2021-02-19 16:42:16 +00:00
|
|
|
import Adapter from './application';
|
|
|
|
import { inject as service } from '@ember/service';
|
|
|
|
|
|
|
|
export default class PermissionAdapter extends Adapter {
|
|
|
|
@service('env') env;
|
|
|
|
|
2021-02-23 08:56:42 +00:00
|
|
|
requestForAuthorize(request, { dc, ns, resources = [], index }) {
|
2021-02-19 16:42:16 +00:00
|
|
|
// the authorize endpoint is slightly different to all others in that it
|
|
|
|
// ignores an ns parameter, but accepts a Namespace property on each
|
|
|
|
// resource. Here we hide this different from the rest of the app as
|
2021-02-23 08:56:42 +00:00
|
|
|
// currently we never need to ask for permissions/resources for multiple
|
2021-02-19 16:42:16 +00:00
|
|
|
// different namespaces in one call so here we use the ns param and add
|
|
|
|
// this to the resources instead of passing through on the queryParameter
|
|
|
|
if (this.env.var('CONSUL_NSPACES_ENABLED')) {
|
2021-02-23 08:56:42 +00:00
|
|
|
resources = resources.map(item => ({ ...item, Namespace: ns }));
|
2021-02-19 16:42:16 +00:00
|
|
|
}
|
|
|
|
return request`
|
|
|
|
POST /v1/internal/acl/authorize?${{ dc, index }}
|
|
|
|
|
2021-02-23 08:56:42 +00:00
|
|
|
${resources}
|
2021-02-19 16:42:16 +00:00
|
|
|
`;
|
|
|
|
}
|
|
|
|
|
|
|
|
authorize(store, type, id, snapshot) {
|
|
|
|
return this.rpc(
|
|
|
|
function(adapter, request, serialized, unserialized) {
|
|
|
|
return adapter.requestForAuthorize(request, serialized, unserialized);
|
|
|
|
},
|
|
|
|
function(serializer, respond, serialized, unserialized) {
|
|
|
|
// Completely skip the serializer here
|
|
|
|
return respond(function(headers, body) {
|
|
|
|
return body;
|
|
|
|
});
|
|
|
|
},
|
|
|
|
snapshot,
|
|
|
|
type.modelName
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|