Browse Source

ui: Remove any route level auth checks (#11891)

pull/11900/head
John Cowen 3 years ago committed by GitHub
parent
commit
3949acbc1d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      .changelog/11891.txt
  2. 22
      ui/packages/consul-ui/app/routing/route.js

4
.changelog/11891.txt

@ -0,0 +1,4 @@
```release-note:bug
ui: Fixes an issue where once a 403 page is displayed in some circumstances its
diffcult to click back to where you where before receiving a 403
```

22
ui/packages/consul-ui/app/routing/route.js

@ -1,7 +1,6 @@
import Route from '@ember/routing/route';
import { get, setProperties, action } from '@ember/object';
import { inject as service } from '@ember/service';
import HTTPError from 'consul-ui/utils/http/error';
// paramsFor
import { routes } from 'consul-ui/router';
@ -50,27 +49,6 @@ export default class BaseRoute extends Route {
}
}
/**
* Inspects a custom `abilities` array on the router for this route. Every
* abililty needs to 'pass' for the route not to throw a 403 error. Anything
* more complex then this (say ORs) should use a single ability and perform
* the OR logic in the test for the ability. Note, this ability check happens
* before any calls to the backend for this model/route.
*/
async beforeModel() {
// remove any references to index as it is the same as the root routeName
const routeName = this.routeName
.split('.')
.filter(item => item !== 'index')
.join('.');
const abilities = get(routes, `${routeName}._options.abilities`) || [];
if (abilities.length > 0) {
if (!abilities.every(ability => this.permissions.can(ability))) {
throw new HTTPError('403');
}
}
}
/**
* By default any empty string query parameters should remove the query
* parameter from the URL. This is the most common behavior if you don't

Loading…
Cancel
Save