mirror of https://github.com/portainer/portainer
54 lines
1.4 KiB
TypeScript
54 lines
1.4 KiB
TypeScript
import axios from '@/portainer/services/axios';
|
|
import { EnvironmentId } from '@/react/portainer/environments/types';
|
|
|
|
import { parseKubernetesAxiosError } from '../axiosError';
|
|
|
|
interface SelfSubjectAccessReviewResponse {
|
|
status: {
|
|
allowed: boolean;
|
|
};
|
|
spec: {
|
|
resourceAttributes: {
|
|
namespace: string;
|
|
};
|
|
};
|
|
}
|
|
|
|
/**
|
|
* getSelfSubjectAccessReview is used to retrieve the self subject access review for a given namespace.
|
|
* It's great to use this to determine if a user has access to a namespace.
|
|
* @returns the self subject access review for the given namespace
|
|
* */
|
|
export async function getSelfSubjectAccessReview(
|
|
environmentId: EnvironmentId,
|
|
namespaceName: string,
|
|
verb = 'list',
|
|
resource = 'deployments',
|
|
group = 'apps'
|
|
) {
|
|
try {
|
|
const { data: accessReview } =
|
|
await axios.post<SelfSubjectAccessReviewResponse>(
|
|
`endpoints/${environmentId}/kubernetes/apis/authorization.k8s.io/v1/selfsubjectaccessreviews`,
|
|
{
|
|
spec: {
|
|
resourceAttributes: {
|
|
group,
|
|
resource,
|
|
verb,
|
|
namespace: namespaceName,
|
|
},
|
|
},
|
|
apiVersion: 'authorization.k8s.io/v1',
|
|
kind: 'SelfSubjectAccessReview',
|
|
}
|
|
);
|
|
return accessReview;
|
|
} catch (e) {
|
|
throw parseKubernetesAxiosError(
|
|
e,
|
|
'Unable to retrieve self subject access review'
|
|
);
|
|
}
|
|
}
|