From 2d927c8cdfcd5cc45e9ac3098c4a17d8d5f11ffa Mon Sep 17 00:00:00 2001 From: Jeff Storck Date: Mon, 27 Jun 2016 19:49:34 -0400 Subject: [PATCH] NIFI-1952 Update to revision-locking for users and groups Adding user and group summary objects (TenantEntity) Fixed ComponentEntity JSON mapping issues when the id field is null --- .../nifi/web/api/dto/AccessPolicyDTO.java | 15 +- .../apache/nifi/web/api/dto/TenantDTO.java | 43 +++++ .../org/apache/nifi/web/api/dto/UserDTO.java | 25 +-- .../apache/nifi/web/api/dto/UserGroupDTO.java | 28 +-- .../nifi/web/api/entity/ComponentEntity.java | 5 +- .../nifi/web/api/entity/TenantEntity.java | 43 +++++ .../apache/nifi/web/NiFiServiceFacade.java | 12 +- .../nifi/web/StandardNiFiServiceFacade.java | 178 ++++++++++-------- .../apache/nifi/web/api/TenantsResource.java | 8 +- .../apache/nifi/web/api/dto/DtoFactory.java | 47 ++++- .../nifi/web/api/dto/EntityFactory.java | 15 ++ .../StandardPolicyBasedAuthorizerDAO.java | 13 +- ...tandardPolicyBasedAuthorizerDAOSpec.groovy | 29 +-- 13 files changed, 289 insertions(+), 172 deletions(-) create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java index cd728638ad83..3f99556a1e81 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java @@ -17,8 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -30,8 +29,8 @@ public class AccessPolicyDTO extends ComponentDTO { private String resource; - private Set users; - private Set userGroups; + private Set users; + private Set userGroups; private Boolean canRead; private Boolean canWrite; @@ -81,11 +80,11 @@ public void setResource(String resource) { * @return The set of user IDs associated with this access policy. */ @ApiModelProperty(value = "The set of user IDs associated with this access policy.") - public Set getUsers() { + public Set getUsers() { return users; } - public void setUsers(Set users) { + public void setUsers(Set users) { this.users = users; } @@ -93,11 +92,11 @@ public void setUsers(Set users) { * @return The set of user group IDs associated with this access policy. */ @ApiModelProperty(value = "The set of user group IDs associated with this access policy.") - public Set getUserGroups() { + public Set getUserGroups() { return userGroups; } - public void setUserGroups(Set userGroups) { + public void setUserGroups(Set userGroups) { this.userGroups = userGroups; } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java new file mode 100644 index 000000000000..7915ae479131 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.dto; + +import com.wordnik.swagger.annotations.ApiModelProperty; + +import javax.xml.bind.annotation.XmlType; + +/** + * A tenant of this NiFi. + */ +@XmlType(name = "tenant") +public class TenantDTO extends ComponentDTO { + private String identity; + + /** + * @return tenant's identity + */ + @ApiModelProperty(value = "The identity of the tenant.") + public String getIdentity() { + return identity; + } + + public void setIdentity(String identity) { + this.identity = identity; + } + + +} diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java index 0d2ecde8458e..52da60836313 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java @@ -17,7 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -26,34 +26,19 @@ * A user of this NiFi. */ @XmlType(name = "user") -public class UserDTO extends ComponentDTO { +public class UserDTO extends TenantDTO { - private String identity; - private Set userGroups; - - /** - * @return users identity - */ - @ApiModelProperty( - value = "The identity of the user." - ) - public String getIdentity() { - return identity; - } - - public void setIdentity(String identity) { - this.identity = identity; - } + private Set userGroups; /** * @return groups to which the user belongs */ @ApiModelProperty(value = "The groups to which the user belongs.") - public Set getUserGroups() { + public Set getUserGroups() { return userGroups; } - public void setUserGroups(Set userGroups) { + public void setUserGroups(Set userGroups) { this.userGroups = userGroups; } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java index bd06368afc11..f167f9131a75 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java @@ -17,7 +17,7 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import org.apache.nifi.web.api.entity.UserEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import javax.xml.bind.annotation.XmlType; import java.util.Set; @@ -26,35 +26,19 @@ * A user group in this NiFi. */ @XmlType(name = "userGroup") -public class UserGroupDTO extends ComponentDTO { +public class UserGroupDTO extends TenantDTO { - private String name; - private Set users; + private Set users; /** * @return users in this group */ - @ApiModelProperty( - value = "The users that belong to the user group." - ) - public Set getUsers() { + @ApiModelProperty(value = "The users that belong to the user group.") + public Set getUsers() { return users; } - public void setUsers(Set users) { + public void setUsers(Set users) { this.users = users; } - - /** - * - * @return name of the user group - */ - @ApiModelProperty(value = "The name of the user group.") - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java index fbeeb7f54cbb..6d6b02246153 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java @@ -24,6 +24,7 @@ import javax.xml.bind.annotation.XmlRootElement; import java.util.List; +import java.util.Objects; /** * A base type for request/response entities. @@ -117,7 +118,7 @@ public void setBulletins(List bulletins) { @Override public int hashCode() { - return id.hashCode(); + return Objects.hash(id); } @Override @@ -134,6 +135,6 @@ public boolean equals(Object obj) { return false; } - return id.equals(((ComponentEntity) obj).getId()); + return Objects.equals(id, ((ComponentEntity)obj).id); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java new file mode 100644 index 000000000000..02d67f016faf --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import org.apache.nifi.web.api.dto.TenantDTO; + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a TenantDTO. + */ +@XmlRootElement(name = "tenantEntity") +public class TenantEntity extends ComponentEntity { + + private TenantDTO component; + + /** + * The {@link TenantDTO} that is being serialized. + * + * @return The {@link TenantDTO} object + */ + public TenantDTO getComponent() { + return component; + } + + public void setComponent(TenantDTO component) { + this.component = component; + } +} diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java index 6eaa8d06cae7..40361efcd7ba 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java @@ -1215,17 +1215,15 @@ public interface NiFiServiceFacade { /** * Gets the user with the specified ID. * @param userId The user ID - * @param prune If true, the users in the groups to which this user belongs will not be returned * @return The user transfer object */ - UserEntity getUser(String userId, boolean prune); + UserEntity getUser(String userId); /** * Gets all the users. - * @param prune If true, the users in the groups to which the users belong will not be returned * @return The user transfer objects */ - Set getUsers(boolean prune); + Set getUsers(); /** * Updates the specified user. @@ -1257,17 +1255,15 @@ public interface NiFiServiceFacade { /** * Gets the user group with the specified ID. * @param userGroupId The user group ID - * @param prune If true, the user groups of the users in this user group will not be returned * @return The user group transfer object */ - UserGroupEntity getUserGroup(String userGroupId, boolean prune); + UserGroupEntity getUserGroup(String userGroupId); /** * Gets all user groups. - * @param prune If true, the user groups of the users in the user groups will not be returned * @return The user group transfer objects */ - Set getUserGroups(boolean prune); + Set getUserGroups(); /** * Updates the specified user group. diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java index 4373472aba51..bd835b66ffa9 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java @@ -156,6 +156,7 @@ import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.entity.ScheduleComponentsEntity; import org.apache.nifi.web.api.entity.SnippetEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.api.entity.UserEntity; import org.apache.nifi.web.api.entity.UserGroupEntity; import org.apache.nifi.web.controller.ControllerFacade; @@ -193,7 +194,6 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; @@ -208,12 +208,14 @@ import java.util.function.Function; import java.util.function.Supplier; import java.util.stream.Collectors; +import java.util.stream.Stream; /** * Implementation of NiFiServiceFacade that performs revision checking. */ public class StandardNiFiServiceFacade implements NiFiServiceFacade { private static final Logger logger = LoggerFactory.getLogger(StandardNiFiServiceFacade.class); + private static final String NON_ZERO_STARTING_REVISION = "The revision must start at 0."; // nifi core components private ControllerFacade controllerFacade; @@ -524,8 +526,8 @@ public AccessPolicyEntity updateAccessPolicy(final Revision revision, final Acce accessPolicyAuthorizable, () -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO), accessPolicy -> { - final Set users = accessPolicy.getUsers().stream().map(userId -> getUser(userId, true) ).collect(Collectors.toSet()); - final Set userGroups = accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true) ).collect(Collectors.toSet()); + final Set users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + final Set userGroups = accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users); }); @@ -539,7 +541,7 @@ public UserEntity updateUser(final Revision revision, final UserDTO userDTO) { final RevisionUpdate snapshot = updateComponent(revision, usersAuthorizable, () -> userDAO.updateUser(userDTO), - user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()))); + user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()))); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy); @@ -551,7 +553,7 @@ public UserGroupEntity updateUserGroup(final Revision revision, final UserGroupD final RevisionUpdate snapshot = updateComponent(revision, userGroupsAuthorizable, () -> userGroupDAO.updateUserGroup(userGroupDTO), - userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()))); + userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()))); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy); @@ -832,9 +834,9 @@ public ControllerConfigurationEntity updateControllerConfiguration(final Revisio controllerFacade.setMaxEventDrivenThreadCount(controllerConfigurationDTO.getMaxEventDrivenThreadCount()); } - return controllerConfigurationDTO; - }, - controller -> dtoFactory.createControllerConfigurationDto(controllerFacade)); + return controllerConfigurationDTO; + }, + controller -> dtoFactory.createControllerConfigurationDto(controllerFacade)); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade); final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(updatedComponent.getLastModification()); @@ -859,7 +861,7 @@ public NodeDTO updateNode(final NodeDTO nodeDTO) { clusterCoordinator.requestNodeConnect(nodeId, userDn); } else if (NodeConnectionState.DISCONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) { clusterCoordinator.requestNodeDisconnect(nodeId, DisconnectionCode.USER_DISCONNECTED, - "User " + userDn + " requested that node be disconnected from cluster"); + "User " + userDn + " requested that node be disconnected from cluster"); } return getNode(nodeId); @@ -982,7 +984,7 @@ public LabelEntity deleteLabel(final Revision revision, final String labelId) { @Override public UserEntity deleteUser(final Revision revision, final String userId) { final User user = userDAO.getUser(userId); - final Set userGroups = user != null ? user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null; + final Set userGroups = user != null ? user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null; final UserDTO snapshot = deleteComponent( revision, authorizableLookup.getTenantAuthorizable(), @@ -995,7 +997,8 @@ public UserEntity deleteUser(final Revision revision, final String userId) { @Override public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) { final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - final Set users = userGroup != null ? userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : + final Set users = userGroup != null ? userGroup.getUsers().stream() + .map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final UserGroupDTO snapshot = deleteComponent( revision, @@ -1009,8 +1012,8 @@ public UserGroupEntity deleteUserGroup(final Revision revision, final String use @Override public AccessPolicyEntity deleteAccessPolicy(final Revision revision, final String accessPolicyId) { final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); - final Set userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null; - final Set users = accessPolicy != null ? accessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : null; + final Set userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null; + final Set users = accessPolicy != null ? accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final AccessPolicyDTO snapshot = deleteComponent( revision, authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId), @@ -1267,11 +1270,20 @@ public FunnelEntity createFunnel(final Revision revision, final String groupId, @Override public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) { + // TODO read lock on users and groups (and resource+action?) while the policy is being created? + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); + if (revision.getVersion() != 0) { + throw new IllegalArgumentException(NON_ZERO_STARTING_REVISION); + } final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO); final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, - newAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()), - newAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())); + newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), + newAccessPolicy.getUsers().stream().map(userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(tenantAuthorizable)); + }).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(newAccessPolicy.getIdentifier())); return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -1279,9 +1291,14 @@ public AccessPolicyEntity createAccessPolicy(final Revision revision, final Acce @Override public UserEntity createUser(final Revision revision, final UserDTO userDTO) { + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); + if (revision.getVersion() != 0) { + throw new IllegalArgumentException(NON_ZERO_STARTING_REVISION); + } final User newUser = userDAO.createUser(userDTO); - final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet())); + final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream() + .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -1289,12 +1306,18 @@ public UserEntity createUser(final Revision revision, final UserDTO userDTO) { @Override public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) { + final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable(); final String creator = NiFiUserUtils.getNiFiUserName(); if (revision.getVersion() != 0) { - throw new IllegalArgumentException("The revision must start at 0."); + throw new IllegalArgumentException(NON_ZERO_STARTING_REVISION); } final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO); - final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())); + final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream() + .map(userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(tenantAuthorizable)); + }).collect(Collectors.toSet())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy); @@ -2338,101 +2361,75 @@ public FlowConfigurationEntity getFlowConfiguration() { @Override public AccessPolicyEntity getAccessPolicy(final String accessPolicyId) { - return revisionManager.get(accessPolicyId, rev -> { - final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable); + AccessPolicy preRevisionRequestAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); + Set ids = Stream.concat(Stream.of(accessPolicyId), + Stream.concat(preRevisionRequestAccessPolicy.getUsers().stream(), preRevisionRequestAccessPolicy.getGroups().stream())).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO requestedAccessPolicyRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicyId)); final AccessPolicy requestedAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId); + final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId)); return entityFactory.createAccessPolicyEntity( dtoFactory.createAccessPolicyDto(requestedAccessPolicy, - requestedAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()), - requestedAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())), - revision, accessPolicy); + requestedAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), + requestedAccessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())), + requestedAccessPolicyRevision, accessPolicy); }); } @Override - public UserEntity getUser(final String userId, final boolean prune) { - return revisionManager.get(userId, rev -> { - final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); - final User user = userDAO.getUser(userId); - final Set userGroups = user.getGroups().stream() - .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy); - }); - } - - private UserEntity getUserPruned(final String userId) { - return revisionManager.get(userId, rev -> { - final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); + public UserEntity getUser(final String userId) { + final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable(); + Set ids = Stream.concat(Stream.of(userId), userDAO.getUser(userId).getGroups().stream()).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable); final User user = userDAO.getUser(userId); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, Collections.emptySet()), revision, accessPolicy); + final Set userGroups = user.getGroups().stream() + .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy); }); } @Override - public Set getUsers(boolean prune) { - final Authorizable userAuthorizable = authorizableLookup.getTenantAuthorizable(); + public Set getUsers() { final Set users = userDAO.getUsers(); - final Set ids = users.stream().map(user -> user.getIdentifier()).collect(Collectors.toSet()); + final Set ids = users.stream().flatMap(user -> Stream.concat(Stream.of(user.getIdentifier()), user.getGroups().stream())).collect(Collectors.toSet()); return revisionManager.get(ids, () -> { return users.stream() .map(user -> { - final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier())); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userAuthorizable); - final Set userGroups = user.getGroups().stream() - .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy); - }) - .collect(Collectors.toSet()); + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier())); + final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()); + final Set userGroups = user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy); + }).collect(Collectors.toSet()); }); } @Override - public UserGroupEntity getUserGroup(final String userGroupId, final boolean prune) { - return revisionManager.get(userGroupId, rev -> { - final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); - final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - final Set users = userGroup.getUsers().stream().map(userId -> prune ? getUserPruned(userId) : getUser(userId, false)).collect(Collectors.toSet()); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), - revision, accessPolicy); - }); - } - - private UserGroupEntity getUserGroupPruned(final String userGroupId) { - return revisionManager.get(userGroupId, rev -> { - final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable(); - final RevisionDTO revision = dtoFactory.createRevisionDTO(rev); - final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable); + public UserGroupEntity getUserGroup(final String userGroupId) { + Set ids = Stream.concat(Stream.of(userGroupId), userGroupDAO.getUserGroup(userGroupId).getUsers().stream()).collect(Collectors.toSet()); + return revisionManager.get(ids, () -> { + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId)); final Group userGroup = userGroupDAO.getUserGroup(userGroupId); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, Collections.emptySet()), revision, accessPolicy); + final Set users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); }); } @Override - public Set getUserGroups(boolean prune) { + public Set getUserGroups() { final Authorizable userGroupAuthorizable = authorizableLookup.getTenantAuthorizable(); final Set userGroups = userGroupDAO.getUserGroups(); - final Set ids = userGroups.stream().map(userGroup -> userGroup.getIdentifier()).collect(Collectors.toSet()); + final Set ids = userGroups.stream().flatMap(userGroup -> Stream.concat(Stream.of(userGroup.getIdentifier()), userGroup.getUsers().stream())).collect(Collectors.toSet()); return revisionManager.get(ids, () -> { return userGroups.stream() .map(userGroup -> { - final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupAuthorizable); - final Set users = userGroup.getUsers().stream() - .map(userGroupId -> prune ? getUserPruned(userGroupId) : getUser(userGroupId, false)) - .collect(Collectors.toSet()); - return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), revision, accessPolicy); - }) - .collect(Collectors.toSet()); + final Set users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); + return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, accessPolicy); + }).collect(Collectors.toSet()); }); } @@ -2973,6 +2970,24 @@ public void deleteNode(final String nodeId) { heartbeatMonitor.removeHeartbeat(nodeIdentifier); } + /* reusable function declarations for converting ids to tenant entities */ + private Function mapUserGroupIdToTenantEntity() { + return userGroupId -> { + final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userGroupDAO.getUserGroup(userGroupId)), userGroupRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); + }; + } + + private Function mapUserIdToTenantEntity() { + return userId -> { + final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); + return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, + dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable())); + }; + } + + /* setters */ public void setProperties(final NiFiProperties properties) { this.properties = properties; @@ -3069,6 +3084,7 @@ public void setUserGroupDAO(final UserGroupDAO userGroupDAO) { public void setAccessPolicyDAO(final AccessPolicyDAO accessPolicyDAO) { this.accessPolicyDAO = accessPolicyDAO; } + public void setClusterCoordinator(final ClusterCoordinator coordinator) { this.clusterCoordinator = coordinator; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java index 37b8c692680f..6e4eb6af26cf 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java @@ -251,7 +251,7 @@ public Response getUser( }); // get the user - final UserEntity entity = serviceFacade.getUser(id, true); + final UserEntity entity = serviceFacade.getUser(id); populateRemainingUserEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); @@ -298,7 +298,7 @@ public Response getUsers() { }); // get all the users - final Set users = serviceFacade.getUsers(true); + final Set users = serviceFacade.getUsers(); // create the response entity final UsersEntity entity = new UsersEntity(); @@ -636,7 +636,7 @@ public Response getUserGroup( }); // get the user group - final UserGroupEntity entity = serviceFacade.getUserGroup(id, true); + final UserGroupEntity entity = serviceFacade.getUserGroup(id); populateRemainingUserGroupEntityContent(entity); return clusterContext(generateOkResponse(entity)).build(); @@ -683,7 +683,7 @@ public Response getUserGroups() { }); // get all the user groups - final Set users = serviceFacade.getUserGroups(true); + final Set users = serviceFacade.getUserGroups(); // create the response entity final UserGroupsEntity entity = new UserGroupsEntity(); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java index 0bd275a9caff..80ea9c963414 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java @@ -139,8 +139,7 @@ import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO; import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusSnapshotDTO; import org.apache.nifi.web.api.entity.FlowBreadcrumbEntity; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.controller.ControllerFacade; import org.apache.nifi.web.revision.RevisionManager; @@ -691,7 +690,7 @@ public LabelDTO createLabelDto(final Label label) { * @param user user * @return dto */ - public UserDTO createUserDto(final User user, final Set groups) { + public UserDTO createUserDto(final User user, final Set groups) { if (user == null) { return null; } @@ -704,13 +703,31 @@ public UserDTO createUserDto(final User user, final Set groups) return dto; } + /** + * Creates a {@link TenantDTO} from the specified {@link User}. + * + * @param user user + * @return dto + */ + public TenantDTO createTenantDTO(User user) { + if (user == null) { + return null; + } + + final TenantDTO dto = new TenantDTO(); + dto.setId(user.getIdentifier()); + dto.setIdentity(user.getIdentity()); + + return dto; + } + /** * Creates a {@link UserGroupDTO} from the specified {@link Group}. * * @param userGroup user group * @return dto */ - public UserGroupDTO createUserGroupDto(final Group userGroup, Set users) { + public UserGroupDTO createUserGroupDto(final Group userGroup, Set users) { if (userGroup == null) { return null; } @@ -718,7 +735,25 @@ public UserGroupDTO createUserGroupDto(final Group userGroup, Set us final UserGroupDTO dto = new UserGroupDTO(); dto.setId(userGroup.getIdentifier()); dto.setUsers(users); - dto.setName(userGroup.getName()); + dto.setIdentity(userGroup.getName()); + + return dto; + } + + /** + * Creates a {@link TenantDTO} from the specified {@link User}. + * + * @param userGroup user + * @return dto + */ + public TenantDTO createTenantDTO(Group userGroup) { + if (userGroup == null) { + return null; + } + + final TenantDTO dto = new TenantDTO(); + dto.setId(userGroup.getIdentifier()); + dto.setIdentity(userGroup.getName()); return dto; } @@ -1517,7 +1552,7 @@ private FlowBreadcrumbDTO createBreadcrumbDto(final ProcessGroup group) { return dto; } - public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set userGroups, Set users) { + public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set userGroups, Set users) { if (accessPolicy == null) { return null; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java index e1c183bad598..c530f4165557 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java @@ -39,6 +39,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity; import org.apache.nifi.web.api.entity.ReportingTaskEntity; import org.apache.nifi.web.api.entity.SnippetEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.api.entity.UserEntity; import org.apache.nifi.web.api.entity.UserGroupEntity; @@ -162,6 +163,20 @@ public UserEntity createUserEntity(final UserDTO dto, final RevisionDTO revision return entity; } + public TenantEntity createTenantEntity(final TenantDTO dto, final RevisionDTO revsion, final AccessPolicyDTO accessPolicy) { + final TenantEntity entity = new TenantEntity(); + entity.setRevision(revsion); + if (dto != null) { + entity.setAccessPolicy(accessPolicy); + entity.setId(dto.getId()); + + if (accessPolicy != null && accessPolicy.getCanRead()) { + entity.setComponent(dto); + } + } + return entity; + } + public UserGroupEntity createUserGroupEntity(final UserGroupDTO dto, final RevisionDTO revision, final AccessPolicyDTO accessPolicy) { final UserGroupEntity entity = new UserGroupEntity(); entity.setRevision(revision); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java index ff5f20ed279b..845d9f41105b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java @@ -33,8 +33,7 @@ import org.apache.nifi.web.api.dto.UserDTO; import org.apache.nifi.web.api.dto.UserGroupDTO; import org.apache.nifi.web.api.entity.ComponentEntity; -import org.apache.nifi.web.api.entity.UserEntity; -import org.apache.nifi.web.api.entity.UserGroupEntity; +import org.apache.nifi.web.api.entity.TenantEntity; import org.apache.nifi.web.dao.AccessPolicyDAO; import org.apache.nifi.web.dao.UserDAO; import org.apache.nifi.web.dao.UserGroupDAO; @@ -182,8 +181,8 @@ public AccessPolicy deleteAccessPolicy(final String accessPolicyId) { } private AccessPolicy buildAccessPolicy(final String identifier, final AccessPolicyDTO accessPolicyDTO) { - final Set userGroups = accessPolicyDTO.getUserGroups(); - final Set users = accessPolicyDTO.getUsers(); + final Set userGroups = accessPolicyDTO.getUserGroups(); + final Set users = accessPolicyDTO.getUsers(); final AccessPolicy.Builder builder = new AccessPolicy.Builder() .identifier(identifier) .resource(accessPolicyDTO.getResource()); @@ -237,8 +236,8 @@ public Group deleteUserGroup(final String userGroupId) { } private Group buildUserGroup(final String identifier, final UserGroupDTO userGroupDTO) { - final Set users = userGroupDTO.getUsers(); - final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getName()); + final Set users = userGroupDTO.getUsers(); + final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getIdentity()); if (users != null) { builder.addUsers(users.stream().map(ComponentEntity::getId).collect(Collectors.toSet())); } @@ -280,7 +279,7 @@ public User deleteUser(final String userId) { } private User buildUser(final String identifier, final UserDTO userDTO) { - final Set groups = userDTO.getUserGroups(); + final Set groups = userDTO.getUserGroups(); final User.Builder builder = new User.Builder().identifier(identifier).identity(userDTO.getIdentity()); if (groups != null) { builder.addGroups(groups.stream().map(ComponentEntity::getId).collect(Collectors.toSet())); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy index bfffd261106e..78e908473809 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy @@ -26,6 +26,7 @@ import org.apache.nifi.web.ResourceNotFoundException import org.apache.nifi.web.api.dto.AccessPolicyDTO import org.apache.nifi.web.api.dto.UserDTO import org.apache.nifi.web.api.dto.UserGroupDTO +import org.apache.nifi.web.api.entity.TenantEntity import org.apache.nifi.web.api.entity.UserEntity import org.apache.nifi.web.api.entity.UserGroupEntity import spock.lang.Specification @@ -46,7 +47,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { method | daoMethod 'createAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) } 'createUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUser(new UserDTO(id: '1', identity: 'a')) } - 'createUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', name: 'a')) } + 'createUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', identity: 'a')) } 'deleteAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteAccessPolicy('1') } 'deleteUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUser('1') } 'deleteUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUserGroup('1') } @@ -58,7 +59,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { 'hasUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).hasUserGroup('1') } 'updateAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) } 'updateUser' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUser(new UserDTO(id: '1', identity: 'a')) } - 'updateUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', name: 'a')) } + 'updateUserGroup' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', identity: 'a')) } } @Unroll @@ -89,8 +90,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.createAccessPolicy(requestDTO) @@ -151,8 +152,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.updateAccessPolicy(requestDTO) @@ -176,8 +177,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true, canWrite: true, - users: [new UserEntity(id: 'user-id-1')] as Set, - userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + users: [new TenantEntity(id: 'user-id-1')] as Set, + userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: dao.updateAccessPolicy(requestDTO) @@ -249,7 +250,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: def result = dao.createUserGroup(requestDTO) @@ -325,7 +326,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: def result = dao.updateUserGroup(requestDTO) @@ -346,7 +347,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set) + def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set) when: dao.updateUserGroup(requestDTO) @@ -416,7 +417,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.createUser(requestDTO) @@ -492,7 +493,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: def result = dao.updateUser(requestDTO) @@ -513,7 +514,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification { given: def authorizer = Mock AbstractPolicyBasedAuthorizer def dao = new StandardPolicyBasedAuthorizerDAO(authorizer) - def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set) + def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set) when: dao.updateUser(requestDTO)