ui: Show the correct 'ACLs Disabled' page when ACLs are disabled (#10604)

Adds 'can access ACLs' which means one of two things

1. When ACLs are disabled I can access the 'please enable ACLs' page
2. When ACLs are enabled, its the same as canRead
This commit is contained in:
John Cowen 2021-07-14 18:52:13 +01:00 committed by hc-github-team-consul-core
parent 7d0a1effd6
commit 6a0d4358e6
8 changed files with 39 additions and 9 deletions

3
.changelog/10604.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
ui: Show ACLs disabled page at Tokens page instead of 403 error when ACLs are disabled
```

View File

@ -6,6 +6,12 @@ export default class ACLAbility extends BaseAbility {
resource = 'acl';
segmented = false;
// Access is very similar to read, but when ACLs are disabled you still need
// access to ACLs in order to see the ACLs disabled page, which is accessing
// the ACLs area, but without read
get canAccess() {
return this.env.var('CONSUL_ACLS_ENABLED') ? this.canRead : true;
}
get canRead() {
return this.env.var('CONSUL_ACLS_ENABLED') && super.canRead;

View File

@ -88,7 +88,7 @@
</header>
<div>
{{#if (not enabled) }}
<EmptyState>
<EmptyState data-test-acls-disabled>
<BlockSlot @name="header">
<h2>Welcome to ACLs</h2>
</BlockSlot>

View File

@ -130,7 +130,7 @@ export const routes = {
acls: {
_options: {
path: '/acls',
abilities: ['read acls'],
abilities: ['access acls'],
},
edit: {
_options: { path: '/:id' },

View File

@ -0,0 +1,11 @@
@setupApplicationTest
Feature: dc / acls / access: ACLs Access
Scenario: ACLs are disabled
Given ACLs are disabled
And 1 datacenter model with the value "dc-1"
When I visit the tokens page for yaml
---
dc: dc-1
---
Then the url should be /dc-1/acls/tokens
And I see the "[data-test-acls-disabled]" element

View File

@ -0,0 +1,10 @@
import steps from '../../steps';
// step definitions that are shared between features should be moved to the
// tests/acceptance/steps/steps.js file
export default function(assert) {
return steps(assert).then('I should find a file', function() {
assert.ok(true, this.step);
});
}

View File

@ -1,8 +1,10 @@
export default function(type, value) {
export default function(type, value, doc = document) {
const obj = {};
if (type !== '*') {
let key = '';
obj['CONSUL_ACLS_ENABLE'] = 1;
if (!doc.cookie.includes('CONSUL_ACLS_ENABLE=0')) {
obj['CONSUL_ACLS_ENABLE'] = 1;
}
switch (type) {
case 'dc':
key = 'CONSUL_DATACENTER_COUNT';
@ -22,7 +24,6 @@ export default function(type, value) {
break;
case 'acl':
key = 'CONSUL_ACL_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break;
case 'session':
key = 'CONSUL_SESSION_COUNT';
@ -32,19 +33,15 @@ export default function(type, value) {
break;
case 'policy':
key = 'CONSUL_POLICY_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break;
case 'role':
key = 'CONSUL_ROLE_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break;
case 'token':
key = 'CONSUL_TOKEN_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break;
case 'authMethod':
key = 'CONSUL_AUTH_METHOD_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break;
case 'nspace':
key = 'CONSUL_NSPACE_COUNT';

View File

@ -29,6 +29,9 @@ export default function(scenario, create, set, win = window, doc = document) {
.given(['the local datacenter is "$value"'], function(value) {
doc.cookie = `CONSUL_DATACENTER_LOCAL=${value}`;
})
.given(['ACLs are disabled'], function() {
doc.cookie = `CONSUL_ACLS_ENABLE=0`;
})
.given(['permissions from yaml\n$yaml'], function(data) {
Object.entries(data).forEach(([key, value]) => {
const resource = `CONSUL_RESOURCE_${key.toUpperCase()}`;