Github user markobean commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2703#discussion_r191053294
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
---
@@ -1359,7 +1363,12 @@ public ProvenanceEventDTO getProvenanceEvent(final
Long eventId) {
} else {
dataAuthorizable =
flowController.createLocalDataAuthorizable(event.getComponentId());
}
- dataAuthorizable.authorize(authorizer, RequestAction.READ,
NiFiUserUtils.getNiFiUser(), attributes);
+ // If not authorized for 'view the data', create only
summarized provenance event
--- End diff --
The summarized event does seem to exclude other details that do not fall
under 'view the data' (i.e. attributes and content.) For example, event
duration and parent/child UUIDs. It seems either more event details besides
lineageStartDate need to be moved out of the "if (!summarized)" block, or...
what else would you suggest? A new method to generate the ProvenanceEventDTO
which explicitly excludes all attributes and content?
---
