mirror of
https://github.com/status-im/consul.git
synced 2025-02-04 09:55:49 +00:00
03a1a86dfe
* v3.20.2...v3.24.0 * Fix handle undefined outlet in route component * Don't use template helper for optional modal.open Using the optional-helper here will trigger a computation in the same runloop error. This is because we are setting the `modal`-property when the `<Ref>` component gets rendered which will update the `this.modal`-property which will then recompute the `optional`-helper leading to this error. Instead we will create an action that will call the `open`-method on the modal when it is defined. This gets rid of the double computation error as we will not access the modal property twice in the same runloop when `modal` is getting set. * Fix - fn needs to be passed function tab-nav We create functions in the component file instead so that fn-helper stops complaining about the need to pass a function. * Update ember-exam to 6.1 version "Makes it compatible" with ember-qunit v5 * scheduleOnce setMaxHeight paged-collection We need to schedule to get around double-computation error. * Fix - model.data is removed from ember-data This has been private API all along - we need to work around the removal. Reference: https://github.com/emberjs/data/pull/7338/files#diff-9a8746fc5c86fd57e6122f00fef3155f76f0f3003a24b53fb7c4621d95dcd9bfL1310 * Fix `propContains` instead of `deepEqual` policy Recent model.data works differently than iterating attributes. We use `propContains` instead of `deepEqual`. We are only interested in the properties we assert against and match the previous behavior with this change. * Fix `propContains` instead of `deepEqual` token * Better handling single-records repo test-helper `model.data` has been removed we need to handle proxies and model instances differently. * Fix remaining repository tests with propContains We don't want to match entire objects - we don't care about properties we haven't defined in the assertion. * Don't use template helper for optional modal.open Using a template helper will give us a recomputation error - we work around it by creating an explicit action on the component instead. * Await `I $verb the $pageObject object` step * Fix no more customization ember-can No need to customize, the helper handles destruction fine on its own. * Fix - don't pass `optional` functions to fn We will declare the functions on the component instead. This gives us the same behavior but no error from `fn`, which expects a function to be passed. * Fix - handle `undefined` state on validate modifier StateChart can yield out an undefined `state` we need to handle that in the validate modifier * Fix linting errors tests directory * Warn / turn off new ember linting issues We will tackle them one by one and don't want to autofix issues that could be dangerous to auto-fix. * Auto-fix linting issues * More linting configuration * Fix remaining linting issues * Fix linting issues new files after rebase * ui: Remove ember-cli-uglify config now we are using terser (#14574) Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
184 lines
4.3 KiB
JavaScript
184 lines
4.3 KiB
JavaScript
import RepositoryService from 'consul-ui/services/repository';
|
|
import { inject as service } from '@ember/service';
|
|
import { tracked } from '@glimmer/tracking';
|
|
import { runInDebug } from '@ember/debug';
|
|
import dataSource from 'consul-ui/decorators/data-source';
|
|
|
|
const modelName = 'permission';
|
|
// The set of permissions/resources required globally by the UI in order to
|
|
// run correctly
|
|
const REQUIRED_PERMISSIONS = [
|
|
{
|
|
Resource: 'operator',
|
|
Access: 'write',
|
|
},
|
|
{
|
|
Resource: 'operator',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'service',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'node',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'session',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'session',
|
|
Access: 'write',
|
|
},
|
|
{
|
|
Resource: 'key',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'key',
|
|
Access: 'write',
|
|
},
|
|
{
|
|
Resource: 'intention',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'intention',
|
|
Access: 'write',
|
|
},
|
|
{
|
|
Resource: 'acl',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'acl',
|
|
Access: 'write',
|
|
},
|
|
];
|
|
const PEERING_PERMISSIONS = [
|
|
{
|
|
Resource: 'peering',
|
|
Access: 'read',
|
|
},
|
|
{
|
|
Resource: 'peering',
|
|
Access: 'write',
|
|
},
|
|
];
|
|
export default class PermissionService extends RepositoryService {
|
|
@service('env') env;
|
|
@service('abilities') _can;
|
|
|
|
// TODO: move this to the store, if we want it to use ember-data
|
|
// currently this overwrites an inherited permissions service (this service)
|
|
// which isn't ideal, but if the name of this changes be aware that we'd
|
|
// probably have some circular dependency happening here
|
|
@tracked permissions = [];
|
|
|
|
getModelName() {
|
|
return modelName;
|
|
}
|
|
|
|
has(permission) {
|
|
const keys = Object.keys(permission);
|
|
return this.permissions.some((item) => {
|
|
return keys.every((key) => item[key] === permission[key]) && item.Allow === true;
|
|
});
|
|
}
|
|
|
|
can(can) {
|
|
return this._can.can(can);
|
|
}
|
|
|
|
abilityFor(str) {
|
|
return this._can.abilityFor(str);
|
|
}
|
|
|
|
generate(resource, action, segment) {
|
|
const req = {
|
|
Resource: resource,
|
|
Access: action,
|
|
};
|
|
if (typeof segment !== 'undefined') {
|
|
req.Segment = segment;
|
|
}
|
|
return req;
|
|
}
|
|
|
|
/**
|
|
* Requests the access for the defined resources/permissions from the backend.
|
|
* If ACLs are disabled, then you have access to everything, hence we check
|
|
* that here and only make the request if ACLs are enabled
|
|
*/
|
|
async authorize(params) {
|
|
if (!this.env.var('CONSUL_ACLS_ENABLED')) {
|
|
return params.resources.map((item) => {
|
|
return {
|
|
...item,
|
|
Allow: true,
|
|
};
|
|
});
|
|
} else {
|
|
let resources = [];
|
|
try {
|
|
resources = await this.store.authorize('permission', params);
|
|
} catch (e) {
|
|
runInDebug(() => console.error(e));
|
|
// passthrough
|
|
}
|
|
return resources;
|
|
}
|
|
}
|
|
|
|
async findBySlug(params, model) {
|
|
let ability;
|
|
try {
|
|
ability = this._can.abilityFor(model);
|
|
} catch (e) {
|
|
return [];
|
|
}
|
|
|
|
const resources = ability.generateForSegment(params.id.toString());
|
|
// if we get no resources for a segment it means that this
|
|
// ability/permission isn't segmentable
|
|
if (resources.length === 0) {
|
|
return [];
|
|
}
|
|
params.resources = resources;
|
|
return this.authorize(params);
|
|
}
|
|
|
|
async findByPermissions(params) {
|
|
return this.authorize(params);
|
|
}
|
|
|
|
@dataSource('/:partition/:nspace/:dc/permissions')
|
|
async findAll(params) {
|
|
params.resources = this.permissionsToRequest;
|
|
this.permissions = await this.findByPermissions(params);
|
|
/**/
|
|
// Temporarily revert to pre-1.10 UI functionality by overwriting frontend
|
|
// permissions. These are used to hide certain UI elements, but they are
|
|
// still enforced on the backend.
|
|
// This temporary measure should be removed again once https://github.com/hashicorp/consul/issues/11098
|
|
// has been resolved
|
|
this.permissions.forEach((item) => {
|
|
if (['key', 'node', 'service', 'intention', 'session'].includes(item.Resource)) {
|
|
item.Allow = true;
|
|
}
|
|
});
|
|
/**/
|
|
return this.permissions;
|
|
}
|
|
|
|
get permissionsToRequest() {
|
|
if (this._can.can('use peers')) {
|
|
return [...REQUIRED_PERMISSIONS, ...PEERING_PERMISSIONS];
|
|
} else {
|
|
return REQUIRED_PERMISSIONS;
|
|
}
|
|
}
|
|
}
|