Remove check for multiple authorization#4816
Conversation
|
#4817 should fix the TC inspections. Not sure why they weren't flagged before. |
gianm
left a comment
gianm
left a comment
There was a problem hiding this comment.
I'm not sure removing the check is the right fix. It looks like a better fix would be to modify SupervisorResource to use a "filter" helper where appropriate. It would at least be in specGetAllHistory and specGetAll, which are doing filtering without using the filter helper.
I guess the reason they're not using filter helpers now is that the filter helpers take a resourceActionGenerator with signature Function<? super ResType, ResourceAction>, and that doesn't fit supervisors well, since they could be supervising multiple datasources.
So I would suggest:
- Keep the check.
- Either modify
AuthorizationUtils.filterAuthorizedResourcesto use a function likeFunction<? super ResType, Iterable<ResourceAction>>or instead add a new method with that ability. - Have the SupervisorResource methods use that new filtering capability where appropriate.
|
@gianm I'll make a patch that changes the way the supervisors authorize requests, closing this one |
2 participants
Fixes #4813
PR #4271 had a check where an exception is throw if a request had multiple authorization checks performed, this is too aggressive for now and this PR removes that check.