mirror of https://github.com/rancher/ui.git
236 lines
5.9 KiB
JavaScript
236 lines
5.9 KiB
JavaScript
import { resolve, reject } from 'rsvp';
|
|
import { observer } from '@ember/object';
|
|
import { alias } from '@ember/object/computed';
|
|
import { on } from '@ember/object/evented';
|
|
import { next } from '@ember/runloop';
|
|
import { hash } from 'rsvp'
|
|
import Service, { inject as service } from '@ember/service';
|
|
import C from 'shared/utils/constants';
|
|
import { get, set } from '@ember/object';
|
|
import { isArray } from '@ember/array';
|
|
|
|
export default Service.extend({
|
|
cookies: service(),
|
|
settings: service(),
|
|
session: service(),
|
|
shibbolethAuth: service(),
|
|
globalStore: service(),
|
|
clusterStore: service(),
|
|
projectStore: service('store'),
|
|
app: service(),
|
|
|
|
me: null,
|
|
userCode: null,
|
|
firstLogin: null,
|
|
|
|
// These are set by authenticated/route
|
|
// Is access control enabled
|
|
enabled: true, // @TODO-2.0 remove this, always enabled
|
|
|
|
// What kind of access control
|
|
provider: null, // @TODO-2.0 remove this, and how do i check?
|
|
providers: null,
|
|
principal: null,
|
|
|
|
// Are you an admin
|
|
admin: alias('me.hasAdmin'),
|
|
|
|
mustChangePassword: alias('me.mustChangePassword'),
|
|
|
|
// The identity from the session isn't an actual identity model...
|
|
identity: null,
|
|
identityObsvr: on('init', observer(`session.${ C.SESSION.IDENTITY }`, function() {
|
|
var obj = this.get(`session.${ C.SESSION.IDENTITY }`) || {};
|
|
|
|
obj.type = 'identity';
|
|
this.set('identity', this.get('globalStore').createRecord(obj));
|
|
})),
|
|
|
|
|
|
testAuth() {
|
|
// make a call to api base because it is authenticated
|
|
return this.get('globalStore').rawRequest({ url: '', }).then((/* xhr*/) => {
|
|
// Auth token still good
|
|
return resolve('Auth Succeeded');
|
|
}, (/* err */) => {
|
|
// Auth token expired
|
|
return reject('Auth Failed');
|
|
});
|
|
},
|
|
|
|
detect() {
|
|
const globalStore = get(this, 'globalStore');
|
|
|
|
return hash({
|
|
pl: globalStore.request({ url: `settings/${ C.SETTING.PL }` }),
|
|
firstSetting: globalStore.request({ url: `settings/${ C.SETTING.FIRST_LOGIN }` }),
|
|
providers: globalStore.request({ url: '/v3-public/authProviders' }),
|
|
}).then(({
|
|
providers, pl, firstSetting
|
|
}) => {
|
|
if ( providers && get(providers, 'length') ) {
|
|
set(this, 'providers', providers);
|
|
if (get(providers, 'length') === 1) {
|
|
set(this, 'provider', get(providers, 'firstObject.id'));
|
|
}
|
|
} else {
|
|
set(this, 'providers', []);
|
|
}
|
|
|
|
if ( pl ) {
|
|
get(this, 'settings').notifyPropertyChange(C.SETTING.PL);
|
|
}
|
|
|
|
set(this, 'firstLogin', (`${ firstSetting.value }`) === 'true');
|
|
|
|
return this.loadMe();
|
|
}).catch((err) => {
|
|
next(() => {
|
|
set(this, 'app.initError', ( err && err.message ) ? err : { message: 'No response received' } );
|
|
});
|
|
set(this, 'providers', []);
|
|
});
|
|
},
|
|
|
|
loadMe() {
|
|
const globalStore = get(this, 'globalStore');
|
|
|
|
return globalStore.request({ url: 'users?me=true' }).then((users) => {
|
|
const me = get(users, 'firstObject');
|
|
|
|
set(this, 'me', me);
|
|
|
|
return me;
|
|
}).catch((err) => {
|
|
return err;
|
|
});
|
|
},
|
|
|
|
shibbolethConfigured(token) {
|
|
let rv = false;
|
|
|
|
if ((token.authProvider || '') === 'shibbolethconfig' && token.userIdentity) {
|
|
rv = true;
|
|
}
|
|
|
|
return rv;
|
|
},
|
|
|
|
login(providerId, body) {
|
|
body.description = C.SESSION.DESCRIPTION;
|
|
body.responseType = 'cookie';
|
|
body.ttl = C.SESSION.TTL;
|
|
body.labels = { 'ui-session': 'true', };
|
|
|
|
let url;
|
|
let provider = (get(this, 'providers') || []).findBy('id', providerId);
|
|
|
|
if ( provider ) {
|
|
url = provider.actionLinks.login;
|
|
} else {
|
|
return reject({
|
|
type: 'error',
|
|
message: 'Provider config not found'
|
|
});
|
|
}
|
|
|
|
console.log('Logging into', url);
|
|
let req = this.get('globalStore').rawRequest({
|
|
method: 'POST',
|
|
url,
|
|
data: body,
|
|
}).then(() => {
|
|
return this.loadMe()
|
|
.catch((res) => {
|
|
let err;
|
|
|
|
try {
|
|
err = res.body;
|
|
} catch (e) {
|
|
console.log('Error loading user', e, res);
|
|
err = {
|
|
type: 'error',
|
|
message: 'Error loading user'
|
|
};
|
|
}
|
|
|
|
return reject(err);
|
|
});
|
|
}).catch((res) => {
|
|
let err;
|
|
|
|
try {
|
|
err = res.body;
|
|
} catch (e) {
|
|
console.log('Error logging in', e, res);
|
|
err = {
|
|
type: 'error',
|
|
message: 'Error logging in'
|
|
};
|
|
}
|
|
|
|
return reject(err);
|
|
});
|
|
|
|
return req;
|
|
},
|
|
|
|
clearToken() {
|
|
return this.get('globalStore').rawRequest({
|
|
url: 'tokens?action=logout',
|
|
method: 'POST',
|
|
}).then(() => {
|
|
return true;
|
|
});
|
|
},
|
|
|
|
clearSessionKeys(all) {
|
|
if ( all === true ) {
|
|
this.get('session').clear();
|
|
} else {
|
|
var values = {};
|
|
|
|
C.TOKEN_TO_SESSION_KEYS.forEach((key) => {
|
|
values[key] = undefined;
|
|
});
|
|
|
|
this.get('session').setProperties(values);
|
|
}
|
|
|
|
this.get('cookies').remove(C.COOKIE.TOKEN);
|
|
},
|
|
|
|
allows(resource, permission, scope) {
|
|
// console.log('rbac-allows',resource,permission,scope);
|
|
if (!resource) {
|
|
// console.log('rbac-result 1 false');
|
|
return false;
|
|
}
|
|
|
|
scope = scope ? scope : 'global';
|
|
permission = permission ? permission : 'list';
|
|
|
|
if (!isArray(resource)) {
|
|
resource = [resource];
|
|
}
|
|
|
|
const store = get(this, `${ scope }Store`);
|
|
|
|
if ( !store ) {
|
|
// console.log('rbac-result 2 false');
|
|
return false;
|
|
}
|
|
|
|
if (permission === 'list') {
|
|
// console.log('rbac-result 3',!!resource.some(r => store.canList(r)));
|
|
return resource.some((r) => store.canList(r));
|
|
} else if (permission === 'create') {
|
|
// console.log('rbac-result 4',!!resource.some(r => store.canCreate(r)));
|
|
return resource.some((r) => store.canCreate(r));
|
|
}
|
|
|
|
// console.log('rbac-result 5 false');
|
|
return false;
|
|
},
|
|
});
|