From 0942b022d0515d53e2e8742851b6aeb60f3379f9 Mon Sep 17 00:00:00 2001
From: Tatjana Dehler <tdehler@suse.com>
Date: Mon, 7 Sep 2020 16:56:10 +0200
Subject: [PATCH] mgr/dashboard: check config opt permissions

Getting the user object fails for a non-admin user. Check
the permissions directory if the user is allowed to access the
config options instead.

Fixes: https://tracker.ceph.com/issues/47331
Signed-off-by: Tatjana Dehler <tdehler@suse.com>
---
 .../telemetry-notification.component.spec.ts  | 41 +++++--------------
 .../telemetry-notification.component.ts       | 23 +++++------
 2 files changed, 21 insertions(+), 43 deletions(-)

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
index cc9fa591c3185..8029221f9fed0 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.spec.ts
@@ -6,9 +6,9 @@ import { ToastrModule } from 'ngx-toastr';
 import { of } from 'rxjs';
 
 import { configureTestBed } from '../../../../testing/unit-test-helper';
-import { UserFormModel } from '../../../core/auth/user-form/user-form.model';
 import { MgrModuleService } from '../../api/mgr-module.service';
 import { UserService } from '../../api/user.service';
+import { Permissions } from '../../models/permissions';
 import { PipesModule } from '../../pipes/pipes.module';
 import { AuthStorageService } from '../../services/auth-storage.service';
 import { NotificationService } from '../../services/notification.service';
@@ -20,35 +20,17 @@ describe('TelemetryActivationNotificationComponent', () => {
   let fixture: ComponentFixture<TelemetryNotificationComponent>;
 
   let authStorageService: AuthStorageService;
-  let userService: UserService;
   let mgrModuleService: MgrModuleService;
   let notificationService: NotificationService;
 
   let isNotificationHiddenSpy: jasmine.Spy;
-  let getUsernameSpy: jasmine.Spy;
-  let userServiceGetSpy: jasmine.Spy;
+  let getPermissionsSpy: jasmine.Spy;
   let getConfigSpy: jasmine.Spy;
 
-  const user: UserFormModel = {
-    username: 'username',
-    password: undefined,
-    name: 'User 1',
-    email: 'user1@email.com',
-    roles: ['read-only'],
-    enabled: true,
-    pwdExpirationDate: undefined,
-    pwdUpdateRequired: true
-  };
-  const admin: UserFormModel = {
-    username: 'admin',
-    password: undefined,
-    name: 'User 1',
-    email: 'user1@email.com',
-    roles: ['administrator'],
-    enabled: true,
-    pwdExpirationDate: undefined,
-    pwdUpdateRequired: true
-  };
+  const configOptPermissions: Permissions = new Permissions({
+    'config-opt': ['read', 'create', 'update', 'delete']
+  });
+  const noConfigOptPermissions: Permissions = new Permissions({});
   const telemetryEnabledConfig = {
     enabled: true
   };
@@ -66,13 +48,13 @@ describe('TelemetryActivationNotificationComponent', () => {
     fixture = TestBed.createComponent(TelemetryNotificationComponent);
     component = fixture.componentInstance;
     authStorageService = TestBed.inject(AuthStorageService);
-    userService = TestBed.inject(UserService);
     mgrModuleService = TestBed.inject(MgrModuleService);
     notificationService = TestBed.inject(NotificationService);
 
     isNotificationHiddenSpy = spyOn(component, 'isNotificationHidden').and.returnValue(false);
-    getUsernameSpy = spyOn(authStorageService, 'getUsername').and.returnValue('username');
-    userServiceGetSpy = spyOn(userService, 'get').and.returnValue(of(admin)); // Not the best name but it sounded better than `getSpy`
+    getPermissionsSpy = spyOn(authStorageService, 'getPermissions').and.returnValue(
+      configOptPermissions
+    );
     getConfigSpy = spyOn(mgrModuleService, 'getConfig').and.returnValue(
       of(telemetryDisabledConfig)
     );
@@ -89,14 +71,13 @@ describe('TelemetryActivationNotificationComponent', () => {
     expect(component.displayNotification).toBe(false);
   });
 
-  it('should not show notification for an user without administrator role', () => {
-    userServiceGetSpy.and.returnValue(of(user));
+  it('should not show notification for a user without configOpt permissions', () => {
+    getPermissionsSpy.and.returnValue(noConfigOptPermissions);
     fixture.detectChanges();
     expect(component.displayNotification).toBe(false);
   });
 
   it('should not show notification if the module is enabled already', () => {
-    getUsernameSpy.and.returnValue('admin');
     getConfigSpy.and.returnValue(of(telemetryEnabledConfig));
     fixture.detectChanges();
     expect(component.displayNotification).toBe(false);
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
index ce3e97fd516c4..da0f6b118201d 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/components/telemetry-notification/telemetry-notification.component.ts
@@ -1,8 +1,8 @@
 import { Component, OnDestroy, OnInit } from '@angular/core';
 
-import { UserFormModel } from '../../../core/auth/user-form/user-form.model';
+import _ from 'lodash';
+
 import { MgrModuleService } from '../../api/mgr-module.service';
-import { UserService } from '../../api/user.service';
 import { NotificationType } from '../../enum/notification-type.enum';
 import { AuthStorageService } from '../../services/auth-storage.service';
 import { NotificationService } from '../../services/notification.service';
@@ -19,7 +19,6 @@ export class TelemetryNotificationComponent implements OnInit, OnDestroy {
   constructor(
     private mgrModuleService: MgrModuleService,
     private authStorageService: AuthStorageService,
-    private userService: UserService,
     private notificationService: NotificationService,
     private telemetryNotificationService: TelemetryNotificationService
   ) {}
@@ -30,16 +29,14 @@ export class TelemetryNotificationComponent implements OnInit, OnDestroy {
     });
 
     if (!this.isNotificationHidden()) {
-      const username = this.authStorageService.getUsername();
-      this.userService.get(username).subscribe((user: UserFormModel) => {
-        if (user.roles.includes('administrator')) {
-          this.mgrModuleService.getConfig('telemetry').subscribe((options) => {
-            if (!options['enabled']) {
-              this.telemetryNotificationService.setVisibility(true);
-            }
-          });
-        }
-      });
+      const configOptPermissions = this.authStorageService.getPermissions().configOpt;
+      if (_.every(Object.values(configOptPermissions))) {
+        this.mgrModuleService.getConfig('telemetry').subscribe((options) => {
+          if (!options['enabled']) {
+            this.telemetryNotificationService.setVisibility(true);
+          }
+        });
+      }
     }
   }
 
-- 
2.39.5