updated the support user permissions to disallow authentications as well and updated webui to nav to auth page if auth is available but secrets are not w/ burnettk (#454)

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jasquat 2023-09-07 10:33:56 -04:00 committed by GitHub
parent 9925105a5e
commit 9ea90a94bf
3 changed files with 38 additions and 9 deletions

View File

@ -578,6 +578,7 @@ class AuthorizationService:
for permission in ["create", "read", "update", "delete"]:
permissions_to_assign.append(PermissionToAssign(permission=permission, target_uri="/secrets/*"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentications"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentication/configuration"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentication_begin/*"))
permissions_to_assign.append(
@ -599,7 +600,6 @@ class AuthorizationService:
# can also start through messages as well
permissions_to_assign.append(PermissionToAssign(permission="create", target_uri="/messages/*"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/messages"))
permissions_to_assign.append(PermissionToAssign(permission="read", target_uri="/authentications"))
permissions_to_assign.append(
PermissionToAssign(permission="create", target_uri="/can-run-privileged-script/*")

View File

@ -476,7 +476,6 @@ class TestAuthorizationService(BaseTest):
return sorted(
self._expected_basic_permissions()
+ [
("/authentications", "read"),
("/can-run-privileged-script/*", "create"),
("/data-stores/*", "read"),
("/debug/*", "create"),
@ -511,6 +510,7 @@ class TestAuthorizationService(BaseTest):
("/authentication/configuration", "read"),
("/authentication/configuration", "update"),
("/authentication_begin/*", "read"),
("/authentications", "read"),
("/secrets/*", "create"),
("/secrets/*", "delete"),
("/secrets/*", "read"),

View File

@ -1,29 +1,58 @@
import { useEffect, useState } from 'react';
import { Link, useSearchParams } from 'react-router-dom';
import { Link, useNavigate, useSearchParams } from 'react-router-dom';
// @ts-ignore
import { Button, Table } from '@carbon/react';
import { MdDelete } from 'react-icons/md';
import PaginationForTable from '../components/PaginationForTable';
import HttpService from '../services/HttpService';
import { getPageInfoFromSearchParams } from '../helpers';
import { useUriListForPermissions } from '../hooks/UriListForPermissions';
import { PermissionsToCheck } from '../interfaces';
import { usePermissionFetcher } from '../hooks/PermissionService';
export default function SecretList() {
const [searchParams] = useSearchParams();
const navigate = useNavigate();
const [secrets, setSecrets] = useState([]);
const [pagination, setPagination] = useState(null);
const { targetUris } = useUriListForPermissions();
const permissionRequestData: PermissionsToCheck = {
[targetUris.authenticationListPath]: ['GET'],
[targetUris.secretListPath]: ['GET'],
};
const { ability, permissionsLoaded } = usePermissionFetcher(
permissionRequestData
);
useEffect(() => {
const setSecretsFromResult = (result: any) => {
setSecrets(result.results);
setPagination(result.pagination);
};
if (permissionsLoaded) {
if (
!ability.can('GET', targetUris.secretListPath) &&
ability.can('GET', targetUris.authenticationListPath)
) {
navigate('/admin/configuration/authentications');
} else {
const { page, perPage } = getPageInfoFromSearchParams(searchParams);
HttpService.makeCallToBackend({
path: `/secrets?per_page=${perPage}&page=${page}`,
successCallback: setSecretsFromResult,
});
}, [searchParams]);
}
}
}, [
searchParams,
permissionsLoaded,
ability,
navigate,
targetUris.authenticationListPath,
targetUris.secretListPath,
]);
const reloadSecrets = (_result: any) => {
window.location.reload();