angular.module('portainer.services') .factory('ResourceControlService', ['$q', 'ResourceControl', 'UserService', 'TeamService', 'ResourceControlHelper', function ResourceControlServiceFactory($q, ResourceControl, UserService, TeamService, ResourceControlHelper) { 'use strict'; var service = {}; service.createResourceControl = function(administratorsOnly, userIDs, teamIDs, resourceID, type, subResourceIDs) { var payload = { Type: type, AdministratorsOnly: administratorsOnly, ResourceID: resourceID, Users: userIDs, Teams: teamIDs, SubResourceIDs: subResourceIDs }; return ResourceControl.create({}, payload).$promise; }; service.deleteResourceControl = function(rcID) { return ResourceControl.remove({id: rcID}).$promise; }; service.updateResourceControl = function(admin, userIDs, teamIDs, resourceControlId) { var payload = { AdministratorsOnly: admin, Users: userIDs, Teams: teamIDs }; return ResourceControl.update({id: resourceControlId}, payload).$promise; }; service.applyResourceControl = function(resourceControlType, resourceIdentifier, userId, accessControlData, subResources) { if (!accessControlData.accessControlEnabled) { return; } var authorizedUserIds = []; var authorizedTeamIds = []; var administratorsOnly = false; switch (accessControlData.ownership) { case 'administrators': administratorsOnly = true; break; case 'private': authorizedUserIds.push(userId); break; case 'restricted': angular.forEach(accessControlData.authorizedUsers, function(user) { authorizedUserIds.push(user.Id); }); angular.forEach(accessControlData.authorizedTeams, function(team) { authorizedTeamIds.push(team.Id); }); break; } return service.createResourceControl(administratorsOnly, authorizedUserIds, authorizedTeamIds, resourceIdentifier, resourceControlType, subResources); }; service.applyResourceControlChange = function(resourceControlType, resourceId, resourceControl, ownershipParameters) { if (resourceControl) { if (ownershipParameters.ownership === 'public') { return service.deleteResourceControl(resourceControl.Id); } else { return service.updateResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds, ownershipParameters.authorizedTeamIds, resourceControl.Id); } } else { return service.createResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds, ownershipParameters.authorizedTeamIds, resourceId, resourceControlType); } }; service.retrieveOwnershipDetails = function(resourceControl) { var deferred = $q.defer(); if (!resourceControl) { deferred.resolve({ authorizedUsers: [], authorizedTeams: [] }); return deferred.promise; } $q.all({ users: resourceControl.UserAccesses.length > 0 ? UserService.users(false) : [], teams: resourceControl.TeamAccesses.length > 0 ? TeamService.teams() : [] }) .then(function success(data) { var authorizedUserNames = ResourceControlHelper.retrieveAuthorizedUsers(resourceControl, data.users); var authorizedTeamNames = ResourceControlHelper.retrieveAuthorizedTeams(resourceControl, data.teams); deferred.resolve({ authorizedUsers: authorizedUserNames, authorizedTeams: authorizedTeamNames }); }) .catch(function error(err) { deferred.reject({ msg: 'Unable to retrieve user and team information', err: err }); }); return deferred.promise; }; service.retrieveUserPermissionsOnResource = function(userID, isAdministrator, resourceControl) { var deferred = $q.defer(); if (!resourceControl || isAdministrator) { deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: false }); return deferred.promise; } var found = _.find(resourceControl.UserAccesses, { UserId: userID }); if (found) { deferred.resolve({ isPartOfRestrictedUsers: true, isLeaderOfAnyRestrictedTeams: false }); } else { var isTeamLeader = false; UserService.userMemberships(userID) .then(function success(data) { var memberships = data; isTeamLeader = ResourceControlHelper.isLeaderOfAnyRestrictedTeams(memberships, resourceControl); deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: isTeamLeader }); }) .catch(function error(err) { deferred.reject({ msg: 'Unable to retrieve user memberships', err: err }); }); } return deferred.promise; }; return service; }]);