ui: Show the correct 'ACLs Disabled' page when ACLs are disabled (#10604)

Adds 'can access ACLs' which means one of two things

1. When ACLs are disabled I can access the 'please enable ACLs' page
2. When ACLs are enabled, its the same as canRead
This commit is contained in:
John Cowen 2021-07-14 18:52:13 +01:00 committed by GitHub
parent 398db1339b
commit af0e6be943
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 39 additions and 9 deletions

3
.changelog/10604.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
ui: Show ACLs disabled page at Tokens page instead of 403 error when ACLs are disabled
```

View File

@ -6,6 +6,12 @@ export default class ACLAbility extends BaseAbility {
resource = 'acl'; resource = 'acl';
segmented = false; segmented = false;
// Access is very similar to read, but when ACLs are disabled you still need
// access to ACLs in order to see the ACLs disabled page, which is accessing
// the ACLs area, but without read
get canAccess() {
return this.env.var('CONSUL_ACLS_ENABLED') ? this.canRead : true;
}
get canRead() { get canRead() {
return this.env.var('CONSUL_ACLS_ENABLED') && super.canRead; return this.env.var('CONSUL_ACLS_ENABLED') && super.canRead;

View File

@ -88,7 +88,7 @@
</header> </header>
<div> <div>
{{#if (not enabled) }} {{#if (not enabled) }}
<EmptyState> <EmptyState data-test-acls-disabled>
<BlockSlot @name="header"> <BlockSlot @name="header">
<h2>Welcome to ACLs</h2> <h2>Welcome to ACLs</h2>
</BlockSlot> </BlockSlot>

View File

@ -130,7 +130,7 @@ export const routes = {
acls: { acls: {
_options: { _options: {
path: '/acls', path: '/acls',
abilities: ['read acls'], abilities: ['access acls'],
}, },
edit: { edit: {
_options: { path: '/:id' }, _options: { path: '/:id' },

View File

@ -0,0 +1,11 @@
@setupApplicationTest
Feature: dc / acls / access: ACLs Access
Scenario: ACLs are disabled
Given ACLs are disabled
And 1 datacenter model with the value "dc-1"
When I visit the tokens page for yaml
---
dc: dc-1
---
Then the url should be /dc-1/acls/tokens
And I see the "[data-test-acls-disabled]" element

View File

@ -0,0 +1,10 @@
import steps from '../../steps';
// step definitions that are shared between features should be moved to the
// tests/acceptance/steps/steps.js file
export default function(assert) {
return steps(assert).then('I should find a file', function() {
assert.ok(true, this.step);
});
}

View File

@ -1,8 +1,10 @@
export default function(type, value) { export default function(type, value, doc = document) {
const obj = {}; const obj = {};
if (type !== '*') { if (type !== '*') {
let key = ''; let key = '';
obj['CONSUL_ACLS_ENABLE'] = 1; if (!doc.cookie.includes('CONSUL_ACLS_ENABLE=0')) {
obj['CONSUL_ACLS_ENABLE'] = 1;
}
switch (type) { switch (type) {
case 'dc': case 'dc':
key = 'CONSUL_DATACENTER_COUNT'; key = 'CONSUL_DATACENTER_COUNT';
@ -22,7 +24,6 @@ export default function(type, value) {
break; break;
case 'acl': case 'acl':
key = 'CONSUL_ACL_COUNT'; key = 'CONSUL_ACL_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break; break;
case 'session': case 'session':
key = 'CONSUL_SESSION_COUNT'; key = 'CONSUL_SESSION_COUNT';
@ -32,19 +33,15 @@ export default function(type, value) {
break; break;
case 'policy': case 'policy':
key = 'CONSUL_POLICY_COUNT'; key = 'CONSUL_POLICY_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break; break;
case 'role': case 'role':
key = 'CONSUL_ROLE_COUNT'; key = 'CONSUL_ROLE_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break; break;
case 'token': case 'token':
key = 'CONSUL_TOKEN_COUNT'; key = 'CONSUL_TOKEN_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break; break;
case 'authMethod': case 'authMethod':
key = 'CONSUL_AUTH_METHOD_COUNT'; key = 'CONSUL_AUTH_METHOD_COUNT';
obj['CONSUL_ACLS_ENABLE'] = 1;
break; break;
case 'nspace': case 'nspace':
key = 'CONSUL_NSPACE_COUNT'; key = 'CONSUL_NSPACE_COUNT';

View File

@ -29,6 +29,9 @@ export default function(scenario, create, set, win = window, doc = document) {
.given(['the local datacenter is "$value"'], function(value) { .given(['the local datacenter is "$value"'], function(value) {
doc.cookie = `CONSUL_DATACENTER_LOCAL=${value}`; doc.cookie = `CONSUL_DATACENTER_LOCAL=${value}`;
}) })
.given(['ACLs are disabled'], function() {
doc.cookie = `CONSUL_ACLS_ENABLE=0`;
})
.given(['permissions from yaml\n$yaml'], function(data) { .given(['permissions from yaml\n$yaml'], function(data) {
Object.entries(data).forEach(([key, value]) => { Object.entries(data).forEach(([key, value]) => {
const resource = `CONSUL_RESOURCE_${key.toUpperCase()}`; const resource = `CONSUL_RESOURCE_${key.toUpperCase()}`;