Merge pull request #1090 from chalettu/sui_rbac

Updated RBAC and product features to support new structure
ManageIQ · Oct 17, 2017 · 798ea56 · 798ea56
2 parents 4ef44d9 + 7961cab
commit 798ea56
Show file tree

Hide file tree

Showing 23 changed files with 7,638 additions and 69 deletions.
diff --git a/client/app/core/navigation/navigation-controller.js b/client/app/core/navigation/navigation-controller.js
@@ -36,8 +36,9 @@ export function NavigationController (Text, Navigation, Session, API_BASE, Shopp
         about: RBAC.has('about'),
         documentation: RBAC.has('documentation')
       },
-      suiAppLauncher: RBAC.has('sui_app_launcher'),
-      suiNotifications: RBAC.has('sui_notifications'),
+      suiAppLauncher: RBAC.has(RBAC.FEATURES.CORE.APP_LAUNCHER),
+      suiNotifications: RBAC.has(RBAC.FEATURES.CORE.NOTIFICATIONS),
+      suiLanguage: RBAC.has(RBAC.FEATURES.CORE.LANGUAGE),
       helpMenu: RBAC.hasAny(['about', 'product', 'documentation'])
     }
     EventNotifications.setToastDisplay(vm.permissions.suiNotifications)

diff --git a/client/app/core/product-features.constants.json b/client/app/core/product-features.constants.json
@@ -0,0 +1,57 @@
+{
+  "productFeatures": {
+    "CORE": {
+      "APP_LAUNCHER": "sui_app_launcher",
+      "LANGUAGE": "sui_language",
+      "NOTIFICATIONS": "sui_notifications"
+    },
+    "DASHBOARD": {
+      "VIEW": {
+        "MONTHLY_CHARGES": "sui_dashboard_monthly_charge_view"
+      }
+    },
+    "SERVICES": {
+      "VIEW": "sui_services_view",
+      "START": "sui_services_start",
+      "STOP": "sui_services_stop",
+      "SUSPEND": "sui_services_suspend",
+      "TAGS": "sui_services_tags",
+      "RETIRE": {
+        "SET_DATE": "sui_services_retire_date",
+        "RETIRE_NOW": "sui_services_retire"
+      },
+      "EDIT": "sui_services_edit",
+      "DELETE": "sui_services_delete",
+      "OWNERSHIP": "sui_services_ownership"
+    },
+    "VMS": {
+      "VIEW": "sui_vm_details_view",
+      "SNAPSHOTS": {
+        "VIEW": "sui_vm_snapshots_view",
+        "ADD": "sui_vm_snapshot_create",
+        "DELETE": "sui_vm_snapshot_delete"
+      },
+      "CONSOLE": "sui_vm_console",
+      "WEB_CONSOLE": "sui_vm_web_console",
+      "TAGS": "sui_vm_tags",
+      "RETIRE": "sui_vm_retire",
+      "STAR": "sui_vm_start",
+      "STOP": "sui_vm_stop",
+      "SUSPEND": "sui_vm_suspend"
+    },
+    "ORDERS": {
+      "VIEW": "sui_orders_view",
+      "DUPLICATE": "sui_orders_duplicate",
+      "DELETE": "sui_orders_delete"
+    },
+    "SERVICE_CATALOG": {
+      "VIEW": "sui_svc_catalog_view",
+      "CART": "sui_svc_catalog_cart"
+    },
+    "SHOPPING_CART": {
+      "VIEW": "sui_cart_view",
+      "DELETE": "sui_cart_delete",
+      "ORDER": "sui_cart_order"
+    }
+  }
+}
diff --git a/client/app/core/rbac.service.js b/client/app/core/rbac.service.js
@@ -1,3 +1,4 @@
+import { productFeatures } from './product-features.constants.json'
 /** @ngInject */
 export function RBACFactory (lodash) {
   var navFeatures = {}
@@ -8,6 +9,7 @@ export function RBACFactory (lodash) {
     all: all,
     set: set,
     has: has,
+    FEATURES: productFeatures,
     hasAny: hasAny,
     hasRole: hasRole,
     setRole: setRole,
@@ -17,12 +19,12 @@ export function RBACFactory (lodash) {
   }
 
   function set (productFeatures) {
+    const vm = this
     features = productFeatures || {}
-
     const navPermissions = {
-      services: {show: angular.isDefined(productFeatures.service_view)},
-      orders: {show: angular.isDefined(productFeatures.svc_catalog_provision)},
-      catalogs: {show: angular.isDefined(productFeatures.catalog_items_view)}
+      services: {show: vm.has(vm.FEATURES.SERVICES.VIEW)},
+      orders: {show: vm.has(vm.FEATURES.ORDERS.VIEW)},
+      catalogs: {show: vm.has(vm.FEATURES.SERVICE_CATALOG.VIEW)}
     }
     setNavFeatures(navPermissions)
   }

diff --git a/client/app/core/session.service.spec.js b/client/app/core/session.service.spec.js
@@ -59,7 +59,7 @@ describe('Session', () => {
 
     })
 
-    it('updates user session storage', () => {
+     it('updates user session storage', () => {
       $sessionStorage.user = JSON.stringify(readJSON('tests/mock/session/user.json'))
       Session.updateUserSession({settings: {ui_service: {display: {locale: 'fr'}}}})
       let user =  JSON.parse($sessionStorage.user)
@@ -79,9 +79,7 @@ describe('Session', () => {
       var response = {
         authorization: {
           product_features: {
-            dashboard_view: {},
-            service_view: {},
-            service_edit: {}
+            sui_services_view: {}
           }
         }, identity: {}
       }
@@ -97,11 +95,11 @@ describe('Session', () => {
     })
 
     it('sets visibility for "Service Catalogs" and "Requests" only on navbar and enables "Service Request" button', () => {
-      var response = {
+      const response = {
         authorization: {
           product_features: {
-            catalog_items_view: {},
-            svc_catalog_provision: {},
+            sui_orders_view: {},
+            sui_svc_catalog_view: {},
           }
         }, identity: {}
       }

diff --git a/client/app/core/shopping-cart.service.js b/client/app/core/shopping-cart.service.js
@@ -173,7 +173,7 @@ export function ShoppingCartFactory ($rootScope, CollectionsApi, $q, lodash, RBA
   }
 
   function allowed () {
-    return RBAC.has('svc_catalog_provision')
+    return RBAC.has(RBAC.FEATURES.SHOPPING_CART.ORDER)
   }
 
   function dedup () {

diff --git a/client/app/layouts/application.html b/client/app/layouts/application.html
@@ -97,7 +97,7 @@
             </li>
             <!-- /Group switcher -->
 
-            <li class="dropdown-submenu pull-left" language-switcher></li>
+            <li ng-if="vm.permissions.suiLanguage" class="dropdown-submenu pull-left" language-switcher></li>
 
             <li class="action divider"></li>
 

diff --git a/client/app/orders/orders-state.service.js b/client/app/orders/orders-state.service.js
@@ -60,8 +60,8 @@ export function OrdersStateFactory (ListConfiguration, CollectionsApi, RBAC) {
   function getPermissions () {
     const permissions = {
       approve: RBAC.has('miq_request_approval'),
-      delete: RBAC.has('miq_request_delete'),
-      copy: RBAC.has('miq_request_copy')
+      delete: RBAC.has(RBAC.FEATURES.ORDERS.DELETE),
+      copy: RBAC.has(RBAC.FEATURES.ORDERS.DUPLICATE)
     }
 
     return permissions

diff --git a/client/app/services/service-details/service-details.component.js b/client/app/services/service-details/service-details.component.js
@@ -144,28 +144,27 @@ function ComponentController ($stateParams, $state, $window, CollectionsApi, Eve
         isDisabled: false,
         tooltipText: __('Power Operations')
       }
-      // TODO: once service_control rbac operations are available, gate the following actions
       const powerOptionsActions = [
         {
           name: __('Start'),
           actionName: 'start',
           title: __('Start the Service'),
           actionFn: startService,
-          permission: true,
+          permission: vm.permissions.serviceStart,
           isDisabled: disableStartButton(vm.service)
         }, {
           name: __('Stop'),
           actionName: 'stop',
           title: __('Stop the Service'),
           actionFn: stopService,
-          permission: true,
+          permission: vm.permissions.serviceStop,
           isDisabled: disableStopButton(vm.service)
         }, {
           name: __('Suspend'),
           actionName: 'suspend',
           title: __('Suspend the Service'),
           actionFn: suspendService,
-          permission: true,
+          permission: vm.permissions.serviceSuspend,
           isDisabled: disableSuspendButton(vm.service)
         }
       ]

diff --git a/client/app/services/service-explorer/service-explorer.component.js b/client/app/services/service-explorer/service-explorer.component.js
@@ -270,23 +270,23 @@ function ComponentController ($state, ServicesState, Language, ListView, Chargeb
         title: __('Start this service'),
         actionFn: startService,
         isDisabled: false,
-        permission: vm.permissions.powerOn
+        permission: vm.permissions.serviceStart
       },
       {
         name: __('Stop'),
         actionName: 'stop',
         title: __('Stop this service'),
         actionFn: stopService,
         isDisabled: false,
-        permission: vm.permissions.powerOff
+        permission: vm.permissions.serviceStop
       },
       {
         name: __('Suspend'),
         actionName: 'suspend',
         title: __('Suspend this service'),
         actionFn: suspendService,
         isDisabled: false,
-        permission: vm.permissions.suspend
+        permission: vm.permissions.serviceSuspend
       }
     ]
 

diff --git a/client/app/services/service-explorer/service-explorer.component.spec.js b/client/app/services/service-explorer/service-explorer.component.spec.js
@@ -25,6 +25,9 @@ describe('Component: serviceExplorer', () => {
       instanceStop: false,
       instanceSuspend: false,
       instanceRetire: false,
+      serviceStart: false,
+      serviceStop: false,
+      serviceSuspend: false,
       cockpit: false,
       console: false,
       viewSnapshots: false,

diff --git a/client/app/services/services-state.service.js b/client/app/services/services-state.service.js
@@ -100,25 +100,27 @@ export function ServicesStateFactory (ListConfiguration, CollectionsApi, RBAC) {
 
   function getPermissions () {
     return {
-      edit: RBAC.hasAny(['service_admin', 'service_edit']),
-      delete: RBAC.hasAny(['service_admin', 'service_delete']),
+      edit: RBAC.has(RBAC.FEATURES.SERVICES.EDIT),
+      delete: RBAC.has(RBAC.FEATURES.SERVICES.DELETE),
       reconfigure: RBAC.hasAny(['service_admin', 'service_reconfigure']),
-      setOwnership: RBAC.hasAny(['service_admin', 'service_ownership']),
-      retire: RBAC.hasAny(['service_control', 'service_retire_now']),
-      setRetireDate: RBAC.hasAny(['service_control', 'service_retire']),
-      editTags: RBAC.hasAny(['service_control', 'service_tag']),
+      setOwnership: RBAC.has(RBAC.FEATURES.SERVICES.OWNERSHIP),
+      retire: RBAC.has(RBAC.FEATURES.SERVICES.RETIRE.RETIRE_NOW),
+      setRetireDate: RBAC.has(RBAC.FEATURES.SERVICES.RETIRE.SET_DATE),
+      editTags: RBAC.has(RBAC.FEATURES.SERVICES.TAGS),
       viewAnsible: RBAC.hasAny(['configuration_script_view', 'configuration_scripts_accord']),
-
-      instanceStart: RBAC.hasAny(['instance_control', 'instance_start']),
-      instanceStop: RBAC.hasAny(['instance_control', 'instance_stop']),
-      instanceSuspend: RBAC.hasAny(['instance_control', 'instance_suspend']),
-      instanceRetire: RBAC.hasAny(['instance_control', 'instance_retire']),
-      cockpit: RBAC.has('cockpit_console'),
-      console: RBAC.has('vm_console'),
-      viewSnapshots: RBAC.hasAny(['vm_snapshot', 'vm_snapshot_view', 'cloud_volume_snapshot', 'cloud_volume_snapshot_view']),
-
-      vm_snapshot_show_list: RBAC.has('vm_snapshot_show_list'), // Display Lists of VM Snapshots
-      vm_snapshot_add: RBAC.hasAny(['vm_snapshot_add']), // Create Snapshot
+      serviceStart: RBAC.has(RBAC.FEATURES.SERVICES.START),
+      serviceStop: RBAC.has(RBAC.FEATURES.SERVICES.STOP),
+      serviceSuspend: RBAC.has(RBAC.FEATURES.SERVICES.SUSPEND),
+      instanceStart: RBAC.has(RBAC.FEATURES.VMS.START),
+      instanceStop: RBAC.has(RBAC.FEATURES.VMS.STOP),
+      instanceSuspend: RBAC.has(RBAC.FEATURES.VMS.SUSPEND),
+      instanceRetire: RBAC.hasAny([RBAC.FEATURES.SERVICES.RETIRE.RETIRE_NOW, RBAC.FEATURES.SERVICES.RETIRE.SET_DATE]),
+      cockpit: RBAC.has(RBAC.FEATURES.VMS.WEB_CONSOLE),
+      console: RBAC.has(RBAC.FEATURES.VMS.CONSOLE),
+      viewSnapshots: RBAC.has(RBAC.FEATURES.VMS.SNAPSHOTS.VIEW),
+
+      vm_snapshot_show_list: RBAC.has(RBAC.FEATURES.VMS.SNAPSHOTS.VIEW), // Display Lists of VM Snapshots
+      vm_snapshot_add: RBAC.has(RBAC.FEATURES.VMS.SNAPSHOTS.ADD), // Create Snapshot
       ems_infra_show: RBAC.has('ems_infra_show'), // View Infrastructure Providers
       ems_cluster_show: RBAC.has('ems_cluster_show'), //  Display Individual Clusters / Deployment Roles
       host_show: RBAC.has('host_show'), // Display Individual Hosts / Nodes

diff --git a/client/app/services/services-state.service.spec.js b/client/app/services/services-state.service.spec.js
@@ -67,6 +67,9 @@ describe('Services-state Service', function () {
         'setRetireDate': false,
         'editTags': false,
         'viewAnsible': false,
+        'serviceStart': false,
+        'serviceStop': false,
+        'serviceSuspend': false,
         'instanceStart': false,
         'instanceStop': false,
         'instanceSuspend': false,
@@ -119,7 +122,7 @@ describe('Services-state Service', function () {
     beforeEach(function () {
       module('app.services');
       bard.inject('RBAC');
-      permissionsSpy = sinon.stub(RBAC, 'hasAny').returns(true);
+      permissionsSpy = sinon.stub(RBAC, 'has').returns(true);
 
       bard.inject('ServicesState', '$http', 'CollectionsApi', 'ListConfiguration');
     });

diff --git a/client/app/services/vm-details/vm-details.component.js b/client/app/services/vm-details/vm-details.component.js
@@ -35,7 +35,7 @@ function ComponentController ($state, $stateParams, VmsService, ServicesState, s
   }
 
   function activate () {
-    vm.permissions = ServicesState.getPermissions()
+    vm.permissions = VmsService.getPermissions()
     angular.extend(vm, {
       hasCustomButtons: hasCustomButtons,
       loading: true,
@@ -177,14 +177,14 @@ function ComponentController ($state, $stateParams, VmsService, ServicesState, s
         actionName: 'view',
         title: __('View snapshots'),
         actionFn: viewSnapshots,
-        permission: vm.permissions.viewSnapshots
+        permission: vm.permissions.snapshotsView
       },
       {
         name: __('Create'),
         actionName: 'create',
         title: __('Create snapshots'),
         actionFn: processSnapshot,
-        permission: vm.permissions.vm_snapshot_add
+        permission: vm.permissions.snapshotsAdd
       }
     ]
     snapshotOptionsMenu.actions = VmsService.checkMenuPermissions(snapshotOptionsActions)
@@ -225,23 +225,23 @@ function ComponentController ($state, $stateParams, VmsService, ServicesState, s
         actionName: 'start',
         title: __('Start the Service'),
         actionFn: startVM,
-        permission: vm.permissions.instanceStart,
+        permission: vm.permissions.start,
         isDisabled: vm.vmDetails.power_state === 'on'
       }, {
         icon: 'fa fa-stop',
         name: __('Stop'),
         actionName: 'stop',
         title: __('Stop the Service'),
         actionFn: stopVM,
-        permission: vm.permissions.instanceStop,
+        permission: vm.permissions.stop,
         isDisabled: vm.vmDetails.power_state !== 'on'
       }, {
         icon: 'fa fa-pause',
         name: __('Suspend'),
         actionName: 'suspend',
         title: __('Suspend the Service'),
         actionFn: suspendVM,
-        permission: vm.permissions.instanceSuspend,
+        permission: vm.permissions.suspend,
         isDisabled: vm.vmDetails.power_state !== 'on'
       }
     ]

diff --git a/client/app/services/vm-details/vm-details.component.spec.js b/client/app/services/vm-details/vm-details.component.spec.js
@@ -13,18 +13,18 @@ describe('Component: VM Details', function() {
     let instanceSpy;
     let vmData;
     let controller;
-    let servicePermissions;
+    let vmPermissions;
 
     describe('with $compile', function() {
         beforeEach(inject(function($stateParams, $compile, $rootScope, $componentController, $httpBackend) {
         scope = $rootScope.$new();
         $stateParams.vmId = '12345';
         bard.inject('VmsService','ServicesState','PowerOperations','sprintf', 'lodash', 'EventNotifications', 'Polling','LONG_POLLING_INTERVAL', '$state', 'ModalService');
         vmData = readJSON(`${mockDir}vm.json`);
-        servicePermissions = readJSON(`${mockDir}servicePermissions.json`);
+        vmPermissions = readJSON(`${mockDir}vmPermissions.json`);
         state = $state;
         instanceSpy = sinon.stub(VmsService,'getInstance').returns(Promise.resolve({'status':'success'}))
-        const permissionsSpy = sinon.stub(ServicesState,'getPermissions').returns(servicePermissions);
+        const permissionsSpy = sinon.stub(VmsService,'getPermissions').returns(vmPermissions);
         controller = $componentController('vmDetails', {$scope: scope, $state: state, VmsService: VmsService, ServicesState: ServicesState, sprintf: sprintf, lodash: lodash, EventNotifications: EventNotifications, Polling: Polling, PowerOperations: PowerOperations, $state: state, ModalService: ModalService});
 
         scope.$apply();