You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by jkaria <gi...@git.apache.org> on 2016/01/21 22:36:13 UTC

[GitHub] storm pull request: STORM-349. (Security) ui actions should have n...

Github user jkaria commented on a diff in the pull request:

    https://github.com/apache/storm/pull/215#discussion_r50468175
  
    --- Diff: storm-core/src/clj/backtype/storm/ui/core.clj ---
    @@ -47,33 +52,19 @@
          [~nimbus-sym (*STORM-CONF* NIMBUS-HOST) (*STORM-CONF* NIMBUS-THRIFT-PORT)]
          ~@body))
     
    -(defn authorized-ui-user?
    -  [user conf topology-conf]
    -  (let [ui-users (concat (conf UI-USERS)
    -                         (conf NIMBUS-ADMINS)
    -                         (topology-conf UI-USERS)
    -                         (topology-conf TOPOLOGY-USERS))]
    -    (or (blank? (conf UI-FILTER))
    -        (and (not (blank? user))
    -          (some #(= % user) ui-users)))))
    -
    -(defn assert-authorized-ui-user
    -  [user conf topology-conf]
    -  (if (not (authorized-ui-user? user conf topology-conf))
    -    ;;TODO need a better exception here so the UI can appear better
    -    (throw (RuntimeException. (str "User " user " is not authorized.")))))
    -
    -(defn- ui-actions-enabled?
    -  []
    -  (= "true" (lower-case (*STORM-CONF* UI-ACTIONS-ENABLED))))
    --- End diff --
    
    with this change shouldn't the config line for this in defaults.yaml removed?
    
    ui.actions.enabled: true
    https://github.com/apache/storm/blob/master/conf/defaults.yaml#L87


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---