nifi/nifi-framework-authorization at e25b26e9cf860db038da8e23e8e64bdb1b8dba88 - nifi

History

Koji Kawamura f570cb980d NIFI-375: Added operation policy The operation policy allows that a user to operate components even if they does not have direct READ/WRITE permission of the component. Following operations are controlled by the new operate policy: - Start/stop/enable/disable Processors, ControllerServices, ReportingTasks, Input/OuputPorts - Enable/disable transmission of RemoteInput/OutputPorts and RemoteProcessGroups - Terminate Processor threads Refactored what API exposes The previous commit let API exposes few fields in DTO. But we should avoid returning partial DTO as it complicates authorization logic. Instead, this commit adds StatusDTO for ReportingTaskEntity and ControllerServiceEntity, so that it can be returned regardless of having READ permission. Component DTO can only be returned with a READ permission. Refactor RPG same as ControllerService. WIP incorporating review comments. Incorporated review comments - Cleaned up merger classes - Recreate DTO instance at each function during two phase commmit Restrict enabling ControllerService without read permission Revert the last commit. Fix review comments. - Renamed confusing static method names and its parameters - Removed unnecessary permission checks from UI condition Fixed delete action display condition. Fixed NPE at Summary. Apply operation policy to activateControllerServices. Removed OperationPermissible from ComponentEntity. This closes #2990	2018-09-19 15:28:41 -04:00
..
src	NIFI-375: Added operation policy	2018-09-19 15:28:41 -04:00
pom.xml	NIFI-375: Added operation policy	2018-09-19 15:28:41 -04:00

The operation policy allows that a user to operate components even if they does not have direct READ/WRITE
permission of the component.

Following operations are controlled by the new operate policy:
- Start/stop/enable/disable Processors, ControllerServices,
ReportingTasks, Input/OuputPorts
- Enable/disable transmission of RemoteInput/OutputPorts and
RemoteProcessGroups
- Terminate Processor threads

Refactored what API exposes

The previous commit let API exposes few fields in DTO. But we should
avoid returning partial DTO as it complicates authorization logic.

Instead, this commit adds StatusDTO for ReportingTaskEntity and
ControllerServiceEntity, so that it can be returned regardless of having
READ permission. Component DTO can only be returned with a READ
permission.

Refactor RPG same as ControllerService.

WIP incorporating review comments.

Incorporated review comments

- Cleaned up merger classes
- Recreate DTO instance at each function during two phase commmit

Restrict enabling ControllerService without read permission

Revert the last commit.

Fix review comments.

- Renamed confusing static method names and its parameters
- Removed unnecessary permission checks from UI condition

Fixed delete action display condition.

Fixed NPE at Summary.

Apply operation policy to activateControllerServices.

Removed OperationPermissible from ComponentEntity.

This closes #2990

2018-09-19 15:28:41 -04:00

src

NIFI-375: Added operation policy

2018-09-19 15:28:41 -04:00

pom.xml

NIFI-375: Added operation policy

2018-09-19 15:28:41 -04:00