Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
When requesting FlowAnalysisResults the authorization logic performed has a couple of issues:
- Doesn't handle exceptions thrown when the a component producing a result is tested to be a Port. The logic goes through possible component types and when reaches Ports it throws an exception.
- As the logic goest through possible components, the mismatching ones throw ResourceNotFoundExceptions. These are captured but this is a bad practice in general. Throwing and capturing exceptions in non-exceptional cases is bad from both design and performance perspective.
- The number of possible components checked is too limited. If a component is unrecognized, the corresponding violation will have a PermissionDTO attached with canRead and canWrite set to false, essentially rendering the result unavailable and thus leading to a false negative.
Attachments
Issue Links
- links to