NIFI-65:
- Adding methods to the AuthorityProvider to authorize the downloading of 
content.

Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/418d6b03
Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/418d6b03
Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/418d6b03

Branch: refs/heads/NIFI-65
Commit: 418d6b03b2a2c81597954b6c29469e180c3e780e
Parents: 2df0314
Author: Matt Gilman <[email protected]>
Authored: Tue Dec 23 09:31:46 2014 -0500
Committer: Matt Gilman <[email protected]>
Committed: Tue Dec 23 09:31:46 2014 -0500

----------------------------------------------------------------------
 .../nifi/authorization/AuthorityProvider.java   | 18 +++++
 .../authorization/DownloadAuthorization.java    | 85 ++++++++++++++++++++
 2 files changed, 103 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/418d6b03/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
----------------------------------------------------------------------
diff --git 
a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java 
b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
index cd96a99..da536c2 100644
--- 
a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
+++ 
b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
@@ -16,6 +16,8 @@
  */
 package org.apache.nifi.authorization;
 
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import org.apache.nifi.authorization.exception.AuthorityAccessException;
 import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
@@ -137,6 +139,22 @@ public interface AuthorityProvider {
     void ungroup(String group) throws AuthorityAccessException;
 
     /**
+     * Determines whether the user in the specified dnChain should be able to 
+     * download the content for the flowfile with the specified attributes.
+     * 
+     * The last dn in the chain is the end user that the request was issued on 
+     * behalf of. The previous dn's in the chain represent entities proxying 
the 
+     * user's request.
+     * 
+     * @param dnChain
+     * @param attributes
+     * @return
+     * @throws UnknownIdentityException
+     * @throws AuthorityAccessException 
+     */
+    DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, 
String> attributes) throws UnknownIdentityException, AuthorityAccessException;
+    
+    /**
      * Called immediately after instance creation for implementers to perform
      * additional setup
      *

http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/418d6b03/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
----------------------------------------------------------------------
diff --git 
a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
 
b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
new file mode 100644
index 0000000..3855817
--- /dev/null
+++ 
b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+/**
+ * Represents a decision whether authorization is granted to download content.
+ */
+public class DownloadAuthorization {
+
+    private static enum Result {
+        Approved,
+        Denied;
+    };
+
+    private static final DownloadAuthorization APPROVED = new 
DownloadAuthorization(Result.Approved, null);
+
+    private final Result result;
+    private final String explanation;
+
+    /**
+     * Creates a new DownloadAuthorization with the specified result and 
explanation.
+     * 
+     * @param result
+     * @param explanation 
+     */
+    private DownloadAuthorization(Result result, String explanation) {
+        if (Result.Denied.equals(result) && explanation == null) {
+            throw new IllegalArgumentException("An explanation is request when 
the download request is denied.");
+        }
+
+        this.result = result;
+        this.explanation = explanation;
+    }
+
+    /**
+     * Whether or not the download request is approved.
+     * 
+     * @return 
+     */
+    public boolean isApproved() {
+        return Result.Approved.equals(result);
+    }
+
+    /**
+     * If the download request is denied, the reason why. Null otherwise.
+     * 
+     * @return 
+     */
+    public String getExplanation() {
+        return explanation;
+    }
+
+    /**
+     * Creates a new approved DownloadAuthorization.
+     * 
+     * @return 
+     */
+    public static DownloadAuthorization approved() {
+        return APPROVED;
+    }
+
+    /**
+     * Creates a new denied DownloadAuthorization with the specified 
exlanation.
+     * 
+     * @param explanation
+     * @return 
+     */
+    public static DownloadAuthorization denied(String explanation) {
+        return new DownloadAuthorization(Result.Denied, explanation);
+    }
+}

Reply via email to