subject:"\[jira\] \[Commented\] \(NIFI\-2123\) Authorize Individual Provenance Events"

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-30 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15356963#comment-15356963
 ] 

ASF GitHub Bot commented on NIFI-2123:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/592
  
Looks great @markap14! This has been merged to master.


> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>
> As part of the new authorization paradigm, we need to authorize each 
> provenance event individually. We do this by finding the component that the 
> event belongs to and then authorizing using that component's authorizations. 
> If the component no longer exists, no user will have authorization to the 
> event.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-30 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15356962#comment-15356962
 ] 

ASF GitHub Bot commented on NIFI-2123:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/592


> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>
> As part of the new authorization paradigm, we need to authorize each 
> provenance event individually. We do this by finding the component that the 
> event belongs to and then authorizing using that component's authorizations. 
> If the component no longer exists, no user will have authorization to the 
> event.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-30 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15356960#comment-15356960
 ] 

ASF subversion and git services commented on NIFI-2123:
---

Commit ae9e2fdf0bfce31c38020784b78171709618903c in nifi's branch 
refs/heads/master from [~markap14]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae9e2fd ]

NIFI-2123: Add authorization of provenance events; refactor core classes so 
that Authorizable is located within nifi-api. This closes #592


> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>
> As part of the new authorization paradigm, we need to authorize each 
> provenance event individually. We do this by finding the component that the 
> event belongs to and then authorizing using that component's authorizations. 
> If the component no longer exists, no user will have authorization to the 
> event.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-29 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15355594#comment-15355594
 ] 

ASF GitHub Bot commented on NIFI-2123:
--

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/592#discussion_r69003620
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
 ---
@@ -1145,54 +1141,8 @@ public DownloadableContent getContent(final Long 
eventId, final String uri, fina
 // calculate the dn chain
 final List dnChain = 
ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
 dnChain.forEach(identity -> {
-final String rootGroupId = flowController.getRootGroupId();
-final ProcessGroup rootGroup = 
flowController.getGroup(rootGroupId);
-
-final Resource eventResource;
-if (rootGroupId.equals(event.getComponentId())) {
-eventResource = 
ResourceFactory.getComponentProvenanceResource(ResourceType.ProcessGroup, 
rootGroup.getIdentifier(), rootGroup.getName());
-} else {
-final Connectable connectable = 
rootGroup.findConnectable(event.getComponentId());
-
-if (connectable == null) {
-throw new AccessDeniedException("The component 
that generated this event is no longer part of the data flow. Unable to 
determine access policy.");
-}
-
-switch (connectable.getConnectableType()) {
-case PROCESSOR:
-eventResource = 
ResourceFactory.getComponentProvenanceResource(ResourceType.Processor, 
connectable.getIdentifier(), connectable.getName());
-break;
-case INPUT_PORT:
-case REMOTE_INPUT_PORT:
-eventResource = 
ResourceFactory.getComponentProvenanceResource(ResourceType.InputPort, 
connectable.getIdentifier(), connectable.getName());
-break;
-case OUTPUT_PORT:
-case REMOTE_OUTPUT_PORT:
-eventResource = 
ResourceFactory.getComponentProvenanceResource(ResourceType.OutputPort, 
connectable.getIdentifier(), connectable.getName());
-break;
-case FUNNEL:
-eventResource = 
ResourceFactory.getComponentProvenanceResource(ResourceType.Funnel, 
connectable.getIdentifier(), connectable.getName());
-break;
-default:
-throw new 
WebApplicationException(Response.serverError().entity("An unexpected type of 
component generated this event.").build());
-}
-}
-
-// build the request
-final AuthorizationRequest request = new 
AuthorizationRequest.Builder()
-.identity(identity)
-.anonymous(user.isAnonymous()) // allow current 
user to drive anonymous flag as anonymous users are never chained... supports 
single user case
-.accessAttempt(false)
-.action(RequestAction.READ)
-.resource(eventResource)
-.eventAttributes(attributes)
-.build();
-
-// perform the authorization
-final AuthorizationResult result = 
authorizer.authorize(request);
-if (!Result.Approved.equals(result.getResult())) {
-throw new 
AccessDeniedException(result.getExplanation());
-}
+final Authorizable eventAuthorizable = 
flowController.createProvenanceAuthorizable(event.getComponentId());
+eventAuthorizable.authorize(authorizer, 
RequestAction.READ, user);
--- End diff --

This needs to authorize each link in the chain, not just the current user.


> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>
> As part of the new authorization paradigm, we need to authorize each 
> provenance event individually. We do this by finding the component

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-29 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15355583#comment-15355583
 ] 

ASF GitHub Bot commented on NIFI-2123:
--

Github user mcgilman commented on the issue:

https://github.com/apache/nifi/pull/592
  
Reviewing...


> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>
> As part of the new authorization paradigm, we need to authorize each 
> provenance event individually. We do this by finding the component that the 
> event belongs to and then authorizing using that component's authorizations. 
> If the component no longer exists, no user will have authorization to the 
> event.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-29 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15355380#comment-15355380
 ] 

ASF GitHub Bot commented on NIFI-2123:
--

GitHub user markap14 opened a pull request:

https://github.com/apache/nifi/pull/592

NIFI-2123: Add authorization of provenance events

Also refactored core classes so that Authorizable is located within nifi-api

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/markap14/nifi NIFI-2123

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/592.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #592


commit 8ceda4953094daf6dd92fbc9cf18f40b1b6855da
Author: Mark Payne 
Date:   2016-06-28T18:53:35Z

NIFI-2123: Add authorization of provenance events; refactor core classes so 
that Authorizable is located within nifi-api




> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>
> As part of the new authorization paradigm, we need to authorize each 
> provenance event individually. We do this by finding the component that the 
> event belongs to and then authorizing using that component's authorizations. 
> If the component no longer exists, no user will have authorization to the 
> event.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

2016-06-27 Thread Mark Payne (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-2123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15350961#comment-15350961
 ] 

Mark Payne commented on NIFI-2123:
--

As part of the new authorization paradigm, we need to authorize each provenance 
event individually. We do this by finding the component that the event belongs 
to and then authorizing using that component's authorizations. If the component 
no longer exists, no user will have authorization to the event.

> Authorize Individual Provenance Events
> --
>
> Key: NIFI-2123
> URL: https://issues.apache.org/jira/browse/NIFI-2123
> Project: Apache NiFi
>  Issue Type: Task
>  Components: Core Framework
>Reporter: Mark Payne
>Assignee: Mark Payne
>Priority: Blocker
> Fix For: 1.0.0
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

[jira] [Commented] (NIFI-2123) Authorize Individual Provenance Events

7 matches

Site Navigation

Mail list logo

Footer information