mirror of https://github.com/apache/nifi.git
f570cb980d
The operation policy allows that a user to operate components even if they does not have direct READ/WRITE permission of the component. Following operations are controlled by the new operate policy: - Start/stop/enable/disable Processors, ControllerServices, ReportingTasks, Input/OuputPorts - Enable/disable transmission of RemoteInput/OutputPorts and RemoteProcessGroups - Terminate Processor threads Refactored what API exposes The previous commit let API exposes few fields in DTO. But we should avoid returning partial DTO as it complicates authorization logic. Instead, this commit adds StatusDTO for ReportingTaskEntity and ControllerServiceEntity, so that it can be returned regardless of having READ permission. Component DTO can only be returned with a READ permission. Refactor RPG same as ControllerService. WIP incorporating review comments. Incorporated review comments - Cleaned up merger classes - Recreate DTO instance at each function during two phase commmit Restrict enabling ControllerService without read permission Revert the last commit. Fix review comments. - Renamed confusing static method names and its parameters - Removed unnecessary permission checks from UI condition Fixed delete action display condition. Fixed NPE at Summary. Apply operation policy to activateControllerServices. Removed OperationPermissible from ComponentEntity. This closes #2990 |
||
---|---|---|
.. | ||
src/main/java/org/apache/nifi/authorization | ||
pom.xml |