Kevin Doran created NIFIREG-75:
----------------------------------
Summary: FileUserGroupProvider allows updating a group to contain
unknown users
Key: NIFIREG-75
URL: https://issues.apache.org/jira/browse/NIFIREG-75
Project: NiFi Registry
Issue Type: Bug
Reporter: Kevin Doran
Assignee: Kevin Doran
In FileUserGroupProvider, when a new group is created, all the users in the
group are checked to ensure they are known to the FileUserGroupProvider prior
to creating the group.
However, when a group is updated, a similar check does not exist, allowing one
to add invalid users to a group. This gets the server in a bad state with
unexpected behavior surrounding authorization actions.
Note that this logic was ported from NiFi, so NiFi should probably be updated
with the same fix after verifying this is the intended behavior (having the
check on update).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
