[
https://issues.apache.org/jira/browse/NIFI-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395485#comment-16395485
]
ASF GitHub Bot commented on NIFI-4885:
--------------------------------------
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2515#discussion_r173858341
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/CurrentUserEndpointMerger.java
---
@@ -53,6 +54,23 @@ protected void mergeResponses(final CurrentUserEntity
clientEntity, final Map<No
mergePermissions(clientEntity.getPoliciesPermissions(),
entity.getPoliciesPermissions());
mergePermissions(clientEntity.getProvenancePermissions(),
entity.getProvenancePermissions());
mergePermissions(clientEntity.getTenantsPermissions(),
entity.getTenantsPermissions());
+ mergePermissions(clientEntity.getSystemPermissions(),
entity.getSystemPermissions());
+ mergePermissions(clientEntity.getTenantsPermissions(),
entity.getTenantsPermissions());
+
+ final Set<ComponentRestrictionPermissionDTO>
clientEntityComponentRestrictionsPermissions =
clientEntity.getComponentRestrictionPermissions();
+ final Set<ComponentRestrictionPermissionDTO>
entityComponentRestrictionsPermissions =
entity.getComponentRestrictionPermissions();
+
+ // only retain the component restriction permissions in
common
+
clientEntityComponentRestrictionsPermissions.retainAll(entityComponentRestrictionsPermissions);
+
+ // merge the component restriction permissions
+
clientEntityComponentRestrictionsPermissions.forEach(clientEntityPermission -> {
+ final ComponentRestrictionPermissionDTO
entityPermission =
entityComponentRestrictionsPermissions.stream().filter(entityComponentRestrictionsPermission
-> {
+ return
entityComponentRestrictionsPermission.getRequiredPermission().getId().equals(clientEntityPermission.getRequiredPermission().getId());
+ }).findFirst().orElse(null);
--- End diff --
Are we guaranteed at this point that there will be at least one entry? If
so, then we should probably just use findFirst().get() because it makes this
more clear. If not, then we could end up with a null value here, and the next
line would then throw a NPE.
> More granular restricted component categories
> ---------------------------------------------
>
> Key: NIFI-4885
> URL: https://issues.apache.org/jira/browse/NIFI-4885
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Core UI
> Reporter: Matt Gilman
> Assignee: Matt Gilman
> Priority: Major
>
> Update the Restricted annotation to support more granular categories.
> Available categories will map to new access policies. Example categories and
> their corresponding access policies may be
> * read-filesystem (/restricted-components/read-filesystem)
> * write-filesystem (/restricted-components/write-filesystem)
> * code-execution (/restricted-components/code-execution)
> * keytab-access (/restricted-components/keytab-access)
> The hierarchical nature of the access policies will support backward
> compatibility with existing installations where the policy of
> /restricted-components was used to enforce all subcategories. Any users with
> /restricted-components permissions will be granted access to all
> subcategories. In order to leverage the new granular categories, an
> administrator will need to use NiFi to update their access policies (remove a
> user from /restricted-components and place them into the desired subcategory)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
