mirror of
https://github.com/status-im/consul.git
synced 2025-01-28 06:25:25 +00:00
0762da3a62
Previously when namespaces were enabled, we weren't requesting permission for the actively selected namespace, and instead always checking the permissions for the default namespace. This commit ensures we request permissions for the actively selected namespace.
40 lines
1.4 KiB
JavaScript
40 lines
1.4 KiB
JavaScript
import Adapter from './application';
|
|
import { inject as service } from '@ember/service';
|
|
|
|
export default class PermissionAdapter extends Adapter {
|
|
@service('env') env;
|
|
|
|
requestForAuthorize(request, { dc, ns, resources = [], index }) {
|
|
// the authorize endpoint is slightly different to all others in that it
|
|
// ignores an ns parameter, but accepts a Namespace property on each
|
|
// resource. Here we hide this difference from the rest of the app as
|
|
// currently we never need to ask for permissions/resources for multiple
|
|
// different namespaces in one call so here we use the ns param and add
|
|
// this to the resources instead of passing through on the queryParameter
|
|
if (this.env.var('CONSUL_NSPACES_ENABLED')) {
|
|
resources = resources.map(item => ({ ...item, Namespace: ns }));
|
|
}
|
|
return request`
|
|
POST /v1/internal/acl/authorize?${{ dc, index }}
|
|
|
|
${resources}
|
|
`;
|
|
}
|
|
|
|
authorize(store, type, id, snapshot) {
|
|
return this.rpc(
|
|
function(adapter, request, serialized, unserialized) {
|
|
return adapter.requestForAuthorize(request, serialized, unserialized);
|
|
},
|
|
function(serializer, respond, serialized, unserialized) {
|
|
// Completely skip the serializer here
|
|
return respond(function(headers, body) {
|
|
return body;
|
|
});
|
|
},
|
|
snapshot,
|
|
type.modelName
|
|
);
|
|
}
|
|
}
|