This is an automated email from the ASF dual-hosted git repository.
mcgilman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 2938454 NIFI-6020: Fix NPE in getAccessPoliciesForUser
2938454 is described below
commit 2938454ae4fc200fd5f6aeffe23bc4b33c83e783
Author: Kevin Doran <[email protected]>
AuthorDate: Wed Feb 13 11:27:18 2019 -0500
NIFI-6020: Fix NPE in getAccessPoliciesForUser
This closes #3304
---
.../dao/impl/StandardPolicyBasedAuthorizerDAO.java | 5 ++++-
.../StandardPolicyBasedAuthorizerDAOSpec.groovy | 23 ++++++++++++++++++++++
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
index 2a2279e..8173a9b 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
@@ -282,7 +282,10 @@ public class StandardPolicyBasedAuthorizerDAO implements
AccessPolicyDAO, UserGr
}
// policy contains a group with the user
- return !p.getGroups().stream().filter(g ->
userGroupProvider.getGroup(g).getUsers().contains(userId)).collect(Collectors.toSet()).isEmpty();
+ return p.getGroups().stream().anyMatch(g -> {
+ final Group group = userGroupProvider.getGroup(g);
+ return group != null &&
group.getUsers().contains(userId);
+ });
})
.collect(Collectors.toSet());
}
diff --git
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
index 5a4cc3b..13cd90d 100644
---
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
+++
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
@@ -157,6 +157,29 @@ class StandardPolicyBasedAuthorizerDAOSpec extends
Specification {
}
@Unroll
+ def "GetAccessPoliciesForUser: access policy contains identifier of
missing group"() {
+ given:
+ def authorizer = mockAuthorizer()
+ def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
+ def group1 = new Group.Builder().identifier("group-id-1").name("Group
One").addUser("user-id-1").build()
+ def apBuilder = new
AccessPolicy.Builder().resource('/fake/resource').action(RequestAction.WRITE)
+ def ap1 =
apBuilder.identifier('policy-id-1').addUser('user-id-1').build()
+ def ap2 =
apBuilder.identifier('policy-id-2').clearUsers().addGroup('group-id-1').build()
+ def ap3 =
apBuilder.identifier('policy-id-3').clearUsers().clearGroups().addGroup('id-of-missing-group').build()
+ def accessPolicies = new HashSet([ap1, ap2, ap3])
+
+ when:
+ def result = dao.getAccessPoliciesForUser('user-id-1')
+
+ then:
+ 1 * authorizer.getAccessPolicies() >> accessPolicies
+ 1 * authorizer.getGroup('group-id-1') >> group1
+ 1 * authorizer.getGroup('id-of-missing-group') >> null
+ 0 * _
+ assert result?.equals(new HashSet<AccessPolicy>([ap1, ap2]))
+ }
+
+ @Unroll
def "GetAccessPolicy: failure"() {
given:
def authorizer = mockAuthorizer()
