Fetching a component by hash fails when portfolio ACL is enabled

Current Behavior

Originally reported via Slack: https://owasp.slack.com/archives/C6R3R32H4/p1692026242844699

When querying /v1/component/hash/{hash}, an Uncaught internal server error is being thrown if the ACCESS_MANAGEMENT permission is missing for the team and Portfolio Access Control is enabled.

2023-08-14 15:15:20,880 ERROR [GlobalExceptionHandler] Uncaught internal server error
java.lang.UnsupportedOperationException: null
at java.base/java.util.ImmutableCollections.uoe(Unknown Source)
at java.base/java.util.ImmutableCollections$AbstractImmutableMap.put(Unknown Source)
at org.dependencytrack.persistence.ComponentQueryManager.preprocessACLs(ComponentQueryManager.java:539)
at org.dependencytrack.persistence.ComponentQueryManager.getComponentByHash(ComponentQueryManager.java:191)
at org.dependencytrack.persistence.QueryManager.getComponentByHash(QueryManager.java:500)
at org.dependencytrack.resources.v1.ComponentResource.getComponentByHash(ComponentResource.java:220)
at jdk.internal.reflect.GeneratedMethodAccessor856.invoke(Unknown Source)
...

Steps to Reproduce

Expected Behavior

Fetching components by hash should not fail when Portfolio Access Control is enabled.

Dependency-Track Version

4.8.2

Dependency-Track Distribution

Container Image, Executable WAR

Database Server

N/A

Database Server Version

No response

Browser

N/A

Checklist

[X] I have read and understand the contributing guidelines
[X] I have checked the existing issues for whether this defect was already reported

DependencyTrack / dependency-track

Fetching a component by hash fails when portfolio ACL is enabled #2952