Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ui: Implement fine grained read-only views based on ACLs #9769

Merged
merged 14 commits into from
Feb 19, 2021
Merged

ui: Implement fine grained read-only views based on ACLs #9769

merged 14 commits into from
Feb 19, 2021

Conversation

johncowen
Copy link
Contributor

@johncowen johncowen commented Feb 15, 2021
edited
Loading

This is a continuation of #9687 and #9706.

This PR performs a pre-request when viewing individual models that may be restricted via service_prefix/key_prefix etc. If the request tells us that the user doesn't have access to view the individual model, then we don't even make the request to try to fetch it (which would result in a 403 anyway).

If your access is restricted whilst you are viewing a model and we are told that during our blocking queries, then we show a message (similar to when a service is deregistered) but instead of keeping the information in the page, we wipe the page and show you our standard 403 error page (including a link to re-authenticate)

As only certain models require this pre-request check, we've added a segmented property to all of our abilities, if this property is false no check is ever made as the model cannot be 'segmented'/used with _prefix (such as ACLs).

@johncowen johncowen added the theme/ui Anything related to the UI label Feb 15, 2021
@vercel vercel bot temporarily deployed to Preview – consul February 15, 2021 11:54 Inactive
@vercel vercel bot temporarily deployed to Preview – consul February 16, 2021 09:23 Inactive
@johncowen johncowen requested a review from kaxcode February 16, 2021 19:01
@johncowen johncowen marked this pull request as ready for review February 16, 2021 19:01
kaxcode
kaxcode approved these changes Feb 18, 2021
View reviewed changes
Copy link
Contributor

@kaxcode kaxcode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Base automatically changed from ui/feature/permissions-2 to ui/feature/permissions February 18, 2021 18:27
@johncowen johncowen force-pushed the ui/feature/permissions-3 branch from d114118 to 684aeef Compare February 18, 2021 18:30
@vercel vercel bot temporarily deployed to Preview – consul February 18, 2021 18:30 Inactive
@johncowen johncowen merged this pull request into ui/feature/permissions Feb 19, 2021
@johncowen johncowen deleted the ui/feature/permissions-3 branch February 19, 2021 15:42
johncowen added a commit that referenced this pull request Feb 19, 2021
@johncowen
ui: Implement fine grained read-only views based on ACLs (#9769)
8623aa8 
* WIP

* Move authorize to the permissions adapter

* Slight cleanup and add Resources everywhere

* Show a login on the 403 error page

* Change to use authorizeBySlug

* Add some words around namespaces and permissions

* Add correct namespace support

* Reorganize authorizeBy things so we can use a slug or set of perms

* Clean up new repo methods, tweak DataLoader to deal with 403's nicer

* Service > Node

* Add some acceptance tests around single item access

* Add configuration 'segmented' so we can mark things that shouldn't request

* Default permissions to []

* Fix up adapter test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaxcode kaxcode kaxcode approved these changes

Assignees
No one assigned
Labels
theme/ui Anything related to the UI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johncowen @kaxcode