This is an automated email from the ASF dual-hosted git repository. scottyaslan pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new 0e373e9c21 NIFI-12833: (#8718) 0e373e9c21 is described below commit 0e373e9c21cc6c633822374138280d14af427ff9 Author: Matt Gilman <matt.c.gil...@gmail.com> AuthorDate: Wed May 1 11:31:02 2024 -0400 NIFI-12833: (#8718) - Reloading current user when any policy changes. - Reloading the component for the policy whenever it's view permissions changes. This closes #8718 --- .../state/access-policy/access-policy.effects.ts | 16 +++++++++ .../component-access-policies.component.ts | 40 +++++++++++++++++++--- 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/state/access-policy/access-policy.effects.ts b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/state/access-policy/access-policy.effects.ts index 9037ed0ece..da1aa94c7a 100644 --- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/state/access-policy/access-policy.effects.ts +++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/state/access-policy/access-policy.effects.ts @@ -36,6 +36,7 @@ import { selectUserGroups, selectUsers } from '../tenants/tenants.selectors'; import { OverridePolicyDialog } from '../../ui/common/override-policy-dialog/override-policy-dialog.component'; import { MEDIUM_DIALOG, SMALL_DIALOG } from '../../../../index'; import { HttpErrorResponse } from '@angular/common/http'; +import { loadCurrentUser } from '../../../../state/current-user/current-user.actions'; @Injectable() export class AccessPolicyEffects { @@ -145,6 +146,9 @@ export class AccessPolicyEffects { switchMap(([, resourceAction]) => from(this.accessPoliciesService.createAccessPolicy(resourceAction)).pipe( map((response) => { + // reload the current user to reflect the latest permission changes + this.store.dispatch(loadCurrentUser()); + const accessPolicy: AccessPolicyEntity = response; const policyStatus: PolicyStatus = PolicyStatus.Found; @@ -219,6 +223,9 @@ export class AccessPolicyEffects { }) ).pipe( map((response) => { + // reload the current user to reflect the latest permission changes + this.store.dispatch(loadCurrentUser()); + const accessPolicy: AccessPolicyEntity = response; const policyStatus: PolicyStatus = PolicyStatus.Found; @@ -326,6 +333,9 @@ export class AccessPolicyEffects { map((response: any) => { this.dialog.closeAll(); + // reload the current user to reflect the latest permission changes + this.store.dispatch(loadCurrentUser()); + return AccessPolicyActions.loadAccessPolicySuccess({ response: { accessPolicy: response, @@ -396,6 +406,9 @@ export class AccessPolicyEffects { return from(this.accessPoliciesService.updateAccessPolicy(accessPolicy, users, userGroups)).pipe( map((response: any) => { + // reload the current user to reflect the latest permission changes + this.store.dispatch(loadCurrentUser()); + return AccessPolicyActions.loadAccessPolicySuccess({ response: { accessPolicy: response, @@ -449,6 +462,9 @@ export class AccessPolicyEffects { switchMap(([, resourceAction, accessPolicy]) => from(this.accessPoliciesService.deleteAccessPolicy(accessPolicy)).pipe( map(() => { + // reload the current user to reflect the latest permission changes + this.store.dispatch(loadCurrentUser()); + // the policy was removed, we need to reload the policy for this resource and action to fetch // the inherited policy or correctly when it's not found return AccessPolicyActions.loadAccessPolicy({ diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/component-access-policies/component-access-policies.component.ts b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/component-access-policies/component-access-policies.component.ts index 7e7d9b4528..580346f5bd 100644 --- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/component-access-policies/component-access-policies.component.ts +++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi/src/app/pages/access-policies/ui/component-access-policies/component-access-policies.component.ts @@ -21,8 +21,8 @@ import { selectCurrentUser } from '../../../../state/current-user/current-user.s import { createAccessPolicy, openAddTenantToPolicyDialog, - promptOverrideAccessPolicy, promptDeleteAccessPolicy, + promptOverrideAccessPolicy, promptRemoveTenantFromPolicy, reloadAccessPolicy, resetAccessPolicyState, @@ -32,6 +32,7 @@ import { import { AccessPolicyState, RemoveTenantFromPolicyRequest } from '../../state/access-policy'; import { initialState } from '../../state/access-policy/access-policy.reducer'; import { + selectAccessPolicy, selectAccessPolicyState, selectComponentResourceActionFromRoute } from '../../state/access-policy/access-policy.selectors'; @@ -190,17 +191,46 @@ export class ComponentAccessPolicies implements OnInit, OnDestroy { resourceIdentifier: this.resourceIdentifier }; + // 'read' component policies are loaded every time the policy is set so + // here we only need to conditionally load the component for this policy + // when the action is not 'read' or the policy is not 'component' + if (this.action !== Action.Read || this.policy !== 'component') { + this.store.dispatch( + loadPolicyComponent({ + request: { + componentResourceAction + } + }) + ); + } + + // set the current policy this.store.dispatch( - loadPolicyComponent({ + setAccessPolicy({ request: { - componentResourceAction + resourceAction } }) ); + } + }); + + this.store + .select(selectAccessPolicy) + .pipe(isDefinedAndNotNull(), takeUntilDestroyed()) + .subscribe(() => { + // if the policy state has updated and it is the 'read' policy for the + // 'component' then reload the component to reflect the latest permissions + if (this.action === Action.Read && this.policy === 'component') { this.store.dispatch( - setAccessPolicy({ + loadPolicyComponent({ request: { - resourceAction + componentResourceAction: { + policy: this.policy, + action: this.action, + resource: this.resource, + resourceIdentifier: this.resourceIdentifier + } } }) );