@Override public Map<String, String> getAttributes() { return record.getAttributes(); }
@Override public Map<String, String> getAttributes() { return event.getAttributes(); }
/** * Returns the attribute with the given name * * @param attributeName the name of the attribute to get * @return the attribute with the given name or <code>null</code> if no attribute exists with the given name */ default String getAttribute(String attributeName) { return getAttributes().get(attributeName); }
/** * Authorizes access to data for a specified provenance event. * * @param event event */ private AuthorizationResult checkAuthorizationForData(ProvenanceEventRecord event) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); final Authorizable dataAuthorizable = getDataAuthorizable(event); final Map<String, String> eventAttributes = event.getAttributes(); // ensure we can read the data return dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes); }
return record.getAttributes().get(CoreAttributes.FILENAME.key());
final String attributeName = searchableField.getIdentifier(); final String eventAttributeValue = event.getAttributes().get(attributeName);
/** * Authorizes access to replay for a specified provenance event. * * @param event event */ private void authorizeReplay(final ProvenanceEventRecord event) { // if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it` if (event.getSourceQueueIdentifier() == null) { throw new AccessDeniedException("The connection id in the provenance event is unknown."); } final NiFiUser user = NiFiUserUtils.getNiFiUser(); final Authorizable dataAuthorizable = getDataAuthorizable(event); // ensure we can read and write the data final Map<String, String> eventAttributes = event.getAttributes(); dataAuthorizable.authorize(authorizer, RequestAction.READ, user, eventAttributes); dataAuthorizable.authorize(authorizer, RequestAction.WRITE, user, eventAttributes); }
attributes = event.getPreviousAttributes(); } else { attributes = event.getAttributes();
/** * Authorizes access to replay a specified provenance event. Whether to check read data permission can be specified. The context this * method is invoked may have already verified these permissions. Using a flag here as it forces the caller to acknowledge this fact * limiting the possibility of overlooking it. * * @param event event * @param checkReadDataPermissions whether to verify read data permissions */ private AuthorizationResult checkAuthorizationForReplay(final ProvenanceEventRecord event, final boolean checkReadDataPermissions) { // if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it` if (event.getSourceQueueIdentifier() == null) { return AuthorizationResult.denied("The connection id in the provenance event is unknown."); } final NiFiUser user = NiFiUserUtils.getNiFiUser(); final Authorizable dataAuthorizable = getDataAuthorizable(event); final Map<String, String> eventAttributes = event.getAttributes(); if (checkReadDataPermissions) { // ensure we can read the data final AuthorizationResult result = dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes); if (!Result.Approved.equals(result.getResult())) { return result; } } // ensure we can write the data; read the data should have been checked already return dataAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, eventAttributes); }
.setEventType(ProvenanceEventType.DOWNLOAD) .setFlowFileUUID(provEvent.getFlowFileUuid()) .setAttributes(provEvent.getAttributes(), Collections.emptyMap()) .setCurrentContentClaim(resourceClaim.getContainer(), resourceClaim.getSection(), resourceClaim.getId(), offset, size) .setTransitUri(requestUri)
public void authorize(final ProvenanceEventRecord event, final NiFiUser user) { if (authorizer == null) { return; } final Authorizable eventAuthorizable; if (event.isRemotePortType()) { eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId()); } else { eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId()); } eventAuthorizable.authorize(authorizer, RequestAction.READ, user, event.getAttributes()); }
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) { if (authorizer == null || user == null) { return true; } final Authorizable eventAuthorizable; try { if (event.isRemotePortType()) { eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId()); } else { eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId()); } } catch (final ResourceNotFoundException rnfe) { return false; } final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes()); return Result.Approved.equals(result.getResult()); }