mgr/dashboard: check config opt permissions

Getting the user object fails for a non-admin user. Check
the permissions directory if the user is allowed to access the
config options instead.

Fixes: https://tracker.ceph.com/issues/47331
Signed-off-by: Tatjana Dehler <tdehler@suse.com>
(cherry picked from commit 0942b022d0515d53e2e8742851b6aeb60f3379f9)

 Conflicts:
	src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
	src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
- Resolved import conflicts in both files; Resolved TestBed conflict (we have to stick with TestBed.get(); in octopus vs. master
  TestBed.inject(); which is related to Angular 9 being used in master and is not backported to octopus

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
index bc6f36c941ea68380a03ef29a5fd5f85fb8e3c54..d500f6b4bb998bde29f41a6a8dc980298cffa3ba 100644 (file)
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
@@ -7,9 +7,9 @@ import { of } from 'rxjs';
 import { AlertModule } from 'ngx-bootstrap/alert';
 
 import { configureTestBed, i18nProviders } from '../../../../testing/unit-test-helper';
-import { UserFormModel } from '../../../core/auth/user-form/user-form.model';
 import { MgrModuleService } from '../../api/mgr-module.service';
 import { UserService } from '../../api/user.service';
+import { Permissions } from '../../models/permissions';
 import { PipesModule } from '../../pipes/pipes.module';
 import { AuthStorageService } from '../../services/auth-storage.service';
 import { NotificationService } from '../../services/notification.service';
@@ -21,35 +21,17 @@ describe('TelemetryActivationNotificationComponent', () => {
   let fixture: ComponentFixture<TelemetryNotificationComponent>;
 
   let authStorageService: AuthStorageService;
-  let userService: UserService;
   let mgrModuleService: MgrModuleService;
   let notificationService: NotificationService;
 
   let isNotificationHiddenSpy: jasmine.Spy;
-  let getUsernameSpy: jasmine.Spy;
-  let userServiceGetSpy: jasmine.Spy;
+  let getPermissionsSpy: jasmine.Spy;
   let getConfigSpy: jasmine.Spy;
 
-  const user: UserFormModel = {
-    username: 'username',
-    password: undefined,
-    name: 'User 1',
-    email: 'user1@email.com',
-    roles: ['read-only'],
-    enabled: true,
-    pwdExpirationDate: undefined,
-    pwdUpdateRequired: true
-  };
-  const admin: UserFormModel = {
-    username: 'admin',
-    password: undefined,
-    name: 'User 1',
-    email: 'user1@email.com',
-    roles: ['administrator'],
-    enabled: true,
-    pwdExpirationDate: undefined,
-    pwdUpdateRequired: true
-  };
+  const configOptPermissions: Permissions = new Permissions({
+    'config-opt': ['read', 'create', 'update', 'delete']
+  });
+  const noConfigOptPermissions: Permissions = new Permissions({});
   const telemetryEnabledConfig = {
     enabled: true
   };
@@ -67,13 +49,13 @@ describe('TelemetryActivationNotificationComponent', () => {
     fixture = TestBed.createComponent(TelemetryNotificationComponent);
     component = fixture.componentInstance;
     authStorageService = TestBed.get(AuthStorageService);
-    userService = TestBed.get(UserService);
     mgrModuleService = TestBed.get(MgrModuleService);
     notificationService = TestBed.get(NotificationService);
 
     isNotificationHiddenSpy = spyOn(component, 'isNotificationHidden').and.returnValue(false);
-    getUsernameSpy = spyOn(authStorageService, 'getUsername').and.returnValue('username');
-    userServiceGetSpy = spyOn(userService, 'get').and.returnValue(of(admin)); // Not the best name but it sounded better than `getSpy`
+    getPermissionsSpy = spyOn(authStorageService, 'getPermissions').and.returnValue(
+      configOptPermissions
+    );
     getConfigSpy = spyOn(mgrModuleService, 'getConfig').and.returnValue(
       of(telemetryDisabledConfig)
     );
@@ -90,14 +72,13 @@ describe('TelemetryActivationNotificationComponent', () => {
     expect(component.displayNotification).toBe(false);
   });
 
-  it('should not show notification for an user without administrator role', () => {
-    userServiceGetSpy.and.returnValue(of(user));
+  it('should not show notification for a user without configOpt permissions', () => {
+    getPermissionsSpy.and.returnValue(noConfigOptPermissions);
     fixture.detectChanges();
     expect(component.displayNotification).toBe(false);
   });
 
   it('should not show notification if the module is enabled already', () => {
-    getUsernameSpy.and.returnValue('admin');
     getConfigSpy.and.returnValue(of(telemetryEnabledConfig));
     fixture.detectChanges();
     expect(component.displayNotification).toBe(false);

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
index 4b881e2f8e0b1a86d1830fc4d34bb04c787d75ff..6b38b75866441ccef55466906dd59bf65104e615 100644 (file)
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
@@ -1,10 +1,9 @@
 import { Component, OnDestroy, OnInit } from '@angular/core';
 
 import { I18n } from '@ngx-translate/i18n-polyfill';
+import * as _ from 'lodash';
 
-import { UserFormModel } from '../../../core/auth/user-form/user-form.model';
 import { MgrModuleService } from '../../api/mgr-module.service';
-import { UserService } from '../../api/user.service';
 import { NotificationType } from '../../enum/notification-type.enum';
 import { AuthStorageService } from '../../services/auth-storage.service';
 import { NotificationService } from '../../services/notification.service';
@@ -21,7 +20,6 @@ export class TelemetryNotificationComponent implements OnInit, OnDestroy {
   constructor(
     private mgrModuleService: MgrModuleService,
     private authStorageService: AuthStorageService,
-    private userService: UserService,
     private notificationService: NotificationService,
     private telemetryNotificationService: TelemetryNotificationService,
     private i18n: I18n
@@ -33,16 +31,14 @@ export class TelemetryNotificationComponent implements OnInit, OnDestroy {
     });
 
     if (!this.isNotificationHidden()) {
-      const username = this.authStorageService.getUsername();
-      this.userService.get(username).subscribe((user: UserFormModel) => {
-        if (user.roles.includes('administrator')) {
-          this.mgrModuleService.getConfig('telemetry').subscribe((options) => {
-            if (!options['enabled']) {
-              this.telemetryNotificationService.setVisibility(true);
-            }
-          });
-        }
-      });
+      const configOptPermissions = this.authStorageService.getPermissions().configOpt;
+      if (_.every(Object.values(configOptPermissions))) {
+        this.mgrModuleService.getConfig('telemetry').subscribe((options) => {
+          if (!options['enabled']) {
+            this.telemetryNotificationService.setVisibility(true);
+          }
+        });
+      }
     }
   }