ui: Remove any route level auth checks (#11891)
This commit is contained in:
parent
cf68ef8646
commit
a34bf96559
|
@ -0,0 +1,4 @@
|
||||||
|
```release-note:bug
|
||||||
|
ui: Fixes an issue where once a 403 page is displayed in some circumstances its
|
||||||
|
diffcult to click back to where you where before receiving a 403
|
||||||
|
```
|
|
@ -1,7 +1,6 @@
|
||||||
import Route from '@ember/routing/route';
|
import Route from '@ember/routing/route';
|
||||||
import { get, setProperties, action } from '@ember/object';
|
import { get, setProperties, action } from '@ember/object';
|
||||||
import { inject as service } from '@ember/service';
|
import { inject as service } from '@ember/service';
|
||||||
import HTTPError from 'consul-ui/utils/http/error';
|
|
||||||
|
|
||||||
// paramsFor
|
// paramsFor
|
||||||
import { routes } from 'consul-ui/router';
|
import { routes } from 'consul-ui/router';
|
||||||
|
@ -50,27 +49,6 @@ export default class BaseRoute extends Route {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Inspects a custom `abilities` array on the router for this route. Every
|
|
||||||
* abililty needs to 'pass' for the route not to throw a 403 error. Anything
|
|
||||||
* more complex then this (say ORs) should use a single ability and perform
|
|
||||||
* the OR logic in the test for the ability. Note, this ability check happens
|
|
||||||
* before any calls to the backend for this model/route.
|
|
||||||
*/
|
|
||||||
async beforeModel() {
|
|
||||||
// remove any references to index as it is the same as the root routeName
|
|
||||||
const routeName = this.routeName
|
|
||||||
.split('.')
|
|
||||||
.filter(item => item !== 'index')
|
|
||||||
.join('.');
|
|
||||||
const abilities = get(routes, `${routeName}._options.abilities`) || [];
|
|
||||||
if (abilities.length > 0) {
|
|
||||||
if (!abilities.every(ability => this.permissions.can(ability))) {
|
|
||||||
throw new HTTPError('403');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* By default any empty string query parameters should remove the query
|
* By default any empty string query parameters should remove the query
|
||||||
* parameter from the URL. This is the most common behavior if you don't
|
* parameter from the URL. This is the most common behavior if you don't
|
||||||
|
|
Loading…
Reference in New Issue