Tamas Palfy created NIFI-12696:
----------------------------------
Summary: Fix authorization issues when requesting
FlowAnalysisResults
Key: NIFI-12696
URL: https://issues.apache.org/jira/browse/NIFI-12696
Project: Apache NiFi
Issue Type: Bug
Reporter: Tamas Palfy
When requesting FlowAnalysisResults the authorization logic performed has a
couple of issues:
# Doesn't handle exceptions thrown when the a component producing a result is
tested to be a Port. The logic goes through possible component types and when
reaches Ports it throws an exception.
# As the logic goest through possible components, the mismatching ones throw
ResourceNotFoundExceptions. These are captured but this is a bad practice in
general. Throwing and capturing exceptions in non-exceptional cases is bad from
both design and performance perspective.
# The number of possible components checked is too limited. If a component is
unrecognized, the corresponding violation will have a PermissionDTO attached
with canRead and canWrite set to false, essentially rendering the result
unavailable and thus leading to a false negative.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
