NIFI-15265: Fixing bug where the getLocalConnectable was being used to authorize access to a RemoteProcessGroup. Instead we need to use getRemoteProcessGroup from the authorizable lookup.

mcgilman · pvillard31 · commit 5a87d32aaaf4 · 2025-11-26T21:37:28.000+01:00
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com> This closes #10566.
diff --git a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java
@@ -1295,6 +1295,13 @@ public Response clearBulletins(
             throw new IllegalArgumentException("The from timestamp must be specified.");
         }
 
+        // Collect RPG IDs to distinguish them from local connectables during authorization
+        final Set<String> remoteProcessGroupIds = serviceFacade.filterComponents(id, group ->
+                group.findAllRemoteProcessGroups().stream()
+                        .map(rpg -> rpg.getIdentifier())
+                        .collect(Collectors.toSet())
+        );
+
         // if the components are not specified, gather all authorized components
         if (clearBulletinsForGroupRequestEntity.getComponents() == null) {
             // get component IDs that the user has write access to
@@ -1344,8 +1351,10 @@ public Response clearBulletins(
                     // ensure access to every component being cleared
                     final Set<String> requestComponentsToClear = clearBulletinsForGroupRequestEntity.getComponents();
                     requestComponentsToClear.forEach(componentId -> {
-                        final Authorizable connectable = lookup.getLocalConnectable(componentId);
-                        connectable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
+                        final Authorizable authorizable = remoteProcessGroupIds.contains(componentId)
+                                ? lookup.getRemoteProcessGroup(componentId)
+                                : lookup.getLocalConnectable(componentId);
+                        authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
                     });
                 },
                 () -> { },
