@Override public String getName() { return accessPolicy.getResource(); }
@Override public String getIdentifier() { return accessPolicy.getResource(); }
/** * Creates a map from resource identifier to the set of policies for the given resource. * * @param allPolicies the set of all policies * @return a map from resource identifier to policies */ private Map<String, Set<AccessPolicy>> createResourcePolicyMap(final Set<AccessPolicy> allPolicies) { Map<String, Set<AccessPolicy>> resourcePolicies = new HashMap<>(); for (AccessPolicy policy : allPolicies) { Set<AccessPolicy> policies = resourcePolicies.get(policy.getResource()); if (policies == null) { policies = new HashSet<>(); resourcePolicies.put(policy.getResource(), policies); } policies.add(policy); } return resourcePolicies; }
@Override public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) { return policies.stream() .filter(policy -> policy.getResource().equals(resourceIdentifier) && policy.getAction().equals(action)) .findFirst().orElse(null); }
private AccessPolicy findAccessPolicy(final RequestAction requestAction, final String resource) { return accessPolicyProvider.getAccessPolicies().stream() .filter(policy -> policy.getAction().equals(requestAction) && policy.getResource().equals(resource)) .findFirst() .orElse(null); }
/** * Formats the name of the specified policy. * * @param policy policy * @return formatted name */ private String formatPolicyName(final AccessPolicy policy) { return policy.getAction().toString() + " " + policy.getResource(); }
@Override public Authorizable getAccessPolicyById(final String id) { final AccessPolicy policy = accessPolicyDAO.getAccessPolicy(id); return getAccessPolicyByResource(policy.getResource()); }
private void writePolicy(final XMLStreamWriter writer, final AccessPolicy policy) throws XMLStreamException { // sort the users for the policy List<String> policyUsers = new ArrayList<>(policy.getUsers()); Collections.sort(policyUsers); // sort the groups for this policy List<String> policyGroups = new ArrayList<>(policy.getGroups()); Collections.sort(policyGroups); writer.writeStartElement(POLICY_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policy.getIdentifier()); writer.writeAttribute(RESOURCE_ATTR, policy.getResource()); writer.writeAttribute(ACTIONS_ATTR, policy.getAction().name()); for (String policyUser : policyUsers) { writer.writeStartElement(POLICY_USER_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyUser); writer.writeEndElement(); } for (String policyGroup : policyGroups) { writer.writeStartElement(POLICY_GROUP_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyGroup); writer.writeEndElement(); } writer.writeEndElement(); }
private void writePolicy(final XMLStreamWriter writer, final AccessPolicy policy) throws XMLStreamException { // sort the users for the policy List<String> policyUsers = new ArrayList<>(policy.getUsers()); Collections.sort(policyUsers); // sort the groups for this policy List<String> policyGroups = new ArrayList<>(policy.getGroups()); Collections.sort(policyGroups); writer.writeStartElement(POLICY_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policy.getIdentifier()); writer.writeAttribute(RESOURCE_ATTR, policy.getResource()); writer.writeAttribute(ACTIONS_ATTR, policy.getAction().name()); for (String policyUser : policyUsers) { writer.writeStartElement(POLICY_USER_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyUser); writer.writeEndElement(); } for (String policyGroup : policyGroups) { writer.writeStartElement(POLICY_GROUP_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyGroup); writer.writeEndElement(); } writer.writeEndElement(); }
/** * Initializes the builder with the state of the provided policy. When using this constructor * the identifier field of the builder can not be changed and will result in an IllegalStateException * if attempting to do so. * * @param other the existing access policy to initialize from */ public Builder(final AccessPolicy other) { if (other == null) { throw new IllegalArgumentException("Can not initialize builder with a null access policy"); } this.identifier = other.getIdentifier(); this.resource = other.getResource(); this.action = other.getAction(); this.users.clear(); this.users.addAll(other.getUsers()); this.groups.clear(); this.groups.addAll(other.getGroups()); this.fromPolicy = true; }
/** * Checks if another policy exists with the same resource and action as the given policy. * * @param checkAccessPolicy an access policy being checked * @return true if another access policy exists with the same resource and action, false otherwise */ private static boolean policyExists(final AccessPolicyProvider accessPolicyProvider, final AccessPolicy checkAccessPolicy) { for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) { if (!accessPolicy.getIdentifier().equals(checkAccessPolicy.getIdentifier()) && accessPolicy.getResource().equals(checkAccessPolicy.getResource()) && accessPolicy.getAction().equals(checkAccessPolicy.getAction())) { return true; } } return false; }
@Override public String toString() { return String.format("identifier[%s], resource[%s], users[%s], groups[%s], action[%s]", getIdentifier(), getResource(), getUsers(), getGroups(), getAction()); }
private AccessPolicyEntity createAccessPolicyEntity(final AccessPolicy accessPolicy) { final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicy.getIdentifier())); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicy.getIdentifier())); final ComponentReferenceEntity componentReference = createComponentReferenceEntity(accessPolicy.getResource()); return entityFactory.createAccessPolicyEntity( dtoFactory.createAccessPolicyDto(accessPolicy, accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()), componentReference), revision, permissions); }
@Override public AccessPolicyEntity updateAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) { final Authorizable authorizable = authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId()); final RevisionUpdate<AccessPolicyDTO> snapshot = updateComponent(revision, authorizable, () -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO), accessPolicy -> { final Set<TenantEntity> users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); final Set<TenantEntity> userGroups = accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); final ComponentReferenceEntity componentReference = createComponentReferenceEntity(accessPolicy.getResource()); return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users, componentReference); }); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizable); return entityFactory.createAccessPolicyEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), permissions); }
@Override public AccessPolicy updateAccessPolicy(final AccessPolicyDTO accessPolicyDTO) { if (supportsConfigurableAuthorizer()) { final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider; final AccessPolicy currentAccessPolicy = getAccessPolicy(accessPolicyDTO.getId()); return configurableAccessPolicyProvider.updateAccessPolicy(buildAccessPolicy(currentAccessPolicy.getIdentifier(), currentAccessPolicy.getResource(), currentAccessPolicy.getAction(), accessPolicyDTO)); } else { throw new IllegalStateException(MSG_NON_CONFIGURABLE_POLICIES); } }
@Override public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) { final Authorizable tenantAuthorizable = authorizableLookup.getTenant(); final String creator = NiFiUserUtils.getNiFiUserIdentity(); final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO); final ComponentReferenceEntity componentReference = createComponentReferenceEntity(newAccessPolicy.getResource()); final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), newAccessPolicy.getUsers().stream().map(userId -> { final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, dtoFactory.createPermissionsDto(tenantAuthorizable)); }).collect(Collectors.toSet()), componentReference); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId())); return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions); }
private AccessPolicySummaryEntity createAccessPolicySummaryEntity(final AccessPolicy ap) { final ComponentReferenceEntity componentReference = createComponentReferenceEntity(ap.getResource()); final AccessPolicySummaryDTO apSummary = dtoFactory.createAccessPolicySummaryDto(ap, componentReference); final PermissionsDTO apPermissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(ap.getIdentifier())); final RevisionDTO apRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(ap.getIdentifier())); return entityFactory.createAccessPolicySummaryEntity(apSummary, apRevision, apPermissions); }
private Policy createJAXBPolicy(final AccessPolicy accessPolicy) { final Policy policy = new Policy(); policy.setIdentifier(accessPolicy.getIdentifier()); policy.setResource(accessPolicy.getResource()); switch (accessPolicy.getAction()) { case READ: policy.setAction(READ_CODE); break; case WRITE: policy.setAction(WRITE_CODE); break; default: break; } transferUsersAndGroups(accessPolicy, policy); return policy; }
public AccessPolicySummaryDTO createAccessPolicySummaryDto(final AccessPolicy accessPolicy, final ComponentReferenceEntity componentReference) { if (accessPolicy == null) { return null; } final AccessPolicySummaryDTO dto = new AccessPolicySummaryDTO(); dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; }
public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, final Set<TenantEntity> userGroups, final Set<TenantEntity> users, final ComponentReferenceEntity componentReference) { if (accessPolicy == null) { return null; } final AccessPolicyDTO dto = new AccessPolicyDTO(); dto.setUserGroups(userGroups); dto.setUsers(users); dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; }