From 8f6b887d999e8d5efa2355e8a9a6e28936e70235 Mon Sep 17 00:00:00 2001 From: woodnt Date: Fri, 8 Jul 2016 10:23:42 -0600 Subject: [PATCH] 205 Access Control Changes Now that we have https://github.com/hpcloud/portal-proxy/pull/54 we need to make some changes to the access control stuff. NOTE: Some of this is a bit of guess work because the access control stuff isn't actually being used right now. --- src/app/model/account/account.model.js | 9 ++----- .../model/auth/checkers/base-access.js | 6 ++--- .../auth/checkers/organization-access.js | 9 +++---- .../model/auth/principal.factory.js | 6 ++--- .../cloud-foundry/model/auth/principal.js | 24 +++++-------------- 5 files changed, 18 insertions(+), 36 deletions(-) diff --git a/src/app/model/account/account.model.js b/src/app/model/account/account.model.js index f87f0c550d..5ef9bb71fb 100644 --- a/src/app/model/account/account.model.js +++ b/src/app/model/account/account.model.js @@ -123,12 +123,7 @@ if (this.adminOverride) { return false; } - var ADMIN_SCOPES = [ - 'cloud_controller.admin', - 'ucp.admin' - ]; - return angular.isDefined(this.data.scope) && - _.intersection(this.data.scope, ADMIN_SCOPES).length > 0; + return this.data.isAdmin; }, /** @@ -144,7 +139,7 @@ var loginRes = response.data; this.data = { username: loginRes.account, - scope: loginRes.scope ? loginRes.scope.split(' ') : [] + isAdmin: loginRes.admin }; }, diff --git a/src/plugins/cloud-foundry/model/auth/checkers/base-access.js b/src/plugins/cloud-foundry/model/auth/checkers/base-access.js index a48310614a..5eb7a07bb2 100644 --- a/src/plugins/cloud-foundry/model/auth/checkers/base-access.js +++ b/src/plugins/cloud-foundry/model/auth/checkers/base-access.js @@ -22,15 +22,15 @@ function BaseAccess(principal) { return { create: function () { - return principal.isAdmin(); + return principal.isAdmin; }, update: function () { - return principal.isAdmin(); + return principal.isAdmin; }, delete: function () { - return principal.isAdmin(); + return principal.isAdmin; }, _doesContainGuid: function (array, guid) { diff --git a/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js b/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js index c78d6b5a62..ce16202a41 100644 --- a/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js +++ b/src/plugins/cloud-foundry/model/auth/checkers/organization-access.js @@ -45,11 +45,12 @@ /** * @name create * @description Does user have create organization permission in the space - * @param {Object} space - Domain space * @returns {boolean} */ - create: function (space) { - return this.principal.isAdmin(space); + create: function () { + // Formerly, this had a param: @param {Object} space - Domain space + // Not sure if we need that or not. + return this.principal.isAdmin; }, /** @@ -58,7 +59,7 @@ * @returns {boolean} */ delete: function () { - return this.principal.isAdmin(); + return this.principal.isAdmin; }, /** diff --git a/src/plugins/cloud-foundry/model/auth/principal.factory.js b/src/plugins/cloud-foundry/model/auth/principal.factory.js index 3af9ec1a4d..83c70a9069 100644 --- a/src/plugins/cloud-foundry/model/auth/principal.factory.js +++ b/src/plugins/cloud-foundry/model/auth/principal.factory.js @@ -33,11 +33,9 @@ var Principal = modelManager.retrieve('cloud-foundry.model.auth.principal'); return new Principal(authInfo.username, - authInfo.access_token || authInfo.authToken, - authInfo.refresh_token || authInfo.refreshToken, authInfo.expires_in || authInfo.expiresIn, - authInfo.token_type || authInfo.tokenType, - authInfo.scope, authInfo.userInfo); + authInfo.isAdmin, + authInfo.userInfo); } }; } diff --git a/src/plugins/cloud-foundry/model/auth/principal.js b/src/plugins/cloud-foundry/model/auth/principal.js index 3825c0467f..f5f4c6dcfb 100644 --- a/src/plugins/cloud-foundry/model/auth/principal.js +++ b/src/plugins/cloud-foundry/model/auth/principal.js @@ -32,21 +32,18 @@ * @name Principal * @description initialise a Principal object * @param {String} username - username - * @param {String} authToken - OAuth access token - * @param {String} refreshToken - OAuth refresh token * @param {String} expiresIn - expires in - * @param {String} tokenType - token type - * @param {Object} scope - scope + * @param {Boolean} isAdmin - is this user and admin * @param {Object} userInfo - user info * @constructor */ - function Principal(username, authToken, refreshToken, expiresIn, tokenType, scope, userInfo) { + function Principal(username, expiresIn, isAdmin, userInfo) { this.username = username; - this.authToken = authToken; - this.refreshToken = refreshToken; + // this.authToken = authToken; + // this.refreshToken = refreshToken; this.expiresIn = expiresIn; - this.tokenType = tokenType; - this.scope = scope; + // this.tokenType = tokenType; + this.isAdmin = isAdmin; this.userInfo = userInfo; } @@ -63,15 +60,6 @@ return this.isAdmin() || flags[operation]; }, - /** - * @name isAdmin - * @description Is user an admin - * @returns {boolean} - */ - isAdmin: function () { - return _.includes(this.scope, 'cloud_controller.admin'); - }, - /** * @name isAllowed * @description Is user permitted to do the action