2023-04-10 15:36:59 +00:00
|
|
|
/**
|
|
|
|
* Copyright (c) HashiCorp, Inc.
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
|
|
*/
|
|
|
|
|
2020-05-11 19:43:17 +00:00
|
|
|
import AbstractAbility from './abstract';
|
2020-01-27 23:19:03 +00:00
|
|
|
import { computed, get } from '@ember/object';
|
2020-05-11 19:43:17 +00:00
|
|
|
import { or } from '@ember/object/computed';
|
2020-06-22 15:48:53 +00:00
|
|
|
import classic from 'ember-classic-decorator';
|
2020-01-27 23:19:03 +00:00
|
|
|
|
2020-06-22 15:48:53 +00:00
|
|
|
@classic
|
2020-06-10 13:49:16 +00:00
|
|
|
export default class Client extends AbstractAbility {
|
2020-01-27 23:19:03 +00:00
|
|
|
// Map abilities to policy options (which are coarse for nodes)
|
|
|
|
// instead of specific behaviors.
|
2022-01-13 02:26:02 +00:00
|
|
|
@or('bypassAuthorization', 'selfTokenIsManagement', 'policiesIncludeNodeRead')
|
|
|
|
canRead;
|
|
|
|
|
2021-12-28 16:08:12 +00:00
|
|
|
@or(
|
|
|
|
'bypassAuthorization',
|
|
|
|
'selfTokenIsManagement',
|
|
|
|
'policiesIncludeNodeWrite'
|
|
|
|
)
|
2020-06-10 13:49:16 +00:00
|
|
|
canWrite;
|
2020-01-27 23:19:03 +00:00
|
|
|
|
2020-06-10 13:49:16 +00:00
|
|
|
@computed('token.selfTokenPolicies.[]')
|
2022-01-13 02:26:02 +00:00
|
|
|
get policiesIncludeNodeRead() {
|
2021-12-28 16:08:12 +00:00
|
|
|
return policiesIncludePermissions(this.get('token.selfTokenPolicies'), [
|
|
|
|
'read',
|
2022-01-20 15:39:02 +00:00
|
|
|
'write',
|
2021-12-28 16:08:12 +00:00
|
|
|
]);
|
2022-01-13 02:26:02 +00:00
|
|
|
}
|
2020-01-27 23:19:03 +00:00
|
|
|
|
2022-01-13 02:26:02 +00:00
|
|
|
@computed('token.selfTokenPolicies.[]')
|
|
|
|
get policiesIncludeNodeWrite() {
|
2021-12-28 16:08:12 +00:00
|
|
|
return policiesIncludePermissions(this.get('token.selfTokenPolicies'), [
|
2022-01-20 15:39:02 +00:00
|
|
|
'write',
|
2021-12-28 16:08:12 +00:00
|
|
|
]);
|
2020-06-10 13:49:16 +00:00
|
|
|
}
|
|
|
|
}
|
2022-01-13 02:26:02 +00:00
|
|
|
|
|
|
|
function policiesIncludePermissions(policies = [], permissions = []) {
|
|
|
|
// For each policy record, extract the Node policy
|
|
|
|
const nodePolicies = policies
|
|
|
|
.toArray()
|
2022-01-20 15:39:02 +00:00
|
|
|
.map((policy) => get(policy, 'rulesJSON.Node.Policy'))
|
2022-01-13 02:26:02 +00:00
|
|
|
.compact();
|
|
|
|
|
|
|
|
// Check for requested permissions
|
2022-01-20 15:39:02 +00:00
|
|
|
return nodePolicies.some((policy) => permissions.includes(policy));
|
2022-01-13 02:26:02 +00:00
|
|
|
}
|