Github user mcgilman commented on a diff in the pull request:
https://github.com/apache/nifi/pull/996#discussion_r78007844
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/DataTransferResource.java
---
@@ -133,15 +133,18 @@ protected void authorizeDataTransfer(final
AuthorizableLookup lookup, final Reso
}
// get the authorizable
- final DataTransferAuthorizable authorizable;
+ final Authorizable authorizable;
if (ResourceType.InputPort.equals(resourceType)) {
- authorizable = new
DataTransferAuthorizable(lookup.getInputPort(identifier));
+ authorizable = lookup.getInputPort(identifier);
} else {
- authorizable = new
DataTransferAuthorizable(lookup.getOutputPort(identifier));
+ authorizable = lookup.getOutputPort(identifier);
}
// perform the authorization
- authorizable.authorize(authorizer, RequestAction.WRITE, user);
+ final PortAuthorizationResult authorizationResult =
((RootGroupPort) authorizable).checkUserAuthorization(user);
--- End diff --
I think we should probably create new methods for getting the RootGroupPort
Authorizable. I believe if a client passed in an identifier for a port that
wasn't on the root group, we would have a ClassCastException. We've done for
other methods in the AuthorizableLookup. I'll type something update and send a
link. If your happy with it too, I'll go ahead and merge it in.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
