NIFI-5033:

- Ensuring appropriate response in checkAuthorization when user is null. - Ensuring the user reference is passed down when applying variable changes. This closes #2598. Signed-off-by: Mark Payne <markap14@hotmail.com>
2018-04-02 09:32:34 -04:00 · 2018-04-02 09:32:34 -04:00 · bbe79d2260
parent 134339c4b7
commit bbe79d2260
3 changed files with 16 additions and 10 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/RestrictedComponentsAuthorizableFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/RestrictedComponentsAuthorizableFactory.java
@ -65,7 +65,7 @@ public class RestrictedComponentsAuthorizableFactory {
            @Override
            public AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
                if (user == null) {
-                    throw new AccessDeniedException("Unknown user.");
+                    return AuthorizationResult.denied("Unknown user.");
                }

                final AuthorizationResult resourceResult = Authorizable.super.checkAuthorization(authorizer, action, user, resourceContext);
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@ -16,9 +16,7 @@
 */
 package org.apache.nifi.web;

-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-
+import com.google.common.collect.Sets;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.nifi.action.Action;
 import org.apache.nifi.action.Component;
@ -284,8 +282,8 @@ import org.apache.nifi.web.util.SnippetUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

-import com.google.common.collect.Sets;
-
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
@ -947,9 +945,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
        final RevisionUpdate<VariableRegistryDTO> snapshot = updateComponent(user, revision,
            processGroupNode,
            () -> processGroupDAO.updateVariableRegistry(user, variableRegistryDto),
-            processGroup -> dtoFactory.createVariableRegistryDto(processGroup, revisionManager));
+            processGroup -> dtoFactory.createVariableRegistryDto(processGroup, revisionManager, user));

-        final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroupNode);
+        final PermissionsDTO permissions = dtoFactory.createPermissionsDto(processGroupNode, user);
        final RevisionDTO updatedRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
        return entityFactory.createVariableRegistryEntity(snapshot.getComponent(), updatedRevision, permissions);
    }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
@ -2478,10 +2478,14 @@ public final class DtoFactory {
    }

    public Set<AffectedComponentEntity> createAffectedComponentEntities(final Set<ConfiguredComponent> affectedComponents, final RevisionManager revisionManager) {
+        return createAffectedComponentEntities(affectedComponents, revisionManager, NiFiUserUtils.getNiFiUser());
+    }
+
+    public Set<AffectedComponentEntity> createAffectedComponentEntities(final Set<ConfiguredComponent> affectedComponents, final RevisionManager revisionManager, final NiFiUser user) {
        return affectedComponents.stream()
                .map(component -> {
                    final AffectedComponentDTO affectedComponent = createAffectedComponentDto(component);
-                    final PermissionsDTO permissions = createPermissionsDto(component);
+                    final PermissionsDTO permissions = createPermissionsDto(component, user);
                    final RevisionDTO revision = createRevisionDTO(revisionManager.getRevision(component.getIdentifier()));
                    return entityFactory.createAffectedComponentEntity(affectedComponent, revision, permissions);
                })
@ -2489,6 +2493,10 @@ public final class DtoFactory {
    }

    public VariableRegistryDTO createVariableRegistryDto(final ProcessGroup processGroup, final RevisionManager revisionManager) {
+        return createVariableRegistryDto(processGroup, revisionManager, NiFiUserUtils.getNiFiUser());
+    }
+
+    public VariableRegistryDTO createVariableRegistryDto(final ProcessGroup processGroup, final RevisionManager revisionManager, final NiFiUser user) {
        final ComponentVariableRegistry variableRegistry = processGroup.getVariableRegistry();

        final List<String> variableNames = variableRegistry.getVariableMap().keySet().stream()
@ -2503,7 +2511,7 @@ public final class DtoFactory {
            variableDto.setValue(variableRegistry.getVariableValue(variableName));
            variableDto.setProcessGroupId(processGroup.getIdentifier());

-            final Set<AffectedComponentEntity> affectedComponentEntities = createAffectedComponentEntities(processGroup.getComponentsAffectedByVariable(variableName), revisionManager);
+            final Set<AffectedComponentEntity> affectedComponentEntities = createAffectedComponentEntities(processGroup.getComponentsAffectedByVariable(variableName), revisionManager, user);

            boolean canWrite = true;
            for (final AffectedComponentEntity affectedComponent : affectedComponentEntities) {