NIFI-3251: Delete requires WRITE perms on parent

- Requiring WRITE permissions to the parent resource when attempting to remove a component.
- Updating expired certificates in the REST API integration tests.

This closes #1399.

Signed-off-by: James Wing <jvwing@gmail.com>
This commit is contained in:
Matt Gilman 2017-01-05 16:21:50 -05:00 committed by James Wing
parent ddda602620
commit 7340078de2
23 changed files with 141 additions and 15 deletions

View File

@ -110,7 +110,7 @@ public final class StandardConnection implements Connection {
@Override @Override
public Authorizable getParentAuthorizable() { public Authorizable getParentAuthorizable() {
return null; return getProcessGroup();
} }
@Override @Override

View File

@ -24,6 +24,13 @@ import java.util.Set;
* Authorizable for a Snippet. * Authorizable for a Snippet.
*/ */
public interface SnippetAuthorizable { public interface SnippetAuthorizable {
/**
* The authorizable for the parent process group of this snippet.
*
* @return authorizable for parent process group of this snippet
*/
Authorizable getParentProcessGroup();
/** /**
* The authorizables for selected processors. Non null * The authorizables for selected processors. Non null
* *

View File

@ -329,6 +329,11 @@ class StandardAuthorizableLookup implements AuthorizableLookup {
final ProcessGroup processGroup = processGroupDAO.getProcessGroup(snippet.getParentGroupId()); final ProcessGroup processGroup = processGroupDAO.getProcessGroup(snippet.getParentGroupId());
return new SnippetAuthorizable() { return new SnippetAuthorizable() {
@Override
public Authorizable getParentProcessGroup() {
return processGroup;
}
@Override @Override
public Set<ConfigurableComponentAuthorizable> getSelectedProcessors() { public Set<ConfigurableComponentAuthorizable> getSelectedProcessors() {
return processGroup.getProcessors().stream() return processGroup.getProcessors().stream()

View File

@ -422,7 +422,8 @@ public class AccessPolicyResource extends ApplicationResource {
value = "Deletes an access policy", value = "Deletes an access policy",
response = AccessPolicyEntity.class, response = AccessPolicyEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /policies/{resource}", type = "") @Authorization(value = "Write - /policies/{resource}", type = ""),
@Authorization(value = "Write - Policy of the parent resource - /policies/{resource}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -472,7 +473,12 @@ public class AccessPolicyResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final Authorizable accessPolicy = lookup.getAccessPolicyById(id); final Authorizable accessPolicy = lookup.getAccessPolicyById(id);
// ensure write permission to the access policy
accessPolicy.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); accessPolicy.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the policy for the parent process group
accessPolicy.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
null, null,
(revision, accessPolicyEntity) -> { (revision, accessPolicyEntity) -> {

View File

@ -295,6 +295,7 @@ public class ConnectionResource extends ApplicationResource {
response = ConnectionEntity.class, response = ConnectionEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write Source - /{component-type}/{uuid}", type = ""), @Authorization(value = "Write Source - /{component-type}/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = ""),
@Authorization(value = "Write Destination - /{component-type}/{uuid}", type = "") @Authorization(value = "Write Destination - /{component-type}/{uuid}", type = "")
} }
) )
@ -344,7 +345,12 @@ public class ConnectionResource extends ApplicationResource {
lookup -> { lookup -> {
// verifies write access to the source and destination // verifies write access to the source and destination
final Authorizable authorizable = lookup.getConnection(id).getAuthorizable(); final Authorizable authorizable = lookup.getConnection(id).getAuthorizable();
// ensure write permission to the connection
authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
authorizable.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
() -> serviceFacade.verifyDeleteConnection(id), () -> serviceFacade.verifyDeleteConnection(id),
(revision, connectionEntity) -> { (revision, connectionEntity) -> {

View File

@ -661,6 +661,8 @@ public class ControllerServiceResource extends ApplicationResource {
response = ControllerServiceEntity.class, response = ControllerServiceEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /controller-services/{uuid}", type = ""), @Authorization(value = "Write - /controller-services/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group if scoped by Process Group - /process-groups/{uuid}", type = ""),
@Authorization(value = "Write - Controller if scoped by Controller - /controller", type = ""),
@Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = "") @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = "")
} }
) )
@ -706,8 +708,13 @@ public class ControllerServiceResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final ConfigurableComponentAuthorizable controllerService = lookup.getControllerService(id); final ConfigurableComponentAuthorizable controllerService = lookup.getControllerService(id);
// ensure write permission to the controller service
controllerService.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); controllerService.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
controllerService.getAuthorizable().getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// verify any referenced services // verify any referenced services
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(controllerService, authorizer, lookup, false); AuthorizeControllerServiceReference.authorizeControllerServiceReferences(controllerService, authorizer, lookup, false);
}, },

View File

@ -245,7 +245,8 @@ public class FunnelResource extends ApplicationResource {
value = "Deletes a funnel", value = "Deletes a funnel",
response = FunnelEntity.class, response = FunnelEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /funnels/{uuid}", type = "") @Authorization(value = "Write - /funnels/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -290,7 +291,12 @@ public class FunnelResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final Authorizable funnel = lookup.getFunnel(id); final Authorizable funnel = lookup.getFunnel(id);
// ensure write permission to the funnel
funnel.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); funnel.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
funnel.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
() -> serviceFacade.verifyDeleteFunnel(id), () -> serviceFacade.verifyDeleteFunnel(id),
(revision, funnelEntity) -> { (revision, funnelEntity) -> {

View File

@ -244,7 +244,8 @@ public class InputPortResource extends ApplicationResource {
value = "Deletes an input port", value = "Deletes an input port",
response = PortEntity.class, response = PortEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /input-ports/{uuid}", type = "") @Authorization(value = "Write - /input-ports/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -289,7 +290,12 @@ public class InputPortResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final Authorizable inputPort = lookup.getInputPort(id); final Authorizable inputPort = lookup.getInputPort(id);
// ensure write permission to the input port
inputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); inputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
inputPort.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
() -> serviceFacade.verifyDeleteInputPort(id), () -> serviceFacade.verifyDeleteInputPort(id),
(revision, portEntity) -> { (revision, portEntity) -> {

View File

@ -244,7 +244,8 @@ public class LabelResource extends ApplicationResource {
value = "Deletes a label", value = "Deletes a label",
response = LabelEntity.class, response = LabelEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /labels/{uuid}", type = "") @Authorization(value = "Write - /labels/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -289,7 +290,12 @@ public class LabelResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final Authorizable label = lookup.getLabel(id); final Authorizable label = lookup.getLabel(id);
// ensure write permission to the label
label.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); label.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
label.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
null, null,
(revision, labelEntity) -> { (revision, labelEntity) -> {

View File

@ -244,7 +244,8 @@ public class OutputPortResource extends ApplicationResource {
value = "Deletes an output port", value = "Deletes an output port",
response = PortEntity.class, response = PortEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /output-ports/{uuid}", type = "") @Authorization(value = "Write - /output-ports/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -289,7 +290,12 @@ public class OutputPortResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final Authorizable outputPort = lookup.getOutputPort(id); final Authorizable outputPort = lookup.getOutputPort(id);
// ensure write permission to the output port
outputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); outputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
outputPort.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
() -> serviceFacade.verifyDeleteOutputPort(id), () -> serviceFacade.verifyDeleteOutputPort(id),
(revision, portEntity) -> { (revision, portEntity) -> {

View File

@ -339,6 +339,8 @@ public class ProcessGroupResource extends ApplicationResource {
response = ProcessGroupEntity.class, response = ProcessGroupEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /process-groups/{uuid}", type = ""), @Authorization(value = "Write - /process-groups/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = ""),
@Authorization(value = "Read - any referenced Controller Services by any encapsulated components - /controller-services/{uuid}", type = ""),
@Authorization(value = "Write - /{component-type}/{uuid} - For all encapsulated components", type = "") @Authorization(value = "Write - /{component-type}/{uuid} - For all encapsulated components", type = "")
} }
) )
@ -384,12 +386,18 @@ public class ProcessGroupResource extends ApplicationResource {
requestProcessGroupEntity, requestProcessGroupEntity,
requestRevision, requestRevision,
lookup -> { lookup -> {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final ProcessGroupAuthorizable processGroupAuthorizable = lookup.getProcessGroup(id); final ProcessGroupAuthorizable processGroupAuthorizable = lookup.getProcessGroup(id);
// ensure write to this process group and all encapsulated components including templates and controller services. additionally, ensure // ensure write to this process group and all encapsulated components including templates and controller services. additionally, ensure
// read to any referenced services by encapsulated components // read to any referenced services by encapsulated components
authorizeProcessGroup(processGroupAuthorizable, authorizer, lookup, RequestAction.WRITE, true, true, true, false); authorizeProcessGroup(processGroupAuthorizable, authorizer, lookup, RequestAction.WRITE, true, true, true, false);
// ensure write permission to the parent process group, if applicable... if this is the root group the
// request will fail later but still need to handle authorization here
final Authorizable parentAuthorizable = processGroupAuthorizable.getAuthorizable().getParentAuthorizable();
if (parentAuthorizable != null) {
parentAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}
}, },
() -> serviceFacade.verifyDeleteProcessGroup(id), () -> serviceFacade.verifyDeleteProcessGroup(id),
(revision, processGroupEntity) -> { (revision, processGroupEntity) -> {

View File

@ -496,6 +496,7 @@ public class ProcessorResource extends ApplicationResource {
response = ProcessorEntity.class, response = ProcessorEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /processors/{uuid}", type = ""), @Authorization(value = "Write - /processors/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = ""),
@Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = "") @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = "")
} }
) )
@ -540,8 +541,13 @@ public class ProcessorResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final ConfigurableComponentAuthorizable processor = lookup.getProcessor(id); final ConfigurableComponentAuthorizable processor = lookup.getProcessor(id);
// ensure write permission to the processor
processor.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); processor.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
processor.getAuthorizable().getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// verify any referenced services // verify any referenced services
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(processor, authorizer, lookup, false); AuthorizeControllerServiceReference.authorizeControllerServiceReferences(processor, authorizer, lookup, false);
}, },

View File

@ -159,7 +159,8 @@ public class RemoteProcessGroupResource extends ApplicationResource {
value = "Deletes a remote process group", value = "Deletes a remote process group",
response = RemoteProcessGroupEntity.class, response = RemoteProcessGroupEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /remote-process-groups/{uuid}", type = "") @Authorization(value = "Write - /remote-process-groups/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -204,7 +205,12 @@ public class RemoteProcessGroupResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id); final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id);
// ensure write permission to the remote process group
remoteProcessGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); remoteProcessGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
remoteProcessGroup.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
() -> serviceFacade.verifyDeleteRemoteProcessGroup(id), () -> serviceFacade.verifyDeleteRemoteProcessGroup(id),
(revision, remoteProcessGroupEntity) -> { (revision, remoteProcessGroupEntity) -> {

View File

@ -465,6 +465,7 @@ public class ReportingTaskResource extends ApplicationResource {
response = ReportingTaskEntity.class, response = ReportingTaskEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /reporting-tasks/{uuid}", type = ""), @Authorization(value = "Write - /reporting-tasks/{uuid}", type = ""),
@Authorization(value = "Write - /controller", type = ""),
@Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = "") @Authorization(value = "Read - any referenced Controller Services - /controller-services/{uuid}", type = "")
} }
) )
@ -510,8 +511,13 @@ public class ReportingTaskResource extends ApplicationResource {
requestRevision, requestRevision,
lookup -> { lookup -> {
final ConfigurableComponentAuthorizable reportingTask = lookup.getReportingTask(id); final ConfigurableComponentAuthorizable reportingTask = lookup.getReportingTask(id);
// ensure write permission to the reporting task
reportingTask.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); reportingTask.getAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
reportingTask.getAuthorizable().getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// verify any referenced services // verify any referenced services
AuthorizeControllerServiceReference.authorizeControllerServiceReferences(reportingTask, authorizer, lookup, false); AuthorizeControllerServiceReference.authorizeControllerServiceReferences(reportingTask, authorizer, lookup, false);
}, },

View File

@ -301,7 +301,8 @@ public class SnippetResource extends ApplicationResource {
value = "Deletes the components in a snippet and discards the snippet", value = "Deletes the components in a snippet and discards the snippet",
response = SnippetEntity.class, response = SnippetEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet and their descendant components", type = "") @Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet and their descendant components", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = ""),
} }
) )
@ApiResponses( @ApiResponses(
@ -338,6 +339,9 @@ public class SnippetResource extends ApplicationResource {
// ensure write permission to every component in the snippet excluding referenced services // ensure write permission to every component in the snippet excluding referenced services
final SnippetAuthorizable snippet = lookup.getSnippet(snippetId); final SnippetAuthorizable snippet = lookup.getSnippet(snippetId);
authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE, true, false); authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE, true, false);
// ensure write permission to the parent process group
snippet.getParentProcessGroup().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
() -> serviceFacade.verifyDeleteSnippet(snippetId, requestRevisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())), () -> serviceFacade.verifyDeleteSnippet(snippetId, requestRevisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())),
(revisions, entity) -> { (revisions, entity) -> {

View File

@ -165,7 +165,8 @@ public class TemplateResource extends ApplicationResource {
value = "Deletes a template", value = "Deletes a template",
response = TemplateEntity.class, response = TemplateEntity.class,
authorizations = { authorizations = {
@Authorization(value = "Write - /templates/{uuid}", type = "") @Authorization(value = "Write - /templates/{uuid}", type = ""),
@Authorization(value = "Write - Parent Process Group - /process-groups/{uuid}", type = "")
} }
) )
@ApiResponses( @ApiResponses(
@ -197,7 +198,12 @@ public class TemplateResource extends ApplicationResource {
requestTemplateEntity, requestTemplateEntity,
lookup -> { lookup -> {
final Authorizable template = lookup.getTemplate(id).getAuthorizable(); final Authorizable template = lookup.getTemplate(id).getAuthorizable();
// ensure write permission to the template
template.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); template.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
// ensure write permission to the parent process group
template.getParentAuthorizable().authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, },
null, null,
(templateEntity) -> { (templateEntity) -> {

View File

@ -33,7 +33,7 @@ public class NiFiFlowTestAuthorizer implements Authorizer {
public static final String NO_POLICY_COMPONENT_NAME = "No policies"; public static final String NO_POLICY_COMPONENT_NAME = "No policies";
public static final String PROXY_DN = "CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US"; public static final String PROXY_DN = "CN=localhost, OU=NIFI";
public static final String NONE_USER_DN = "none@nifi"; public static final String NONE_USER_DN = "none@nifi";
public static final String READ_USER_DN = "read@nifi"; public static final String READ_USER_DN = "read@nifi";

View File

@ -33,7 +33,7 @@ public class NiFiTestAuthorizer implements Authorizer {
public static final String NO_POLICY_COMPONENT_NAME = "No policies"; public static final String NO_POLICY_COMPONENT_NAME = "No policies";
public static final String PROXY_DN = "CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US"; public static final String PROXY_DN = "CN=localhost, OU=NIFI";
public static final String NONE_USER_DN = "none@nifi"; public static final String NONE_USER_DN = "none@nifi";
public static final String READ_USER_DN = "read@nifi"; public static final String READ_USER_DN = "read@nifi";

View File

@ -953,6 +953,11 @@ nf.CanvasUtils = (function () {
return false; return false;
} }
// ensure the user has write permissions to the current process group
if (nf.Canvas.canWrite() === false) {
return false;
}
if (nf.CanvasUtils.canModify(selection) === false) { if (nf.CanvasUtils.canModify(selection) === false) {
return false; return false;
} }

View File

@ -505,7 +505,37 @@ nf.ControllerServices = (function () {
if (nf.Common.isDefinedAndNotNull(dataContext.component.parentGroupId)) { if (nf.Common.isDefinedAndNotNull(dataContext.component.parentGroupId)) {
return dataContext.component.parentGroupId; return dataContext.component.parentGroupId;
} else { } else {
return 'Controller' return 'Controller';
}
};
/**
* Determines if the user has write permissions for the parent of the specified controller service.
*
* @param dataContext
* @returns {boolean} whether the user has write permissions for the parent of the controller service
*/
var canWriteControllerServiceParent = function (dataContext) {
// we know the process group for this controller service is part
// of the current breadcrumb trail
var canWriteProcessGroupParent = function (processGroupId) {
var breadcrumbs = nf.ng.Bridge.injector.get('breadcrumbsCtrl').getBreadcrumbs();
var isAuthorized = false;
$.each(breadcrumbs, function (_, breadcrumbEntity) {
if (breadcrumbEntity.id === processGroupId) {
isAuthorized = breadcrumbEntity.permissions.canWrite;
return false;
}
});
return isAuthorized;
};
if (nf.Common.isDefinedAndNotNull(dataContext.component.parentGroupId)) {
return canWriteProcessGroupParent(dataContext.component.parentGroupId);
} else {
return nf.Common.canModifyController();
} }
}; };
@ -650,7 +680,7 @@ nf.ControllerServices = (function () {
} }
} }
if (dataContext.permissions.canWrite) { if (dataContext.permissions.canWrite && canWriteControllerServiceParent(dataContext)) {
markup += '<div class="pointer delete-controller-service fa fa-trash" title="Remove" style="margin-top: 2px; margin-right: 3px;" ></div>'; markup += '<div class="pointer delete-controller-service fa fa-trash" title="Remove" style="margin-top: 2px; margin-right: 3px;" ></div>';
} }

View File

@ -754,7 +754,7 @@ nf.Settings = (function () {
} }
} }
if (dataContext.permissions.canWrite) { if (dataContext.permissions.canWrite && nf.Common.canModifyController()) {
markup += '<div title="Remove" class="pointer delete-reporting-task fa fa-trash" style="margin-top: 2px; margin-right: 3px;" ></div>'; markup += '<div title="Remove" class="pointer delete-reporting-task fa fa-trash" style="margin-top: 2px; margin-right: 3px;" ></div>';
} }