From 75768a203906bfbf5cf8b5d14930f798d44e188b Mon Sep 17 00:00:00 2001
From: Michael Klein <Michael@firstiwaslike.com>
Date: Tue, 12 Jul 2022 17:16:47 +0200
Subject: [PATCH] ui: peer permission handling (#13724)

* Request peering permissions when peerings is active

* Update peering ability to use peering resource

* fix canDelete peer permission to check write permission

* use super call in abilities.peer#canDelete
---
 ui/packages/consul-ui/app/abilities/peer.js   |  4 ++--
 .../app/services/repository/permission.js     | 20 ++++++++++++++++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/ui/packages/consul-ui/app/abilities/peer.js b/ui/packages/consul-ui/app/abilities/peer.js
index 89d5c00401..43ec791ab1 100644
--- a/ui/packages/consul-ui/app/abilities/peer.js
+++ b/ui/packages/consul-ui/app/abilities/peer.js
@@ -4,7 +4,7 @@ import { inject as service } from '@ember/service';
 export default class PeerAbility extends BaseAbility {
   @service('env') env;
 
-  resource = 'operator';
+  resource = 'peering';
   segmented = false;
 
   get isLinkable() {
@@ -12,7 +12,7 @@ export default class PeerAbility extends BaseAbility {
   }
   get canDelete() {
     // TODO: Need to confirm these states
-    return !['DELETING', 'TERMINATED', 'UNDEFINED'].includes(this.item.State);
+    return !['DELETING', 'TERMINATED', 'UNDEFINED'].includes(this.item.State) && super.canDelete;
   }
 
   get canUse() {
diff --git a/ui/packages/consul-ui/app/services/repository/permission.js b/ui/packages/consul-ui/app/services/repository/permission.js
index 08c96e3e4a..8b15ddd1bf 100644
--- a/ui/packages/consul-ui/app/services/repository/permission.js
+++ b/ui/packages/consul-ui/app/services/repository/permission.js
@@ -57,6 +57,16 @@ const REQUIRED_PERMISSIONS = [
     Access: 'write',
   },
 ];
+const PEERING_PERMISSIONS = [
+  {
+    Resource: 'peering',
+    Access: 'read',
+  },
+  {
+    Resource: 'peering',
+    Access: 'write',
+  },
+];
 export default class PermissionService extends RepositoryService {
   @service('env') env;
   @service('abilities') _can;
@@ -146,7 +156,7 @@ export default class PermissionService extends RepositoryService {
 
   @dataSource('/:partition/:nspace/:dc/permissions')
   async findAll(params) {
-    params.resources = REQUIRED_PERMISSIONS;
+    params.resources = this.permissionsToRequest;
     this.permissions = await this.findByPermissions(params);
     /**/
     // Temporarily revert to pre-1.10 UI functionality by overwriting frontend
@@ -162,4 +172,12 @@ export default class PermissionService extends RepositoryService {
     /**/
     return this.permissions;
   }
+
+  get permissionsToRequest() {
+    if (this._can.can('use peers')) {
+      return [...REQUIRED_PERMISSIONS, ...PEERING_PERMISSIONS];
+    } else {
+      return REQUIRED_PERMISSIONS;
+    }
+  }
 }