feat(settings): add settings management (#906)

2025-07-24 07:49:41 +02:00 · 2017-06-01 10:14:55 +02:00 · 2017-06-01 10:14:55 +02:00 · c7e306841a
commit c7e306841a
parent 5e74a3993b
93 changed files with 1086 additions and 457 deletions
--- a/app/services/api/resourceControlService.js
+++ b/app/services/api/resourceControlService.js
@ -0,0 +1,125 @@
+angular.module('portainer.services')
+.factory('ResourceControlService', ['$q', 'ResourceControl', 'UserService', 'TeamService', 'ResourceControlHelper', function ResourceControlServiceFactory($q, ResourceControl, UserService, TeamService, ResourceControlHelper) {
+  'use strict';
+  var service = {};
+
+  service.createResourceControl = function(administratorsOnly, userIDs, teamIDs, resourceID, type, subResourceIDs) {
+    var payload = {
+      Type: type,
+      AdministratorsOnly: administratorsOnly,
+      ResourceID: resourceID,
+      Users: userIDs,
+      Teams: teamIDs,
+      SubResourceIDs: subResourceIDs
+    };
+    return ResourceControl.create({}, payload).$promise;
+  };
+
+  service.deleteResourceControl = function(rcID) {
+    return ResourceControl.remove({id: rcID}).$promise;
+  };
+
+  service.updateResourceControl = function(admin, userIDs, teamIDs, resourceControlId) {
+    var payload = {
+      AdministratorsOnly: admin,
+      Users: userIDs,
+      Teams: teamIDs
+    };
+    return ResourceControl.update({id: resourceControlId}, payload).$promise;
+  };
+
+  service.applyResourceControl = function(resourceControlType, resourceIdentifier, userId, accessControlData, subResources) {
+    if (!accessControlData.accessControlEnabled) {
+      return;
+    }
+
+    var authorizedUserIds = [];
+    var authorizedTeamIds = [];
+    var administratorsOnly = false;
+    switch (accessControlData.ownership) {
+      case 'administrators':
+        administratorsOnly = true;
+        break;
+      case 'private':
+        authorizedUserIds.push(userId);
+        break;
+      case 'restricted':
+        angular.forEach(accessControlData.authorizedUsers, function(user) {
+          authorizedUserIds.push(user.Id);
+        });
+        angular.forEach(accessControlData.authorizedTeams, function(team) {
+          authorizedTeamIds.push(team.Id);
+        });
+        break;
+    }
+    return service.createResourceControl(administratorsOnly, authorizedUserIds,
+      authorizedTeamIds, resourceIdentifier, resourceControlType, subResources);
+  };
+
+  service.applyResourceControlChange = function(resourceControlType, resourceId, resourceControl, ownershipParameters) {
+    if (resourceControl) {
+      if (ownershipParameters.ownership === 'public') {
+        return service.deleteResourceControl(resourceControl.Id);
+      } else {
+        return service.updateResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds,
+          ownershipParameters.authorizedTeamIds, resourceControl.Id);
+      }
+    } else {
+        return service.createResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds,
+          ownershipParameters.authorizedTeamIds, resourceId, resourceControlType);
+    }
+  };
+
+  service.retrieveOwnershipDetails = function(resourceControl) {
+    var deferred = $q.defer();
+
+    if (!resourceControl) {
+      deferred.resolve({ authorizedUsers: [], authorizedTeams: [] });
+      return deferred.promise;
+    }
+
+    $q.all({
+      users: resourceControl.UserAccesses.length > 0 ? UserService.users(false) : [],
+      teams: resourceControl.TeamAccesses.length > 0 ? TeamService.teams() : []
+    })
+    .then(function success(data) {
+      var authorizedUserNames = ResourceControlHelper.retrieveAuthorizedUsers(resourceControl, data.users);
+      var authorizedTeamNames = ResourceControlHelper.retrieveAuthorizedTeams(resourceControl, data.teams);
+      deferred.resolve({ authorizedUsers: authorizedUserNames, authorizedTeams: authorizedTeamNames });
+    })
+    .catch(function error(err) {
+      deferred.reject({ msg: 'Unable to retrieve user and team information', err: err });
+    });
+
+    return deferred.promise;
+  };
+
+  service.retrieveUserPermissionsOnResource = function(userID, isAdministrator, resourceControl) {
+    var deferred = $q.defer();
+
+    if (!resourceControl || isAdministrator) {
+      deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: false });
+      return deferred.promise;
+    }
+
+    var found = _.find(resourceControl.UserAccesses, { UserId: userID });
+    if (found) {
+      deferred.resolve({ isPartOfRestrictedUsers: true, isLeaderOfAnyRestrictedTeams: false });
+    } else {
+      var isTeamLeader = false;
+      UserService.userMemberships(userID)
+      .then(function success(data) {
+        var memberships = data;
+        isTeamLeader = ResourceControlHelper.isLeaderOfAnyRestrictedTeams(memberships, resourceControl);
+        deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: isTeamLeader });
+      })
+      .catch(function error(err) {
+        deferred.reject({ msg: 'Unable to retrieve user memberships', err: err });
+      });
+    }
+
+    return deferred.promise;
+  };
+
+  return service;
+}]);