From d9a315e2a56df27d03a3e8da40a9f53c5baa29bc Mon Sep 17 00:00:00 2001 From: John Cowen Date: Fri, 7 Jan 2022 19:26:54 +0000 Subject: [PATCH] ui: Remove KV pre-flight auth check (#11968) * ui: Don't even ask whether we are authorized for a KV... ...just let the actual API tell us in the response, thin-client style. * Add some similar commenting for previous PRs related to this problem --- .changelog/11968.txt | 3 ++ ui/packages/consul-ui/app/abilities/kv.js | 7 ++++ .../consul-ui/app/services/repository/kv.js | 34 ++++++++++++------- 3 files changed, 31 insertions(+), 13 deletions(-) create mode 100644 .changelog/11968.txt diff --git a/.changelog/11968.txt b/.changelog/11968.txt new file mode 100644 index 0000000000..cbafff6044 --- /dev/null +++ b/.changelog/11968.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Temporarily remove KV pre-flight check for KV list permissions +``` diff --git a/ui/packages/consul-ui/app/abilities/kv.js b/ui/packages/consul-ui/app/abilities/kv.js index 2fabf1a484..71623519d8 100644 --- a/ui/packages/consul-ui/app/abilities/kv.js +++ b/ui/packages/consul-ui/app/abilities/kv.js @@ -10,6 +10,12 @@ export default class KVAbility extends BaseAbility { } return resources; } + /**/ + // Temporarily revert to pre-1.10 UI functionality by overwriting frontend + // permissions. These are used to hide certain UI elements, but they are + // still enforced on the backend. + // This temporary measure should be removed again once https://github.com/hashicorp/consul/issues/11098 + // has been resolved get canRead() { return true; } @@ -21,4 +27,5 @@ export default class KVAbility extends BaseAbility { get canWrite() { return true; } + /**/ } diff --git a/ui/packages/consul-ui/app/services/repository/kv.js b/ui/packages/consul-ui/app/services/repository/kv.js index ac1d2960b5..025ced6364 100644 --- a/ui/packages/consul-ui/app/services/repository/kv.js +++ b/ui/packages/consul-ui/app/services/repository/kv.js @@ -2,7 +2,7 @@ import RepositoryService from 'consul-ui/services/repository'; import isFolder from 'consul-ui/utils/isFolder'; import { get } from '@ember/object'; import { PRIMARY_KEY } from 'consul-ui/models/kv'; -import { ACCESS_LIST } from 'consul-ui/abilities/base'; +// import { ACCESS_LIST } from 'consul-ui/abilities/base'; import dataSource from 'consul-ui/decorators/data-source'; const modelName = 'kv'; @@ -54,21 +54,29 @@ export default class KvService extends RepositoryService { // this one only gives you keys // https://www.consul.io/api/kv.html @dataSource('/:partition/:ns/:dc/kvs/:id') - findAllBySlug(params, configuration = {}) { + async findAllBySlug(params, configuration = {}) { params.separator = '/'; if (params.id === '/') { params.id = ''; } - return this.authorizeBySlug( - async () => { - let items = await this.findAll(...arguments); - const meta = items.meta; - items = items.filter(item => params.id !== get(item, 'Key')); - items.meta = meta; - return items; - }, - ACCESS_LIST, - params - ); + + /**/ + // Temporarily revert to pre-1.10 UI functionality by not pre-checking backend + // permissions. + // This temporary measure should be removed again once https://github.com/hashicorp/consul/issues/11098 + // has been resolved + + // return this.authorizeBySlug( + // async () => { + let items = await this.findAll(...arguments); + const meta = items.meta; + items = items.filter(item => params.id !== get(item, 'Key')); + items.meta = meta; + return items; + // }, + // ACCESS_LIST, + // params + // ); + /**/ } }