[
https://issues.apache.org/jira/browse/NIFI-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15347451#comment-15347451
]
Koji Kawamura commented on NIFI-2093:
-------------------------------------
[~mcgilman] I looked at the Javascript codes and confirmed that only showState
function for Processors is using supportsModification.
It may make sense to add comparable check for Controller Services and Reporting
Tasks using supportsModification, however, if "Get" and "Clear" both require
"WRITE" access, then it should be fine as it is. If one doesn't have WRITE
access, they can't open the Component State window in the first place, because
server throws AccessDeniedException.
Although Controller Services and Reporting Tasks don't use
supportsModification, they check dataContext.accessPolicy whether to show
controlling UI inputs including show status button:
{code:title=nf-controller-services.js and nf-settings.js}
if (dataContext.accessPolicy.canRead && dataContext.accessPolicy.canWrite) {
{code}
Overall, I think current implementation is enough to block unauthorized user
clears state. Please let me know your thoughts.
> Clear state link on Component State window is hidden
> ----------------------------------------------------
>
> Key: NIFI-2093
> URL: https://issues.apache.org/jira/browse/NIFI-2093
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core UI
> Affects Versions: 1.0.0
> Reporter: Koji Kawamura
> Assignee: Koji Kawamura
> Fix For: 1.0.0
>
> Attachments: ComponentState-ConsumeKafka.png
>
>
> It seems that ComponentStateEntity should have accessPolicy so that
> CanvasUtis.supportsModification() can handle whether the link is active or
> not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
