From dc80f26a50a972c71ca45c09f808ed5434f3a085 Mon Sep 17 00:00:00 2001 From: Nizamudeen A Date: Mon, 25 Oct 2021 12:55:35 +0530 Subject: [PATCH] mgr/dashboard: Proper error handling in module status guard I've recently introduced a check that verifies if the orch_backend we need for a feature matches the orch_backend of the cluster. But to verify this I need to call configOpt API and some user's don't have the permission to access it. So it'll show this Access Denied page. Fixes: https://tracker.ceph.com/issues/53021 Signed-off-by: Nizamudeen A --- .../services/module-status-guard.service.spec.ts | 16 ++++++++++++---- .../services/module-status-guard.service.ts | 12 +++++++++--- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts index ebacc06c151..8cce3a8bf8c 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.spec.ts @@ -4,7 +4,7 @@ import { fakeAsync, TestBed, tick } from '@angular/core/testing'; import { ActivatedRouteSnapshot, Router, Routes } from '@angular/router'; import { RouterTestingModule } from '@angular/router/testing'; -import { of as observableOf } from 'rxjs'; +import { of as observableOf, throwError } from 'rxjs'; import { configureTestBed } from '~/testing/unit-test-helper'; import { MgrModuleService } from '../api/mgr-module.service'; @@ -31,12 +31,16 @@ describe('ModuleStatusGuardService', () => { getResult: {}, activateResult: boolean, urlResult: string, - backend = 'cephadm' + backend = 'cephadm', + configOptPermission = true ) => { let result: boolean; spyOn(httpClient, 'get').and.returnValue(observableOf(getResult)); - const test = { orchestrator: backend }; - spyOn(mgrModuleService, 'getConfig').and.returnValue(observableOf(test)); + const orchBackend = { orchestrator: backend }; + const getConfigSpy = spyOn(mgrModuleService, 'getConfig'); + configOptPermission + ? getConfigSpy.and.returnValue(observableOf(orchBackend)) + : getConfigSpy.and.returnValue(throwError({})); ngZone.run(() => { service.canActivateChild(route).subscribe((resp) => { result = resp; @@ -91,4 +95,8 @@ describe('ModuleStatusGuardService', () => { it('should redirect normally if the backend provided matches the current backend', fakeAsync(() => { testCanActivate({ available: true, message: 'foo' }, true, '/', 'rook'); })); + + it('should redirect to the "redirectTo" link for user without sufficient permission', fakeAsync(() => { + testCanActivate({ available: true, message: 'foo' }, true, '/foo', 'rook', false); + })); }); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts index 3162afd2329..97c7251fbfa 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/module-status-guard.service.ts @@ -61,9 +61,15 @@ export class ModuleStatusGuardService implements CanActivate, CanActivateChild { const config = route.data['moduleStatusGuardConfig']; let backendCheck = false; if (config.backend) { - this.mgrModuleService.getConfig('orchestrator').subscribe((resp) => { - backendCheck = config.backend === resp['orchestrator']; - }); + this.mgrModuleService.getConfig('orchestrator').subscribe( + (resp) => { + backendCheck = config.backend === resp['orchestrator']; + }, + () => { + this.router.navigate([config.redirectTo]); + return observableOf(false); + } + ); } return this.http.get(`api/${config.apiPath}/status`).pipe( map((resp: any) => { -- 2.39.5