mcgilman opened a new pull request, #11304:
URL: https://github.com/apache/nifi/pull/11304
…ent pages to include policies for view/write data and viewing provenance
events.
## Summary
Extends NiFi UI access policy management for **connectors** at global and
per-instance scope, aligning with backend authorizable paths for connector data
and provenance.
**Global policies** (`/access-policies`):
- Connectors resource supports extended actions: view/modify connectors,
view/modify data (`/data/connectors`), view provenance
(`/provenance-data/connectors`)
- Connectors use a dedicated UI branch (not the generic read/write-only
path) with inherited-policy templates for global connector, data, and
provenance policies
**Per-instance policies** (component access policies):
- Dedicated `connectors` branch: data and provenance actions enabled;
site-to-site disabled
- `ComponentType.Connector` context with inherited templates for
`/connectors`, `/data/connectors`, and `/provenance-data/connectors`
**API resource path fix** (`AccessPolicyService`):
- UI `{ resource: 'connectors', resourceIdentifier: 'data' }` maps to
`/data/connectors` (not `/connectors/data`)
- Same for `provenance-data` → `/provenance-data/connectors`
- `buildResourcePath()` centralizes path construction for create/get and
policy status checks
**Found vs Inherited** (`access-policy.effects.ts`):
- Compares API `component.resource` to `buildResourcePath()` so connector
data/provenance policies resolve correctly (including legacy wrong paths like
`/connectors/data` showing as Inherited)
**Users → Access Policies listing**:
- Human-readable labels for global `/data/connectors` and
`/provenance-data/connectors` policies
- Per-instance connector policy labels and deep links to component policies
**Shared UI**:
- `ComponentContext` and `component-type-name` pipe support for
`ComponentType.Connector` (plug icon, “Connector” label)
- `component-access-policies` selector corrected to
`component-access-policies`
**Queue listing (bundled fix)**:
- On submit/poll API failure, dispatch `queueListingApiError`, close
dialogs, and stop polling so the progress dialog does not stay open indefinitely
## Testing
- [x] `nx test nifi` — access policy service/effects specs, global/component
access-policies specs, user-access-policies specs, component-context spec
- [ ] **Global policies**: Create/view policies for Connectors → read/write,
read/write data, read provenance data; verify API paths `/connectors`,
`/data/connectors`, `/provenance-data/connectors`
- [ ] **Per-instance**: Open access policies for a connector instance;
create inherited/overrides for view connector, view/modify data, view
provenance; confirm site-to-site is not offered
- [ ] **Users listing**: Confirm global connector data/provenance policies
show correct labels (not generic “access connectors”)
- [ ] **Found/Inherited**: Policies at correct paths show **Found**;
policies created earlier at wrong paths (e.g. `/connectors/data`) show
**Inherited** until recreated
- [ ] **Queue listing**: Trigger a queue listing failure; confirm error
surfaces and progress dialog closes
## Notes for reviewers
**Policy migration:** Policies created before this path transform used
incorrect resources (e.g. `/connectors/data`). The UI does not migrate them;
delete and recreate at the correct paths if needed.
**Connector canvas provenance preview:** Preview on the connector canvas is
gated by **global** “query provenance” (`/provenance` /
`currentUser.provenancePermissions.canRead`), not by
`/provenance-data/connectors`. Granting only connector provenance policies does
not enable the preview control.
**Queue listing change:** Included in this PR because it was discovered
during connector policy QA; behavior is unrelated to access policies but fixes
a stuck-dialog regression.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
