From 652f7ceb7be86f11dbdaab8259c602e12e62af3b Mon Sep 17 00:00:00 2001 From: chouseknecht Date: Thu, 27 Jun 2013 04:51:23 -0400 Subject: [PATCH] Check /api/v1/me to determine if user can perform create/update/delete on Permissions. --- awx/ui/static/js/app.js | 3 +- awx/ui/static/js/controllers/Permissions.js | 23 +++++++----- awx/ui/static/js/controllers/Teams.js | 38 +++++++++++--------- awx/ui/static/js/controllers/Users.js | 39 ++++++++++++--------- awx/ui/static/js/helpers/Access.js | 36 +++++++++++++++++++ awx/ui/static/partials/login-dialog.html | 4 ++- awx/ui/templates/ui/index.html | 1 + 7 files changed, 101 insertions(+), 43 deletions(-) create mode 100644 awx/ui/static/js/helpers/Access.js diff --git a/awx/ui/static/js/app.js b/awx/ui/static/js/app.js index 7a92a7ab01..82728ebc3c 100644 --- a/awx/ui/static/js/app.js +++ b/awx/ui/static/js/app.js @@ -58,7 +58,8 @@ angular.module('ansible', [ 'ChildrenHelper', 'EventsHelper', 'ProjectPathHelper', - 'md5Helper' + 'md5Helper', + 'AccessHelper' ]) .config(['$routeProvider', function($routeProvider) { $routeProvider. diff --git a/awx/ui/static/js/controllers/Permissions.js b/awx/ui/static/js/controllers/Permissions.js index a4e7115808..aefc176b38 100644 --- a/awx/ui/static/js/controllers/Permissions.js +++ b/awx/ui/static/js/controllers/Permissions.js @@ -20,17 +20,20 @@ function PermissionsList ($scope, $rootScope, $location, $log, $routeParams, Res scope.search(list.iterator); LoadBreadCrumbs(); - + scope.addPermission = function() { - $location.path($location.path() + '/add'); + if (checkAccess()) { + $location.path($location.path() + '/add'); + } } scope.editPermission = function(id) { - $location.path($location.path() + '/' + id); + if (checkAccess()) { + $location.path($location.path() + '/' + id); + } } scope.deletePermission = function(id, name) { - var action = function() { var url = GetBasePath('base') + 'permissions/' + id + '/'; Rest.setUrl(url); @@ -45,11 +48,13 @@ function PermissionsList ($scope, $rootScope, $location, $log, $routeParams, Res { hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status }); }); }; - - Prompt({ hdr: 'Delete', - body: 'Are you sure you want to delete ' + name + '?', - action: action - }); + + if (checkAccess()) { + Prompt({ hdr: 'Delete', + body: 'Are you sure you want to delete ' + name + '?', + action: action + }); + } } } diff --git a/awx/ui/static/js/controllers/Teams.js b/awx/ui/static/js/controllers/Teams.js index 06e9fdcb97..f8bb692c07 100644 --- a/awx/ui/static/js/controllers/Teams.js +++ b/awx/ui/static/js/controllers/Teams.js @@ -220,7 +220,7 @@ TeamsAdd.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, TeamForm, GenerateForm, Rest, Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, TeamLookUpOrganizationInit, Prompt, - GetBasePath) + GetBasePath, CheckAccess) { ClearScope('htmlTemplate'); //Garbage collection. Don't leave behind any listeners/watchers from the prior //scope. @@ -318,7 +318,9 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.add = function(set) { $rootScope.flashMessage = null; if (set == 'permissions') { - $location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/add'); + if (CheckAccess()) { + $location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/add'); + } } else { $location.path('/' + base + '/' + $routeParams.team_id + '/' + set); @@ -329,7 +331,9 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.edit = function(set, id, name) { $rootScope.flashMessage = null; if (set == 'permissions') { - $location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/' + id); + if (CheckAccess()) { + $location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/' + id); + } } else { $location.path('/' + set + '/' + id); @@ -343,18 +347,20 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, var action = function() { var url; if (set == 'permissions') { - url = GetBasePath('base') + 'permissions/' + itm_id + '/'; - Rest.setUrl(url); - Rest.destroy() - .success( function(data, status, headers, config) { - $('#prompt-modal').modal('hide'); - scope.search(form.related[set].iterator); - }) - .error( function(data, status, headers, config) { - $('#prompt-modal').modal('hide'); - ProcessErrors(scope, data, status, null, - { hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status }); - }); + if (CheckAccess()) { + url = GetBasePath('base') + 'permissions/' + itm_id + '/'; + Rest.setUrl(url); + Rest.destroy() + .success( function(data, status, headers, config) { + $('#prompt-modal').modal('hide'); + scope.search(form.related[set].iterator); + }) + .error( function(data, status, headers, config) { + $('#prompt-modal').modal('hide'); + ProcessErrors(scope, data, status, null, + { hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status }); + }); + } } else { var url = defaultUrl + $routeParams.team_id + '/' + set + '/'; @@ -383,6 +389,6 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, TeamsEdit.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'TeamForm', 'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit', 'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'TeamLookUpOrganizationInit', 'Prompt', - 'GetBasePath' + 'GetBasePath', 'CheckAccess' ]; diff --git a/awx/ui/static/js/controllers/Users.js b/awx/ui/static/js/controllers/Users.js index 1e87a644cc..4ca2b4c4fd 100644 --- a/awx/ui/static/js/controllers/Users.js +++ b/awx/ui/static/js/controllers/Users.js @@ -137,7 +137,8 @@ function UsersList ($scope, $rootScope, $location, $log, $routeParams, Rest, } UsersList.$inject = [ '$scope', '$rootScope', '$location', '$log', '$routeParams', 'Rest', 'Alert', 'UserList', 'GenerateList', - 'LoadBreadCrumbs', 'Prompt', 'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope', 'ProcessErrors' ]; + 'LoadBreadCrumbs', 'Prompt', 'SearchInit', 'PaginateInit', 'ReturnToCaller', 'ClearScope', 'ProcessErrors' + ]; function UsersAdd ($scope, $rootScope, $compile, $location, $log, $routeParams, UserForm, @@ -224,7 +225,7 @@ UsersAdd.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, UserForm, GenerateForm, Rest, Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, - RelatedPaginateInit, ReturnToCaller, ClearScope, GetBasePath, Prompt) + RelatedPaginateInit, ReturnToCaller, ClearScope, GetBasePath, Prompt, CheckAccess) { ClearScope('htmlTemplate'); //Garbage collection. Don't leave behind any listeners/watchers from the prior //scope. @@ -320,7 +321,9 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.add = function(set) { $rootScope.flashMessage = null; if (set == 'permissions') { - $location.path('/' + base + '/' + $routeParams.user_id + '/' + set + '/add'); + if (CheckAccess()) { + $location.path('/' + base + '/' + $routeParams.user_id + '/' + set + '/add'); + } } else { $location.path('/' + base + '/' + $routeParams.user_id + '/' + set); @@ -331,7 +334,9 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.edit = function(set, id, name) { $rootScope.flashMessage = null; if (set == 'permissions') { - $location.path('/users/' + $routeParams.user_id + '/permissions/' + id); + if (CheckAccess()) { + $location.path('/users/' + $routeParams.user_id + '/permissions/' + id); + } } else { $location.path('/' + set + '/' + id); @@ -345,18 +350,20 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, var action = function() { var url; if (set == 'permissions') { - url = GetBasePath('base') + 'permissions/' + itm_id + '/'; - Rest.setUrl(url); - Rest.destroy() - .success( function(data, status, headers, config) { - $('#prompt-modal').modal('hide'); - scope.search(form.related[set].iterator); - }) - .error( function(data, status, headers, config) { - $('#prompt-modal').modal('hide'); - ProcessErrors(scope, data, status, null, + if (CheckAccess()) { + url = GetBasePath('base') + 'permissions/' + itm_id + '/'; + Rest.setUrl(url); + Rest.destroy() + .success( function(data, status, headers, config) { + $('#prompt-modal').modal('hide'); + scope.search(form.related[set].iterator); + }) + .error( function(data, status, headers, config) { + $('#prompt-modal').modal('hide'); + ProcessErrors(scope, data, status, null, { hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status }); - }); + }); + } } else { url = defaultUrl + $routeParams.user_id + '/' + set + '/'; @@ -384,5 +391,5 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, UsersEdit.$inject = [ '$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'UserForm', 'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit', - 'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'GetBasePath', 'Prompt']; + 'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'GetBasePath', 'Prompt', 'CheckAccess']; diff --git a/awx/ui/static/js/helpers/Access.js b/awx/ui/static/js/helpers/Access.js new file mode 100644 index 0000000000..f4e530680a --- /dev/null +++ b/awx/ui/static/js/helpers/Access.js @@ -0,0 +1,36 @@ +/********************************************* + * Copyright (c) 2013 AnsibleWorks, Inc. + * +*/ + +angular.module('AccessHelper', ['RestServices', 'Utilities']) + .factory('CheckAccess', ['$rootScope', 'Alert', 'Rest', 'GetBasePath','ProcessErrors', 'Alert', + function($rootScope, Alert, Rest, GetBasePath, ProcessErrors, Prompt) { + return function(params) { + var me = $rootScope.current_user; + var access = false; + if (me.is_superuser) { + access = true; + } + else { + if (me.related.admin_of_organizations) { + Rest.setUrl(me.related.admin_of_organizations); + Rest.get() + .success( function(data, status, headers, config) { + if (data.results.length > 0) { + access = true; + } + }) + .error( function(data, status, headers, config) { + ProcessErrors(scope, data, status, null, + { hdr: 'Error!', msg: 'Call to ' + me.related.admin_of_organizations + + ' failed. DELETE returned status: ' + status }); + }); + } + } + if (!access) { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } + return access; + } + }]); \ No newline at end of file diff --git a/awx/ui/static/partials/login-dialog.html b/awx/ui/static/partials/login-dialog.html index 91f6e8551e..80776c0f00 100644 --- a/awx/ui/static/partials/login-dialog.html +++ b/awx/ui/static/partials/login-dialog.html @@ -6,7 +6,9 @@

Ansible Login