From: Alfonso Martínez Date: Tue, 21 Jan 2020 12:49:02 +0000 (+0100) Subject: mgr/dashboard: check if user has config-opt permissions before retrieving settings. X-Git-Tag: v15.1.0~67^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ea1c8c7ef7f494208aec1c59d12fec2da759784a;p=ceph.git mgr/dashboard: check if user has config-opt permissions before retrieving settings. Fixes: https://tracker.ceph.com/issues/43595 Signed-off-by: Alfonso Martínez --- diff --git a/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.spec.ts index 29dc31546895..da1e780e9a63 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.spec.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.spec.ts @@ -2,11 +2,16 @@ import { ComponentFixture, TestBed } from '@angular/core/testing'; import { configureTestBed, i18nProviders } from '../../../../testing/unit-test-helper'; import { AppModule } from '../../../app.module'; +import { PrometheusService } from '../../../shared/api/prometheus.service'; +import { Permissions } from '../../../shared/models/permissions'; +import { AuthStorageService } from '../../../shared/services/auth-storage.service'; import { NavigationComponent } from './navigation.component'; describe('NavigationComponent', () => { let component: NavigationComponent; let fixture: ComponentFixture; + let ifAlertmanagerConfiguredSpy: jasmine.Spy; + let ifPrometheusConfigured: jasmine.Spy; configureTestBed({ imports: [AppModule], @@ -14,12 +19,36 @@ describe('NavigationComponent', () => { }); beforeEach(() => { + ifAlertmanagerConfiguredSpy = spyOn( + TestBed.get(PrometheusService), + 'ifAlertmanagerConfigured' + ).and.stub(); + ifPrometheusConfigured = spyOn( + TestBed.get(PrometheusService), + 'ifPrometheusConfigured' + ).and.stub(); fixture = TestBed.createComponent(NavigationComponent); component = fixture.componentInstance; fixture.detectChanges(); }); - it('should create', () => { + it('should create and PrometheusService methods should not have been called', () => { expect(component).toBeTruthy(); + expect(ifAlertmanagerConfiguredSpy).toHaveBeenCalledTimes(0); + expect(ifPrometheusConfigured).toHaveBeenCalledTimes(0); + }); + + it('PrometheusService methods should have been called', () => { + const authStorageServiceSpy = spyOn( + TestBed.get(AuthStorageService), + 'getPermissions' + ).and.returnValue(new Permissions({ 'config-opt': ['read'] })); + TestBed.overrideProvider(AuthStorageService, { useValue: authStorageServiceSpy }); + fixture = TestBed.createComponent(NavigationComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + + expect(ifAlertmanagerConfiguredSpy).toHaveBeenCalledTimes(1); + expect(ifPrometheusConfigured).toHaveBeenCalledTimes(1); }); }); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.ts index 98538fe7e583..2dfede6ca190 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.ts @@ -50,13 +50,14 @@ export class NavigationComponent implements OnInit { } this.summaryData = data; }); - this.prometheusService.ifAlertmanagerConfigured(() => { - this.isAlertmanagerConfigured = true; - }); - this.prometheusService.ifPrometheusConfigured(() => { - this.isPrometheusConfigured = true; - }); - + if (this.permissions.configOpt.read) { + this.prometheusService.ifAlertmanagerConfigured(() => { + this.isAlertmanagerConfigured = true; + }); + this.prometheusService.ifPrometheusConfigured(() => { + this.isPrometheusConfigured = true; + }); + } this.authStorageService.isPwdDisplayed$.subscribe((isDisplayed) => { this.isPwdDisplayed = isDisplayed; }); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.spec.ts index d379a9ccdf9f..229c136ad912 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.spec.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.spec.ts @@ -13,6 +13,7 @@ import { RbdService } from '../../api/rbd.service'; import { SettingsService } from '../../api/settings.service'; import { NotificationType } from '../../enum/notification-type.enum'; import { ExecutingTask } from '../../models/executing-task'; +import { Permissions } from '../../models/permissions'; import { PipesModule } from '../../pipes/pipes.module'; import { AuthStorageService } from '../../services/auth-storage.service'; import { NotificationService } from '../../services/notification.service'; @@ -59,7 +60,8 @@ describe('NotificationsSidebarComponent', () => { describe('prometheus alert handling', () => { let prometheusAlertService: PrometheusAlertService; let prometheusNotificationService: PrometheusNotificationService; - let prometheusAccessAllowed: boolean; + let prometheusReadPermission: string; + let configOptReadPermission: string; const expectPrometheusServicesToBeCalledTimes = (n: number) => { expect(prometheusNotificationService.refresh).toHaveBeenCalledTimes(n); @@ -67,10 +69,15 @@ describe('NotificationsSidebarComponent', () => { }; beforeEach(() => { - prometheusAccessAllowed = true; - spyOn(TestBed.get(AuthStorageService), 'getPermissions').and.callFake(() => ({ - prometheus: { read: prometheusAccessAllowed } - })); + prometheusReadPermission = 'read'; + configOptReadPermission = 'read'; + spyOn(TestBed.get(AuthStorageService), 'getPermissions').and.callFake( + () => + new Permissions({ + prometheus: [prometheusReadPermission], + 'config-opt': [configOptReadPermission] + }) + ); spyOn(TestBed.get(PrometheusService), 'ifAlertmanagerConfigured').and.callFake((fn) => fn()); @@ -82,7 +89,14 @@ describe('NotificationsSidebarComponent', () => { }); it('should not refresh prometheus services if not allowed', () => { - prometheusAccessAllowed = false; + prometheusReadPermission = ''; + configOptReadPermission = 'read'; + fixture.detectChanges(); + + expectPrometheusServicesToBeCalledTimes(0); + + prometheusReadPermission = 'read'; + configOptReadPermission = ''; fixture.detectChanges(); expectPrometheusServicesToBeCalledTimes(0); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.ts index d9660e0e1e49..59ce5963ec48 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/notifications-sidebar/notifications-sidebar.component.ts @@ -59,7 +59,8 @@ export class NotificationsSidebarComponent implements OnInit, OnDestroy { } ngOnInit() { - if (this.authStorageService.getPermissions().prometheus.read) { + const permissions = this.authStorageService.getPermissions(); + if (permissions.prometheus.read && permissions.configOpt.read) { this.triggerPrometheusAlerts(); this.ngZone.runOutsideAngular(() => { this.interval = window.setInterval(() => {