Skip to content

Commit

Permalink
fix(authz): Handle apps without execute permissions (#7017)
Browse files Browse the repository at this point in the history 
* fix(authz): Handle apps without execute permissions

Applications saved before #6901 and spinnaker/fiat#373 does not have EXECUTE permission set, and in some cases this breaks Deck since `PermissionsConfigurer` always assumed apps had EXECUTE permissions set.
  • Loading branch information
@dibyom
dibyom committed May 17, 2019
1 parent 6390c71 commit 9cf9a62
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 22 deletions.
7 changes: 7 additions & 0 deletions app/scripts/modules/core/src/application/config/applicationAttributes.directive.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,13 @@ module.exports = angular
(permissions.READ || []).forEach(role => {
permissionsMap.set(role, 'read');
});
(permissions.EXECUTE || []).forEach(role => {
if (permissionsMap.has(role)) {
permissionsMap.set(role, permissionsMap.get(role) + ', execute');
} else {
permissionsMap.set(role, 'execute');
}
});
(permissions.WRITE || []).forEach(role => {
if (permissionsMap.has(role)) {
permissionsMap.set(role, permissionsMap.get(role) + ', write');
Expand Down
50 changes: 28 additions & 22 deletions app/scripts/modules/core/src/application/modal/PermissionsConfigurer.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ export class PermissionsConfigurer extends React.Component<IPermissionsConfigure
{ value: 'READ,EXECUTE', label: 'Read and execute' },
{ value: 'READ,EXECUTE,WRITE', label: 'Read, execute, write' },
];
private static legacyAccessTypes: Option[] = [{ value: 'READ,WRITE', label: 'Read and write' }];

constructor(props: IPermissionsConfigurerProps) {
super(props);
Expand All @@ -61,28 +62,31 @@ export class PermissionsConfigurer extends React.Component<IPermissionsConfigure
return permissionRows;
}

permissions.READ.forEach(group => {
permissionRows.push({ group, access: 'READ' });
});
permissions.READ &&
permissions.READ.forEach(group => {
permissionRows.push({ group, access: 'READ' });
});

permissions.EXECUTE.forEach(group => {
const matchingRow = permissionRows.find(row => row.group === group);
if (matchingRow) {
matchingRow.access += ',EXECUTE';
} else {
permissionRows.push({ group, access: 'EXECUTE' });
}
});
permissions.EXECUTE &&
permissions.EXECUTE.forEach(group => {
const matchingRow = permissionRows.find(row => row.group === group);
if (matchingRow) {
matchingRow.access += ',EXECUTE';
} else {
permissionRows.push({ group, access: 'EXECUTE' });
}
});

permissions.WRITE.forEach(group => {
const matchingRow = permissionRows.find(row => row.group === group);
if (matchingRow) {
matchingRow.access += ',WRITE';
} else {
// WRITE only permissions aren't supported in the UI, but they could be.
permissionRows.push({ group, access: 'WRITE' });
}
});
permissions.WRITE &&
permissions.WRITE.forEach(group => {
const matchingRow = permissionRows.find(row => row.group === group);
if (matchingRow) {
matchingRow.access += ',WRITE';
} else {
// WRITE only permissions aren't supported in the UI, but they could be.
permissionRows.push({ group, access: 'WRITE' });
}
});

return permissionRows;
}
Expand Down Expand Up @@ -188,8 +192,10 @@ export class PermissionsConfigurer extends React.Component<IPermissionsConfigure
return (
<div className="permissions-configurer">
{this.state.permissionRows.map((row, i) => {
const permissionTypeLabel = PermissionsConfigurer.accessTypes.find(type => type.value === row.access).label;

const permissionTypeLabel = [
...PermissionsConfigurer.accessTypes,
...PermissionsConfigurer.legacyAccessTypes,
].find(type => type.value === row.access).label;
return (
<div key={row.group || i} className="permissions-row clearfix">
<div className="col-md-5 permissions-group">
Expand Down

0 comments on commit 9cf9a62

Please sign in to comment.