[
https://issues.apache.org/jira/browse/NIFI-4885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16395501#comment-16395501
]
ASF GitHub Bot commented on NIFI-4885:
--------------------------------------
Github user mcgilman commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2515#discussion_r173869295
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/CurrentUserEndpointMerger.java
---
@@ -53,6 +54,23 @@ protected void mergeResponses(final CurrentUserEntity
clientEntity, final Map<No
mergePermissions(clientEntity.getPoliciesPermissions(),
entity.getPoliciesPermissions());
mergePermissions(clientEntity.getProvenancePermissions(),
entity.getProvenancePermissions());
mergePermissions(clientEntity.getTenantsPermissions(),
entity.getTenantsPermissions());
+ mergePermissions(clientEntity.getSystemPermissions(),
entity.getSystemPermissions());
+ mergePermissions(clientEntity.getTenantsPermissions(),
entity.getTenantsPermissions());
+
+ final Set<ComponentRestrictionPermissionDTO>
clientEntityComponentRestrictionsPermissions =
clientEntity.getComponentRestrictionPermissions();
+ final Set<ComponentRestrictionPermissionDTO>
entityComponentRestrictionsPermissions =
entity.getComponentRestrictionPermissions();
+
+ // only retain the component restriction permissions in
common
+
clientEntityComponentRestrictionsPermissions.retainAll(entityComponentRestrictionsPermissions);
+
+ // merge the component restriction permissions
+
clientEntityComponentRestrictionsPermissions.forEach(clientEntityPermission -> {
+ final ComponentRestrictionPermissionDTO
entityPermission =
entityComponentRestrictionsPermissions.stream().filter(entityComponentRestrictionsPermission
-> {
+ return
entityComponentRestrictionsPermission.getRequiredPermission().getId().equals(clientEntityPermission.getRequiredPermission().getId());
+ }).findFirst().orElse(null);
--- End diff --
Because we're doing a retainAll right before this we know that both
collections will each have an entry for the current clientEntityPermission. I
will update to use get() instead.
> More granular restricted component categories
> ---------------------------------------------
>
> Key: NIFI-4885
> URL: https://issues.apache.org/jira/browse/NIFI-4885
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Core UI
> Reporter: Matt Gilman
> Assignee: Matt Gilman
> Priority: Major
>
> Update the Restricted annotation to support more granular categories.
> Available categories will map to new access policies. Example categories and
> their corresponding access policies may be
> * read-filesystem (/restricted-components/read-filesystem)
> * write-filesystem (/restricted-components/write-filesystem)
> * code-execution (/restricted-components/code-execution)
> * keytab-access (/restricted-components/keytab-access)
> The hierarchical nature of the access policies will support backward
> compatibility with existing installations where the policy of
> /restricted-components was used to enforce all subcategories. Any users with
> /restricted-components permissions will be granted access to all
> subcategories. In order to leverage the new granular categories, an
> administrator will need to use NiFi to update their access policies (remove a
> user from /restricted-components and place them into the desired subcategory)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
