equals(((ComponentEntity) obj).getId()); + return Objects.equals(id, ((ComponentEntity)obj).id); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java new file mode 100644 index 0000000000..02d67f016f --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import org.apache.nifi.web.api.dto.TenantDTO; + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a TenantDTO. + */ +@XmlRootElement(name = "tenantEntity") +public class TenantEntity extends ComponentEntity { + + private TenantDTO component; + + /** + * The {@link TenantDTO} that is being serialized. + * + * @return The {@link TenantDTO} object + */ + public TenantDTO getComponent() { + return component; + } + + public void setComponent(TenantDTO component) { + this.component = component; + } +} diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java index 6eaa8d06ca..40361efcd7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java @@ -1215,17 +1215,15 @@ public interface NiFiServiceFacade { /** * Gets the user with the specified ID. * @param userId The user ID - * @param prune If true, the users in the groups to which this user belongs will not be returned * @return The user transfer object */ - UserEntity getUser(String userId, boolean prune); + UserEntity getUser(String userId); /** * Gets all the users. - * @param prune If true, the users in the groups to which the users belong will not be returned * @return The user transfer objects */ - Set getUsers(boolean prune); + Set getUsers(); /** * Updates the specified user. @@ -1257,17 +1255,15 @@ public interface NiFiServiceFacade { /** * Gets the user group with the specified ID. * @param userGroupId The user group ID - * @param prune If true, the user groups of the users in this user group will not be returned * @return The user group transfer object */ - UserGroupEntity getUserGroup(String userGroupId, boolean prune); + UserGroupEntity getUserGroup(String userGroupId); /** * Gets all user groups. - * @param prune If true, the user groups of the users in the user groups will not be returned * @return The user group transfer objects */ - Set getUserGroups(boolean prune); + Set getUserGroups(); /** * Updates the specified user group. diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java index 4373472aba..eb8ea208e7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java @@ -156,6 +156,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity; import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.entity.ScheduleComponentsEntity; import org.apache.nifi.web.api.entity.SnippetEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.api.entity.UserEntity; import org.apache.nifi.web.api.entity.UserGroupEntity; import org.apache.nifi.web.controller.ControllerFacade; @@ -193,7 +194,6 @@ import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; @@ -208,6 +208,7 @@ import java.util.UUID; import java.util.function.Function; import java.util.function.Supplier; import java.util.stream.Collectors; +import java.util.stream.Stream; /** * Implementation of NiFiServiceFacade that performs revision checking. @@ -524,8 +525,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { accessPolicyAuthorizable, () -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO), accessPolicy -> { - final Set users = accessPolicy.getUsers().stream().map(userId -> getUser(userId, true) ).collect(Collectors.toSet()); - final Set userGroups = accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true) ).collect(Collectors.toSet()); + final Set users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + final Set userGroups = accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users); }); @@ -539,7 +540,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { final RevisionUpdate snapshot = updateComponent(revision, usersAuthorizable, () -> userDAO.updateUser(userDTO), - user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()))); + user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()))); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy); @@ -551,7 +552,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { final RevisionUpdate snapshot = updateComponent(revision, userGroupsAuthorizable, () -> userGroupDAO.updateUserGroup(userGroupDTO), - userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()))); + userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()))); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy); @@ -832,9 +833,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { controllerFacade.setMaxEventDrivenThreadCount(controllerConfigurationDTO.getMaxEventDrivenThreadCount()); } - return controllerConfigurationDTO; - }, - controller -> dtoFactory.createControllerConfigurationDto(controllerFacade)); + return controllerConfigurationDTO; + }, + controller -> dtoFactory.createControllerConfigurationDto(controllerFacade)); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade); final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(updatedComponent.getLastModification()); @@ -859,7 +860,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { clusterCoordinator.requestNodeConnect(nodeId, userDn); } else if (NodeConnectionState.DISCONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) { clusterCoordinator.requestNodeDisconnect(nodeId, DisconnectionCode.USER_DISCONNECTED, - "User " + userDn + " requested that node be disconnected from cluster"); + "User " + userDn + " requested that node be disconnected from cluster"); } return getNode(nodeId); @@ -982,7 +983,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserEntity deleteUser(final Revision revision, final String userId) { final User user = userDAO.getUser(userId); - final Set userGroups = user != null ? user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null; + final Set userGroups = user != null ? user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null; final UserDTO snapshot = deleteComponent( revision, authorizableLookup.getTenantAuthorizable(), @@ -995,7 +996,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) { final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - final Set users = userGroup != null ? userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : + final Set users = userGroup != null ? userGroup.getUsers().stream() + .map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final UserGroupDTO snapshot = deleteComponent( revision, @@ -1009,8 +1011,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public AccessPolicyEntity deleteAccessPolicy(final Revision revision, final String accessPolicyId) { final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); - final Set userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null; - final Set users = accessPolicy != null ? accessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : null; + final Set userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null; + final Set users = accessPolicy != null ? accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final AccessPolicyDTO snapshot = deleteComponent( revision, authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId), @@ -1267,11 +1269,17 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) { + // TODO read lock on users and groups (and resource+action?) while the policy is being created? + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO); final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, - newAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()), - newAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())); + newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), + newAccessPolicy.getUsers().stream().map(userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(tenantAuthorizable)); + }).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(newAccessPolicy.getIdentifier())); return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -1279,9 +1287,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserEntity createUser(final Revision revision, final UserDTO userDTO) { + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); final User newUser = userDAO.createUser(userDTO); - final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet())); + final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream() + .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -1289,12 +1299,15 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) { + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); - if (revision.getVersion() != 0) { - throw new IllegalArgumentException("The revision must start at 0."); - } final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO); - final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())); + final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream() + .map(userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(tenantAuthorizable)); + }).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -2338,101 +2351,75 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { @Override public AccessPolicyEntity getAccessPolicy(final String accessPolicyId) { - return revisionManager.get(accessPolicyId, rev -> { - final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable); + AccessPolicy preRevisionRequestAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); + Set ids = Stream.concat(Stream.of(accessPolicyId), + Stream.concat(preRevisionRequestAccessPolicy.getUsers().stream(), preRevisionRequestAccessPolicy.getGroups().stream())).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO requestedAccessPolicyRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicyId)); final AccessPolicy requestedAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); + final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId)); return entityFactory.createAccessPolicyEntity( dtoFactory.createAccessPolicyDto(requestedAccessPolicy, - requestedAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()), - requestedAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())), - revision, accessPolicy); + requestedAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), + requestedAccessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())), + requestedAccessPolicyRevision, accessPolicy); }); } @Override - public UserEntity getUser(final String userId, final boolean prune) { - return revisionManager.get(userId, rev -> { - final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); + public UserEntity getUser(final String userId) { + final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); + Set ids = Stream.concat(Stream.of(userId), userDAO.getUser(userId).getGroups().stream()).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); final User user = userDAO.getUser(userId); - final Set userGroups = user.getGroups().stream() - .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy); - }); - } - - private UserEntity getUserPruned(final String userId) { - return revisionManager.get(userId, rev -> { - final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); - final User user = userDAO.getUser(userId); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, Collections.emptySet()), revision, accessPolicy); + final Set userGroups = user.getGroups().stream() + .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy); }); } @Override - public Set getUsers(boolean prune) { - final Authorizable userAuthorizable = authorizableLookup.getTenantAuthorizable(); + public Set getUsers() { final Set users = userDAO.getUsers(); - final Set ids = users.stream().map(user -> user.getIdentifier()).collect(Collectors.toSet()); + final Set ids = users.stream().flatMap(user -> Stream.concat(Stream.of(user.getIdentifier()), user.getGroups().stream())).collect(Collectors.toSet()); return revisionManager.get(ids, () -> { return users.stream() .map(user -> { - final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier())); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userAuthorizable); - final Set userGroups = user.getGroups().stream() - .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy); - }) - .collect(Collectors.toSet()); + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier())); + final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); + final Set userGroups = user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy); + }).collect(Collectors.toSet()); }); } @Override - public UserGroupEntity getUserGroup(final String userGroupId, final boolean prune) { - return revisionManager.get(userGroupId, rev -> { - final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); + public UserGroupEntity getUserGroup(final String userGroupId) { + Set ids = Stream.concat(Stream.of(userGroupId), userGroupDAO.getUserGroup(userGroupId).getUsers().stream()).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId)); final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - final Set users = userGroup.getUsers().stream().map(userId -> prune ? getUserPruned(userId) : getUser(userId, false)).collect(Collectors.toSet()); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), - revision, accessPolicy); - }); - } - - private UserGroupEntity getUserGroupPruned(final String userGroupId) { - return revisionManager.get(userGroupId, rev -> { - final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); - final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, Collections.emptySet()), revision, accessPolicy); + final Set users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); }); } @Override - public Set getUserGroups(boolean prune) { + public Set getUserGroups() { final Authorizable userGroupAuthorizable = authorizableLookup.getTenantAuthorizable(); final Set userGroups = userGroupDAO.getUserGroups(); - final Set ids = userGroups.stream().map(userGroup -> userGroup.getIdentifier()).collect(Collectors.toSet()); + final Set ids = userGroups.stream().flatMap(userGroup -> Stream.concat(Stream.of(userGroup.getIdentifier()), userGroup.getUsers().stream())).collect(Collectors.toSet()); return revisionManager.get(ids, () -> { return userGroups.stream() .map(userGroup -> { - final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupAuthorizable); - final Set users = userGroup.getUsers().stream() - .map(userGroupId -> prune ? getUserPruned(userGroupId) : getUser(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), revision, accessPolicy); - }) - .collect(Collectors.toSet()); + final Set users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, accessPolicy); + }).collect(Collectors.toSet()); }); } @@ -2973,6 +2960,24 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { heartbeatMonitor.removeHeartbeat(nodeIdentifier); } + /* reusable function declarations for converting ids to tenant entities */ + private Function mapUserGroupIdToTenantEntity() { + return userGroupId -> { + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userGroupDAO.getUserGroup(userGroupId)), userGroupRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); + }; + } + + private Function mapUserIdToTenantEntity() { + return userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); + }; + } + + /* setters */ public void setProperties(final NiFiProperties properties) { this.properties = properties; @@ -3069,6 +3074,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { public void setAccessPolicyDAO(final AccessPolicyDAO accessPolicyDAO) { this.accessPolicyDAO = accessPolicyDAO; } + public void setClusterCoordinator(final ClusterCoordinator coordinator) { this.clusterCoordinator = coordinator; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java index 2c1129c622..6ccbeeea40 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java @@ -188,7 +188,7 @@ public class AccessPolicyResource extends ApplicationResource { } if (accessPolicyEntity.getRevision() == null || (accessPolicyEntity.getRevision().getVersion() == null || accessPolicyEntity.getRevision().getVersion() != 0)) { - throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor."); + throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Policy."); } if (accessPolicyEntity.getComponent().getId() != null) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java index 37b8c69268..5903b2d79b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java @@ -165,7 +165,7 @@ public class TenantsResource extends ApplicationResource { } if (userEntity.getRevision() == null || (userEntity.getRevision().getVersion() == null || userEntity.getRevision().getVersion() != 0)) { - throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor."); + throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User."); } if (userEntity.getComponent().getId() != null) { @@ -251,7 +251,7 @@ public class TenantsResource extends ApplicationResource { }); // get the user - final UserEntity entity = serviceFacade.getUser(id, true); + final UserEntity entity = serviceFacade.getUser(id); populateRemainingUserEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); @@ -298,7 +298,7 @@ public class TenantsResource extends ApplicationResource { }); // get all the users - final Set users = serviceFacade.getUsers(true); + final Set users = serviceFacade.getUsers(); // create the response entity final UsersEntity entity = new UsersEntity(); @@ -550,7 +550,7 @@ public class TenantsResource extends ApplicationResource { } if (userGroupEntity.getRevision() == null || (userGroupEntity.getRevision().getVersion() == null || userGroupEntity.getRevision().getVersion() != 0)) { - throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor."); + throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User Group."); } if (userGroupEntity.getComponent().getId() != null) { @@ -636,7 +636,7 @@ public class TenantsResource extends ApplicationResource { }); // get the user group - final UserGroupEntity entity = serviceFacade.getUserGroup(id, true); + final UserGroupEntity entity = serviceFacade.getUserGroup(id); populateRemainingUserGroupEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); @@ -683,7 +683,7 @@ public class TenantsResource extends ApplicationResource { }); // get all the user groups - final Set users = serviceFacade.getUserGroups(true); + final Set users = serviceFacade.getUserGroups(); // create the response entity final UserGroupsEntity entity = new UserGroupsEntity(); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java index 0bd275a9ca..80ea9c9634 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java @@ -139,8 +139,7 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusSnapshotDTO; import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO; import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusSnapshotDTO; import org.apache.nifi.web.api.entity.FlowBreadcrumbEntity; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.controller.ControllerFacade; import org.apache.nifi.web.revision.RevisionManager; @@ -691,7 +690,7 @@ public final class DtoFactory { * @param user user * @return dto */ - public UserDTO createUserDto(final User user, final Set groups) { + public UserDTO createUserDto(final User user, final Set groups) { if (user == null) { return null; } @@ -704,13 +703,31 @@ public final class DtoFactory { return dto; } + /** + * Creates a {@link TenantDTO} from the specified {@link User}. + * + * @param user user + * @return dto + */ + public TenantDTO createTenantDTO(User user) { + if (user == null) { + return null; + } + + final TenantDTO dto = new TenantDTO(); + dto.setId(user.getIdentifier()); + dto.setIdentity(user.getIdentity()); + + return dto; + } + /** * Creates a {@link UserGroupDTO} from the specified {@link Group}. * * @param userGroup user group * @return dto */ - public UserGroupDTO createUserGroupDto(final Group userGroup, Set users) { + public UserGroupDTO createUserGroupDto(final Group userGroup, Set users) { if (userGroup == null) { return null; } @@ -718,7 +735,25 @@ public final class DtoFactory { final UserGroupDTO dto = new UserGroupDTO(); dto.setId(userGroup.getIdentifier()); dto.setUsers(users); - dto.setName(userGroup.getName()); + dto.setIdentity(userGroup.getName()); + + return dto; + } + + /** + * Creates a {@link TenantDTO} from the specified {@link User}. + * + * @param userGroup user + * @return dto + */ + public TenantDTO createTenantDTO(Group userGroup) { + if (userGroup == null) { + return null; + } + + final TenantDTO dto = new TenantDTO(); + dto.setId(userGroup.getIdentifier()); + dto.setIdentity(userGroup.getName()); return dto; } @@ -1517,7 +1552,7 @@ public final class DtoFactory { return dto; } - public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set userGroups, Set users) { + public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set userGroups, Set users) { if (accessPolicy == null) { return null; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java index e1c183bad5..c530f41655 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java @@ -39,6 +39,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupEntity; import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity; import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.entity.SnippetEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.api.entity.UserEntity; import org.apache.nifi.web.api.entity.UserGroupEntity; @@ -162,6 +163,20 @@ public final class EntityFactory { return entity; } + public TenantEntity createTenantEntity(final TenantDTO dto, final RevisionDTO revsion, final AccessPolicyDTO accessPolicy) { + final TenantEntity entity = new TenantEntity(); + entity.setRevision(revsion); + if (dto != null) { + entity.setAccessPolicy(accessPolicy); + entity.setId(dto.getId()); + + if (accessPolicy != null && accessPolicy.getCanRead()) { + entity.setComponent(dto); + } + } + return entity; + } + public UserGroupEntity createUserGroupEntity(final UserGroupDTO dto, final RevisionDTO revision, final AccessPolicyDTO accessPolicy) { final UserGroupEntity entity = new UserGroupEntity(); entity.setRevision(revision); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java index ff5f20ed27..845d9f4110 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java @@ -33,8 +33,7 @@ import org.apache.nifi.web.api.dto.AccessPolicyDTO; import org.apache.nifi.web.api.dto.UserDTO; import org.apache.nifi.web.api.dto.UserGroupDTO; import org.apache.nifi.web.api.entity.ComponentEntity; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.dao.AccessPolicyDAO; import org.apache.nifi.web.dao.UserDAO; import org.apache.nifi.web.dao.UserGroupDAO; @@ -182,8 +181,8 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } private AccessPolicy buildAccessPolicy(final String identifier, final AccessPolicyDTO accessPolicyDTO) { - final Set userGroups = accessPolicyDTO.getUserGroups(); - final Set users = accessPolicyDTO.getUsers(); + final Set userGroups = accessPolicyDTO.getUserGroups(); + final Set users = accessPolicyDTO.getUsers(); final AccessPolicy.Builder builder = new AccessPolicy.Builder() .identifier(identifier) .resource(accessPolicyDTO.getResource()); @@ -237,8 +236,8 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } private Group buildUserGroup(final String identifier, final UserGroupDTO userGroupDTO) { - final Set users = userGroupDTO.getUsers(); - final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getName()); + final Set users = userGroupDTO.getUsers(); + final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getIdentity()); if (users != null) { builder.addUsers(users.stream().map(ComponentEntity::getId).collect(Collectors.toSet())); } @@ -280,7 +279,7 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } private User buildUser(final String identifier, final UserDTO userDTO) { - final Set groups = userDTO.getUserGroups(); + final Set groups = userDTO.getUserGroups(); final User.Builder builder = new User.Builder().identifier(identifier).identity(userDTO.getIdentity()); if (groups != null) { builder.addGroups(groups.stream().map(ComponentEntity::getId).collect(Collectors.toSet())); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy index bfffd26110..78e9084738 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy @@ -26,6 +26,7 @@ import org.apache.nifi.web.ResourceNotFoundException import org.apache.nifi.web.api.dto.AccessPolicyDTO import org.apache.nifi.web.api.dto.UserDTO import org.apache.nifi.web.api.dto.UserGroupDTO +import org.apache.nifi.web.api.entity.TenantEntity import org.apache.nifi.web.api.entity.UserEntity import org.apache.nifi.web.api.entity.UserGroupEntity import spock.lang.Specification @@ -46,7 +47,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { method | daoMethod 'createAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) } 'createUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUser(new UserDTO(id: '1', identity: 'a')) } - 'createUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', name: 'a')) } + 'createUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', identity: 'a')) } 'deleteAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteAccessPolicy('1') } 'deleteUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUser('1') } 'deleteUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUserGroup('1') } @@ -58,7 +59,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { 'hasUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).hasUserGroup('1') } 'updateAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) } 'updateUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUser(new UserDTO(id: '1', identity: 'a')) } - 'updateUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', name: 'a')) } + 'updateUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', identity: 'a')) } } @Unroll @@ -89,8 +90,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.createAccessPolicy(requestDTO) @@ -151,8 +152,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.updateAccessPolicy(requestDTO) @@ -176,8 +177,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: dao.updateAccessPolicy(requestDTO) @@ -249,7 +250,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: def result = dao.createUserGroup(requestDTO) @@ -325,7 +326,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: def result = dao.updateUserGroup(requestDTO) @@ -346,7 +347,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: dao.updateUserGroup(requestDTO) @@ -416,7 +417,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.createUser(requestDTO) @@ -492,7 +493,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.updateUser(requestDTO) @@ -513,7 +514,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: dao.updateUser(requestDTO)