Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-2486: - Authorizing individual bulletins being returned through the bulletin board. 

This closes #792

Signed-off-by: jpercivall <joepercivall@yahoo.com>
This commit is contained in:
Matt Gilman 2016-08-04 17:43:52 -04:00 committed by jpercivall
parent 04147ac22a
commit c0a253568e
3 changed files with 102 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
View File

@ -2184,6 +2184,47 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return controllerFacade.getProcessorStatusHistory(id); return controllerFacade.getProcessorStatusHistory(id);
} }
private boolean authorizeBulletin(final Bulletin bulletin) {
final String sourceId = bulletin.getSourceId();
final ComponentType type = bulletin.getSourceType();
final Authorizable authorizable;
try {
switch (type) {
case PROCESSOR:
authorizable = authorizableLookup.getProcessor(sourceId);
break;
case REPORTING_TASK:
authorizable = authorizableLookup.getReportingTask(sourceId);
break;
case CONTROLLER_SERVICE:
authorizable = authorizableLookup.getControllerService(sourceId);
break;
case FLOW_CONTROLLER:
authorizable = controllerFacade;
break;
case INPUT_PORT:
authorizable = authorizableLookup.getInputPort(sourceId);
break;
case OUTPUT_PORT:
authorizable = authorizableLookup.getOutputPort(sourceId);
break;
case REMOTE_PROCESS_GROUP:
authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
break;
default:
throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this bulletin.").build());
}
} catch (final ResourceNotFoundException e) {
// if the underlying component is gone, disallow
return false;
}
// perform the authorization
final AuthorizationResult result = authorizable.checkAuthorization(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
return Result.Approved.equals(result.getResult());
}
@Override @Override
public BulletinBoardDTO getBulletinBoard(final BulletinQueryDTO query) { public BulletinBoardDTO getBulletinBoard(final BulletinQueryDTO query) {
// build the query // build the query
@ -2203,7 +2244,18 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// exact results we want but in reverse order // exact results we want but in reverse order
final List<BulletinDTO> bulletins = new ArrayList<>(); final List<BulletinDTO> bulletins = new ArrayList<>();
for (final ListIterator<Bulletin> bulletinIter = results.listIterator(results.size()); bulletinIter.hasPrevious(); ) { for (final ListIterator<Bulletin> bulletinIter = results.listIterator(results.size()); bulletinIter.hasPrevious(); ) {
bulletins.add(dtoFactory.createBulletinDto(bulletinIter.previous())); final Bulletin bulletin = bulletinIter.previous();
if (authorizeBulletin(bulletin)) {
bulletins.add(dtoFactory.createBulletinDto(bulletin));
} else {
final BulletinDTO bulletinDTO = new BulletinDTO();
bulletinDTO.setTimestamp(bulletin.getTimestamp());
bulletinDTO.setId(bulletin.getId());
bulletinDTO.setSourceId(bulletin.getSourceId());
bulletinDTO.setGroupId(bulletin.getGroupId());
bulletins.add(bulletinDTO);
}
} }
// create the bulletin board // create the bulletin board

8
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java
View File

@ -820,7 +820,10 @@ public class FlowResource extends ApplicationResource {
value = "Retrieves Controller level bulletins", value = "Retrieves Controller level bulletins",
response = ControllerBulletinsEntity.class, response = ControllerBulletinsEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Read - /flow", type = "") @Authorization(value = "Read - /flow", type = ""),
@Authorization(value = "Read - /controller - For controller bulletins", type = ""),
@Authorization(value = "Read - /controller-services/{uuid} - For controller service bulletins", type = ""),
@Authorization(value = "Read - /reporting-tasks/{uuid} - For reporting task bulletins", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -1113,7 +1116,8 @@ public class FlowResource extends ApplicationResource {
value = "Gets current bulletins", value = "Gets current bulletins",
response = BulletinBoardEntity.class, response = BulletinBoardEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Read - /flow", type = "") @Authorization(value = "Read - /flow", type = ""),
@Authorization(value = "Read - /{component-type}/{uuid} - For component specific bulletins", type = "")
} }
) )
@ApiResponses( @ApiResponses(

84
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/bulletin-board/nf-bulletin-board.js
View File

@ -355,50 +355,52 @@ nf.ng.BulletinBoardCtrl = function (serviceProvider) {
// append each bulletin // append each bulletin
$.each(bulletins, function (i, bulletin) { $.each(bulletins, function (i, bulletin) {
// format the severity if (!nf.Common.isBlank(bulletin.level)) {
var severityStyle = 'bulletin-normal'; // format the severity
if (bulletin.level === 'ERROR') { var severityStyle = 'bulletin-normal';
severityStyle = 'bulletin-error'; if (bulletin.level === 'ERROR') {
} else if (bulletin.level === 'WARN' || bulletin.level === 'WARNING') { severityStyle = 'bulletin-error';
severityStyle = 'bulletin-warn'; } else if (bulletin.level === 'WARN' || bulletin.level === 'WARNING') {
} severityStyle = 'bulletin-warn';
// format the source id
var source;
if (nf.Common.isDefinedAndNotNull(bulletin.sourceId) && nf.Common.isDefinedAndNotNull(bulletin.groupId) && top !== window) {
source = $('<div class="bulletin-source bulletin-link"></div>').text(bulletin.sourceId).on('click', function () {
goToSource(bulletin.groupId, bulletin.sourceId);
});
} else {
var sourceId = bulletin.sourceId;
if (nf.Common.isUndefined(sourceId) || nf.Common.isNull(sourceId)) {
sourceId = '';
} }
source = $('<div class="bulletin-source"></div>').text(sourceId);
// format the source id
var source;
if (nf.Common.isDefinedAndNotNull(bulletin.sourceId) && nf.Common.isDefinedAndNotNull(bulletin.groupId) && top !== window) {
source = $('<div class="bulletin-source bulletin-link"></div>').text(bulletin.sourceId).on('click', function () {
goToSource(bulletin.groupId, bulletin.sourceId);
});
} else {
var sourceId = bulletin.sourceId;
if (nf.Common.isUndefined(sourceId) || nf.Common.isNull(sourceId)) {
sourceId = '';
}
source = $('<div class="bulletin-source"></div>').text(sourceId);
}
// build the markup for this bulletin
var bulletinMarkup = $('<div class="bulletin"></div>');
// build the markup for this bulletins info
var bulletinInfoMarkup = $('<div class="bulletin-info"></div>').appendTo(bulletinMarkup);
$('<div class="bulletin-timestamp"></div>').text(bulletin.timestamp).appendTo(bulletinInfoMarkup);
$('<div class="bulletin-severity"></div>').addClass(severityStyle).text(bulletin.level).appendTo(bulletinInfoMarkup);
source.appendTo(bulletinInfoMarkup);
$('<div class="clear"></div>').appendTo(bulletinInfoMarkup);
// format the node address if applicable
if (nf.Common.isDefinedAndNotNull(bulletin.nodeAddress)) {
$('<div class="bulletin-node"></div>').text(bulletin.nodeAddress).appendTo(bulletinMarkup);
}
// add the bulletin message (treat as text)
$('<pre class="bulletin-message"></pre>').text(bulletin.message).appendTo(bulletinMarkup);
$('<div class="clear"></div>').appendTo(bulletinMarkup);
// append the content
content.push(bulletinMarkup.get(0));
} }
// build the markup for this bulletin
var bulletinMarkup = $('<div class="bulletin"></div>');
// build the markup for this bulletins info
var bulletinInfoMarkup = $('<div class="bulletin-info"></div>').appendTo(bulletinMarkup);
$('<div class="bulletin-timestamp"></div>').text(bulletin.timestamp).appendTo(bulletinInfoMarkup);
$('<div class="bulletin-severity"></div>').addClass(severityStyle).text(bulletin.level).appendTo(bulletinInfoMarkup);
source.appendTo(bulletinInfoMarkup);
$('<div class="clear"></div>').appendTo(bulletinInfoMarkup);
// format the node address if applicable
if (nf.Common.isDefinedAndNotNull(bulletin.nodeAddress)) {
$('<div class="bulletin-node"></div>').text(bulletin.nodeAddress).appendTo(bulletinMarkup);
}
// add the bulletin message (treat as text)
$('<pre class="bulletin-message"></pre>').text(bulletin.message).appendTo(bulletinMarkup);
$('<div class="clear"></div>').appendTo(bulletinMarkup);
// append the content
content.push(bulletinMarkup.get(0));
// record the id of the last bulletin in this request // record the id of the last bulletin in this request
if (i + 1 === bulletins.length) { if (i + 1 === bulletins.length) {
lastBulletin = bulletin.id; lastBulletin = bulletin.id;