From: Tatjana Dehler Date: Mon, 7 Sep 2020 14:56:10 +0000 (+0200) Subject: mgr/dashboard: check config opt permissions X-Git-Tag: v15.2.9~122^2~57^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=27f159b19c0ffdf2a3192303fa74a80ec9c4a1f6;p=ceph.git mgr/dashboard: check config opt permissions Getting the user object fails for a non-admin user. Check the permissions directory if the user is allowed to access the config options instead. Fixes: https://tracker.ceph.com/issues/47331 Signed-off-by: Tatjana Dehler (cherry picked from commit 0942b022d0515d53e2e8742851b6aeb60f3379f9) Conflicts: src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts - Resolved import conflicts in both files; Resolved TestBed conflict (we have to stick with TestBed.get(); in octopus vs. master TestBed.inject(); which is related to Angular 9 being used in master and is not backported to octopus --- diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts index bc6f36c941e..d500f6b4bb9 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts @@ -7,9 +7,9 @@ import { of } from 'rxjs'; import { AlertModule } from 'ngx-bootstrap/alert'; import { configureTestBed, i18nProviders } from '../../../../testing/unit-test-helper'; -import { UserFormModel } from '../../../core/auth/user-form/user-form.model'; import { MgrModuleService } from '../../api/mgr-module.service'; import { UserService } from '../../api/user.service'; +import { Permissions } from '../../models/permissions'; import { PipesModule } from '../../pipes/pipes.module'; import { AuthStorageService } from '../../services/auth-storage.service'; import { NotificationService } from '../../services/notification.service'; @@ -21,35 +21,17 @@ describe('TelemetryActivationNotificationComponent', () => { let fixture: ComponentFixture; let authStorageService: AuthStorageService; - let userService: UserService; let mgrModuleService: MgrModuleService; let notificationService: NotificationService; let isNotificationHiddenSpy: jasmine.Spy; - let getUsernameSpy: jasmine.Spy; - let userServiceGetSpy: jasmine.Spy; + let getPermissionsSpy: jasmine.Spy; let getConfigSpy: jasmine.Spy; - const user: UserFormModel = { - username: 'username', - password: undefined, - name: 'User 1', - email: 'user1@email.com', - roles: ['read-only'], - enabled: true, - pwdExpirationDate: undefined, - pwdUpdateRequired: true - }; - const admin: UserFormModel = { - username: 'admin', - password: undefined, - name: 'User 1', - email: 'user1@email.com', - roles: ['administrator'], - enabled: true, - pwdExpirationDate: undefined, - pwdUpdateRequired: true - }; + const configOptPermissions: Permissions = new Permissions({ + 'config-opt': ['read', 'create', 'update', 'delete'] + }); + const noConfigOptPermissions: Permissions = new Permissions({}); const telemetryEnabledConfig = { enabled: true }; @@ -67,13 +49,13 @@ describe('TelemetryActivationNotificationComponent', () => { fixture = TestBed.createComponent(TelemetryNotificationComponent); component = fixture.componentInstance; authStorageService = TestBed.get(AuthStorageService); - userService = TestBed.get(UserService); mgrModuleService = TestBed.get(MgrModuleService); notificationService = TestBed.get(NotificationService); isNotificationHiddenSpy = spyOn(component, 'isNotificationHidden').and.returnValue(false); - getUsernameSpy = spyOn(authStorageService, 'getUsername').and.returnValue('username'); - userServiceGetSpy = spyOn(userService, 'get').and.returnValue(of(admin)); // Not the best name but it sounded better than `getSpy` + getPermissionsSpy = spyOn(authStorageService, 'getPermissions').and.returnValue( + configOptPermissions + ); getConfigSpy = spyOn(mgrModuleService, 'getConfig').and.returnValue( of(telemetryDisabledConfig) ); @@ -90,14 +72,13 @@ describe('TelemetryActivationNotificationComponent', () => { expect(component.displayNotification).toBe(false); }); - it('should not show notification for an user without administrator role', () => { - userServiceGetSpy.and.returnValue(of(user)); + it('should not show notification for a user without configOpt permissions', () => { + getPermissionsSpy.and.returnValue(noConfigOptPermissions); fixture.detectChanges(); expect(component.displayNotification).toBe(false); }); it('should not show notification if the module is enabled already', () => { - getUsernameSpy.and.returnValue('admin'); getConfigSpy.and.returnValue(of(telemetryEnabledConfig)); fixture.detectChanges(); expect(component.displayNotification).toBe(false); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts index 4b881e2f8e0..6b38b758664 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts @@ -1,10 +1,9 @@ import { Component, OnDestroy, OnInit } from '@angular/core'; import { I18n } from '@ngx-translate/i18n-polyfill'; +import * as _ from 'lodash'; -import { UserFormModel } from '../../../core/auth/user-form/user-form.model'; import { MgrModuleService } from '../../api/mgr-module.service'; -import { UserService } from '../../api/user.service'; import { NotificationType } from '../../enum/notification-type.enum'; import { AuthStorageService } from '../../services/auth-storage.service'; import { NotificationService } from '../../services/notification.service'; @@ -21,7 +20,6 @@ export class TelemetryNotificationComponent implements OnInit, OnDestroy { constructor( private mgrModuleService: MgrModuleService, private authStorageService: AuthStorageService, - private userService: UserService, private notificationService: NotificationService, private telemetryNotificationService: TelemetryNotificationService, private i18n: I18n @@ -33,16 +31,14 @@ export class TelemetryNotificationComponent implements OnInit, OnDestroy { }); if (!this.isNotificationHidden()) { - const username = this.authStorageService.getUsername(); - this.userService.get(username).subscribe((user: UserFormModel) => { - if (user.roles.includes('administrator')) { - this.mgrModuleService.getConfig('telemetry').subscribe((options) => { - if (!options['enabled']) { - this.telemetryNotificationService.setVisibility(true); - } - }); - } - }); + const configOptPermissions = this.authStorageService.getPermissions().configOpt; + if (_.every(Object.values(configOptPermissions))) { + this.mgrModuleService.getConfig('telemetry').subscribe((options) => { + if (!options['enabled']) { + this.telemetryNotificationService.setVisibility(true); + } + }); + } } }