Github user mcgilman commented on a diff in the pull request:
https://github.com/apache/nifi/pull/996#discussion_r78013161
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/DataTransferResource.java
---
@@ -133,15 +133,18 @@ protected void authorizeDataTransfer(final
AuthorizableLookup lookup, final Reso
}
// get the authorizable
- final DataTransferAuthorizable authorizable;
+ final Authorizable authorizable;
if (ResourceType.InputPort.equals(resourceType)) {
- authorizable = new
DataTransferAuthorizable(lookup.getInputPort(identifier));
+ authorizable = lookup.getInputPort(identifier);
} else {
- authorizable = new
DataTransferAuthorizable(lookup.getOutputPort(identifier));
+ authorizable = lookup.getOutputPort(identifier);
}
// perform the authorization
- authorizable.authorize(authorizer, RequestAction.WRITE, user);
+ final PortAuthorizationResult authorizationResult =
((RootGroupPort) authorizable).checkUserAuthorization(user);
--- End diff --
@ijokarumawak Here is what I'm proposing to include in your commit [1]. It
should address the potential ClassCastException while still deferring to the
underlying component for authorization to be consistent with raw s2s. Let me
know what you think... I'm still reviewing but looks good so far. Thanks.
[1]
https://github.com/mcgilman/nifi/commit/b97714a4839c7c2536b0426b53e3f67858b89c5e
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
