portainer/app/extensions/rbac/components/access-viewer/accessViewerController.js

import _ from "lodash-es";
import angular from "angular";

import AccessViewerPolicyModel from '../../models/access'

class AccessViewerController {
  /* @ngInject */
  constructor(Notifications, ExtensionService, RoleService, UserService, EndpointService, GroupService, TeamService, TeamMembershipService) {
    this.Notifications = Notifications;
    this.ExtensionService = ExtensionService;
    this.RoleService = RoleService;
    this.UserService = UserService;
    this.EndpointService = EndpointService;
    this.GroupService = GroupService;
    this.TeamService = TeamService;
    this.TeamMembershipService = TeamMembershipService;
  }

  onUserSelect() {
    this.userRoles = [];
    const userRoles = {};
    const user = this.selectedUser;
    const userMemberships = _.filter(this.teamMemberships, {UserId: user.Id});

    for (const [,endpoint] of _.entries(this.endpoints)) {
      let role = this.getRoleFromUserEndpointPolicy(user, endpoint);
      if (role) {
        userRoles[endpoint.Id] = role;
        continue;
      }

      role = this.getRoleFromUserEndpointGroupPolicy(user, endpoint);
      if (role) {
        userRoles[endpoint.Id] = role;
        continue;
      }

      role = this.getRoleFromTeamEndpointPolicies(userMemberships, endpoint);
      if (role) {
        userRoles[endpoint.Id] = role;
        continue;
      }

      role = this.getRoleFromTeamEndpointGroupPolicies(userMemberships, endpoint);
      if (role) {
        userRoles[endpoint.Id] = role;
      }
    }

    this.userRoles = _.values(userRoles);
  }

  findLowestRole(policies) {
    return _.first(_.orderBy(policies, 'RoleId', 'desc'));
  }

  getRoleFromUserEndpointPolicy(user, endpoint) {
    const policyRoles = [];
    const policy = endpoint.UserAccessPolicies[user.Id];
      if (policy) {
        const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, null, null);
        policyRoles.push(accessPolicy);
      }
    return this.findLowestRole(policyRoles);
  }
  
  getRoleFromUserEndpointGroupPolicy(user, endpoint) {
    const policyRoles = [];
    const policy = this.groupUserAccessPolicies[endpoint.GroupId][user.Id];
      if (policy) {
        const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, this.groups[endpoint.GroupId], null);
        policyRoles.push(accessPolicy);
      }
    return this.findLowestRole(policyRoles);
  }
  
  getRoleFromTeamEndpointPolicies(memberships, endpoint) {
    const policyRoles = [];
    for (const membership of memberships) {
      const policy = endpoint.TeamAccessPolicies[membership.TeamId];
      if (policy) {
        const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, null, this.teams[membership.TeamId]);
        policyRoles.push(accessPolicy);
      }
    }
    return this.findLowestRole(policyRoles);
  }
  
  getRoleFromTeamEndpointGroupPolicies(memberships, endpoint) {
    const policyRoles = [];
    for (const membership of memberships) {
      const policy = this.groupTeamAccessPolicies[endpoint.GroupId][membership.TeamId]
      if (policy) {
        const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, this.groups[endpoint.GroupId], this.teams[membership.TeamId]);
        policyRoles.push(accessPolicy);
      }
    }
    return this.findLowestRole(policyRoles);
  }

  async $onInit() {
    try {
      this.rbacEnabled = await this.ExtensionService.extensionEnabled(this.ExtensionService.EXTENSIONS.RBAC);
      if (this.rbacEnabled) {
        this.users = await this.UserService.users();
        this.endpoints = _.keyBy((await this.EndpointService.endpoints()).value, 'Id');
        const groups = await this.GroupService.groups();
        this.groupUserAccessPolicies = {};
        this.groupTeamAccessPolicies = {};
        _.forEach(groups, group => {
          this.groupUserAccessPolicies[group.Id] = group.UserAccessPolicies;
          this.groupTeamAccessPolicies[group.Id] = group.TeamAccessPolicies;
        });
        this.groups = _.keyBy(groups, 'Id');
        this.roles = _.keyBy(await this.RoleService.roles(), 'Id');
        this.teams = _.keyBy(await this.TeamService.teams(), 'Id');
        this.teamMemberships = await this.TeamMembershipService.memberships();
      }
    } catch (err) {
      this.Notifications.error("Failure", err, "Unable to retrieve accesses");
    }
  }
}

export default AccessViewerController;
angular
  .module("portainer.app")
  .controller("AccessViewerController", AccessViewerController);
feat(extensions): introduce RBAC extension (#2900) 2019-05-24 06:04:58 +00:00			`import _ from "lodash-es";`
			`import angular from "angular";`

			`import AccessViewerPolicyModel from '../../models/access'`

			`class AccessViewerController {`
			`/* @ngInject */`
			`constructor(Notifications, ExtensionService, RoleService, UserService, EndpointService, GroupService, TeamService, TeamMembershipService) {`
			`this.Notifications = Notifications;`
			`this.ExtensionService = ExtensionService;`
			`this.RoleService = RoleService;`
			`this.UserService = UserService;`
			`this.EndpointService = EndpointService;`
			`this.GroupService = GroupService;`
			`this.TeamService = TeamService;`
			`this.TeamMembershipService = TeamMembershipService;`
			`}`

			`onUserSelect() {`
			`this.userRoles = [];`
			`const userRoles = {};`
			`const user = this.selectedUser;`
			`const userMemberships = _.filter(this.teamMemberships, {UserId: user.Id});`

			`for (const [,endpoint] of _.entries(this.endpoints)) {`
			`let role = this.getRoleFromUserEndpointPolicy(user, endpoint);`
			`if (role) {`
			`userRoles[endpoint.Id] = role;`
			`continue;`
			`}`

			`role = this.getRoleFromUserEndpointGroupPolicy(user, endpoint);`
			`if (role) {`
			`userRoles[endpoint.Id] = role;`
			`continue;`
			`}`

			`role = this.getRoleFromTeamEndpointPolicies(userMemberships, endpoint);`
			`if (role) {`
			`userRoles[endpoint.Id] = role;`
			`continue;`
			`}`

			`role = this.getRoleFromTeamEndpointGroupPolicies(userMemberships, endpoint);`
			`if (role) {`
			`userRoles[endpoint.Id] = role;`
			`}`
			`}`

			`this.userRoles = _.values(userRoles);`
			`}`

			`findLowestRole(policies) {`
			`return _.first(_.orderBy(policies, 'RoleId', 'desc'));`
			`}`

			`getRoleFromUserEndpointPolicy(user, endpoint) {`
			`const policyRoles = [];`
			`const policy = endpoint.UserAccessPolicies[user.Id];`
			`if (policy) {`
			`const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, null, null);`
			`policyRoles.push(accessPolicy);`
			`}`
			`return this.findLowestRole(policyRoles);`
			`}`

			`getRoleFromUserEndpointGroupPolicy(user, endpoint) {`
			`const policyRoles = [];`
			`const policy = this.groupUserAccessPolicies[endpoint.GroupId][user.Id];`
			`if (policy) {`
			`const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, this.groups[endpoint.GroupId], null);`
			`policyRoles.push(accessPolicy);`
			`}`
			`return this.findLowestRole(policyRoles);`
			`}`

			`getRoleFromTeamEndpointPolicies(memberships, endpoint) {`
			`const policyRoles = [];`
			`for (const membership of memberships) {`
			`const policy = endpoint.TeamAccessPolicies[membership.TeamId];`
			`if (policy) {`
			`const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, null, this.teams[membership.TeamId]);`
			`policyRoles.push(accessPolicy);`
			`}`
			`}`
			`return this.findLowestRole(policyRoles);`
			`}`

			`getRoleFromTeamEndpointGroupPolicies(memberships, endpoint) {`
			`const policyRoles = [];`
			`for (const membership of memberships) {`
			`const policy = this.groupTeamAccessPolicies[endpoint.GroupId][membership.TeamId]`
			`if (policy) {`
			`const accessPolicy = new AccessViewerPolicyModel(policy, endpoint, this.roles, this.groups[endpoint.GroupId], this.teams[membership.TeamId]);`
			`policyRoles.push(accessPolicy);`
			`}`
			`}`
			`return this.findLowestRole(policyRoles);`
			`}`

			`async $onInit() {`
			`try {`
			`this.rbacEnabled = await this.ExtensionService.extensionEnabled(this.ExtensionService.EXTENSIONS.RBAC);`
			`if (this.rbacEnabled) {`
			`this.users = await this.UserService.users();`
Enable endpoint backend pagination (#2989) * feat(api): remove SnapshotRaw from EndpointList response * feat(api): add pagination for EndpointList operation * feat(api): rename last_id query parameter to start * feat(api): implement filter for EndpointList operation * feat(home): front - endpoint backend pagination (#2990) * feat(home): endpoint pagination with backend * feat(api): remove default limit value * fix(endpoints): fix a minor issue with column span * fix(endpointgroup-create): fix an issue with endpoint group creation * feat(app): minor loading optimizations * refactor(api): small refactor of EndpointList operation * fix(home): fix minor loading text display issue * refactor(api): document bolt services functions * feat(home): minor optimization * fix(api): replace seek with index scanning for EndpointPaginated * fix(api): fix invalid starting index issue * fix(api): first implementation of working filter * fix(home): endpoints list keeps backend pagination when it needs to * fix(api): endpoint pagination doesn't drop the first item on pages >=2 anymore * fix(home): UI flickering on page/filter load/change * feat(api): support searching in associated endpoint group data * feat(api): declare EndpointList params as optional * feat(endpoints): backend pagination for endpoints view (#3004) * feat(endpoint-group): enable backend pagination (#3017) * feat(api): support groupID filter on endpoints route * feat(api): add new API operations endpointGroupAddEndpoint and endpointGroupDeleteEndpoint * feat(endpoint-groups): backend pagination support for create and edit * feat(endpoint-groups): debounce on filter for create/edit views * feat(endpoint-groups): filter assigned on create view * (endpoint-groups): unassigned endpoints edit view * refactor(endpoint-groups): code clean * feat(endpoint-groups): remove message for Unassigned group * refactor(api): endpoint group endpoint association refactor * refactor(api): rename files and remove comments * refactor(api): remove usage of utils * refactor(api): optional parameters * feat(api): update endpointListOperation behavior and parameters * refactor(api): remove unused methods associated to EndpointService * refactor(api): remove unused methods associated to EndpointService * refactor(api): minor refactor 2019-07-20 23:28:11 +00:00			`this.endpoints = _.keyBy((await this.EndpointService.endpoints()).value, 'Id');`
feat(extensions): introduce RBAC extension (#2900) 2019-05-24 06:04:58 +00:00			`const groups = await this.GroupService.groups();`
			`this.groupUserAccessPolicies = {};`
			`this.groupTeamAccessPolicies = {};`
			`_.forEach(groups, group => {`
			`this.groupUserAccessPolicies[group.Id] = group.UserAccessPolicies;`
			`this.groupTeamAccessPolicies[group.Id] = group.TeamAccessPolicies;`
			`});`
			`this.groups = _.keyBy(groups, 'Id');`
			`this.roles = _.keyBy(await this.RoleService.roles(), 'Id');`
			`this.teams = _.keyBy(await this.TeamService.teams(), 'Id');`
			`this.teamMemberships = await this.TeamMembershipService.memberships();`
			`}`
			`} catch (err) {`
			`this.Notifications.error("Failure", err, "Unable to retrieve accesses");`
			`}`
			`}`
			`}`

			`export default AccessViewerController;`
			`angular`
			`.module("portainer.app")`
			`.controller("AccessViewerController", AccessViewerController);`