[
https://issues.apache.org/jira/browse/NIFI-1876?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15398514#comment-15398514
]
ASF GitHub Bot commented on NIFI-1876:
--------------------------------------
Github user JPercivall commented on a diff in the pull request:
https://github.com/apache/nifi/pull/694#discussion_r72728226
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java
---
@@ -77,6 +77,8 @@ public ProcessorEntity createProcessorEntity(final
ProcessorDTO dto, final Revis
if (dto != null) {
entity.setPermissions(permissions);
entity.setStatus(status);
+ status.setCanRead(permissions.getCanRead());
--- End diff --
I believe the potential for a NPE was introduce here. Permissions doesn't
get checked for null until line 85.
This also applies to the other changes in this file.
> Clustering - Merge all responses based on authorization
> -------------------------------------------------------
>
> Key: NIFI-1876
> URL: https://issues.apache.org/jira/browse/NIFI-1876
> Project: Apache NiFi
> Issue Type: Sub-task
> Components: Core Framework
> Reporter: Matt Gilman
> Assignee: Jeff Storck
> Fix For: 1.0.0
>
>
> Each node in a cluster may have a different view of the authorization access
> policies simply to in the timing of updates. Because of this, all requests
> need to be merged accordingly.
> Requests are directed at a specific resource. These would result in some 403
> responses.
> Some requests are contain a filtered view of a number of resources. These
> would need to be updated to return the most restrictive set of responses.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
