mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 15:21:13 +03:00
Check /api/v1/me to determine if user can perform create/update/delete on Permissions.
This commit is contained in:
parent
0277a2177c
commit
652f7ceb7b
@ -58,7 +58,8 @@ angular.module('ansible', [
|
||||
'ChildrenHelper',
|
||||
'EventsHelper',
|
||||
'ProjectPathHelper',
|
||||
'md5Helper'
|
||||
'md5Helper',
|
||||
'AccessHelper'
|
||||
])
|
||||
.config(['$routeProvider', function($routeProvider) {
|
||||
$routeProvider.
|
||||
|
@ -20,17 +20,20 @@ function PermissionsList ($scope, $rootScope, $location, $log, $routeParams, Res
|
||||
scope.search(list.iterator);
|
||||
|
||||
LoadBreadCrumbs();
|
||||
|
||||
|
||||
scope.addPermission = function() {
|
||||
$location.path($location.path() + '/add');
|
||||
if (checkAccess()) {
|
||||
$location.path($location.path() + '/add');
|
||||
}
|
||||
}
|
||||
|
||||
scope.editPermission = function(id) {
|
||||
$location.path($location.path() + '/' + id);
|
||||
if (checkAccess()) {
|
||||
$location.path($location.path() + '/' + id);
|
||||
}
|
||||
}
|
||||
|
||||
scope.deletePermission = function(id, name) {
|
||||
|
||||
var action = function() {
|
||||
var url = GetBasePath('base') + 'permissions/' + id + '/';
|
||||
Rest.setUrl(url);
|
||||
@ -45,11 +48,13 @@ function PermissionsList ($scope, $rootScope, $location, $log, $routeParams, Res
|
||||
{ hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status });
|
||||
});
|
||||
};
|
||||
|
||||
Prompt({ hdr: 'Delete',
|
||||
body: 'Are you sure you want to delete ' + name + '?',
|
||||
action: action
|
||||
});
|
||||
|
||||
if (checkAccess()) {
|
||||
Prompt({ hdr: 'Delete',
|
||||
body: 'Are you sure you want to delete ' + name + '?',
|
||||
action: action
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -220,7 +220,7 @@ TeamsAdd.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$
|
||||
function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, TeamForm,
|
||||
GenerateForm, Rest, Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit,
|
||||
RelatedPaginateInit, ReturnToCaller, ClearScope, TeamLookUpOrganizationInit, Prompt,
|
||||
GetBasePath)
|
||||
GetBasePath, CheckAccess)
|
||||
{
|
||||
ClearScope('htmlTemplate'); //Garbage collection. Don't leave behind any listeners/watchers from the prior
|
||||
//scope.
|
||||
@ -318,7 +318,9 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
scope.add = function(set) {
|
||||
$rootScope.flashMessage = null;
|
||||
if (set == 'permissions') {
|
||||
$location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/add');
|
||||
if (CheckAccess()) {
|
||||
$location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/add');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$location.path('/' + base + '/' + $routeParams.team_id + '/' + set);
|
||||
@ -329,7 +331,9 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
scope.edit = function(set, id, name) {
|
||||
$rootScope.flashMessage = null;
|
||||
if (set == 'permissions') {
|
||||
$location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/' + id);
|
||||
if (CheckAccess()) {
|
||||
$location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/' + id);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$location.path('/' + set + '/' + id);
|
||||
@ -343,18 +347,20 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
var action = function() {
|
||||
var url;
|
||||
if (set == 'permissions') {
|
||||
url = GetBasePath('base') + 'permissions/' + itm_id + '/';
|
||||
Rest.setUrl(url);
|
||||
Rest.destroy()
|
||||
.success( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
scope.search(form.related[set].iterator);
|
||||
})
|
||||
.error( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
ProcessErrors(scope, data, status, null,
|
||||
{ hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status });
|
||||
});
|
||||
if (CheckAccess()) {
|
||||
url = GetBasePath('base') + 'permissions/' + itm_id + '/';
|
||||
Rest.setUrl(url);
|
||||
Rest.destroy()
|
||||
.success( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
scope.search(form.related[set].iterator);
|
||||
})
|
||||
.error( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
ProcessErrors(scope, data, status, null,
|
||||
{ hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status });
|
||||
});
|
||||
}
|
||||
}
|
||||
else {
|
||||
var url = defaultUrl + $routeParams.team_id + '/' + set + '/';
|
||||
@ -383,6 +389,6 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
TeamsEdit.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'TeamForm',
|
||||
'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit',
|
||||
'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'TeamLookUpOrganizationInit', 'Prompt',
|
||||
'GetBasePath'
|
||||
'GetBasePath', 'CheckAccess'
|
||||
];
|
||||
|
||||
|
@ -137,7 +137,8 @@ function UsersList ($scope, $rootScope, $location, $log, $routeParams, Rest,
|
||||
}
|
||||
|
||||
UsersList.$inject = [ '$scope', '$rootScope', '$location', '$log', '$routeParams', 'Rest', 'Alert', 'UserList', 'GenerateList',
|
||||
'LoadBreadCrumbs', 'Prompt', 'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope', 'ProcessErrors' ];
|
||||
'LoadBreadCrumbs', 'Prompt', 'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope', 'ProcessErrors'
|
||||
];
|
||||
|
||||
|
||||
function UsersAdd ($scope, $rootScope, $compile, $location, $log, $routeParams, UserForm,
|
||||
@ -224,7 +225,7 @@ UsersAdd.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$
|
||||
|
||||
function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, UserForm,
|
||||
GenerateForm, Rest, Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit,
|
||||
RelatedPaginateInit, ReturnToCaller, ClearScope, GetBasePath, Prompt)
|
||||
RelatedPaginateInit, ReturnToCaller, ClearScope, GetBasePath, Prompt, CheckAccess)
|
||||
{
|
||||
ClearScope('htmlTemplate'); //Garbage collection. Don't leave behind any listeners/watchers from the prior
|
||||
//scope.
|
||||
@ -320,7 +321,9 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
scope.add = function(set) {
|
||||
$rootScope.flashMessage = null;
|
||||
if (set == 'permissions') {
|
||||
$location.path('/' + base + '/' + $routeParams.user_id + '/' + set + '/add');
|
||||
if (CheckAccess()) {
|
||||
$location.path('/' + base + '/' + $routeParams.user_id + '/' + set + '/add');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$location.path('/' + base + '/' + $routeParams.user_id + '/' + set);
|
||||
@ -331,7 +334,9 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
scope.edit = function(set, id, name) {
|
||||
$rootScope.flashMessage = null;
|
||||
if (set == 'permissions') {
|
||||
$location.path('/users/' + $routeParams.user_id + '/permissions/' + id);
|
||||
if (CheckAccess()) {
|
||||
$location.path('/users/' + $routeParams.user_id + '/permissions/' + id);
|
||||
}
|
||||
}
|
||||
else {
|
||||
$location.path('/' + set + '/' + id);
|
||||
@ -345,18 +350,20 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
var action = function() {
|
||||
var url;
|
||||
if (set == 'permissions') {
|
||||
url = GetBasePath('base') + 'permissions/' + itm_id + '/';
|
||||
Rest.setUrl(url);
|
||||
Rest.destroy()
|
||||
.success( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
scope.search(form.related[set].iterator);
|
||||
})
|
||||
.error( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
ProcessErrors(scope, data, status, null,
|
||||
if (CheckAccess()) {
|
||||
url = GetBasePath('base') + 'permissions/' + itm_id + '/';
|
||||
Rest.setUrl(url);
|
||||
Rest.destroy()
|
||||
.success( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
scope.search(form.related[set].iterator);
|
||||
})
|
||||
.error( function(data, status, headers, config) {
|
||||
$('#prompt-modal').modal('hide');
|
||||
ProcessErrors(scope, data, status, null,
|
||||
{ hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status });
|
||||
});
|
||||
});
|
||||
}
|
||||
}
|
||||
else {
|
||||
url = defaultUrl + $routeParams.user_id + '/' + set + '/';
|
||||
@ -384,5 +391,5 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams,
|
||||
|
||||
UsersEdit.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'UserForm',
|
||||
'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit',
|
||||
'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'GetBasePath', 'Prompt'];
|
||||
'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'GetBasePath', 'Prompt', 'CheckAccess'];
|
||||
|
||||
|
36
awx/ui/static/js/helpers/Access.js
Normal file
36
awx/ui/static/js/helpers/Access.js
Normal file
@ -0,0 +1,36 @@
|
||||
/*********************************************
|
||||
* Copyright (c) 2013 AnsibleWorks, Inc.
|
||||
*
|
||||
*/
|
||||
|
||||
angular.module('AccessHelper', ['RestServices', 'Utilities'])
|
||||
.factory('CheckAccess', ['$rootScope', 'Alert', 'Rest', 'GetBasePath','ProcessErrors', 'Alert',
|
||||
function($rootScope, Alert, Rest, GetBasePath, ProcessErrors, Prompt) {
|
||||
return function(params) {
|
||||
var me = $rootScope.current_user;
|
||||
var access = false;
|
||||
if (me.is_superuser) {
|
||||
access = true;
|
||||
}
|
||||
else {
|
||||
if (me.related.admin_of_organizations) {
|
||||
Rest.setUrl(me.related.admin_of_organizations);
|
||||
Rest.get()
|
||||
.success( function(data, status, headers, config) {
|
||||
if (data.results.length > 0) {
|
||||
access = true;
|
||||
}
|
||||
})
|
||||
.error( function(data, status, headers, config) {
|
||||
ProcessErrors(scope, data, status, null,
|
||||
{ hdr: 'Error!', msg: 'Call to ' + me.related.admin_of_organizations +
|
||||
' failed. DELETE returned status: ' + status });
|
||||
});
|
||||
}
|
||||
}
|
||||
if (!access) {
|
||||
Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.');
|
||||
}
|
||||
return access;
|
||||
}
|
||||
}]);
|
@ -6,7 +6,9 @@
|
||||
<h3>Ansible Login</h3>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<div class="alert alert-warning alert-block" ng-show="(sessionExpired == true)">Your session timed out due to inactivity. Please sign in again. Session timeout is set to: {{ sessionTimeout }} minutes.</div>
|
||||
<div style="padding-bottom: 20px;" class="alert alert-warning alert-block" ng-show="(sessionExpired == true)">
|
||||
Your session timed out due to inactivity. Please sign in again.
|
||||
</div>
|
||||
<form id="login-form" name="loginForm" class="form-horizontal" novalidate>
|
||||
<div class="control-group">
|
||||
<label class="control-label">Username:</label>
|
||||
|
@ -81,6 +81,7 @@
|
||||
<script src="{{ STATIC_URL }}js/helpers/Children.js"></script>
|
||||
<script src="{{ STATIC_URL }}js/helpers/ProjectPath.js"></script>
|
||||
<script src="{{ STATIC_URL }}js/helpers/md5.js"></script>
|
||||
<script src="{{ STATIC_URL }}js/helpers/Access.js"></script>
|
||||
<script src="{{ STATIC_URL }}lib/ansible/directives.js"></script>
|
||||
<script src="{{ STATIC_URL }}lib/ansible/filters.js"></script>
|
||||
<script src="{{ STATIC_URL }}lib/ansible/api-loader.js"></script>
|
||||
|
Loading…
Reference in New Issue
Block a user