status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-10 13:55:55 +00:00
Code Issues Projects Releases Wiki Activity
consul/ui/packages/consul-ui/app/services/repository/permission.js
John Cowen fc14a412fd
ui: Partitions Application Layer (#11017) 
* Add Partition to all our models

* Add partitions into our serializers/fingerprinting

* Make some amends to a few adapters ready for partitions

* Amend blueprints to avoid linting error

* Update all  our repositories to include partitions, also

Remove enabled/disable nspace repo and just use a nspace with
conditionals

* Ensure nspace and parition parameters always return '' no matter what

* Ensure data-sink finds the model properly

This will later be replaced by a @dataSink decorator but we are find
kicking that can down the road a little more

* Add all the new partition data layer

* Add a way to set the title of the page from inside the route

and make it accessibile via a route announcer

* Make the Consul Route the default/basic one

* Tweak nspace and partition abilities not to check the length

* Thread partition through all the components that need it

* Some ACL tweaks

* Move the entire app to use partitions

* Delete all the tests we no longer need

* Update some Unit tests to use partition

* Fix up KV title tests

* Fix up a few more acceptance tests

* Fixup and temporarily ignore some acceptance tests

* Stop using ember-cli-page-objects fillable as it doesn't seem to work

* Fix lint error

* Remove old ACL related test

* Add a tick after filling out forms

* Fix token warning modal

* Found some more places where we need a partition var

* Fixup some more acceptance tests

* Tokens still needs a repo service for CRUD

* Remove acceptance tests we no longer need

* Fixup and "FIXME ignore" a few tests

* Remove an s

* Disable blocking queries for KV to revert to previous release for now

* Fixup adapter tests to follow async/function resolving interface

* Fixup all the serializer integration tests

* Fixup service/repo integration tests

* Fixup deleting acceptance test

* Fixup some ent tests

* Make sure nspaces passes the dc through for when thats important

* ...aaaand acceptance nspaces with the extra dc param
2021-09-15 19:50:11 +01:00

154 lines
3.4 KiB
JavaScript
Raw Blame History

import RepositoryService from 'consul-ui/services/repository';
import { inject as service } from '@ember/service';
import { tracked } from '@glimmer/tracking';
import { runInDebug } from '@ember/debug';
import dataSource from 'consul-ui/decorators/data-source';
const modelName = 'permission';
// The set of permissions/resources required globally by the UI in order to
// run correctly
const REQUIRED_PERMISSIONS = [
{
Resource: 'operator',
Access: 'write',
},
{
Resource: 'operator',
Access: 'read',
},
{
Resource: 'service',
Access: 'read',
},
{
Resource: 'node',
Access: 'read',
},
{
Resource: 'session',
Access: 'read',
},
{
Resource: 'session',
Access: 'write',
},
{
Resource: 'key',
Access: 'read',
},
{
Resource: 'key',
Access: 'write',
},
{
Resource: 'intention',
Access: 'read',
},
{
Resource: 'intention',
Access: 'write',
},
{
Resource: 'acl',
Access: 'read',
},
{
Resource: 'acl',
Access: 'write',
},
];
export default class PermissionService extends RepositoryService {
@service('env') env;
@service('can') _can;
// TODO: move this to the store, if we want it to use ember-data
// currently this overwrites an inherited permissions service (this service)
// which isn't ideal, but if the name of this changes be aware that we'd
// probably have some circular dependency happening here
@tracked permissions = [];
getModelName() {
return modelName;
}
has(permission) {
const keys = Object.keys(permission);
return this.permissions.some(item => {
return keys.every(key => item[key] === permission[key]) && item.Allow === true;
});
}
can(can) {
return this._can.can(can);
}
abilityFor(str) {
return this._can.abilityFor(str);
}
generate(resource, action, segment) {
const req = {
Resource: resource,
Access: action,
};
if (typeof segment !== 'undefined') {
req.Segment = segment;
}
return req;
}
/**
* Requests the access for the defined resources/permissions from the backend.
* If ACLs are disabled, then you have access to everything, hence we check
* that here and only make the request if ACLs are enabled
*/
async authorize(params) {
if (!this.env.var('CONSUL_ACLS_ENABLED')) {
return params.resources.map(item => {
return {
...item,
Allow: true,
};
});
} else {
let resources = [];
try {
resources = await this.store.authorize('permission', params);
} catch (e) {
runInDebug(() => console.error(e));
// passthrough
}
return resources;
}
}
async findBySlug(params, model) {
let ability;
try {
ability = this._can.abilityFor(model);
} catch (e) {
return [];
}
const resources = ability.generateForSegment(params.id.toString());
// if we get no resources for a segment it means that this
// ability/permission isn't segmentable
if (resources.length === 0) {
return [];
}
params.resources = resources;
return this.authorize(params);
}
async findByPermissions(params) {
return this.authorize(params);
}
@dataSource('/:partition/:nspace/:dc/permissions')
async findAll(params) {
params.resources = REQUIRED_PERMISSIONS;
this.permissions = await this.findByPermissions(params);
return this.permissions;
}
}
Reference in New Issue View Git Blame Copy Permalink