mirror of https://github.com/portainer/portainer
126 lines
4.7 KiB
JavaScript
126 lines
4.7 KiB
JavaScript
|
angular.module('portainer.services')
|
||
|
.factory('ResourceControlService', ['$q', 'ResourceControl', 'UserService', 'TeamService', 'ResourceControlHelper', function ResourceControlServiceFactory($q, ResourceControl, UserService, TeamService, ResourceControlHelper) {
|
||
|
'use strict';
|
||
|
var service = {};
|
||
|
|
||
|
service.createResourceControl = function(administratorsOnly, userIDs, teamIDs, resourceID, type, subResourceIDs) {
|
||
|
var payload = {
|
||
|
Type: type,
|
||
|
AdministratorsOnly: administratorsOnly,
|
||
|
ResourceID: resourceID,
|
||
|
Users: userIDs,
|
||
|
Teams: teamIDs,
|
||
|
SubResourceIDs: subResourceIDs
|
||
|
};
|
||
|
return ResourceControl.create({}, payload).$promise;
|
||
|
};
|
||
|
|
||
|
service.deleteResourceControl = function(rcID) {
|
||
|
return ResourceControl.remove({id: rcID}).$promise;
|
||
|
};
|
||
|
|
||
|
service.updateResourceControl = function(admin, userIDs, teamIDs, resourceControlId) {
|
||
|
var payload = {
|
||
|
AdministratorsOnly: admin,
|
||
|
Users: userIDs,
|
||
|
Teams: teamIDs
|
||
|
};
|
||
|
return ResourceControl.update({id: resourceControlId}, payload).$promise;
|
||
|
};
|
||
|
|
||
|
service.applyResourceControl = function(resourceControlType, resourceIdentifier, userId, accessControlData, subResources) {
|
||
|
if (!accessControlData.accessControlEnabled) {
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
var authorizedUserIds = [];
|
||
|
var authorizedTeamIds = [];
|
||
|
var administratorsOnly = false;
|
||
|
switch (accessControlData.ownership) {
|
||
|
case 'administrators':
|
||
|
administratorsOnly = true;
|
||
|
break;
|
||
|
case 'private':
|
||
|
authorizedUserIds.push(userId);
|
||
|
break;
|
||
|
case 'restricted':
|
||
|
angular.forEach(accessControlData.authorizedUsers, function(user) {
|
||
|
authorizedUserIds.push(user.Id);
|
||
|
});
|
||
|
angular.forEach(accessControlData.authorizedTeams, function(team) {
|
||
|
authorizedTeamIds.push(team.Id);
|
||
|
});
|
||
|
break;
|
||
|
}
|
||
|
return service.createResourceControl(administratorsOnly, authorizedUserIds,
|
||
|
authorizedTeamIds, resourceIdentifier, resourceControlType, subResources);
|
||
|
};
|
||
|
|
||
|
service.applyResourceControlChange = function(resourceControlType, resourceId, resourceControl, ownershipParameters) {
|
||
|
if (resourceControl) {
|
||
|
if (ownershipParameters.ownership === 'public') {
|
||
|
return service.deleteResourceControl(resourceControl.Id);
|
||
|
} else {
|
||
|
return service.updateResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds,
|
||
|
ownershipParameters.authorizedTeamIds, resourceControl.Id);
|
||
|
}
|
||
|
} else {
|
||
|
return service.createResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds,
|
||
|
ownershipParameters.authorizedTeamIds, resourceId, resourceControlType);
|
||
|
}
|
||
|
};
|
||
|
|
||
|
service.retrieveOwnershipDetails = function(resourceControl) {
|
||
|
var deferred = $q.defer();
|
||
|
|
||
|
if (!resourceControl) {
|
||
|
deferred.resolve({ authorizedUsers: [], authorizedTeams: [] });
|
||
|
return deferred.promise;
|
||
|
}
|
||
|
|
||
|
$q.all({
|
||
|
users: resourceControl.UserAccesses.length > 0 ? UserService.users(false) : [],
|
||
|
teams: resourceControl.TeamAccesses.length > 0 ? TeamService.teams() : []
|
||
|
})
|
||
|
.then(function success(data) {
|
||
|
var authorizedUserNames = ResourceControlHelper.retrieveAuthorizedUsers(resourceControl, data.users);
|
||
|
var authorizedTeamNames = ResourceControlHelper.retrieveAuthorizedTeams(resourceControl, data.teams);
|
||
|
deferred.resolve({ authorizedUsers: authorizedUserNames, authorizedTeams: authorizedTeamNames });
|
||
|
})
|
||
|
.catch(function error(err) {
|
||
|
deferred.reject({ msg: 'Unable to retrieve user and team information', err: err });
|
||
|
});
|
||
|
|
||
|
return deferred.promise;
|
||
|
};
|
||
|
|
||
|
service.retrieveUserPermissionsOnResource = function(userID, isAdministrator, resourceControl) {
|
||
|
var deferred = $q.defer();
|
||
|
|
||
|
if (!resourceControl || isAdministrator) {
|
||
|
deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: false });
|
||
|
return deferred.promise;
|
||
|
}
|
||
|
|
||
|
var found = _.find(resourceControl.UserAccesses, { UserId: userID });
|
||
|
if (found) {
|
||
|
deferred.resolve({ isPartOfRestrictedUsers: true, isLeaderOfAnyRestrictedTeams: false });
|
||
|
} else {
|
||
|
var isTeamLeader = false;
|
||
|
UserService.userMemberships(userID)
|
||
|
.then(function success(data) {
|
||
|
var memberships = data;
|
||
|
isTeamLeader = ResourceControlHelper.isLeaderOfAnyRestrictedTeams(memberships, resourceControl);
|
||
|
deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: isTeamLeader });
|
||
|
})
|
||
|
.catch(function error(err) {
|
||
|
deferred.reject({ msg: 'Unable to retrieve user memberships', err: err });
|
||
|
});
|
||
|
}
|
||
|
|
||
|
return deferred.promise;
|
||
|
};
|
||
|
|
||
|
return service;
|
||
|
}]);
|