Fixed user permission validation to correctly handle null users and backend roles.

Signed-off-by: Avinash Niyas <avinashNiyaz1423@gmail.com>

Author: Avinash1423

CHANGELOG.md

@@ -7,6 +7,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.1.0/)
 ### Features
 ### Enhancements
 ### Bug Fixes
+- Fixed user permission validation to correctly handle null users and backend roles.
 ### Infrastructure
 ### Documentation
 ### Maintenance

src/main/java/org/opensearch/flowframework/util/ParseUtils.java

@@ -366,6 +366,14 @@ public static void resolveUserAndExecute(
         }
     }
 
+    // helper method to check if  varargs User... is null
+    private static boolean hasUsersAndRoles(User requestedUser, User resourceUser){
+
+        return requestedUser != null && resourceUser != null && resourceUser.getBackendRoles() != null && requestedUser.getBackendRoles() != null;
+
+
+    }
+
     /**
      * Check if requested user has backend role required to access the resource
      * @param requestedUser the user to execute the request
@@ -374,13 +382,12 @@ public static void resolveUserAndExecute(
      * @return boolean if the requested user has backend role required to access the resource
      * @throws Exception exception
      */
+
+
     private static boolean checkUserPermissions(User requestedUser, User resourceUser, String workflowId) throws Exception {
-        if (requestedUser == null || resourceUser == null) {
-            return false;
-        }
-        if (resourceUser.getBackendRoles() == null || requestedUser.getBackendRoles() == null) {
-            return false;
-        }
+
+        if (!hasUsersAndRoles(requestedUser, resourceUser)) return false;
+
         // Check if requested user has backend role required to access the resource
         for (String backendRole : requestedUser.getBackendRoles()) {
             if (resourceUser.getBackendRoles().contains(backendRole)) {
@@ -398,6 +405,13 @@ private static boolean checkUserPermissions(User requestedUser, User resourceUse
         return false;
     }
 
+    // method to expose checkUserPermissions for testing
+    static boolean exposeCheckUserPermissions(User requestedUser, User resourceUser, String workflowId) throws Exception{
+
+       return checkUserPermissions(requestedUser,  resourceUser,  workflowId);
+
+    }
+
     /**
      * Check if filter by backend roles is enabled and validate the requested user
      * @param requestedUser the user to execute the request

src/test/java/org/opensearch/flowframework/util/ParseUtilsTests.java

@@ -8,6 +8,7 @@
  */
 package org.opensearch.flowframework.util;
 
+import org.mockito.Mockito;
 import org.opensearch.common.xcontent.XContentFactory;
 import org.opensearch.commons.authuser.User;
 import org.opensearch.core.rest.RestStatus;
@@ -29,7 +30,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import static org.opensearch.flowframework.util.ParseUtils.isAdmin;
 
 public class ParseUtilsTests extends OpenSearchTestCase {
@@ -444,4 +444,21 @@ public void testIsAdminBackendRoleIsAllAccess() {
     public void testIsAdminNull() {
         assertFalse(isAdmin(null));
     }
+
+
+    public void testCheckUserPermissionsWithNullUsers() throws Exception {
+
+        User mockrequestedUser=null;
+        User mockresourceUser=new User();
+        String mockWorkFlowId="mockWorkFlowId";
+
+      boolean res= ParseUtils.exposeCheckUserPermissions(mockrequestedUser,mockresourceUser,mockWorkFlowId);
+
+       assertFalse(res);
+
+    }
+
+
+
 }
+