nifi git commit: NIFI-3121 Remove read permissions on proxy resource for Node Identities. This closes #1368

mcgilman Tue, 07 Feb 2017 14:02:48 -0800

Repository: nifi
Updated Branches:
  refs/heads/master 5af6eb17b -> da5aafdf3



NIFI-3121 Remove read permissions on proxy resource for Node Identities. This 
closes #1368


Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/da5aafdf
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/da5aafdf
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/da5aafdf

Branch: refs/heads/master
Commit: da5aafdf3f1b30347a6d6272256b306d26e30a31
Parents: 5af6eb1
Author: Pierre Villard <[email protected]>
Authored: Thu Dec 29 14:12:20 2016 +0100
Committer: Matt Gilman <[email protected]>
Committed: Tue Feb 7 17:01:51 2017 -0500

----------------------------------------------------------------------
 .../org/apache/nifi/authorization/FileAuthorizer.java   |  1 -
 .../org/apache/nifi/authorization/RoleAccessPolicy.java |  1 -
 .../apache/nifi/authorization/FileAuthorizerTest.java   | 12 +-----------
 3 files changed, 1 insertion(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/da5aafdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
----------------------------------------------------------------------
diff --git 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
index be20b60..9a310a2 100644
--- 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
+++ 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
@@ -359,7 +359,6 @@ public class FileAuthorizer extends 
AbstractPolicyBasedAuthorizer {
             final org.apache.nifi.authorization.file.tenants.generated.User 
jaxbNodeUser = getOrCreateUser(tenants, nodeIdentity);
 
             // grant access to the proxy resource
-            addAccessPolicy(authorizations, ResourceType.Proxy.getValue(), 
jaxbNodeUser.getIdentifier(), READ_CODE);
             addAccessPolicy(authorizations, ResourceType.Proxy.getValue(), 
jaxbNodeUser.getIdentifier(), WRITE_CODE);
 
             // grant the user read/write access data of the root group

http://git-wip-us.apache.org/repos/asf/nifi/blob/da5aafdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/RoleAccessPolicy.java
----------------------------------------------------------------------
diff --git 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/RoleAccessPolicy.java
 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/RoleAccessPolicy.java
index 16e9c9c..03186bc 100644
--- 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/RoleAccessPolicy.java
+++ 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/RoleAccessPolicy.java
@@ -94,7 +94,6 @@ public final class RoleAccessPolicy {
         roleAccessPolicies.put(Role.ROLE_ADMIN, 
Collections.unmodifiableSet(adminPolicies));
 
         final Set<RoleAccessPolicy> proxyPolicies = new HashSet<>();
-        proxyPolicies.add(new RoleAccessPolicy(ResourceType.Proxy.getValue(), 
READ_ACTION));
         proxyPolicies.add(new RoleAccessPolicy(ResourceType.Proxy.getValue(), 
WRITE_ACTION));
         if (rootGroupId != null) {
             proxyPolicies.add(new 
RoleAccessPolicy(ResourceType.Data.getValue() + 
ResourceType.ProcessGroup.getValue() + "/" + rootGroupId, READ_ACTION));

http://git-wip-us.apache.org/repos/asf/nifi/blob/da5aafdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
----------------------------------------------------------------------
diff --git 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
index 55a1839..394aff5 100644
--- 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
+++ 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
@@ -347,7 +347,7 @@ public class FileAuthorizerTest {
         assertEquals(2, user5Policies.size());
 
         assertTrue(user5Policies.containsKey(ResourceType.Proxy.getValue()));
-        assertEquals(2, 
user5Policies.get(ResourceType.Proxy.getValue()).size());
+        assertEquals(1, 
user5Policies.get(ResourceType.Proxy.getValue()).size());
         
assertTrue(user5Policies.get(ResourceType.Proxy.getValue()).contains(RequestAction.WRITE));
 
         // verify user6's policies
@@ -652,13 +652,8 @@ public class FileAuthorizerTest {
         User nodeUser2 = authorizer.getUserByIdentity(nodeIdentity2);
         assertNotNull(nodeUser2);
 
-        AccessPolicy proxyReadPolicy = 
authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(),
 RequestAction.READ);
         AccessPolicy proxyWritePolicy = 
authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(),
 RequestAction.WRITE);
 
-        assertNotNull(proxyReadPolicy);
-        
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser1.getIdentifier()));
-        
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser2.getIdentifier()));
-
         assertNotNull(proxyWritePolicy);
         
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser1.getIdentifier()));
         
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser2.getIdentifier()));
@@ -695,13 +690,8 @@ public class FileAuthorizerTest {
         User nodeUser2 = authorizer.getUserByIdentity(nodeIdentity2);
         assertNotNull(nodeUser2);
 
-        AccessPolicy proxyReadPolicy = 
authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(),
 RequestAction.READ);
         AccessPolicy proxyWritePolicy = 
authorizer.getUsersAndAccessPolicies().getAccessPolicy(ResourceType.Proxy.getValue(),
 RequestAction.WRITE);
 
-        assertNotNull(proxyReadPolicy);
-        
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser1.getIdentifier()));
-        
assertTrue(proxyReadPolicy.getUsers().contains(nodeUser2.getIdentifier()));
-
         assertNotNull(proxyWritePolicy);
         
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser1.getIdentifier()));
         
assertTrue(proxyWritePolicy.getUsers().contains(nodeUser2.getIdentifier()));

nifi git commit: NIFI-3121 Remove read permissions on proxy resource for Node Identities. This closes #1368

Reply via email to