[
https://issues.apache.org/jira/browse/NIFIREG-75?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16300257#comment-16300257
]
ASF GitHub Bot commented on NIFIREG-75:
---------------------------------------
Github user kevdoran commented on the issue:
https://github.com/apache/nifi-registry/pull/64
Upon further discussion, may go with a different approach here. please hold
off on merging this for now
> FileUserGroupProvider allows updating a group to contain unknown users
> ----------------------------------------------------------------------
>
> Key: NIFIREG-75
> URL: https://issues.apache.org/jira/browse/NIFIREG-75
> Project: NiFi Registry
> Issue Type: Bug
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Fix For: 0.0.1
>
>
> In FileUserGroupProvider, when a new group is created, all the users in the
> group are checked to ensure they are known to the FileUserGroupProvider prior
> to creating the group.
> However, when a group is updated, a similar check does not exist, allowing
> one to add invalid users to a group. This gets the server in a bad state with
> unexpected behavior surrounding authorization actions.
> Note that this logic was ported from NiFi, so NiFi should probably be updated
> with the same fix after verifying this is the intended behavior (having the
> check on update).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
