Github user markobean commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2703#discussion_r194718350
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
---
@@ -1338,6 +1339,67 @@ private void authorizeReplay(final
ProvenanceEventRecord event) {
dataAuthorizable.authorize(authorizer, RequestAction.WRITE, user,
eventAttributes);
}
+ private AuthorizationResult
checkAuthorizationForData(ProvenanceEventRecord event) {
+ final NiFiUser user = NiFiUserUtils.getNiFiUser();
+ final Authorizable dataAuthorizable;
+ if (event.isRemotePortType()) {
+ dataAuthorizable =
flowController.createRemoteDataAuthorizable(event.getComponentId());
+ } else {
+ dataAuthorizable =
flowController.createLocalDataAuthorizable(event.getComponentId());
+ }
+
+ final Map<String, String> eventAttributes = event.getAttributes();
+
+ // ensure we can read the data
+ return dataAuthorizable.checkAuthorization(authorizer,
RequestAction.READ, user, eventAttributes);
+ }
+
+ private AuthorizationResult checkAuthorizationForProvenanceData(final
ProvenanceEventRecord event) {
--- End diff --
I modified this method and checkConnectableAuthorization() to accomodate a
Process Group being the event component. This is the case for DOWNLOAD
provenance events.
---
