open-consul/ui/packages/consul-ui/app/services/repository/permission.js

152 lines
3.3 KiB
JavaScript
Raw Normal View History

import RepositoryService from 'consul-ui/services/repository';
import { inject as service } from '@ember/service';
import { tracked } from '@glimmer/tracking';
import { runInDebug } from '@ember/debug';
const modelName = 'permission';
// The set of permissions/resources required globally by the UI in order to
// run correctly
const REQUIRED_PERMISSIONS = [
{
Resource: 'operator',
Access: 'write',
},
{
Resource: 'operator',
Access: 'read',
},
{
Resource: 'service',
Access: 'read',
},
{
Resource: 'node',
Access: 'read',
},
{
Resource: 'session',
Access: 'read',
},
{
Resource: 'session',
Access: 'write',
},
{
Resource: 'key',
Access: 'read',
},
{
Resource: 'key',
Access: 'write',
},
{
Resource: 'intention',
Access: 'read',
},
{
Resource: 'intention',
Access: 'write',
},
{
Resource: 'acl',
Access: 'read',
},
{
Resource: 'acl',
Access: 'write',
},
];
export default class PermissionService extends RepositoryService {
@service('env') env;
@service('can') _can;
// TODO: move this to the store, if we want it to use ember-data
// currently this overwrites an inherited permissions service (this service)
// which isn't ideal, but if the name of this changes be aware that we'd
// probably have some circular dependency happening here
@tracked permissions = [];
getModelName() {
return modelName;
}
has(permission) {
const keys = Object.keys(permission);
return this.permissions.some(item => {
return keys.every(key => item[key] === permission[key]) && item.Allow === true;
});
}
can(can) {
return this._can.can(can);
}
abilityFor(str) {
return this._can.abilityFor(str);
}
generate(resource, action, segment) {
const req = {
Resource: resource,
Access: action,
};
if (typeof segment !== 'undefined') {
req.Segment = segment;
}
return req;
}
/**
* Requests the access for the defined resources/permissions from the backend.
* If ACLs are disabled, then you have access to everything, hence we check
* that here and only make the request if ACLs are enabled
*/
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
async authorize(params) {
if (!this.env.var('CONSUL_ACLS_ENABLED')) {
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
return params.resources.map(item => {
return {
...item,
Allow: true,
};
});
} else {
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
let resources = [];
try {
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
resources = await this.store.authorize('permission', params);
} catch (e) {
runInDebug(() => console.error(e));
// passthrough
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
return resources;
}
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
async findBySlug(params, model) {
let ability;
try {
ability = this._can.abilityFor(model);
} catch (e) {
return [];
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
const resources = ability.generateForSegment(params.id.toString());
// if we get no resources for a segment it means that this
// ability/permission isn't segmentable
if (resources.length === 0) {
return [];
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
params.resources = resources;
return this.authorize(params);
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
async findByPermissions(params) {
return this.authorize(params);
}
ui: DataSource Decorator (#9746) We use a `<DataSource @src={{url}} />` component throughout our UI for when we want to load data from within our components. The URL specified as the `@src` is used to map/lookup what is used in to retrieve data, for example we mostly use our repository methods wrapped with our Promise backed `EventSource` implementation, but DataSource URLs can also be mapped to EventTarget backed `EventSource`s and native `EventSource`s or `WebSockets` if we ever need to use those (for example these are options for potential streaming support with the Consul backend). The URL to function/method mapping previous to this PR used a very naive humongous `switch` statement which was a temporary 'this is fine for the moment' solution, although we'd always wanted to replace with something more manageable. Here we add `wayfarer` as a dependency - a very small (1kb), very fast, radix trie based router, and use that to perform the URL to function/method mapping. This essentially turns every `DataSource` into a very small SPA - change its URL and the view of data changes. When the data itself changes, either the yielded view of data changes or the `onchange` event is fired with the changed data, making the externally sourced view of data completely reactive. ```javascript // use the new decorator a service somewhere to annotate/decorate // a method with the URL that can be used to access this method @dataSource('/:ns/:dc/services') async findAllByDatacenter(params) { // get the data } // can use with JS in a route somewhere async model() { return this.data.source(uri => uri`/${nspace}/${dc}/services`) } ``` ```hbs {{!-- or just straight in a template using the component --}} <DataSource @src="/default/dc1/services" @onchange="" /> ``` This also uses a new `container` Service to automatically execute/import certain services yet not execute them. This new service also provides a lookup that supports both standard ember DI lookup plus Class based lookup or these specific services. Lastly we also provide another debug function called DataSourceRoutes() which can be called from console which gives you a list of URLs and their mappings.
2021-02-23 08:56:42 +00:00
async findAll(params) {
params.resources = REQUIRED_PERMISSIONS;
this.permissions = await this.findByPermissions(params);
return this.permissions;
}
}