mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
5fb9df1640
* Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
102 lines
2.9 KiB
JavaScript
102 lines
2.9 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import { inject as service } from '@ember/service';
|
|
import { get } from '@ember/object';
|
|
import { Ability } from 'ember-can';
|
|
|
|
export const ACCESS_READ = 'read';
|
|
export const ACCESS_WRITE = 'write';
|
|
export const ACCESS_LIST = 'list';
|
|
|
|
// None of the permission inspection here is namespace aware, this is due to
|
|
// the fact that we only have one set of permission from one namespace at one
|
|
// time, therefore all the permissions are relevant to the namespace you are
|
|
// currently in, when you choose a different namespace we refresh the
|
|
// permissions list. This is also fine for permission inspection for single
|
|
// items/models as we only request the permissions for the namespace you are
|
|
// in, we don't need to recheck that namespace here
|
|
export default class BaseAbility extends Ability {
|
|
@service('repository/permission') permissions;
|
|
|
|
// the name of the resource used for this ability in the backend, e.g
|
|
// service, key, operator, node
|
|
resource = '';
|
|
// whether you can ask the backend for a segment for this resource, e.g. you
|
|
// can ask for a specific service or KV, but not a specific nspace or token
|
|
segmented = true;
|
|
|
|
generate(action) {
|
|
return this.permissions.generate(this.resource, action);
|
|
}
|
|
|
|
generateForSegment(segment) {
|
|
// if this ability isn't segmentable just return empty which means we
|
|
// won't request the permissions/resources form the backend
|
|
if (!this.segmented) {
|
|
return [];
|
|
}
|
|
return [
|
|
this.permissions.generate(this.resource, ACCESS_READ, segment),
|
|
this.permissions.generate(this.resource, ACCESS_WRITE, segment),
|
|
];
|
|
}
|
|
// characteristics
|
|
// TODO: Remove once we have managed to do the scroll pane refactor
|
|
get isLinkable() {
|
|
return true;
|
|
}
|
|
get isNew() {
|
|
return this.item.isNew;
|
|
}
|
|
|
|
get isPristine() {
|
|
return this.item.isPristine;
|
|
}
|
|
//
|
|
|
|
get canRead() {
|
|
if (typeof this.item !== 'undefined') {
|
|
const perm = (get(this, 'item.Resources') || []).find((item) => item.Access === ACCESS_READ);
|
|
if (perm) {
|
|
return perm.Allow;
|
|
}
|
|
}
|
|
return this.permissions.has(this.generate(ACCESS_READ));
|
|
}
|
|
|
|
get canList() {
|
|
if (typeof this.item !== 'undefined') {
|
|
const perm = (get(this, 'item.Resources') || []).find((item) => item.Access === ACCESS_LIST);
|
|
if (perm) {
|
|
return perm.Allow;
|
|
}
|
|
}
|
|
return this.permissions.has(this.generate(ACCESS_LIST));
|
|
}
|
|
|
|
get canWrite() {
|
|
if (typeof this.item !== 'undefined') {
|
|
const perm = (get(this, 'item.Resources') || []).find((item) => item.Access === ACCESS_WRITE);
|
|
if (perm) {
|
|
return perm.Allow;
|
|
}
|
|
}
|
|
return this.permissions.has(this.generate(ACCESS_WRITE));
|
|
}
|
|
|
|
get canCreate() {
|
|
return this.canWrite;
|
|
}
|
|
|
|
get canDelete() {
|
|
return this.canWrite;
|
|
}
|
|
|
|
get canUpdate() {
|
|
return this.canWrite;
|
|
}
|
|
}
|