Commit Graph

3 Commits (39cb26e4d75af50fc1c4745967f062d2178a74da)

Author SHA1 Message Date
John Cowen d9a315e2a5
ui: Remove KV pre-flight auth check (#11968)
* ui: Don't even ask whether we are authorized for a KV...

...just let the actual API tell us in the response, thin-client style.

* Add some similar commenting for previous PRs related to this problem
2022-01-07 19:26:54 +00:00
John Cowen cf638ee551
ui: Always show main navigation Key/Value link (#10916)
* ui: Ignore response from API for KV permissions

Currently there is no way for us to use our HTTP authorization API
endpoint to tell us whether a user has access to any KVs (including the
case where a user may not have access to the root KV store, but do have
access to a sub item)

This is a little weird still as in the above case the user would click
on this link and still get a 403 for the root, and then have to manually
type in the URL for the KV they do have access to.

Despite this we think this change makes sense as at least something about KV is
visible in the main navigation.

Once we have the ability to know if any KVs are accessible, we can add
this guard back in.

We'd initially just removed the logic around the button, but then
noticed there may be further related KV issues due to the nested nature
of KVs so we finally decided on simply ignoring the responses from the
HTTP API, essentially reverting the KV area back to being a thin client.
This means when things are revisited in the backend we can undo this
easily change in one place.

* Move acceptance tests to use ACLs perms instead of KV ones
2021-09-22 18:23:59 +01:00
John Cowen 8263879e6f
ui: Restrict the viewing/editing of certain UI elements based on the users ACLs (#9687)
This commit use the internal authorize endpoint along wiht ember-can to further restrict user access to certain UI features and navigational elements depending on the users ACL token
2021-02-19 16:42:16 +00:00