Repository: nifi Updated Branches: refs/heads/master 325fe53fa -> eefad2916
http://git-wip-us.apache.org/repos/asf/nifi/blob/eefad291/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java index 74123b0..4332a0c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java @@ -721,6 +721,7 @@ public final class DtoFactory { dto.setId(user.getIdentifier()); dto.setUserGroups(groups); dto.setIdentity(user.getIdentity()); + dto.setConfigurable(AuthorizerCapabilityDetection.isUserConfigurable(authorizer, user)); dto.setAccessPolicies(accessPolicies); return dto; @@ -740,6 +741,7 @@ public final class DtoFactory { final TenantDTO dto = new TenantDTO(); dto.setId(user.getIdentifier()); dto.setIdentity(user.getIdentity()); + dto.setConfigurable(AuthorizerCapabilityDetection.isUserConfigurable(authorizer, user)); return dto; } @@ -765,6 +767,7 @@ public final class DtoFactory { final AccessPolicySummaryDTO summary = summaryEntity.getComponent(); policy.setResource(summary.getResource()); policy.setAction(summary.getAction()); + policy.setConfigurable(summary.getConfigurable()); policy.setComponentReference(summary.getComponentReference()); } @@ -775,6 +778,7 @@ public final class DtoFactory { dto.setId(userGroup.getIdentifier()); dto.setUsers(users); dto.setIdentity(userGroup.getName()); + dto.setConfigurable(AuthorizerCapabilityDetection.isGroupConfigurable(authorizer, userGroup)); dto.setAccessPolicies(policies); return dto; @@ -794,6 +798,7 @@ public final class DtoFactory { final TenantDTO dto = new TenantDTO(); dto.setId(userGroup.getIdentifier()); dto.setIdentity(userGroup.getName()); + dto.setConfigurable(AuthorizerCapabilityDetection.isGroupConfigurable(authorizer, userGroup)); return dto; } @@ -1677,6 +1682,7 @@ public final class DtoFactory { dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); + dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; } @@ -1694,6 +1700,7 @@ public final class DtoFactory { dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); + dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; } http://git-wip-us.apache.org/repos/asf/nifi/blob/eefad291/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java index 9290470..2a2279e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java @@ -328,9 +328,12 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr // remove any references to the user group being deleted from policies if possible if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) { - if (policy.getGroups().contains(removedGroup.getIdentifier())) { + final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider; + + // ensure this policy contains a reference to the user group and this policy is configurable (check proactively to prevent an exception) + if (policy.getGroups().contains(removedGroup.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) { final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeGroup(removedGroup.getIdentifier()); - ((ConfigurableAccessPolicyProvider) accessPolicyProvider).updateAccessPolicy(builder.build()); + configurableAccessPolicyProvider.updateAccessPolicy(builder.build()); } } } @@ -405,9 +408,12 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr // remove any references to the user being deleted from policies if possible if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) { - if (policy.getUsers().contains(removedUser.getIdentifier())) { + final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider; + + // ensure this policy contains a reference to the user and this policy is configurable (check proactively to prevent an exception) + if (policy.getUsers().contains(removedUser.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) { final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeUser(removedUser.getIdentifier()); - ((ConfigurableAccessPolicyProvider) accessPolicyProvider).updateAccessPolicy(builder.build()); + configurableAccessPolicyProvider.updateAccessPolicy(builder.build()); } } } http://git-wip-us.apache.org/repos/asf/nifi/blob/eefad291/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js index c4ae1ba..99830e4 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js @@ -879,10 +879,10 @@ if (resourceAndAction.resource === policy.resource) { if (nfCanvasUtils.isConfigurableAuthorizer()) { // allow remove when policy is not inherited - $('#delete-policy-button').prop('disabled', policyEntity.permissions.canWrite === false); + $('#delete-policy-button').prop('disabled', policy.configurable === false || policyEntity.permissions.canWrite === false); // allow modification if allowed - $('#new-policy-user-button').prop('disabled', policyEntity.permissions.canWrite === false); + $('#new-policy-user-button').prop('disabled', policy.configurable === false || policyEntity.permissions.canWrite === false); } } else { $('#policy-message').append(getResourceMessage(policy.resource)); http://git-wip-us.apache.org/repos/asf/nifi/blob/eefad291/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js index 14c8fe7..6c55dd8 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js @@ -797,7 +797,7 @@ var markup = ''; // ensure user can modify the user - if (configurableUsersAndGroups && nfCommon.canModifyTenants()) { + if (configurableUsersAndGroups && dataContext.component.configurable === true && nfCommon.canModifyTenants()) { markup += '<div title="Edit" class="pointer edit-user fa fa-pencil" style="margin-right: 3px;"></div>'; markup += '<div title="Remove" class="pointer delete-user fa fa-trash"></div>'; }
