nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/PermissionsService.java - nifi-registry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.registry.web.security;

 import org.apache.nifi.registry.authorization.Permissions;
 import org.apache.nifi.registry.bucket.Bucket;
 import org.apache.nifi.registry.bucket.BucketItem;
 import org.apache.nifi.registry.security.authorization.AuthorizableLookup;
 import org.apache.nifi.registry.security.authorization.resource.Authorizable;
 import org.apache.nifi.registry.service.AuthorizationService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

 /**
  * This is a class that Resource classes can utilized to populate fields
  * on model objects returned by the {@link org.apache.nifi.registry.service.RegistryService}
  * before returning them to a client.
  *
  * The fields cannot be populated by the RegistryService because they require
  * the {@link AuthorizationService}, which RegistryService does not depend on.
  */
 @Service
 public class PermissionsService {

     private AuthorizationService authorizationService;
     private AuthorizableLookup authorizableLookup;

     @Autowired
     public PermissionsService(AuthorizationService authorizationService, AuthorizableLookup authorizableLookup) {
         this.authorizationService = authorizationService;
         this.authorizableLookup = authorizableLookup;
     }

     public void populateBucketPermissions(final Iterable<Bucket> buckets) {
         Permissions topLevelBucketPermissions = authorizationService.getPermissionsForResource(authorizableLookup.getBucketsAuthorizable());
         buckets.forEach(b -> populateBucketPermissions(b, topLevelBucketPermissions));
     }

     public void populateBucketPermissions(final Bucket bucket) {
         populateBucketPermissions(bucket, null);
     }

     public void populateItemPermissions(final Iterable<? extends BucketItem> bucketItems) {
         Permissions topLevelBucketPermissions = authorizationService.getPermissionsForResource(authorizableLookup.getBucketsAuthorizable());
         bucketItems.forEach(i -> populateItemPermissions(i, topLevelBucketPermissions));
     }

     public void populateItemPermissions(final BucketItem bucketItem) {
         populateItemPermissions(bucketItem, null);
     }

     private void populateBucketPermissions(final Bucket bucket, final Permissions knownPermissions) {
         if (bucket == null) {
             return;
         }

         Permissions bucketPermissions = createPermissionsForBucketId(bucket.getIdentifier(), knownPermissions);
         bucket.setPermissions(bucketPermissions);
     }

     private void populateItemPermissions(final BucketItem bucketItem, final Permissions knownPermissions) {
         if (bucketItem == null) {
             return;
         }

         Permissions bucketItemPermissions = createPermissionsForBucketId(bucketItem.getBucketIdentifier(), knownPermissions);
         bucketItem.setPermissions(bucketItemPermissions);
     }

     private Permissions createPermissionsForBucketId(String bucketId, final Permissions knownPermissions) {
         Authorizable bucketResource = authorizableLookup.getBucketAuthorizable(bucketId);

         Permissions permissions = knownPermissions == null
                 ? authorizationService.getPermissionsForResource(bucketResource)
                 : authorizationService.getPermissionsForResource(bucketResource, knownPermissions);

         return permissions;
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.registry.web.security;

	import org.apache.nifi.registry.authorization.Permissions;
	import org.apache.nifi.registry.bucket.Bucket;
	import org.apache.nifi.registry.bucket.BucketItem;
	import org.apache.nifi.registry.security.authorization.AuthorizableLookup;
	import org.apache.nifi.registry.security.authorization.resource.Authorizable;
	import org.apache.nifi.registry.service.AuthorizationService;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.stereotype.Service;

	/**
	* This is a class that Resource classes can utilized to populate fields
	* on model objects returned by the {@link org.apache.nifi.registry.service.RegistryService}
	* before returning them to a client.
	*
	* The fields cannot be populated by the RegistryService because they require
	* the {@link AuthorizationService}, which RegistryService does not depend on.
	*/
	@Service
	public class PermissionsService {

	private AuthorizationService authorizationService;
	private AuthorizableLookup authorizableLookup;

	@Autowired
	public PermissionsService(AuthorizationService authorizationService, AuthorizableLookup authorizableLookup) {
	this.authorizationService = authorizationService;
	this.authorizableLookup = authorizableLookup;
	}

	public void populateBucketPermissions(final Iterable<Bucket> buckets) {
	Permissions topLevelBucketPermissions = authorizationService.getPermissionsForResource(authorizableLookup.getBucketsAuthorizable());
	buckets.forEach(b -> populateBucketPermissions(b, topLevelBucketPermissions));
	}

	public void populateBucketPermissions(final Bucket bucket) {
	populateBucketPermissions(bucket, null);
	}

	public void populateItemPermissions(final Iterable<? extends BucketItem> bucketItems) {
	Permissions topLevelBucketPermissions = authorizationService.getPermissionsForResource(authorizableLookup.getBucketsAuthorizable());
	bucketItems.forEach(i -> populateItemPermissions(i, topLevelBucketPermissions));
	}

	public void populateItemPermissions(final BucketItem bucketItem) {
	populateItemPermissions(bucketItem, null);
	}

	private void populateBucketPermissions(final Bucket bucket, final Permissions knownPermissions) {
	if (bucket == null) {
	return;
	}

	Permissions bucketPermissions = createPermissionsForBucketId(bucket.getIdentifier(), knownPermissions);
	bucket.setPermissions(bucketPermissions);
	}

	private void populateItemPermissions(final BucketItem bucketItem, final Permissions knownPermissions) {
	if (bucketItem == null) {
	return;
	}

	Permissions bucketItemPermissions = createPermissionsForBucketId(bucketItem.getBucketIdentifier(), knownPermissions);
	bucketItem.setPermissions(bucketItemPermissions);
	}

	private Permissions createPermissionsForBucketId(String bucketId, final Permissions knownPermissions) {
	Authorizable bucketResource = authorizableLookup.getBucketAuthorizable(bucketId);

	Permissions permissions = knownPermissions == null
	? authorizationService.getPermissionsForResource(bucketResource)
	: authorizationService.getPermissionsForResource(bucketResource, knownPermissions);

	return permissions;
	}

	}