[ https://issues.apache.org/jira/browse/NIFI-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15346335#comment-15346335 ]
Matt Gilman edited comment on NIFI-2093 at 6/23/16 12:25 PM: ------------------------------------------------------------- [~ijokarumawak] I was referring to client side. Whether the Clear link is activate or not is based on a flag passed into the showState function in nf-component-state.js. If you look where this is called from we already account for the access controls for Processors via calling supportsModification. However, I didn't notice a comparable check for Controller Services and Reporting Tasks. What's there may be ok if we're already checking the access controls prior to that point but its something that I wanted to make sure was re-visited. I believe the check on the server side is accurate. In our 0.x baseline, viewing and clearing state are actions that are reserved for a Data Flow Manager. Meaning that read only users are not allowed to view or clear state. In our new component based access model, that would equate to requiring WRITE access for the component. I think we made the decision on requiring DFM role in 0.x because state is a very low level concept and not something that a MONITOR user should be concerned with. was (Author: mcgilman): [~ijokarumawak] I was referring to client side. Whether the Clear link is activate or not is based on a flag passed into the showState function in nf-component-state.js. If you look where this is called from we already account for the access controls for Processors via calling supportsModification. However, I didn't notice a comparable check for Controller Services and Reporting Tasks. I believe the check on the server side is accurate. In our 0.x baseline, viewing and clearing state are actions that are reserved for a Data Flow Manager. Meaning that read only users are not allowed to view or clear state. In our new component based access model, that would equate to requiring WRITE access for the component. I think we made the decision on requiring DFM role in 0.x because state is a very low level concept and not something that a MONITOR user should be concerned with. > Clear state link on Component State window is hidden > ---------------------------------------------------- > > Key: NIFI-2093 > URL: https://issues.apache.org/jira/browse/NIFI-2093 > Project: Apache NiFi > Issue Type: Bug > Components: Core UI > Affects Versions: 1.0.0 > Reporter: Koji Kawamura > Assignee: Koji Kawamura > Fix For: 1.0.0 > > Attachments: ComponentState-ConsumeKafka.png > > > It seems that ComponentStateEntity should have accessPolicy so that > CanvasUtis.supportsModification() can handle whether the link is active or > not. -- This message was sent by Atlassian JIRA (v6.3.4#6332)