NIFI-6020: Fix NPE in getAccessPoliciesForUser
authorKevin Doran <kdoran@apache.org>
Wed, 13 Feb 2019 16:27:18 +0000 (11:27 -0500)
committerMatt Gilman <matt.c.gilman@gmail.com>
Wed, 13 Feb 2019 21:03:46 +0000 (16:03 -0500)
This closes #3304

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy

index 2a2279e..8173a9b 100644 (file)
@@ -282,7 +282,10 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
                     }
 
                     // policy contains a group with the user
-                    return !p.getGroups().stream().filter(g -> userGroupProvider.getGroup(g).getUsers().contains(userId)).collect(Collectors.toSet()).isEmpty();
+                    return p.getGroups().stream().anyMatch(g -> {
+                        final Group group = userGroupProvider.getGroup(g);
+                        return group != null && group.getUsers().contains(userId);
+                    });
                 })
                 .collect(Collectors.toSet());
     }
index 5a4cc3b..13cd90d 100644 (file)
@@ -157,6 +157,29 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
     }
 
     @Unroll
+    def "GetAccessPoliciesForUser: access policy contains identifier of missing group"() {
+        given:
+        def authorizer = mockAuthorizer()
+        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
+        def group1 = new Group.Builder().identifier("group-id-1").name("Group One").addUser("user-id-1").build()
+        def apBuilder = new AccessPolicy.Builder().resource('/fake/resource').action(RequestAction.WRITE)
+        def ap1 = apBuilder.identifier('policy-id-1').addUser('user-id-1').build()
+        def ap2 = apBuilder.identifier('policy-id-2').clearUsers().addGroup('group-id-1').build()
+        def ap3 = apBuilder.identifier('policy-id-3').clearUsers().clearGroups().addGroup('id-of-missing-group').build()
+        def accessPolicies = new HashSet([ap1, ap2, ap3])
+
+        when:
+        def result = dao.getAccessPoliciesForUser('user-id-1')
+
+        then:
+        1 * authorizer.getAccessPolicies() >> accessPolicies
+        1 * authorizer.getGroup('group-id-1') >> group1
+        1 * authorizer.getGroup('id-of-missing-group') >> null
+        0 * _
+        assert result?.equals(new HashSet<AccessPolicy>([ap1, ap2]))
+    }
+
+    @Unroll
     def "GetAccessPolicy: failure"() {
         given:
         def authorizer = mockAuthorizer()