mgr/dashboard: Proper error handling in module status guard

I've recently introduced a check that verifies if the orch_backend we need for a feature matches the orch_backend of the cluster. But to verify this I need to call configOpt API and some user's don't have the permission to access it. So it'll show this Access Denied page.

Fixes: https://tracker.ceph.com/issues/53021
Signed-off-by: Nizamudeen A <nia@redhat.com>

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts
index ebacc06c151922fadff365bc24bd4b881359e6a3..8cce3a8bf8ca115ed14838dfca13c033fb3c0e5b 100644 (file)
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts
@@ -4,7 +4,7 @@ import { fakeAsync, TestBed, tick } from '@angular/core/testing';
 import { ActivatedRouteSnapshot, Router, Routes } from '@angular/router';
 import { RouterTestingModule } from '@angular/router/testing';
 
-import { of as observableOf } from 'rxjs';
+import { of as observableOf, throwError } from 'rxjs';
 
 import { configureTestBed } from '~/testing/unit-test-helper';
 import { MgrModuleService } from '../api/mgr-module.service';
@@ -31,12 +31,16 @@ describe('ModuleStatusGuardService', () => {
     getResult: {},
     activateResult: boolean,
     urlResult: string,
-    backend = 'cephadm'
+    backend = 'cephadm',
+    configOptPermission = true
   ) => {
     let result: boolean;
     spyOn(httpClient, 'get').and.returnValue(observableOf(getResult));
-    const test = { orchestrator: backend };
-    spyOn(mgrModuleService, 'getConfig').and.returnValue(observableOf(test));
+    const orchBackend = { orchestrator: backend };
+    const getConfigSpy = spyOn(mgrModuleService, 'getConfig');
+    configOptPermission
+      ? getConfigSpy.and.returnValue(observableOf(orchBackend))
+      : getConfigSpy.and.returnValue(throwError({}));
     ngZone.run(() => {
       service.canActivateChild(route).subscribe((resp) => {
         result = resp;
@@ -91,4 +95,8 @@ describe('ModuleStatusGuardService', () => {
   it('should redirect normally if the backend provided matches the current backend', fakeAsync(() => {
     testCanActivate({ available: true, message: 'foo' }, true, '/', 'rook');
   }));
+
+  it('should redirect to the "redirectTo" link for user without sufficient permission', fakeAsync(() => {
+    testCanActivate({ available: true, message: 'foo' }, true, '/foo', 'rook', false);
+  }));
 });

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts
index 3162afd232933219142ed022e8d961786602a2b6..97c7251fbfac1a2da5651d0cff2183800e1c924f 100644 (file)
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts
@@ -61,9 +61,15 @@ export class ModuleStatusGuardService implements CanActivate, CanActivateChild {
     const config = route.data['moduleStatusGuardConfig'];
     let backendCheck = false;
     if (config.backend) {
-      this.mgrModuleService.getConfig('orchestrator').subscribe((resp) => {
-        backendCheck = config.backend === resp['orchestrator'];
-      });
+      this.mgrModuleService.getConfig('orchestrator').subscribe(
+        (resp) => {
+          backendCheck = config.backend === resp['orchestrator'];
+        },
+        () => {
+          this.router.navigate([config.redirectTo]);
+          return observableOf(false);
+        }
+      );
     }
     return this.http.get(`api/${config.apiPath}/status`).pipe(
       map((resp: any) => {