@Override public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) { return policies.stream() .filter(policy -> policy.getResource().equals(resourceIdentifier) && policy.getAction().equals(action)) .findFirst().orElse(null); }
private AccessPolicy findAccessPolicy(final RequestAction requestAction, final String resource) { return accessPolicyProvider.getAccessPolicies().stream() .filter(policy -> policy.getAction().equals(requestAction) && policy.getResource().equals(resource)) .findFirst() .orElse(null); }
/** * Checks if another policy exists with the same resource and action as the given policy. * * @param checkAccessPolicy an access policy being checked * @return true if another access policy exists with the same resource and action, false otherwise */ private static boolean policyExists(final AccessPolicyProvider accessPolicyProvider, final AccessPolicy checkAccessPolicy) { for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) { if (!accessPolicy.getIdentifier().equals(checkAccessPolicy.getIdentifier()) && accessPolicy.getResource().equals(checkAccessPolicy.getResource()) && accessPolicy.getAction().equals(checkAccessPolicy.getAction())) { return true; } } return false; }
@Override default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) throws AccessDeniedException { // if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this // is not a modification request, we just want to use the normal rules if (RequestAction.WRITE.equals(action) && isRestricted()) { final Set<Authorizable> restrictedComponentsAuthorizables = RestrictedComponentsAuthorizableFactory.getRestrictedComponentsAuthorizable(getComponentClass()); for (final Authorizable restrictedComponentsAuthorizable : restrictedComponentsAuthorizables) { restrictedComponentsAuthorizable.authorize(authorizer, RequestAction.WRITE, user, resourceContext); } } // defer to the base authorization check ComponentAuthorizable.super.authorize(authorizer, action, user, resourceContext); } }
@Override default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) { // if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this // is not a modification request, we just want to use the normal rules if (RequestAction.WRITE.equals(action) && isRestricted()) { final Set<Authorizable> restrictedComponentsAuthorizables = RestrictedComponentsAuthorizableFactory.getRestrictedComponentsAuthorizable(getComponentClass()); for (final Authorizable restrictedComponentsAuthorizable : restrictedComponentsAuthorizables) { final AuthorizationResult result = restrictedComponentsAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, resourceContext); if (Result.Denied.equals(result.getResult())) { return result; } } } // defer to the base authorization check return ComponentAuthorizable.super.checkAuthorization(authorizer, action, user, resourceContext); }
if (RequestAction.READ.equals(action)) { safeDescription.append("view "); } else {
if (RequestAction.READ.equals(action)) { safeDescription.append("view "); } else {
@Override public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) { return policies.stream() .filter(policy -> policy.getResource().equals(resourceIdentifier) && policy.getAction().equals(action)) .findFirst().orElse(null); }
@Override default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) throws AccessDeniedException { // if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this // is not a modification request, we just want to use the normal rules if (RequestAction.WRITE.equals(action) && isRestricted()) { final Set<Authorizable> restrictedComponentsAuthorizables = RestrictedComponentsAuthorizableFactory.getRestrictedComponentsAuthorizable(getComponentClass()); for (final Authorizable restrictedComponentsAuthorizable : restrictedComponentsAuthorizables) { restrictedComponentsAuthorizable.authorize(authorizer, RequestAction.WRITE, user, resourceContext); } } // defer to the base authorization check ComponentAuthorizable.super.authorize(authorizer, action, user, resourceContext); } }
@Override default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) { // if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this // is not a modification request, we just want to use the normal rules if (RequestAction.WRITE.equals(action) && isRestricted()) { final Set<Authorizable> restrictedComponentsAuthorizables = RestrictedComponentsAuthorizableFactory.getRestrictedComponentsAuthorizable(getComponentClass()); for (final Authorizable restrictedComponentsAuthorizable : restrictedComponentsAuthorizables) { final AuthorizationResult result = restrictedComponentsAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, resourceContext); if (Result.Denied.equals(result.getResult())) { return result; } } } // defer to the base authorization check return ComponentAuthorizable.super.checkAuthorization(authorizer, action, user, resourceContext); }