open-nomad/ui/app/abilities/client.js

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

51 lines
1.3 KiB
JavaScript
Raw Normal View History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import AbstractAbility from './abstract';
2020-01-27 23:19:03 +00:00
import { computed, get } from '@ember/object';
import { or } from '@ember/object/computed';
import classic from 'ember-classic-decorator';
2020-01-27 23:19:03 +00:00
@classic
export default class Client extends AbstractAbility {
2020-01-27 23:19:03 +00:00
// Map abilities to policy options (which are coarse for nodes)
// instead of specific behaviors.
@or('bypassAuthorization', 'selfTokenIsManagement', 'policiesIncludeNodeRead')
canRead;
2021-12-28 16:08:12 +00:00
@or(
'bypassAuthorization',
'selfTokenIsManagement',
'policiesIncludeNodeWrite'
)
canWrite;
2020-01-27 23:19:03 +00:00
@computed('token.selfTokenPolicies.[]')
get policiesIncludeNodeRead() {
2021-12-28 16:08:12 +00:00
return policiesIncludePermissions(this.get('token.selfTokenPolicies'), [
'read',
2022-01-20 15:39:02 +00:00
'write',
2021-12-28 16:08:12 +00:00
]);
}
2020-01-27 23:19:03 +00:00
@computed('token.selfTokenPolicies.[]')
get policiesIncludeNodeWrite() {
2021-12-28 16:08:12 +00:00
return policiesIncludePermissions(this.get('token.selfTokenPolicies'), [
2022-01-20 15:39:02 +00:00
'write',
2021-12-28 16:08:12 +00:00
]);
}
}
function policiesIncludePermissions(policies = [], permissions = []) {
// For each policy record, extract the Node policy
const nodePolicies = policies
.toArray()
2022-01-20 15:39:02 +00:00
.map((policy) => get(policy, 'rulesJSON.Node.Policy'))
.compact();
// Check for requested permissions
2022-01-20 15:39:02 +00:00
return nodePolicies.some((policy) => permissions.includes(policy));
}