Skip to content
This repository has been archived by the owner on Jan 24, 2023. It is now read-only.

Commit

Permalink
Merge pull request #444 from hpcloud/205_access_control_changes
Browse files Browse the repository at this point in the history 
LGTM
  • Loading branch information
@wchrisjohnson
wchrisjohnson committed Jul 8, 2016
2 parents 1159071 + 8f6b887 commit 30ff81f
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 36 deletions.
9 changes: 2 additions & 7 deletions src/app/model/account/account.model.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,12 +123,7 @@
if (this.adminOverride) {
return false;
}
var ADMIN_SCOPES = [
'cloud_controller.admin',
'ucp.admin'
];
return angular.isDefined(this.data.scope) &&
_.intersection(this.data.scope, ADMIN_SCOPES).length > 0;
return this.data.isAdmin;
},

/**
Expand All @@ -144,7 +139,7 @@
var loginRes = response.data;
this.data = {
username: loginRes.account,
scope: loginRes.scope ? loginRes.scope.split(' ') : []
isAdmin: loginRes.admin
};
},

Expand Down
6 changes: 3 additions & 3 deletions src/plugins/cloud-foundry/model/auth/checkers/base-access.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,15 @@
function BaseAccess(principal) {
return {
create: function () {
return principal.isAdmin();
return principal.isAdmin;
},

update: function () {
return principal.isAdmin();
return principal.isAdmin;
},

delete: function () {
return principal.isAdmin();
return principal.isAdmin;
},

_doesContainGuid: function (array, guid) {
Expand Down
9 changes: 5 additions & 4 deletions src/plugins/cloud-foundry/model/auth/checkers/organization-access.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,12 @@
/**
* @name create
* @description Does user have create organization permission in the space
* @param {Object} space - Domain space
* @returns {boolean}
*/
create: function (space) {
return this.principal.isAdmin(space);
create: function () {
// Formerly, this had a param: @param {Object} space - Domain space
// Not sure if we need that or not.
return this.principal.isAdmin;
},

/**
Expand All @@ -58,7 +59,7 @@
* @returns {boolean}
*/
delete: function () {
return this.principal.isAdmin();
return this.principal.isAdmin;
},

/**
Expand Down
6 changes: 2 additions & 4 deletions src/plugins/cloud-foundry/model/auth/principal.factory.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,9 @@

var Principal = modelManager.retrieve('cloud-foundry.model.auth.principal');
return new Principal(authInfo.username,
authInfo.access_token || authInfo.authToken,
authInfo.refresh_token || authInfo.refreshToken,
authInfo.expires_in || authInfo.expiresIn,
authInfo.token_type || authInfo.tokenType,
authInfo.scope, authInfo.userInfo);
authInfo.isAdmin,
authInfo.userInfo);
}
};
}
Expand Down
24 changes: 6 additions & 18 deletions src/plugins/cloud-foundry/model/auth/principal.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,21 +32,18 @@
* @name Principal
* @description initialise a Principal object
* @param {String} username - username
* @param {String} authToken - OAuth access token
* @param {String} refreshToken - OAuth refresh token
* @param {String} expiresIn - expires in
* @param {String} tokenType - token type
* @param {Object} scope - scope
* @param {Boolean} isAdmin - is this user and admin
* @param {Object} userInfo - user info
* @constructor
*/
function Principal(username, authToken, refreshToken, expiresIn, tokenType, scope, userInfo) {
function Principal(username, expiresIn, isAdmin, userInfo) {
this.username = username;
this.authToken = authToken;
this.refreshToken = refreshToken;
// this.authToken = authToken;
// this.refreshToken = refreshToken;
this.expiresIn = expiresIn;
this.tokenType = tokenType;
this.scope = scope;
// this.tokenType = tokenType;
this.isAdmin = isAdmin;
this.userInfo = userInfo;
}

Expand All @@ -63,15 +60,6 @@
return this.isAdmin() || flags[operation];
},

/**
* @name isAdmin
* @description Is user an admin
* @returns {boolean}
*/
isAdmin: function () {
return _.includes(this.scope, 'cloud_controller.admin');
},

/**
* @name isAllowed
* @description Is user permitted to do the action
Expand Down

0 comments on commit 30ff81f

Please sign in to comment.