[
https://issues.apache.org/jira/browse/NIFI-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346335#comment-15346335
]
Matt Gilman edited comment on NIFI-2093 at 6/23/16 12:25 PM:
-------------------------------------------------------------
[~ijokarumawak] I was referring to client side. Whether the Clear link is
activate or not is based on a flag passed into the showState function in
nf-component-state.js. If you look where this is called from we already account
for the access controls for Processors via calling supportsModification.
However, I didn't notice a comparable check for Controller Services and
Reporting Tasks. What's there may be ok if we're already checking the access
controls prior to that point but its something that I wanted to make sure was
re-visited.
I believe the check on the server side is accurate. In our 0.x baseline,
viewing and clearing state are actions that are reserved for a Data Flow
Manager. Meaning that read only users are not allowed to view or clear state.
In our new component based access model, that would equate to requiring WRITE
access for the component. I think we made the decision on requiring DFM role in
0.x because state is a very low level concept and not something that a MONITOR
user should be concerned with.
was (Author: mcgilman):
[~ijokarumawak] I was referring to client side. Whether the Clear link is
activate or not is based on a flag passed into the showState function in
nf-component-state.js. If you look where this is called from we already account
for the access controls for Processors via calling supportsModification.
However, I didn't notice a comparable check for Controller Services and
Reporting Tasks.
I believe the check on the server side is accurate. In our 0.x baseline,
viewing and clearing state are actions that are reserved for a Data Flow
Manager. Meaning that read only users are not allowed to view or clear state.
In our new component based access model, that would equate to requiring WRITE
access for the component. I think we made the decision on requiring DFM role in
0.x because state is a very low level concept and not something that a MONITOR
user should be concerned with.
> Clear state link on Component State window is hidden
> ----------------------------------------------------
>
> Key: NIFI-2093
> URL: https://issues.apache.org/jira/browse/NIFI-2093
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.0.0
> Reporter: Koji Kawamura
> Assignee: Koji Kawamura
> Fix For: 1.0.0
>
> Attachments: ComponentState-ConsumeKafka.png
>
>
> It seems that ComponentStateEntity should have accessPolicy so that
> CanvasUtis.supportsModification() can handle whether the link is active or
> not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
