mirror of
https://github.com/portainer/portainer.git
synced 2025-07-20 22:09:41 +02:00
90d3f3a358
* feat(api): remove SnapshotRaw from EndpointList response * feat(api): add pagination for EndpointList operation * feat(api): rename last_id query parameter to start * feat(api): implement filter for EndpointList operation * feat(home): front - endpoint backend pagination (#2990) * feat(home): endpoint pagination with backend * feat(api): remove default limit value * fix(endpoints): fix a minor issue with column span * fix(endpointgroup-create): fix an issue with endpoint group creation * feat(app): minor loading optimizations * refactor(api): small refactor of EndpointList operation * fix(home): fix minor loading text display issue * refactor(api): document bolt services functions * feat(home): minor optimization * fix(api): replace seek with index scanning for EndpointPaginated * fix(api): fix invalid starting index issue * fix(api): first implementation of working filter * fix(home): endpoints list keeps backend pagination when it needs to * fix(api): endpoint pagination doesn't drop the first item on pages >=2 anymore * fix(home): UI flickering on page/filter load/change * feat(api): support searching in associated endpoint group data * feat(api): declare EndpointList params as optional * feat(endpoints): backend pagination for endpoints view (#3004) * feat(endpoint-group): enable backend pagination (#3017) * feat(api): support groupID filter on endpoints route * feat(api): add new API operations endpointGroupAddEndpoint and endpointGroupDeleteEndpoint * feat(endpoint-groups): backend pagination support for create and edit * feat(endpoint-groups): debounce on filter for create/edit views * feat(endpoint-groups): filter assigned on create view * (endpoint-groups): unassigned endpoints edit view * refactor(endpoint-groups): code clean * feat(endpoint-groups): remove message for Unassigned group * refactor(api): endpoint group endpoint association refactor * refactor(api): rename files and remove comments * refactor(api): remove usage of utils * refactor(api): optional parameters * feat(api): update endpointListOperation behavior and parameters * refactor(api): remove unused methods associated to EndpointService * refactor(api): remove unused methods associated to EndpointService * refactor(api): minor refactor
128 lines
4.4 KiB
JavaScript
128 lines
4.4 KiB
JavaScript
import _ from "lodash-es";
|
|
import angular from "angular";
|
|
|
|
import AccessViewerPolicyModel from '../../models/access'
|
|
|
|
class AccessViewerController {
|
|
/* @ngInject */
|
|
constructor(Notifications, ExtensionService, RoleService, UserService, EndpointService, GroupService, TeamService, TeamMembershipService) {
|
|
this.Notifications = Notifications;
|
|
this.ExtensionService = ExtensionService;
|
|
this.RoleService = RoleService;
|
|
this.UserService = UserService;
|
|
this.EndpointService = EndpointService;
|
|
this.GroupService = GroupService;
|
|
this.TeamService = TeamService;
|
|
this.TeamMembershipService = TeamMembershipService;
|
|
}
|
|
|
|
onUserSelect() {
|
|
this.userRoles = [];
|
|
const userRoles = {};
|
|
const user = this.selectedUser;
|
|
const userMemberships = _.filter(this.teamMemberships, {UserId: user.Id});
|
|
|
|
for (const [,endpoint] of _.entries(this.endpoints)) {
|
|
let role = this.getRoleFromUserEndpointPolicy(user, endpoint);
|
|
if (role) {
|
|
userRoles[endpoint.Id] = role;
|
|
continue;
|
|
}
|
|
|
|
role = this.getRoleFromUserEndpointGroupPolicy(user, endpoint);
|
|
if (role) {
|
|
userRoles[endpoint.Id] = role;
|
|
continue;
|
|
}
|
|
|
|
role = this.getRoleFromTeamEndpointPolicies(userMemberships, endpoint);
|
|
if (role) {
|
|
userRoles[endpoint.Id] = role;
|
|
continue;
|
|
}
|
|
|
|
role = this.getRoleFromTeamEndpointGroupPolicies(userMemberships, endpoint);
|
|
if (role) {
|
|
userRoles[endpoint.Id] = role;
|
|
}
|
|
}
|
|
|
|
this.userRoles = _.values(userRoles);
|
|
}
|
|
|
|
findLowestRole(policies) {
|
|
return _.first(_.orderBy(policies, 'RoleId', 'desc'));
|
|
}
|
|
|
|
getRoleFromUserEndpointPolicy(user, endpoint) {
|
|
const policyRoles = [];
|
|
const policy = endpoint.UserAccessPolicies[user.Id];
|
|
if (policy) {
|
|
const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, null, null);
|
|
policyRoles.push(accessPolicy);
|
|
}
|
|
return this.findLowestRole(policyRoles);
|
|
}
|
|
|
|
getRoleFromUserEndpointGroupPolicy(user, endpoint) {
|
|
const policyRoles = [];
|
|
const policy = this.groupUserAccessPolicies[endpoint.GroupId][user.Id];
|
|
if (policy) {
|
|
const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, this.groups[endpoint.GroupId], null);
|
|
policyRoles.push(accessPolicy);
|
|
}
|
|
return this.findLowestRole(policyRoles);
|
|
}
|
|
|
|
getRoleFromTeamEndpointPolicies(memberships, endpoint) {
|
|
const policyRoles = [];
|
|
for (const membership of memberships) {
|
|
const policy = endpoint.TeamAccessPolicies[membership.TeamId];
|
|
if (policy) {
|
|
const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, null, this.teams[membership.TeamId]);
|
|
policyRoles.push(accessPolicy);
|
|
}
|
|
}
|
|
return this.findLowestRole(policyRoles);
|
|
}
|
|
|
|
getRoleFromTeamEndpointGroupPolicies(memberships, endpoint) {
|
|
const policyRoles = [];
|
|
for (const membership of memberships) {
|
|
const policy = this.groupTeamAccessPolicies[endpoint.GroupId][membership.TeamId]
|
|
if (policy) {
|
|
const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, this.groups[endpoint.GroupId], this.teams[membership.TeamId]);
|
|
policyRoles.push(accessPolicy);
|
|
}
|
|
}
|
|
return this.findLowestRole(policyRoles);
|
|
}
|
|
|
|
async $onInit() {
|
|
try {
|
|
this.rbacEnabled = await this.ExtensionService.extensionEnabled(this.ExtensionService.EXTENSIONS.RBAC);
|
|
if (this.rbacEnabled) {
|
|
this.users = await this.UserService.users();
|
|
this.endpoints = _.keyBy((await this.EndpointService.endpoints()).value, 'Id');
|
|
const groups = await this.GroupService.groups();
|
|
this.groupUserAccessPolicies = {};
|
|
this.groupTeamAccessPolicies = {};
|
|
_.forEach(groups, group => {
|
|
this.groupUserAccessPolicies[group.Id] = group.UserAccessPolicies;
|
|
this.groupTeamAccessPolicies[group.Id] = group.TeamAccessPolicies;
|
|
});
|
|
this.groups = _.keyBy(groups, 'Id');
|
|
this.roles = _.keyBy(await this.RoleService.roles(), 'Id');
|
|
this.teams = _.keyBy(await this.TeamService.teams(), 'Id');
|
|
this.teamMemberships = await this.TeamMembershipService.memberships();
|
|
}
|
|
} catch (err) {
|
|
this.Notifications.error("Failure", err, "Unable to retrieve accesses");
|
|
}
|
|
}
|
|
}
|
|
|
|
export default AccessViewerController;
|
|
angular
|
|
.module("portainer.app")
|
|
.controller("AccessViewerController", AccessViewerController);
|