portainer/app/services/api/resourceControlService.js

126 lines
4.7 KiB
JavaScript

angular.module('portainer.services')
.factory('ResourceControlService', ['$q', 'ResourceControl', 'UserService', 'TeamService', 'ResourceControlHelper', function ResourceControlServiceFactory($q, ResourceControl, UserService, TeamService, ResourceControlHelper) {
'use strict';
var service = {};
service.createResourceControl = function(administratorsOnly, userIDs, teamIDs, resourceID, type, subResourceIDs) {
var payload = {
Type: type,
AdministratorsOnly: administratorsOnly,
ResourceID: resourceID,
Users: userIDs,
Teams: teamIDs,
SubResourceIDs: subResourceIDs
};
return ResourceControl.create({}, payload).$promise;
};
service.deleteResourceControl = function(rcID) {
return ResourceControl.remove({id: rcID}).$promise;
};
service.updateResourceControl = function(admin, userIDs, teamIDs, resourceControlId) {
var payload = {
AdministratorsOnly: admin,
Users: userIDs,
Teams: teamIDs
};
return ResourceControl.update({id: resourceControlId}, payload).$promise;
};
service.applyResourceControl = function(resourceControlType, resourceIdentifier, userId, accessControlData, subResources) {
if (!accessControlData.AccessControlEnabled) {
return;
}
var authorizedUserIds = [];
var authorizedTeamIds = [];
var administratorsOnly = false;
switch (accessControlData.Ownership) {
case 'administrators':
administratorsOnly = true;
break;
case 'private':
authorizedUserIds.push(userId);
break;
case 'restricted':
angular.forEach(accessControlData.AuthorizedUsers, function(user) {
authorizedUserIds.push(user.Id);
});
angular.forEach(accessControlData.AuthorizedTeams, function(team) {
authorizedTeamIds.push(team.Id);
});
break;
}
return service.createResourceControl(administratorsOnly, authorizedUserIds,
authorizedTeamIds, resourceIdentifier, resourceControlType, subResources);
};
service.applyResourceControlChange = function(resourceControlType, resourceId, resourceControl, ownershipParameters) {
if (resourceControl) {
if (ownershipParameters.ownership === 'public') {
return service.deleteResourceControl(resourceControl.Id);
} else {
return service.updateResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds,
ownershipParameters.authorizedTeamIds, resourceControl.Id);
}
} else {
return service.createResourceControl(ownershipParameters.administratorsOnly, ownershipParameters.authorizedUserIds,
ownershipParameters.authorizedTeamIds, resourceId, resourceControlType);
}
};
service.retrieveOwnershipDetails = function(resourceControl) {
var deferred = $q.defer();
if (!resourceControl) {
deferred.resolve({ authorizedUsers: [], authorizedTeams: [] });
return deferred.promise;
}
$q.all({
users: resourceControl.UserAccesses.length > 0 ? UserService.users(false) : [],
teams: resourceControl.TeamAccesses.length > 0 ? TeamService.teams() : []
})
.then(function success(data) {
var authorizedUsers = ResourceControlHelper.retrieveAuthorizedUsers(resourceControl, data.users);
var authorizedTeams = ResourceControlHelper.retrieveAuthorizedTeams(resourceControl, data.teams);
deferred.resolve({ authorizedUsers: authorizedUsers, authorizedTeams: authorizedTeams });
})
.catch(function error(err) {
deferred.reject({ msg: 'Unable to retrieve user and team information', err: err });
});
return deferred.promise;
};
service.retrieveUserPermissionsOnResource = function(userID, isAdministrator, resourceControl) {
var deferred = $q.defer();
if (!resourceControl || isAdministrator) {
deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: false });
return deferred.promise;
}
var found = _.find(resourceControl.UserAccesses, { UserId: userID });
if (found) {
deferred.resolve({ isPartOfRestrictedUsers: true, isLeaderOfAnyRestrictedTeams: false });
} else {
var isTeamLeader = false;
UserService.userMemberships(userID)
.then(function success(data) {
var memberships = data;
isTeamLeader = ResourceControlHelper.isLeaderOfAnyRestrictedTeams(memberships, resourceControl);
deferred.resolve({ isPartOfRestrictedUsers: false, isLeaderOfAnyRestrictedTeams: isTeamLeader });
})
.catch(function error(err) {
deferred.reject({ msg: 'Unable to retrieve user memberships', err: err });
});
}
return deferred.promise;
};
return service;
}]);