[
https://issues.apache.org/jira/browse/NIFI-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15345944#comment-15345944
]
Koji Kawamura commented on NIFI-2093:
-------------------------------------
Access policy checks for Controller service and Reporting task have following
authorization check code:
{code:title=ControllerServiceResource.java}
public Response getState() {
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable controllerService =
lookup.getControllerService(id);
// Shouldn't it be READ?
controllerService.authorize(authorizer, RequestAction.WRITE);
});
}
public Response clearState() {
final boolean validationPhase = isValidationPhase(httpServletRequest);
if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable controllerService =
lookup.getControllerService(id);
controllerService.authorize(authorizer, RequestAction.WRITE);
});
}
}
{code}
[~mcgilman]
Do we need something in addition to that? BTW, getState authorizes WRITE
action. Shouldn't it be READ?
> Clear state link on Component State window is hidden
> ----------------------------------------------------
>
> Key: NIFI-2093
> URL: https://issues.apache.org/jira/browse/NIFI-2093
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.0.0
> Reporter: Koji Kawamura
> Assignee: Koji Kawamura
> Fix For: 1.0.0
>
> Attachments: ComponentState-ConsumeKafka.png
>
>
> It seems that ComponentStateEntity should have accessPolicy so that
> CanvasUtis.supportsModification() can handle whether the link is active or
> not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
