/** * Initializes the builder with the state of the provided group. When using this constructor * the identifier field of the builder can not be changed and will result in an IllegalStateException * if attempting to do so. * * @param other the existing access policy to initialize from */ public Builder(final Group other) { if (other == null) { throw new IllegalArgumentException("Provided group can not be null"); } this.identifier = other.getIdentifier(); this.name = other.getName(); this.users.clear(); this.users.addAll(other.getUsers()); this.fromGroup = true; }
/** * @return a new Group constructed from the state of the builder */ public Group build() { return new Group(this); }
@Override public String toString() { return String.format("identifier[%s], name[%s], users[%s]", getIdentifier(), getName(), String.join(", ", users)); }
/** * Extracts the values for the configured properties from the specified user group. */ private Map<String, String> extractConfiguredPropertyValues(Group group, UserGroupDTO userGroupDTO) { Map<String, String> values = new HashMap<>(); if (userGroupDTO.getIdentity() != null) { values.put(NAME, group.getName()); } if (userGroupDTO.getUsers() != null) { // get each of the auto terminated relationship names final List<String> currentUsers = new ArrayList<>(group.getUsers()); // sort them and include in the configuration Collections.sort(currentUsers, Collator.getInstance(Locale.US)); values.put(USERS, StringUtils.join(currentUsers, ", ")); } return values; }
/** * Creates a Map from group identifier to Group. * * @param groups the set of all groups * @return the Map from group identifier to Group */ private Map<String,Group> createGroupByIdMap(final Set<Group> groups) { Map<String,Group> groupsMap = new HashMap<>(); for (Group group : groups) { groupsMap.put(group.getIdentifier(), group); } return groupsMap; }
private UserGroupEntity createUserGroupEntity(final Group userGroup) { final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier())); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant()); final Set<TenantEntity> users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(userGroup.getIdentifier()).stream() .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()); return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users, policyEntities), userGroupRevision, permissions); }
@Override public Set<Group> getUserGroupsForUser(String userId) { return userGroupProvider.getGroups().stream() .filter(g -> g.getUsers().contains(userId)) .collect(Collectors.toSet()); }
private Group getGroup(final String name) { if (userGroupProvider == null) { // generate the group deterministically when running outside of the ManagedRangerAuthorizer return new Group.Builder().identifierGenerateFromSeed(name).name(name).build(); } else { // find the group in question final Group group = userGroupProvider.getGroups().stream().filter(g -> g.getName().equals(name)).findFirst().orElse(null); if (group == null) { logger.warn(String.format("Cannot find group '%s' in the configured User Group Provider. Skipping group for viewing purposes. Will still be used for access decisions.", name)); } return group; } }
/** * Checks if another tenant (user or group) exists with the same identity. * * @param userGroupProvider the userGroupProvider to use to lookup the tenant * @param identifier identity of the tenant * @param identity identity of the tenant * @return true if another tenant exists with the same identity, false otherwise */ private static boolean tenantExists(final UserGroupProvider userGroupProvider, final String identifier, final String identity) { for (User user : userGroupProvider.getUsers()) { if (!user.getIdentifier().equals(identifier) && user.getIdentity().equals(identity)) { return true; } } for (Group group : userGroupProvider.getGroups()) { if (!group.getIdentifier().equals(identifier) && group.getName().equals(identity)) { return true; } } return false; }
/** * Creates a Map from group identifier to Group. * * @param groups the set of all groups * @return the Map from group identifier to Group */ private Map<String,Group> createGroupByIdMap(final Set<Group> groups) { Map<String,Group> groupsMap = new HashMap<>(); for (Group group : groups) { groupsMap.put(group.getIdentifier(), group); } return groupsMap; }
@Override public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) { final String creator = NiFiUserUtils.getNiFiUserIdentity(); final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO); final Set<TenantEntity> tenantEntities = newUserGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(newUserGroup.getIdentifier()).stream() .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()); final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, tenantEntities, policyEntities); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant()); return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions); }
@Override public Set<Group> getGroups(String userIdentity) { User user = getUserByIdentity(userIdentity); if (user == null) { return new HashSet<>(); } else { return groups.stream() .filter(g -> g.getUsers().contains(user.getIdentifier())) .collect(Collectors.toSet()); } } };
/** * Gets the groups for the user with the specified identity. Returns null if the authorizer is not able to load user groups. * * @param authorizer the authorizer to load the groups from * @param userIdentity the user identity * @return the listing of groups for the user */ public static Set<String> getUserGroups(final Authorizer authorizer, final String userIdentity) { if (authorizer instanceof ManagedAuthorizer) { final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final UserGroupProvider userGroupProvider = managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); final UserAndGroups userAndGroups = userGroupProvider.getUserAndGroups(userIdentity); final Set<Group> userGroups = userAndGroups.getGroups(); if (userGroups == null || userGroups.isEmpty()) { return Collections.EMPTY_SET; } else { return userAndGroups.getGroups().stream().map(group -> group.getName()).collect(Collectors.toSet()); } } else { return null; } } }
private void writeGroup(final XMLStreamWriter writer, final Group group) throws XMLStreamException { List<String> users = new ArrayList<>(group.getUsers()); Collections.sort(users); writer.writeStartElement(GROUP_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, group.getIdentifier()); writer.writeAttribute(NAME_ATTR, group.getName()); for (String user : users) { writer.writeStartElement(GROUP_USER_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, user); writer.writeEndElement(); } writer.writeEndElement(); }
/** * Creates a {@link TenantDTO} from the specified {@link User}. * * @param userGroup user * @return dto */ public TenantDTO createTenantDTO(Group userGroup) { if (userGroup == null) { return null; } final TenantDTO dto = new TenantDTO(); dto.setId(userGroup.getIdentifier()); dto.setIdentity(userGroup.getName()); dto.setConfigurable(AuthorizerCapabilityDetection.isGroupConfigurable(authorizer, userGroup)); return dto; }
@Override public Group getGroup(String identifier) throws AuthorizationAccessException { return groups.stream().filter(g -> g.getIdentifier().equals(identifier)).findFirst().get(); }
@Override public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) { final Group userGroup = userGroupDAO.getUserGroup(userGroupId); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant()); final Set<TenantEntity> users = userGroup != null ? userGroup.getUsers().stream() .map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null; final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(userGroup.getIdentifier()).stream() .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()); final String resourceIdentifier = ResourceFactory.getTenantResource().getIdentifier() + "/" + userGroupId; final UserGroupDTO snapshot = deleteComponent( revision, new Resource() { @Override public String getIdentifier() { return resourceIdentifier; } @Override public String getName() { return resourceIdentifier; } @Override public String getSafeDescription() { return "User Group " + userGroupId; } }, () -> userGroupDAO.deleteUserGroup(userGroupId), false, // no user group specific policies to remove dtoFactory.createUserGroupDto(userGroup, users, policyEntities)); return entityFactory.createUserGroupEntity(snapshot, null, permissions); }
/** * Check that all users in the group exist. * * @param userGroupProvider the userGroupProvider to use to lookup the users * @param group the group whose users will be checked for existence. * @return true if another user exists with the same identity, false otherwise */ private static boolean allGroupUsersExist(final UserGroupProvider userGroupProvider, final Group group) { for (String userIdentifier : group.getUsers()) { User user = userGroupProvider.getUser(userIdentifier); if (user == null) { return false; } } return true; }
if (group.getName().equals(legacyGroupName)) { foundGroup = group; break;
private void writeGroup(final XMLStreamWriter writer, final Group group) throws XMLStreamException { List<String> users = new ArrayList<>(group.getUsers()); Collections.sort(users); writer.writeStartElement(GROUP_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, group.getIdentifier()); writer.writeAttribute(NAME_ATTR, group.getName()); for (String user : users) { writer.writeStartElement(GROUP_USER_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, user); writer.writeEndElement(); } writer.writeEndElement(); }