Description
Currently the authorization for registry clients is based on READ to /controller (this is a separate issue that should be addressed).
Steps:
- Run a secure instance locally
- Use initial admin to create a registry client
- Remove initial admin from controller policies
- Create a new PG and choose Import from Registry
- Notice nothing happens
UI Error in dev tools:
nf-canvas-all.js?2.0.0-SNAPSHOT:47 Uncaught TypeError: Cannot read properties of undefined (reading 'name') at Object.<anonymous> (nf-canvas-all.js?2.0.0-SNAPSHOT:47:3678) at Function.each (jquery.min.js:2:3003) at b.each (jquery.each.js:1:96) at Object.<anonymous> (nf-canvas-all.js?2.0.0-SNAPSHOT:47:3610) at c (jquery.min.js:2:28447) at Object.fireWith [as resolveWith] (jquery.min.js:2:29192) at l (jquery.min.js:2:80176) at XMLHttpRequest.<anonymous> (jquery.min.js:2:82630)
The issue is that the listing of registry clients will optionally fill in the DTO in the entity based on the user's permissions for the entity, but the permissions are always based on /controller, so if they don't have /controller the DTO will be null.
The UI should still be able to load a screen with an empty list of registry clients.
cc mcgilman
Attachments
Issue Links
- relates to
-
NIFI-12472 NiFi Registry Client requires that users have view on "Access the controller".
-
- Open
-
- links to
