luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Handle the case where ACLs aren't enabled in abilities

This commit is contained in:
Michael Lange 2020-01-30 16:07:43 -08:00
parent 175f80da16
commit 59897f9716
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ui/app/abilities/client.js
View File

@ -1,15 +1,16 @@
import { Ability } from 'ember-can';
import { inject as service } from '@ember/service';
import { computed, get } from '@ember/object';
import { equal, or } from '@ember/object/computed';
import { equal, or, not } from '@ember/object/computed';
export default Ability.extend({
token: service(),
// Map abilities to policy options (which are coarse for nodes)
// instead of specific behaviors.
canWrite: or('selfTokenIsManagement', 'policiesIncludeNodeWrite'),
canWrite: or('bypassAuthorization', 'selfTokenIsManagement', 'policiesIncludeNodeWrite'),
bypassAuthorization: not('token.aclEnabled'),
selfTokenIsManagement: equal('token.selfToken.type', 'management'),
policiesIncludeNodeWrite: computed('token.selfTokenPolicies.[]', function() {

5
ui/app/abilities/job.js
View File

@ -1,14 +1,15 @@
import { Ability } from 'ember-can';
import { inject as service } from '@ember/service';
import { computed, get } from '@ember/object';
import { equal, or } from '@ember/object/computed';
import { equal, or, not } from '@ember/object/computed';
export default Ability.extend({
system: service(),
token: service(),
canRun: or('selfTokenIsManagement', 'policiesSupportRunning'),
canRun: or('bypassAuthorization', 'selfTokenIsManagement', 'policiesSupportRunning'),
bypassAuthorization: not('token.aclEnabled'),
selfTokenIsManagement: equal('token.selfToken.type', 'management'),
activeNamespace: computed('system.activeNamespace.name', function() {

10
ui/app/services/token.js
View File

@ -11,6 +11,8 @@ export default Service.extend({
store: service(),
system: service(),
aclEnabled: true,
secret: computed({
get() {
return window.localStorage.nomadTokenSecret;
@ -31,6 +33,10 @@ export default Service.extend({
try {
return yield TokenAdapter.findSelf();
} catch (e) {
const errors = e.errors ? e.errors.mapBy('detail') : [];
if (errors.find(error => error === 'ACL support disabled')) {
this.set('aclEnabled', false);
}
return null;
}
}),
@ -56,7 +62,9 @@ export default Service.extend({
fetchSelfTokenAndPolicies: task(function*() {
yield this.fetchSelfToken.perform();
yield this.fetchSelfTokenPolicies.perform();
if (this.aclEnabled) {
yield this.fetchSelfTokenPolicies.perform();
}
}),
// All non Ember Data requests should go through authorizedRequest.