[14/50] [abbrv] ambari git commit: AMBARI-20768. Local Ambari user with no cluster role must not be able to access Logsearch UI (Keta Patel via oleewere)

Mon, 24 Apr 2017 05:01:45 -0700 

AMBARI-20768. Local Ambari user with no cluster role must not be able to access 
Logsearch UI (Keta Patel via oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c8de2d07
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c8de2d07
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c8de2d07

Branch: refs/heads/branch-3.0-perf
Commit: c8de2d07191c014504111a1d55db259d250fbef5
Parents: d853ad8
Author: oleewere <oleew...@gmail.com>
Authored: Thu Apr 20 13:35:25 2017 +0200
Committer: Andrew Onishuk <aonis...@hortonworks.com>
Committed: Mon Apr 24 14:59:56 2017 +0300

----------------------------------------------------------------------
 .../security/LogsearchExternalServerAuthenticationProvider.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/c8de2d07/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
index e23f0a2..1dab126 100644
--- 
a/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
+++ 
b/ambari-logsearch/ambari-logsearch-server/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
@@ -122,8 +122,9 @@ public class LogsearchExternalServerAuthenticationProvider 
extends LogsearchAbst
 
     List<String> values = new ArrayList<>();
     JSONUtil.getValuesOfKey(responseJson, 
PrivilegeInfo.PERMISSION_NAME.toString(), values);
-    if (values.isEmpty())
-      return true;
+    if (values.isEmpty()) {
+      return false;
+    }
     
     if (allowedRoleList.length > 0 && responseJson != null) {
       for (String allowedRole : allowedRoleList) {

Reply via email to