From 53aba100e4729466bb83805512f339fcb0098564 Mon Sep 17 00:00:00 2001
From: woodnt <woodm1979@gmail.com>
Date: Fri, 8 Jul 2016 10:23:42 -0600
Subject: [PATCH] 205 Access Control Changes

Now that we have https://github.com/hpcloud/portal-proxy/pull/54 we need
to make some changes to the access control stuff.

NOTE:  Some of this is a bit of guess work because the access control
stuff isn't actually being used right now.
---
 src/app/model/account/account.model.js        |  9 ++-----
 .../model/auth/checkers/base-access.js        |  6 ++---
 .../auth/checkers/organization-access.js      |  9 +++----
 .../model/auth/principal.factory.js           |  6 ++---
 .../cloud-foundry/model/auth/principal.js     | 24 +++++--------------
 5 files changed, 18 insertions(+), 36 deletions(-)

diff --git a/src/app/model/account/account.model.js b/src/app/model/account/account.model.js
index 6914c4c649..debe2e98ec 100644
--- a/src/app/model/account/account.model.js
+++ b/src/app/model/account/account.model.js
@@ -119,12 +119,7 @@
       if (this.adminOverride) {
         return false;
       }
-      var ADMIN_SCOPES = [
-        'cloud_controller.admin',
-        'ucp.admin'
-      ];
-      return angular.isDefined(this.data.scope) &&
-        _.intersection(this.data.scope, ADMIN_SCOPES).length > 0;
+      return this.data.isAdmin;
     },
 
     /**
@@ -140,7 +135,7 @@
       var loginRes = response.data;
       this.data = {
         username: loginRes.account,
-        scope: loginRes.scope ? loginRes.scope.split(' ') : []
+        isAdmin: loginRes.admin
       };
     },
 
diff --git a/src/plugins/cloud-foundry/model/auth/checkers/base-access.js b/src/plugins/cloud-foundry/model/auth/checkers/base-access.js
index 75eeb88c86..c5372f2481 100644
--- a/src/plugins/cloud-foundry/model/auth/checkers/base-access.js
+++ b/src/plugins/cloud-foundry/model/auth/checkers/base-access.js
@@ -22,15 +22,15 @@
   function BaseAccess(principal) {
     return {
       create: function() {
-        return principal.isAdmin();
+        return principal.isAdmin;
       },
 
       update: function() {
-        return principal.isAdmin();
+        return principal.isAdmin;
       },
 
       delete: function() {
-        return principal.isAdmin();
+        return principal.isAdmin;
       },
 
       _doesContainGuid: function(array, guid) {
diff --git a/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js b/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js
index da21fccf88..ba1e02abaf 100644
--- a/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js
+++ b/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js
@@ -45,11 +45,12 @@
       /**
        * @name create
        * @description Does user have create organization permission in the space
-       * @param {Object} space - Domain space
        * @returns {boolean}
        */
-      create: function(space) {
-        return this.principal.isAdmin(space);
+      create: function() {
+        // Formerly, this had a param: @param {Object} space - Domain space
+        // Not sure if we need that or not.
+        return this.principal.isAdmin;
       },
 
       /**
@@ -58,7 +59,7 @@
        * @returns {boolean}
        */
       delete: function() {
-        return this.principal.isAdmin();
+        return this.principal.isAdmin;
       },
 
       /**
diff --git a/src/plugins/cloud-foundry/model/auth/principal.factory.js b/src/plugins/cloud-foundry/model/auth/principal.factory.js
index d0595517e7..9350040c3d 100644
--- a/src/plugins/cloud-foundry/model/auth/principal.factory.js
+++ b/src/plugins/cloud-foundry/model/auth/principal.factory.js
@@ -33,11 +33,9 @@
 
         var Principal = modelManager.retrieve('cloud-foundry.model.auth.principal');
         return new Principal(authInfo.username,
-          authInfo.access_token || authInfo.authToken,
-          authInfo.refresh_token || authInfo.refreshToken,
           authInfo.expires_in || authInfo.expiresIn,
-          authInfo.token_type || authInfo.tokenType,
-          authInfo.scope, authInfo.userInfo);
+          authInfo.isAdmin,
+          authInfo.userInfo);
       }
     };
   }
diff --git a/src/plugins/cloud-foundry/model/auth/principal.js b/src/plugins/cloud-foundry/model/auth/principal.js
index 60a455ad5d..42371a5301 100644
--- a/src/plugins/cloud-foundry/model/auth/principal.js
+++ b/src/plugins/cloud-foundry/model/auth/principal.js
@@ -32,21 +32,18 @@
      * @name Principal
      * @description initialise a Principal object
      * @param {String} username
-     * @param {String} authToken
-     * @param {String} refreshToken
      * @param {String} expiresIn
-     * @param {String} tokenType
-     * @param {Object} scope
+     * @param {Object} isAdmin
      * @param {Object} userInfo
      * @constructor
      */
-    function Principal(username, authToken, refreshToken, expiresIn, tokenType, scope, userInfo) {
+    function Principal(username, expiresIn, isAdmin, userInfo) {
       this.username = username;
-      this.authToken = authToken;
-      this.refreshToken = refreshToken;
+      // this.authToken = authToken;
+      // this.refreshToken = refreshToken;
       this.expiresIn = expiresIn;
-      this.tokenType = tokenType;
-      this.scope = scope;
+      // this.tokenType = tokenType;
+      this.isAdmin = isAdmin;
       this.userInfo = userInfo;
     }
 
@@ -63,15 +60,6 @@
         return this.isAdmin() || flags[operation];
       },
 
-      /**
-       * @name isAdmin
-       * @description Is user an admin
-       * @returns {boolean}
-       */
-      isAdmin: function() {
-        return _.includes(this.scope, 'cloud_controller.admin');
-      },
-
       /**
        * @name isAllowed
        * @description Is user permitted to do the action