[jira] [Commented] (NIFI-375) New user role: Operator who can start and stop components

Thu, 13 Sep 2018 22:44:05 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16614393#comment-16614393
 ] 

ASF GitHub Bot commented on NIFI-375:
-------------------------------------

Github user ijokarumawak commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2990#discussion_r217605699
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
 ---
    @@ -1045,29 +1041,38 @@
             var reportingTaskActionFormatter = function (row, cell, value, 
columnDef, dataContext) {
                 var markup = '';
     
    -            if (dataContext.permissions.canRead && 
dataContext.permissions.canWrite) {
    -                if (dataContext.component.state === 'RUNNING') {
    +            var canWrite = dataContext.permissions.canWrite;
    +            var canRead = dataContext.permissions.canRead;
    +            var canOperate = dataContext.operatePermissions.canWrite || 
canWrite;
    +            var isStopped = dataContext.status.runStatus === 'STOPPED';
    +
    +            if (dataContext.status.runStatus === 'RUNNING') {
    +                if (canOperate) {
                         markup += '<div title="Stop" class="pointer 
stop-reporting-task fa fa-stop"></div>';
    -                } else if (dataContext.component.state === 'STOPPED' || 
dataContext.component.state === 'DISABLED') {
    -                    markup += '<div title="Edit" class="pointer 
edit-reporting-task fa fa-pencil"></div>';
    +                }
     
    -                    // support starting when stopped and no validation 
errors
    -                    if (dataContext.component.state === 'STOPPED' && 
nfCommon.isEmpty(dataContext.component.validationErrors)) {
    -                        markup += '<div title="Start" class="pointer 
start-reporting-task fa fa-play"></div>';
    -                    }
    +            } else if (isStopped || dataContext.status.runStatus === 
'DISABLED') {
     
    -                    if (dataContext.component.multipleVersionsAvailable 
=== true) {
    -                        markup += '<div title="Change Version" 
class="pointer change-version-reporting-task fa fa-exchange"></div>';
    -                    }
    +                if (canRead && canWrite) {
    +                    markup += '<div title="Edit" class="pointer 
edit-reporting-task fa fa-pencil"></div>';
    +                }
     
    -                    if (nfCommon.canModifyController()) {
    -                        markup += '<div title="Remove" class="pointer 
delete-reporting-task fa fa-trash"></div>';
    -                    }
    +                // support starting when stopped and no validation errors
    +                if (canOperate && dataContext.status.runStatus === 
'STOPPED' && dataContext.status.validationStatus === 'VALID') {
    +                    markup += '<div title="Start" class="pointer 
start-reporting-task fa fa-play"></div>';
                     }
     
    -                if (dataContext.component.persistsState === true) {
    -                    markup += '<div title="View State" class="pointer 
view-state-reporting-task fa fa-tasks"></div>';
    +                if (canRead && canWrite && 
dataContext.component.multipleVersionsAvailable === true) {
    +                    markup += '<div title="Change Version" class="pointer 
change-version-reporting-task fa fa-exchange"></div>';
                     }
    +
    +                if (nfCommon.canModifyController()) {
    --- End diff --
    
    Is that so? I didn't change the code since I don't fully agree with the 
suggestion.
    
    > The controller permission will have already been considered when 
determining a value for canWrite server-side since it should be the parent 
resource for every reporting task.
    
    If the reporting task doesn't have its own policy setting, the above 
assumption would be true. However, if a policy for the reporting task is 
defined, the parent controller permission will not be taken into account the 
`canWrite`. The user can have WRITE to a reporting task without having WRITE to 
the controller. In that case, we still need to check controller's permission.
    
    Also, I can see the similar restriction at nf-controller-services.js at 
line 962, checking only parent WRITE permission:
    ```
    if (isDisabled && canWriteControllerServiceParent(dataContext)) {
        markup += '<div class="pointer delete-controller-service fa fa-trash" 
title="Remove"></div>';
    }
    ```
    
    Current conditions are consistent at both controller services and reporting 
tasks. I think it is not an issue. How do you think?



> New user role: Operator who can start and stop components
> ---------------------------------------------------------
>
>                 Key: NIFI-375
>                 URL: https://issues.apache.org/jira/browse/NIFI-375
>             Project: Apache NiFi
>          Issue Type: New Feature
>          Components: Core Framework
>            Reporter: Daniel Ueberfluss
>            Assignee: Koji Kawamura
>            Priority: Major
>
> Would like to have a user role that allows a user to stop/start processors 
> but perform no other changes to the dataflow.
> This would allow users to address simple problems without providing full 
> access to modifying a data flow. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to