Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-6020: Fix NPE in getAccessPoliciesForUser 

This closes #3304
This commit is contained in:
Kevin Doran 2019-02-13 11:27:18 -05:00 committed by Matt Gilman
parent 3492313d0b
commit 2938454ae4
No known key found for this signature in database
GPG Key ID: DF61EC19432AEE37
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
View File

@ -282,7 +282,10 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
} }
// policy contains a group with the user // policy contains a group with the user
return !p.getGroups().stream().filter(g -> userGroupProvider.getGroup(g).getUsers().contains(userId)).collect(Collectors.toSet()).isEmpty(); return p.getGroups().stream().anyMatch(g -> {
final Group group = userGroupProvider.getGroup(g);
return group != null && group.getUsers().contains(userId);
});
}) })
.collect(Collectors.toSet()); .collect(Collectors.toSet());
} }

23
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
View File

@ -156,6 +156,29 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
.action(RequestAction.WRITE).build() | _ .action(RequestAction.WRITE).build() | _
} }
@Unroll
def "GetAccessPoliciesForUser: access policy contains identifier of missing group"() {
given:
def authorizer = mockAuthorizer()
def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
def group1 = new Group.Builder().identifier("group-id-1").name("Group One").addUser("user-id-1").build()
def apBuilder = new AccessPolicy.Builder().resource('/fake/resource').action(RequestAction.WRITE)
def ap1 = apBuilder.identifier('policy-id-1').addUser('user-id-1').build()
def ap2 = apBuilder.identifier('policy-id-2').clearUsers().addGroup('group-id-1').build()
def ap3 = apBuilder.identifier('policy-id-3').clearUsers().clearGroups().addGroup('id-of-missing-group').build()
def accessPolicies = new HashSet([ap1, ap2, ap3])
when:
def result = dao.getAccessPoliciesForUser('user-id-1')
then:
1 * authorizer.getAccessPolicies() >> accessPolicies
1 * authorizer.getGroup('group-id-1') >> group1
1 * authorizer.getGroup('id-of-missing-group') >> null
0 * _
assert result?.equals(new HashSet<AccessPolicy>([ap1, ap2]))
}
@Unroll @Unroll
def "GetAccessPolicy: failure"() { def "GetAccessPolicy: failure"() {
given: given: