Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EAC35200B2A for ; Fri, 20 May 2016 19:24:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E95C7160A24; Fri, 20 May 2016 17:24:14 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 1822C1609AE for ; Fri, 20 May 2016 19:24:13 +0200 (CEST) Received: (qmail 64956 invoked by uid 500); 20 May 2016 17:24:13 -0000 Mailing-List: contact commits-help@nifi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@nifi.apache.org Delivered-To: mailing list commits@nifi.apache.org Received: (qmail 64911 invoked by uid 99); 20 May 2016 17:24:13 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 May 2016 17:24:13 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 1C4A32C1F64 for ; Fri, 20 May 2016 17:24:13 +0000 (UTC) Date: Fri, 20 May 2016 17:24:13 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: commits@nifi.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (NIFI-1884) Add User & Group API MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 20 May 2016 17:24:15 -0000 [ https://issues.apache.org/jira/browse/NIFI-1884?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293765#comment-15293765 ] ASF GitHub Bot commented on NIFI-1884: -------------------------------------- Github user bbende commented on a diff in the pull request: https://github.com/apache/nifi/pull/452#discussion_r64076734 --- Diff: nifi-api/src/main/java/org/apache/nifi/authorization/AccessPolicy.java --- @@ -0,0 +1,291 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.authorization; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Objects; +import java.util.Set; + +/** + * Defines a policy for a set of entities to perform a set of actions on a given resource. + */ +public class AccessPolicy { + + private final String identifier; + + private final Resource resource; + + private final Set entities; + + private final Set actions; + + private AccessPolicy(final AccessPolicyBuilder builder) { + this.identifier = builder.identifier; + this.resource = builder.resource; + + Set entities = new HashSet<>(); + if (builder.entities != null) { + entities.addAll(builder.entities); + } + this.entities = Collections.unmodifiableSet(entities); + + Set actions = new HashSet<>(); + if (builder.actions != null) { + actions.addAll(builder.actions); + } + this.actions = Collections.unmodifiableSet(actions); + + if (this.identifier == null || this.identifier.trim().isEmpty()) { + throw new IllegalArgumentException("Identifier can not be null or empty"); + } + + if (this.resource == null) { + throw new IllegalArgumentException("Resource can not be null"); + } + + if (this.entities == null || this.entities.isEmpty()) { + throw new IllegalArgumentException("Entities can not be null or empty"); + } + + if (this.actions == null || this.actions.isEmpty()) { + throw new IllegalArgumentException("Actions can not be null or empty"); + } + } + + /** + * @return the identifier for this policy + */ + public String getIdentifier() { + return identifier; + } + + /** + * @return the resource for this policy + */ + public Resource getResource() { + return resource; + } + + /** + * @return an unmodifiable set of entity ids for this policy + */ + public Set getEntities() { + return entities; + } + + /** + * @return an unmodifiable set of actions for this policy + */ + public Set getActions() { + return actions; + } + + @Override + public boolean equals(Object obj) { + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + + final AccessPolicy other = (AccessPolicy) obj; + return Objects.equals(this.identifier, other.identifier); + } + + @Override + public int hashCode() { + return Objects.hashCode(this.identifier); + } + + @Override + public String toString() { + return String.format("identifier[%s], resource[%s], entityId[%s], action[%s]", + getIdentifier(), getResource().getIdentifier(), getEntities(), getActions(), ", "); + } + + /** + * Builder for Access Policies. + */ + public static class AccessPolicyBuilder { + + private String identifier; + private Resource resource; + private Set entities = new HashSet<>(); + private Set actions = new HashSet<>(); + private final boolean fromPolicy; + + /** + * Default constructor for building a new AccessPolicy. + */ + public AccessPolicyBuilder() { + this.fromPolicy = false; + } + + /** + * Initializes the builder with the state of the provided policy. When using this constructor + * the identifier field of the builder can not be changed and will result in an IllegalStateException + * if attempting to do so. + * + * @param other the existing access policy to initialize from + */ + public AccessPolicyBuilder(final AccessPolicy other) { + if (other == null) { + throw new IllegalArgumentException("Can not initialize builder with a null access policy"); + } + + this.identifier = other.getIdentifier(); + this.resource = other.getResource(); + this.entities.clear(); + this.entities.addAll(other.getEntities()); + this.actions.clear(); + this.actions.addAll(other.getActions()); + this.fromPolicy = true; + } + + /** + * Sets the identifier of the builder. + * + * @param identifier the identifier to set + * @return the builder + * @throws IllegalStateException if this method is called when this builder was constructed from an existing Policy + */ + public AccessPolicyBuilder identifier(final String identifier) { + if (fromPolicy) { + throw new IllegalStateException( + "Identifier can not be changed when initialized from an existing policy"); + } + + this.identifier = identifier; + return this; + } + + /** + * Sets the resource of the builder. + * + * @param resource the resource to set + * @return the builder + */ + public AccessPolicyBuilder resource(final Resource resource) { + this.resource = resource; + return this; + } + + /** + * Adds all the entities from the provided set to the builder's set of entities. + * + * @param entities the entities to add + * @return the builder + */ + public AccessPolicyBuilder addEntities(final Set entities) { --- End diff -- We probably could do that... personally I like being able to say addEntity("a").addEntity("b") rather than creating a set of 2 elements, but I'm sure theres some utility that returns a set from var args and could make it just as easy. Since the methods are already there I would opt to leave them unless you felt really strongly about it. > Add User & Group API > -------------------- > > Key: NIFI-1884 > URL: https://issues.apache.org/jira/browse/NIFI-1884 > Project: Apache NiFi > Issue Type: Sub-task > Components: Core Framework > Reporter: Bryan Bende > Assignee: Bryan Bende > Priority: Minor > Fix For: 1.0.0 > > > Define the API for managing users, groups, and policies. > This is to advance the work described in this feature proposal: > https://cwiki.apache.org/confluence/display/NIFI/Support+Authorizer+API > The parent JIRA for all authorization work is NIFI-1550. -- This message was sent by Atlassian JIRA (v6.3.4#6332)