Tamas Palfy created NIFI-12696: ---------------------------------- Summary: Fix authorization issues when requesting FlowAnalysisResults Key: NIFI-12696 URL: https://issues.apache.org/jira/browse/NIFI-12696 Project: Apache NiFi Issue Type: Bug Reporter: Tamas Palfy
When requesting FlowAnalysisResults the authorization logic performed has a couple of issues: # Doesn't handle exceptions thrown when the a component producing a result is tested to be a Port. The logic goes through possible component types and when reaches Ports it throws an exception. # As the logic goest through possible components, the mismatching ones throw ResourceNotFoundExceptions. These are captured but this is a bad practice in general. Throwing and capturing exceptions in non-exceptional cases is bad from both design and performance perspective. # The number of possible components checked is too limited. If a component is unrecognized, the corresponding violation will have a PermissionDTO attached with canRead and canWrite set to false, essentially rendering the result unavailable and thus leading to a false negative. -- This message was sent by Atlassian Jira (v8.20.10#820010)