Skip to content

O
origin-web-common
Commit 0ba7ce52 by BrianHolsen@outlook.com
Options

a

parent a56152ba
Showing with 441 additions and 438 deletions
dist/origin-web-common-services.js
......@@ -612,6 +612,7 @@ function ResourceGroupVersion(resource, group, version) {
this.resource = resource;
this.group = group;
this.version = version;
this.someValue = "koalacloudxx191237";
return this;
}
// toString() includes the group and version information if present
......@@ -1097,6 +1098,184 @@ service("ApplicationsService", function(
;
'use strict';
angular.module("openshiftCommonServices")
.factory("AuthorizationService", function($q, $cacheFactory, Logger, $interval, APIService, DataService){
var currentProject = null;
var cachedRulesByProject = $cacheFactory('rulesCache', {
number: 10
});
// Permisive mode will cause no checks to be done for the user actions.
var permissiveMode = false;
var REVIEW_RESOURCES = ["localresourceaccessreviews",
"localsubjectaccessreviews",
"resourceaccessreviews",
"selfsubjectaccessreviews",
"selfsubjectrulesreviews",
"subjectaccessreviews",
"subjectrulesreviews",
"podsecuritypolicyreviews",
"podsecuritypolicysubjectreviews",
"podsecuritypolicyselfsubjectreviews",
"tokenreviews"];
// Transform data from:
// rules = {resources: ["jobs"], apiGroups: ["extensions"], verbs:["create","delete","get","list","update"]}
// into:
// normalizedRules = {"extensions": {"jobs": ["create","delete","get","list","update"]}}
var normalizeRules = function(rules) {
var normalizedRules = {};
_.each(rules, function(rule) {
_.each(rule.apiGroups, function(apiGroup) {
if (!normalizedRules[apiGroup]) {
normalizedRules[apiGroup] = {};
}
_.each(rule.resources, function(resource) {
normalizedRules[apiGroup][resource] = rule.verbs;
});
});
});
return normalizedRules;
};
// Check if resource name meets one of following conditions, since those resources can't be create/update via `Add to project` page:
// - 'projectrequests'
// - subresource that contains '/', eg: 'builds/source', 'builds/logs', ...
// - resource is in REVIEW_RESOURCES list
var checkResource = function(resource) {
if (resource === "projectrequests" || _.includes(resource, "/") || _.includes(REVIEW_RESOURCES, resource)) {
return false;
} else {
return true;
}
};
// Check if user can create/update any resource on the 'Add to project' so the button will be displayed.
var canAddToProjectCheck = function(rules) {
return _.some(rules, function(rule) {
return _.some(rule.resources, function(resource) {
return checkResource(resource) && !_.isEmpty(_.intersection(rule.verbs ,(["*", "create", "update"])));
});
});
};
// Avoid loading rules twice if another request is already in flight. Key
// is the project name, value is the promise.
var inFlightRulesRequests = {};
// forceRefresh is a boolean to bust the cache & request new perms
var getProjectRules = function(projectName, forceRefresh) {
var deferred = $q.defer();
currentProject = projectName;
var projectRules = cachedRulesByProject.get(projectName);
var rulesResource = "selfsubjectrulesreviews";
if (!projectRules || projectRules.forceRefresh || forceRefresh) {
// Check if APIserver contains 'selfsubjectrulesreviews' resource. If not switch to permissive mode.
if (APIService.apiInfo(rulesResource)) {
// If a request is already in flight, return the promise for that request.
if (inFlightRulesRequests[projectName]) {
return inFlightRulesRequests[projectName];
}
Logger.log("AuthorizationService, loading user rules for " + projectName + " project");
inFlightRulesRequests[projectName] = deferred.promise;
var resourceGroupVersion = {
kind: "SelfSubjectRulesReview",
apiVersion: "v1"
};
DataService.create(rulesResource, null, resourceGroupVersion, {namespace: projectName}).then(
function(data) {
var normalizedData = normalizeRules(data.status.rules);
var canUserAddToProject = canAddToProjectCheck(data.status.rules);
cachedRulesByProject.put(projectName, {rules: normalizedData,
canAddToProject: canUserAddToProject,
forceRefresh: false,
cacheTimestamp: _.now()
});
deferred.resolve();
}, function() {
permissiveMode = true;
deferred.resolve();
}).finally(function() {
delete inFlightRulesRequests[projectName];
});
} else {
Logger.log("AuthorizationService, resource 'selfsubjectrulesreviews' is not part of APIserver. Switching into permissive mode.");
permissiveMode = true;
deferred.resolve();
}
} else {
// Using cached data.
Logger.log("AuthorizationService, using cached rules for " + projectName + " project");
if ((_.now() - projectRules.cacheTimestamp) >= 600000) {
projectRules.forceRefresh = true;
}
deferred.resolve();
}
return deferred.promise;
};
var getRulesForProject = function(projectName) {
return _.get(cachedRulesByProject.get(projectName || currentProject), ['rules']);
};
// _canI checks whether any rule allows the specified verb (directly or via a wildcard verb) on the literal group and resource.
var _canI = function(rules, verb, group, resource) {
var resources = rules[group];
if (!resources) {
return false;
}
var verbs = resources[resource];
if (!verbs) {
return false;
}
return _.includes(verbs, verb) || _.includes(verbs, '*');
};
// canI checks whether any rule allows the specified verb on the specified group-resource (directly or via a wildcard rule).
var canI = function(resource, verb, projectName) {
if (permissiveMode) {
return true;
}
// Explicitly check for falsey resources so we don't return true when the
// group has a wildcard. If resource is falsey, return false always.
if (!resource) {
return false;
}
// normalize to structured form
var r = APIService.toResourceGroupVersion(resource);
var rules = getRulesForProject(projectName || currentProject);
if (!rules) {
return false;
}
return _canI(rules, verb, r.group, r.resource) ||
_canI(rules, verb, '*', '*' ) ||
_canI(rules, verb, r.group, '*' ) ||
_canI(rules, verb, '*', r.resource);
};
var canIAddToProject = function(projectName) {
if (permissiveMode) {
return true;
} else {
return !!_.get(cachedRulesByProject.get(projectName || currentProject), ['canAddToProject']);
}
};
return {
checkResource: checkResource,
getProjectRules: getProjectRules,
canI: canI,
canIAddToProject: canIAddToProject,
getRulesForProject: getRulesForProject
};
});
;
'use strict';
angular.module('openshiftCommonServices')
// In a config step, set the desired user store and login service. For example:
// AuthServiceProvider.setUserStore('LocalStorageUserStore')
......@@ -1391,184 +1570,6 @@ angular.module('openshiftCommonServices')
;
'use strict';
angular.module("openshiftCommonServices")
.factory("AuthorizationService", function($q, $cacheFactory, Logger, $interval, APIService, DataService){
var currentProject = null;
var cachedRulesByProject = $cacheFactory('rulesCache', {
number: 10
});
// Permisive mode will cause no checks to be done for the user actions.
var permissiveMode = false;
var REVIEW_RESOURCES = ["localresourceaccessreviews",
"localsubjectaccessreviews",
"resourceaccessreviews",
"selfsubjectaccessreviews",
"selfsubjectrulesreviews",
"subjectaccessreviews",
"subjectrulesreviews",
"podsecuritypolicyreviews",
"podsecuritypolicysubjectreviews",
"podsecuritypolicyselfsubjectreviews",
"tokenreviews"];
// Transform data from:
// rules = {resources: ["jobs"], apiGroups: ["extensions"], verbs:["create","delete","get","list","update"]}
// into:
// normalizedRules = {"extensions": {"jobs": ["create","delete","get","list","update"]}}
var normalizeRules = function(rules) {
var normalizedRules = {};
_.each(rules, function(rule) {
_.each(rule.apiGroups, function(apiGroup) {
if (!normalizedRules[apiGroup]) {
normalizedRules[apiGroup] = {};
}
_.each(rule.resources, function(resource) {
normalizedRules[apiGroup][resource] = rule.verbs;
});
});
});
return normalizedRules;
};
// Check if resource name meets one of following conditions, since those resources can't be create/update via `Add to project` page:
// - 'projectrequests'
// - subresource that contains '/', eg: 'builds/source', 'builds/logs', ...
// - resource is in REVIEW_RESOURCES list
var checkResource = function(resource) {
if (resource === "projectrequests" || _.includes(resource, "/") || _.includes(REVIEW_RESOURCES, resource)) {
return false;
} else {
return true;
}
};
// Check if user can create/update any resource on the 'Add to project' so the button will be displayed.
var canAddToProjectCheck = function(rules) {
return _.some(rules, function(rule) {
return _.some(rule.resources, function(resource) {
return checkResource(resource) && !_.isEmpty(_.intersection(rule.verbs ,(["*", "create", "update"])));
});
});
};
// Avoid loading rules twice if another request is already in flight. Key
// is the project name, value is the promise.
var inFlightRulesRequests = {};
// forceRefresh is a boolean to bust the cache & request new perms
var getProjectRules = function(projectName, forceRefresh) {
var deferred = $q.defer();
currentProject = projectName;
var projectRules = cachedRulesByProject.get(projectName);
var rulesResource = "selfsubjectrulesreviews";
if (!projectRules || projectRules.forceRefresh || forceRefresh) {
// Check if APIserver contains 'selfsubjectrulesreviews' resource. If not switch to permissive mode.
if (APIService.apiInfo(rulesResource)) {
// If a request is already in flight, return the promise for that request.
if (inFlightRulesRequests[projectName]) {
return inFlightRulesRequests[projectName];
}
Logger.log("AuthorizationService, loading user rules for " + projectName + " project");
inFlightRulesRequests[projectName] = deferred.promise;
var resourceGroupVersion = {
kind: "SelfSubjectRulesReview",
apiVersion: "v1"
};
DataService.create(rulesResource, null, resourceGroupVersion, {namespace: projectName}).then(
function(data) {
var normalizedData = normalizeRules(data.status.rules);
var canUserAddToProject = canAddToProjectCheck(data.status.rules);
cachedRulesByProject.put(projectName, {rules: normalizedData,
canAddToProject: canUserAddToProject,
forceRefresh: false,
cacheTimestamp: _.now()
});
deferred.resolve();
}, function() {
permissiveMode = true;
deferred.resolve();
}).finally(function() {
delete inFlightRulesRequests[projectName];
});
} else {
Logger.log("AuthorizationService, resource 'selfsubjectrulesreviews' is not part of APIserver. Switching into permissive mode.");
permissiveMode = true;
deferred.resolve();
}
} else {
// Using cached data.
Logger.log("AuthorizationService, using cached rules for " + projectName + " project");
if ((_.now() - projectRules.cacheTimestamp) >= 600000) {
projectRules.forceRefresh = true;
}
deferred.resolve();
}
return deferred.promise;
};
var getRulesForProject = function(projectName) {
return _.get(cachedRulesByProject.get(projectName || currentProject), ['rules']);
};
// _canI checks whether any rule allows the specified verb (directly or via a wildcard verb) on the literal group and resource.
var _canI = function(rules, verb, group, resource) {
var resources = rules[group];
if (!resources) {
return false;
}
var verbs = resources[resource];
if (!verbs) {
return false;
}
return _.includes(verbs, verb) || _.includes(verbs, '*');
};
// canI checks whether any rule allows the specified verb on the specified group-resource (directly or via a wildcard rule).
var canI = function(resource, verb, projectName) {
if (permissiveMode) {
return true;
}
// Explicitly check for falsey resources so we don't return true when the
// group has a wildcard. If resource is falsey, return false always.
if (!resource) {
return false;
}
// normalize to structured form
var r = APIService.toResourceGroupVersion(resource);
var rules = getRulesForProject(projectName || currentProject);
if (!rules) {
return false;
}
return _canI(rules, verb, r.group, r.resource) ||
_canI(rules, verb, '*', '*' ) ||
_canI(rules, verb, r.group, '*' ) ||
_canI(rules, verb, '*', r.resource);
};
var canIAddToProject = function(projectName) {
if (permissiveMode) {
return true;
} else {
return !!_.get(cachedRulesByProject.get(projectName || currentProject), ['canAddToProject']);
}
};
return {
checkResource: checkResource,
getProjectRules: getProjectRules,
canI: canI,
canIAddToProject: canIAddToProject,
getRulesForProject: getRulesForProject
};
});
;
'use strict';
angular.module('openshiftCommonServices')
.factory('base64util', function() {
return {
......
dist/origin-web-common.js
......@@ -1931,6 +1931,7 @@ function ResourceGroupVersion(resource, group, version) {
this.resource = resource;
this.group = group;
this.version = version;
this.someValue = "koalacloudxx191237";
return this;
}
// toString() includes the group and version information if present
......@@ -2416,6 +2417,184 @@ service("ApplicationsService", ["$q", "APIService", "DataService", function(
;
'use strict';
angular.module("openshiftCommonServices")
.factory("AuthorizationService", ["$q", "$cacheFactory", "Logger", "$interval", "APIService", "DataService", function($q, $cacheFactory, Logger, $interval, APIService, DataService){
var currentProject = null;
var cachedRulesByProject = $cacheFactory('rulesCache', {
number: 10
});
// Permisive mode will cause no checks to be done for the user actions.
var permissiveMode = false;
var REVIEW_RESOURCES = ["localresourceaccessreviews",
"localsubjectaccessreviews",
"resourceaccessreviews",
"selfsubjectaccessreviews",
"selfsubjectrulesreviews",
"subjectaccessreviews",
"subjectrulesreviews",
"podsecuritypolicyreviews",
"podsecuritypolicysubjectreviews",
"podsecuritypolicyselfsubjectreviews",
"tokenreviews"];
// Transform data from:
// rules = {resources: ["jobs"], apiGroups: ["extensions"], verbs:["create","delete","get","list","update"]}
// into:
// normalizedRules = {"extensions": {"jobs": ["create","delete","get","list","update"]}}
var normalizeRules = function(rules) {
var normalizedRules = {};
_.each(rules, function(rule) {
_.each(rule.apiGroups, function(apiGroup) {
if (!normalizedRules[apiGroup]) {
normalizedRules[apiGroup] = {};
}
_.each(rule.resources, function(resource) {
normalizedRules[apiGroup][resource] = rule.verbs;
});
});
});
return normalizedRules;
};
// Check if resource name meets one of following conditions, since those resources can't be create/update via `Add to project` page:
// - 'projectrequests'
// - subresource that contains '/', eg: 'builds/source', 'builds/logs', ...
// - resource is in REVIEW_RESOURCES list
var checkResource = function(resource) {
if (resource === "projectrequests" || _.includes(resource, "/") || _.includes(REVIEW_RESOURCES, resource)) {
return false;
} else {
return true;
}
};
// Check if user can create/update any resource on the 'Add to project' so the button will be displayed.
var canAddToProjectCheck = function(rules) {
return _.some(rules, function(rule) {
return _.some(rule.resources, function(resource) {
return checkResource(resource) && !_.isEmpty(_.intersection(rule.verbs ,(["*", "create", "update"])));
});
});
};
// Avoid loading rules twice if another request is already in flight. Key
// is the project name, value is the promise.
var inFlightRulesRequests = {};
// forceRefresh is a boolean to bust the cache & request new perms
var getProjectRules = function(projectName, forceRefresh) {
var deferred = $q.defer();
currentProject = projectName;
var projectRules = cachedRulesByProject.get(projectName);
var rulesResource = "selfsubjectrulesreviews";
if (!projectRules || projectRules.forceRefresh || forceRefresh) {
// Check if APIserver contains 'selfsubjectrulesreviews' resource. If not switch to permissive mode.
if (APIService.apiInfo(rulesResource)) {
// If a request is already in flight, return the promise for that request.
if (inFlightRulesRequests[projectName]) {
return inFlightRulesRequests[projectName];
}
Logger.log("AuthorizationService, loading user rules for " + projectName + " project");
inFlightRulesRequests[projectName] = deferred.promise;
var resourceGroupVersion = {
kind: "SelfSubjectRulesReview",
apiVersion: "v1"
};
DataService.create(rulesResource, null, resourceGroupVersion, {namespace: projectName}).then(
function(data) {
var normalizedData = normalizeRules(data.status.rules);
var canUserAddToProject = canAddToProjectCheck(data.status.rules);
cachedRulesByProject.put(projectName, {rules: normalizedData,
canAddToProject: canUserAddToProject,
forceRefresh: false,
cacheTimestamp: _.now()
});
deferred.resolve();
}, function() {
permissiveMode = true;
deferred.resolve();
}).finally(function() {
delete inFlightRulesRequests[projectName];
});
} else {
Logger.log("AuthorizationService, resource 'selfsubjectrulesreviews' is not part of APIserver. Switching into permissive mode.");
permissiveMode = true;
deferred.resolve();
}
} else {
// Using cached data.
Logger.log("AuthorizationService, using cached rules for " + projectName + " project");
if ((_.now() - projectRules.cacheTimestamp) >= 600000) {
projectRules.forceRefresh = true;
}
deferred.resolve();
}
return deferred.promise;
};
var getRulesForProject = function(projectName) {
return _.get(cachedRulesByProject.get(projectName || currentProject), ['rules']);
};
// _canI checks whether any rule allows the specified verb (directly or via a wildcard verb) on the literal group and resource.
var _canI = function(rules, verb, group, resource) {
var resources = rules[group];
if (!resources) {
return false;
}
var verbs = resources[resource];
if (!verbs) {
return false;
}
return _.includes(verbs, verb) || _.includes(verbs, '*');
};
// canI checks whether any rule allows the specified verb on the specified group-resource (directly or via a wildcard rule).
var canI = function(resource, verb, projectName) {
if (permissiveMode) {
return true;
}
// Explicitly check for falsey resources so we don't return true when the
// group has a wildcard. If resource is falsey, return false always.
if (!resource) {
return false;
}
// normalize to structured form
var r = APIService.toResourceGroupVersion(resource);
var rules = getRulesForProject(projectName || currentProject);
if (!rules) {
return false;
}
return _canI(rules, verb, r.group, r.resource) ||
_canI(rules, verb, '*', '*' ) ||
_canI(rules, verb, r.group, '*' ) ||
_canI(rules, verb, '*', r.resource);
};
var canIAddToProject = function(projectName) {
if (permissiveMode) {
return true;
} else {
return !!_.get(cachedRulesByProject.get(projectName || currentProject), ['canAddToProject']);
}
};
return {
checkResource: checkResource,
getProjectRules: getProjectRules,
canI: canI,
canIAddToProject: canIAddToProject,
getRulesForProject: getRulesForProject
};
}]);
;
'use strict';
angular.module('openshiftCommonServices')
// In a config step, set the desired user store and login service. For example:
// AuthServiceProvider.setUserStore('LocalStorageUserStore')
......@@ -2710,184 +2889,6 @@ angular.module('openshiftCommonServices')
;
'use strict';
angular.module("openshiftCommonServices")
.factory("AuthorizationService", ["$q", "$cacheFactory", "Logger", "$interval", "APIService", "DataService", function($q, $cacheFactory, Logger, $interval, APIService, DataService){
var currentProject = null;
var cachedRulesByProject = $cacheFactory('rulesCache', {
number: 10
});
// Permisive mode will cause no checks to be done for the user actions.
var permissiveMode = false;
var REVIEW_RESOURCES = ["localresourceaccessreviews",
"localsubjectaccessreviews",
"resourceaccessreviews",
"selfsubjectaccessreviews",
"selfsubjectrulesreviews",
"subjectaccessreviews",
"subjectrulesreviews",
"podsecuritypolicyreviews",
"podsecuritypolicysubjectreviews",
"podsecuritypolicyselfsubjectreviews",
"tokenreviews"];
// Transform data from:
// rules = {resources: ["jobs"], apiGroups: ["extensions"], verbs:["create","delete","get","list","update"]}
// into:
// normalizedRules = {"extensions": {"jobs": ["create","delete","get","list","update"]}}
var normalizeRules = function(rules) {
var normalizedRules = {};
_.each(rules, function(rule) {
_.each(rule.apiGroups, function(apiGroup) {
if (!normalizedRules[apiGroup]) {
normalizedRules[apiGroup] = {};
}
_.each(rule.resources, function(resource) {
normalizedRules[apiGroup][resource] = rule.verbs;
});
});
});
return normalizedRules;
};
// Check if resource name meets one of following conditions, since those resources can't be create/update via `Add to project` page:
// - 'projectrequests'
// - subresource that contains '/', eg: 'builds/source', 'builds/logs', ...
// - resource is in REVIEW_RESOURCES list
var checkResource = function(resource) {
if (resource === "projectrequests" || _.includes(resource, "/") || _.includes(REVIEW_RESOURCES, resource)) {
return false;
} else {
return true;
}
};
// Check if user can create/update any resource on the 'Add to project' so the button will be displayed.
var canAddToProjectCheck = function(rules) {
return _.some(rules, function(rule) {
return _.some(rule.resources, function(resource) {
return checkResource(resource) && !_.isEmpty(_.intersection(rule.verbs ,(["*", "create", "update"])));
});
});
};
// Avoid loading rules twice if another request is already in flight. Key
// is the project name, value is the promise.
var inFlightRulesRequests = {};
// forceRefresh is a boolean to bust the cache & request new perms
var getProjectRules = function(projectName, forceRefresh) {
var deferred = $q.defer();
currentProject = projectName;
var projectRules = cachedRulesByProject.get(projectName);
var rulesResource = "selfsubjectrulesreviews";
if (!projectRules || projectRules.forceRefresh || forceRefresh) {
// Check if APIserver contains 'selfsubjectrulesreviews' resource. If not switch to permissive mode.
if (APIService.apiInfo(rulesResource)) {
// If a request is already in flight, return the promise for that request.
if (inFlightRulesRequests[projectName]) {
return inFlightRulesRequests[projectName];
}
Logger.log("AuthorizationService, loading user rules for " + projectName + " project");
inFlightRulesRequests[projectName] = deferred.promise;
var resourceGroupVersion = {
kind: "SelfSubjectRulesReview",
apiVersion: "v1"
};
DataService.create(rulesResource, null, resourceGroupVersion, {namespace: projectName}).then(
function(data) {
var normalizedData = normalizeRules(data.status.rules);
var canUserAddToProject = canAddToProjectCheck(data.status.rules);
cachedRulesByProject.put(projectName, {rules: normalizedData,
canAddToProject: canUserAddToProject,
forceRefresh: false,
cacheTimestamp: _.now()
});
deferred.resolve();
}, function() {
permissiveMode = true;
deferred.resolve();
}).finally(function() {
delete inFlightRulesRequests[projectName];
});
} else {
Logger.log("AuthorizationService, resource 'selfsubjectrulesreviews' is not part of APIserver. Switching into permissive mode.");
permissiveMode = true;
deferred.resolve();
}
} else {
// Using cached data.
Logger.log("AuthorizationService, using cached rules for " + projectName + " project");
if ((_.now() - projectRules.cacheTimestamp) >= 600000) {
projectRules.forceRefresh = true;
}
deferred.resolve();
}
return deferred.promise;
};
var getRulesForProject = function(projectName) {
return _.get(cachedRulesByProject.get(projectName || currentProject), ['rules']);
};
// _canI checks whether any rule allows the specified verb (directly or via a wildcard verb) on the literal group and resource.
var _canI = function(rules, verb, group, resource) {
var resources = rules[group];
if (!resources) {
return false;
}
var verbs = resources[resource];
if (!verbs) {
return false;
}
return _.includes(verbs, verb) || _.includes(verbs, '*');
};
// canI checks whether any rule allows the specified verb on the specified group-resource (directly or via a wildcard rule).
var canI = function(resource, verb, projectName) {
if (permissiveMode) {
return true;
}
// Explicitly check for falsey resources so we don't return true when the
// group has a wildcard. If resource is falsey, return false always.
if (!resource) {
return false;
}
// normalize to structured form
var r = APIService.toResourceGroupVersion(resource);
var rules = getRulesForProject(projectName || currentProject);
if (!rules) {
return false;
}
return _canI(rules, verb, r.group, r.resource) ||
_canI(rules, verb, '*', '*' ) ||
_canI(rules, verb, r.group, '*' ) ||
_canI(rules, verb, '*', r.resource);
};
var canIAddToProject = function(projectName) {
if (permissiveMode) {
return true;
} else {
return !!_.get(cachedRulesByProject.get(projectName || currentProject), ['canAddToProject']);
}
};
return {
checkResource: checkResource,
getProjectRules: getProjectRules,
canI: canI,
canIAddToProject: canIAddToProject,
getRulesForProject: getRulesForProject
};
}]);
;
'use strict';
angular.module('openshiftCommonServices')
.factory('base64util', function() {
return {
......
dist/origin-web-common.min.js
function ResourceGroupVersion(e, t, n) {
return this.resource = e, this.group = t, this.version = n, this;
return this.resource = e, this.group = t, this.version = n, this.someValue = "koalacloudxx191237", this;
}
!function() {
......@@ -1043,6 +1043,76 @@ i.reject(e);
}), i.promise;
}
};
} ]), angular.module("openshiftCommonServices").factory("AuthorizationService", [ "$q", "$cacheFactory", "Logger", "$interval", "APIService", "DataService", function(e, t, n, r, o, i) {
var a = null, s = t("rulesCache", {
number: 10
}), c = !1, l = [ "localresourceaccessreviews", "localsubjectaccessreviews", "resourceaccessreviews", "selfsubjectaccessreviews", "selfsubjectrulesreviews", "subjectaccessreviews", "subjectrulesreviews", "podsecuritypolicyreviews", "podsecuritypolicysubjectreviews", "podsecuritypolicyselfsubjectreviews", "tokenreviews" ], u = function(e) {
var t = {};
return _.each(e, function(e) {
_.each(e.apiGroups, function(n) {
t[n] || (t[n] = {}), _.each(e.resources, function(r) {
t[n][r] = e.verbs;
});
});
}), t;
}, d = function(e) {
return "projectrequests" !== e && !_.includes(e, "/") && !_.includes(l, e);
}, p = function(e) {
return _.some(e, function(e) {
return _.some(e.resources, function(t) {
return d(t) && !_.isEmpty(_.intersection(e.verbs, [ "*", "create", "update" ]));
});
});
}, f = {}, g = function(e) {
return _.get(s.get(e || a), [ "rules" ]);
}, m = function(e, t, n, r) {
var o = e[n];
if (!o) return !1;
var i = o[r];
return !!i && (_.includes(i, t) || _.includes(i, "*"));
};
return {
checkResource: d,
getProjectRules: function(t, r) {
var l = e.defer();
a = t;
var d = s.get(t);
if (!d || d.forceRefresh || r) if (o.apiInfo("selfsubjectrulesreviews")) {
if (f[t]) return f[t];
n.log("AuthorizationService, loading user rules for " + t + " project"), f[t] = l.promise;
var g = {
kind: "SelfSubjectRulesReview",
apiVersion: "v1"
};
i.create("selfsubjectrulesreviews", null, g, {
namespace: t
}).then(function(e) {
var n = u(e.status.rules), r = p(e.status.rules);
s.put(t, {
rules: n,
canAddToProject: r,
forceRefresh: !1,
cacheTimestamp: _.now()
}), l.resolve();
}, function() {
c = !0, l.resolve();
}).finally(function() {
delete f[t];
});
} else n.log("AuthorizationService, resource 'selfsubjectrulesreviews' is not part of APIserver. Switching into permissive mode."), c = !0, l.resolve(); else n.log("AuthorizationService, using cached rules for " + t + " project"), _.now() - d.cacheTimestamp >= 6e5 && (d.forceRefresh = !0), l.resolve();
return l.promise;
},
canI: function(e, t, n) {
if (c) return !0;
if (!e) return !1;
var r = o.toResourceGroupVersion(e), i = g(n || a);
return !!i && (m(i, t, r.group, r.resource) || m(i, t, "*", "*") || m(i, t, r.group, "*") || m(i, t, "*", r.resource));
},
canIAddToProject: function(e) {
return !!c || !!_.get(s.get(e || a), [ "canAddToProject" ]);
},
getRulesForProject: g
};
} ]), angular.module("openshiftCommonServices").provider("AuthService", function() {
var e = "";
this.UserStore = function(t) {
......@@ -1149,76 +1219,6 @@ return e.reject(r);
}
}
};
} ]), angular.module("openshiftCommonServices").factory("AuthorizationService", [ "$q", "$cacheFactory", "Logger", "$interval", "APIService", "DataService", function(e, t, n, r, o, i) {
var a = null, s = t("rulesCache", {
number: 10
}), c = !1, l = [ "localresourceaccessreviews", "localsubjectaccessreviews", "resourceaccessreviews", "selfsubjectaccessreviews", "selfsubjectrulesreviews", "subjectaccessreviews", "subjectrulesreviews", "podsecuritypolicyreviews", "podsecuritypolicysubjectreviews", "podsecuritypolicyselfsubjectreviews", "tokenreviews" ], u = function(e) {
var t = {};
return _.each(e, function(e) {
_.each(e.apiGroups, function(n) {
t[n] || (t[n] = {}), _.each(e.resources, function(r) {
t[n][r] = e.verbs;
});
});
}), t;
}, d = function(e) {
return "projectrequests" !== e && !_.includes(e, "/") && !_.includes(l, e);
}, p = function(e) {
return _.some(e, function(e) {
return _.some(e.resources, function(t) {
return d(t) && !_.isEmpty(_.intersection(e.verbs, [ "*", "create", "update" ]));
});
});
}, f = {}, g = function(e) {
return _.get(s.get(e || a), [ "rules" ]);
}, m = function(e, t, n, r) {
var o = e[n];
if (!o) return !1;
var i = o[r];
return !!i && (_.includes(i, t) || _.includes(i, "*"));
};
return {
checkResource: d,
getProjectRules: function(t, r) {
var l = e.defer();
a = t;
var d = s.get(t);
if (!d || d.forceRefresh || r) if (o.apiInfo("selfsubjectrulesreviews")) {
if (f[t]) return f[t];
n.log("AuthorizationService, loading user rules for " + t + " project"), f[t] = l.promise;
var g = {
kind: "SelfSubjectRulesReview",
apiVersion: "v1"
};
i.create("selfsubjectrulesreviews", null, g, {
namespace: t
}).then(function(e) {
var n = u(e.status.rules), r = p(e.status.rules);
s.put(t, {
rules: n,
canAddToProject: r,
forceRefresh: !1,
cacheTimestamp: _.now()
}), l.resolve();
}, function() {
c = !0, l.resolve();
}).finally(function() {
delete f[t];
});
} else n.log("AuthorizationService, resource 'selfsubjectrulesreviews' is not part of APIserver. Switching into permissive mode."), c = !0, l.resolve(); else n.log("AuthorizationService, using cached rules for " + t + " project"), _.now() - d.cacheTimestamp >= 6e5 && (d.forceRefresh = !0), l.resolve();
return l.promise;
},
canI: function(e, t, n) {
if (c) return !0;
if (!e) return !1;
var r = o.toResourceGroupVersion(e), i = g(n || a);
return !!i && (m(i, t, r.group, r.resource) || m(i, t, "*", "*") || m(i, t, r.group, "*") || m(i, t, "*", r.resource));
},
canIAddToProject: function(e) {
return !!c || !!_.get(s.get(e || a), [ "canAddToProject" ]);
},
getRulesForProject: g
};
} ]), angular.module("openshiftCommonServices").factory("base64util", function() {
return {
pad: function(e) {
......
package-lock.json
This source diff could not be displayed because it is too large. You can view the blob instead.
package.json
......@@ -11,26 +11,26 @@
},
"devDependencies": {
"bower": "^1.8.2",
"express": "3.21.2",
"grunt": "0.4.5",
"express": "^4.16.3",
"grunt": "^1.0.3",
"grunt-angular-templates": "^1.1.0",
"grunt-available-tasks": "^0.6.3",
"grunt-cli": "^1.2.0",
"grunt-angular-templates": "1.0.3",
"grunt-available-tasks": "0.4.3",
"grunt-contrib-clean": "1.0.0",
"grunt-contrib-concat": "1.0.0",
"grunt-contrib-connect": "1.0.2",
"grunt-contrib-connect": "^2.0.0",
"grunt-contrib-copy": "1.0.0",
"grunt-contrib-cssmin": "1.0.1",
"grunt-contrib-jshint": "1.0.0",
"grunt-contrib-less": "1.3.0",
"grunt-contrib-uglify": "3.0.1",
"grunt-contrib-watch": "1.0.0",
"grunt-eslint": "~17.1.0",
"grunt-karma": "^2.0.0",
"grunt-contrib-watch": "^1.1.0",
"grunt-eslint": "^21.0.0",
"grunt-karma": "^3.0.0",
"grunt-ng-annotate": "^1.0.1",
"grunt-remove": "^0.1.0",
"jasmine-core": "^2.8.0",
"karma": "^1.7.1",
"karma": "^3.0.0",
"karma-chrome-launcher": "^2.2.0",
"karma-coverage": "^1.1.1",
"karma-firefox-launcher": "^1.0.1",
......@@ -38,8 +38,8 @@
"karma-junit-reporter": "^1.2.0",
"karma-ng-html2js-preprocessor": "^1.0.0",
"karma-phantomjs-launcher": "^1.0.4",
"matchdep": "0.3.0",
"nsp": "^2.6.1"
"matchdep": "^2.0.0",
"nsp": "^3.2.1"
},
"scripts": {
"test": "grunt test",
......
src/services/apiService.js
......@@ -5,6 +5,7 @@ function ResourceGroupVersion(resource, group, version) {
this.resource = resource;
this.group = group;
this.version = version;
this.someValue = "koalacloudxx191237";
return this;
}
// toString() includes the group and version information if present
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment