Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update permissions when when entities are updated #2221

Merged
merged 20 commits into from
Jun 5, 2018
Merged

Update permissions when when entities are updated #2221

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
2921ad5
Ensure we remove current user permissions for an endpoint when discon…
KlapTrap May 22, 2018
28a0b4b
Fix table actions when row changes effect visibility
KlapTrap May 23, 2018
97e187c
Add user info to the response when connecting an endpoint
nwmac May 23, 2018
0120fe1
WIP Get newly connected endpoint permissions
KlapTrap May 23, 2018
6d0b4cf
Modifications after BE changes
KlapTrap May 23, 2018
703febd
WIP space and org delete permission updates
KlapTrap May 23, 2018
20be24e
Remove org and space permissions when they're deleted
KlapTrap May 23, 2018
d1f84c4
Merge branch 'v2-master' into permissions-new-endpoint
KlapTrap May 24, 2018
06535bd
Ensure we only fetch permissions for cf endpoint connections
KlapTrap May 24, 2018
ed7f7b0
Linting fix
KlapTrap May 24, 2018
427f8b9
Shunt subject push outside of loop
richard-cox Jun 1, 2018
7f6f7e5
Fixed issue with newly registered endpoint
KlapTrap Jun 1, 2018
b802ef2
Remove space id from org role when space is deleted
KlapTrap Jun 1, 2018
1ebd7cb
Fixed tests
KlapTrap Jun 4, 2018
409bcbd
Ensure newly connected endpoints admin role and scopes get added
KlapTrap Jun 4, 2018
ea4b48f
Removed console.logs
KlapTrap Jun 4, 2018
a74a055
Merge branch 'v2-master' into permissions-new-endpoint
KlapTrap Jun 5, 2018
acb9fef
Try and fix tests
KlapTrap Jun 5, 2018
03b3074
Merge branch 'v2-master' into permissions-new-endpoint
KlapTrap Jun 5, 2018
734b4e1
Attempt 2
KlapTrap Jun 5, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Ensure newly connected endpoints admin role and scopes get added
  • Loading branch information
@KlapTrap
KlapTrap committed Jun 4, 2018
commit 409bcbd81c61d1ed1791cac0cea98a041fa921e7
44 changes: 37 additions & 7 deletions ...ontend/app/store/reducers/current-user-roles-reducer/current-user-role-session.reducer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,38 +7,68 @@ import {
IStratosRolesState,
IGlobalRolesState
} from '../../types/current-user-roles.types';
import { SessionData, SessionDataEndpoint, SessionEndpoints, SessionUser } from '../../types/auth.types';
import { SessionData, SessionDataEndpoint, SessionEndpoints, SessionUser, SessionEndpoint } from '../../types/auth.types';
import { ScopeStrings } from '../../../core/current-user-permissions.config';
import { EndpointActionComplete } from '../../actions/endpoint.actions';
import { EndpointModel, INewlyConnectedEndpointInfo, EndpointUser } from '../../types/endpoint.types';

interface PartialEndpoint {
user: EndpointUser | SessionUser;
guid: string;
}

export function roleInfoFromSessionReducer(
state: ICurrentUserRolesState,
user: SessionUser,
endpoints: SessionEndpoints
action: VerifiedSession
): ICurrentUserRolesState {
const { user, endpoints } = action.sessionData;
const cfRoles = propagateEndpointsAdminPermissions(state.cf, Object.values(endpoints.cf));
return finishCfRoles(state, cfRoles, user);
}

export function updateNewlyConnectedEndpoint(
state: ICurrentUserRolesState,
action: EndpointActionComplete
): ICurrentUserRolesState {
const cfRoles = propagateEndpointsAdminPermissions(state.cf, endpoints);
if (action.endpointType !== 'cf') {
return state;
}
const endpoint = action.endpoint as INewlyConnectedEndpointInfo;
const cfRoles = propagateEndpointsAdminPermissions(state.cf, [{
user: endpoint.user,
guid: action.guid
}]);
return finishCfRoles(state, cfRoles, action.endpoint.user);
}

function finishCfRoles(state: ICurrentUserRolesState, cfRoles: IAllCfRolesState, user?: SessionUser | EndpointUser) {
const internalRoles = { ...state.internal };
if (user) {
internalRoles.scopes = user.scopes || [];
const isAdmin = internalRoles.scopes.includes(ScopeStrings.STRATOS_ADMIN);
internalRoles.isAdmin = isAdmin;
}

return {
...state,
cf: cfRoles,
internal: internalRoles
};
}

function propagateEndpointsAdminPermissions(cfState: IAllCfRolesState, endpoints: SessionEndpoints): IAllCfRolesState {
return Object.values(endpoints.cf).reduce((state, endpoint) => {
function propagateEndpointsAdminPermissions(
cfState: IAllCfRolesState,
endpoints: PartialEndpoint[]
): IAllCfRolesState {
return Object.values(endpoints).reduce((state, endpoint) => {
return {
...state,
[endpoint.guid]: propagateEndpointAdminPermissions(state[endpoint.guid], endpoint)
};
}, { ...cfState });
}

function propagateEndpointAdminPermissions(state: ICfRolesState = getDefaultEndpointRoles(), endpoint: SessionDataEndpoint) {
function propagateEndpointAdminPermissions(state: ICfRolesState = getDefaultEndpointRoles(), endpoint: PartialEndpoint) {
const scopes = endpoint.user ? endpoint.user.scopes : [];
const global = getEndpointRoles(scopes, state.global);
return {
Expand Down
2 changes: 2 additions & 0 deletions ...ontend/app/store/reducers/current-user-roles-reducer/current-user-roles-clear.reducers.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ export function addEndpoint(state: ICurrentUserRolesState, action: EndpointActio
};
}



export function removeSpaceRoles(state: ICurrentUserRolesState, action: APISuccessOrFailedAction) {
const { endpointGuid, guid } = action.apiAction;
const removedOrgOrSpaceState = removeOrgOrSpaceRoles(state, endpointGuid, guid, 'spaces');
Expand Down
10 changes: 6 additions & 4 deletions src/frontend/app/store/reducers/current-user-roles-reducer/current-user-roles.reducer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,15 @@ import { GET_CURRENT_USER_RELATION_SUCCESS, GetCurrentUserRelationsComplete } fr
import { ICurrentUserRolesState } from '../../types/current-user-roles.types';
import { currentUserBaseCFRolesReducer } from './current-user-base-cf-role.reducer';
import { VerifiedSession, SESSION_VERIFIED } from '../../actions/auth.actions';
import { roleInfoFromSessionReducer } from './current-user-role-session.reducer';
import { roleInfoFromSessionReducer, updateNewlyConnectedEndpoint } from './current-user-role-session.reducer';
import {
DISCONNECT_ENDPOINTS_SUCCESS,
DisconnectEndpoint,
UNREGISTER_ENDPOINTS_SUCCESS,
REGISTER_ENDPOINTS_SUCCESS,
RegisterEndpoint,
EndpointActionComplete
EndpointActionComplete,
CONNECT_ENDPOINTS_SUCCESS
} from '../../actions/endpoint.actions';
import { removeEndpointRoles, addEndpoint, removeOrgRoles, removeSpaceRoles } from './current-user-roles-clear.reducers';
import { DELETE_ORGANIZATION_SUCCESS } from '../../actions/organization.actions';
Expand All @@ -34,10 +35,11 @@ export function currentUserRolesReducer(state: ICurrentUserRolesState = defaultS
cf: currentUserBaseCFRolesReducer(state.cf, action as GetCurrentUserRelationsComplete)
};
case SESSION_VERIFIED:
const verifiedSession = action as VerifiedSession;
return roleInfoFromSessionReducer(state, verifiedSession.sessionData.user, verifiedSession.sessionData.endpoints);
return roleInfoFromSessionReducer(state, action as VerifiedSession);
case REGISTER_ENDPOINTS_SUCCESS:
return addEndpoint(state, action as EndpointActionComplete);
case CONNECT_ENDPOINTS_SUCCESS:
return updateNewlyConnectedEndpoint(state, action as EndpointActionComplete);
case DISCONNECT_ENDPOINTS_SUCCESS:
case UNREGISTER_ENDPOINTS_SUCCESS:
return removeEndpointRoles(state, action as EndpointActionComplete);
Expand Down
7 changes: 4 additions & 3 deletions src/frontend/app/store/types/auth.types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@ export interface SessionUser {
scopes: ScopeStrings[];
}
export interface SessionEndpoints {
[type: string]: {
[guid: string]: SessionDataEndpoint
};
[type: string]: SessionEndpoint;
}
export interface SessionEndpoint {
[guid: string]: SessionDataEndpoint;
}
export interface SessionData {
endpoints?: SessionEndpoints;
Expand Down
2 changes: 2 additions & 0 deletions src/frontend/app/store/types/endpoint.types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { RequestSectionKeys, TRequestTypeKeys } from '../reducers/api-request-reducer/types';
import { endpointSchemaKey } from '../helpers/entity-factory';
import { ScopeStrings } from '../../core/current-user-permissions.config';

export interface INewlyConnectedEndpointInfo {
account: string;
Expand Down Expand Up @@ -55,6 +56,7 @@ export interface EndpointUser {
guid: string;
name: string;
admin: boolean;
scopes?: ScopeStrings[];
}

export interface EndpointState {
Expand Down