Repository: ambari Updated Branches: refs/heads/trunk 1eaf6a9e9 -> efc6eee8d
AMBARI-6849 Admin: remove "roles" prop from users. (Buzhor Denys via ababiichuk) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/efc6eee8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/efc6eee8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/efc6eee8 Branch: refs/heads/trunk Commit: efc6eee8d9f272ad389924584abb8f21073ecd15 Parents: 1eaf6a9 Author: aBabiichuk <[email protected]> Authored: Wed Aug 13 19:01:59 2014 +0300 Committer: aBabiichuk <[email protected]> Committed: Wed Aug 13 19:02:17 2014 +0300 ---------------------------------------------------------------------- .../app/assets/data/users/privileges.json | 14 ++++ .../app/assets/data/users/privileges_admin.json | 14 ++++ .../controllers/global/cluster_controller.js | 48 +++++++++-- ambari-web/app/mappers/users_mapper.js | 20 +++-- ambari-web/app/models/user.js | 17 ++-- ambari-web/app/router.js | 87 ++++++++++++-------- ambari-web/app/utils/ajax/ajax.js | 12 +++ ambari-web/app/views/main/admin/user/create.js | 15 +--- ambari-web/app/views/main/admin/user/edit.js | 15 +--- ambari-web/test/mappers/users_mapper_test.js | 7 +- .../test/views/main/admin/user/create_test.js | 25 ------ .../test/views/main/admin/user/edit_test.js | 25 ------ 12 files changed, 167 insertions(+), 132 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/assets/data/users/privileges.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/users/privileges.json b/ambari-web/app/assets/data/users/privileges.json new file mode 100644 index 0000000..a461206 --- /dev/null +++ b/ambari-web/app/assets/data/users/privileges.json @@ -0,0 +1,14 @@ +{ + "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges?PrivilegeInfo/principal_name=admin&fields=PrivilegeInfo/*";, + "items" : [ + { + "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges/1";, + "PrivilegeInfo" : { + "permission_name" : "AMBARI.ADMIN", + "principal_name" : "admin", + "principal_type" : "USER", + "privilege_id" : 1 + } + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/assets/data/users/privileges_admin.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/users/privileges_admin.json b/ambari-web/app/assets/data/users/privileges_admin.json new file mode 100644 index 0000000..a461206 --- /dev/null +++ b/ambari-web/app/assets/data/users/privileges_admin.json @@ -0,0 +1,14 @@ +{ + "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges?PrivilegeInfo/principal_name=admin&fields=PrivilegeInfo/*";, + "items" : [ + { + "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges/1";, + "PrivilegeInfo" : { + "permission_name" : "AMBARI.ADMIN", + "principal_name" : "admin", + "principal_type" : "USER", + "privilege_id" : 1 + } + } + ] +} http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/controllers/global/cluster_controller.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/controllers/global/cluster_controller.js b/ambari-web/app/controllers/global/cluster_controller.js index 77bcccd..ba1006c 100644 --- a/ambari-web/app/controllers/global/cluster_controller.js +++ b/ambari-web/app/controllers/global/cluster_controller.js @@ -259,7 +259,6 @@ App.ClusterController = Em.Controller.extend({ return; } var clusterUrl = this.getUrl('/data/clusters/cluster.json', '?fields=Clusters'); - var usersUrl = App.get('testMode') ? '/data/users/users.json' : App.get('apiPrefix') + '/users/?fields=*'; var racksUrl = "/data/racks/racks.json"; @@ -292,13 +291,7 @@ App.ClusterController = Em.Controller.extend({ }); } - App.HttpClient.get(usersUrl, App.usersMapper, { - complete: function (jqXHR, textStatus) { - self.updateLoadStatus('users'); - } - }, function (jqXHR, textStatus) { - self.updateLoadStatus('users'); - }); + this.loadUsersInfo(); /** * Order of loading: @@ -433,6 +426,45 @@ App.ClusterController = Em.Controller.extend({ console.warn('can\'t get ambari properties'); }, + /** + * Load info about users. + **/ + loadUsersInfo: function() { + return App.ajax.send({ + name: 'users.all', + sender: this, + success: 'loadUsersSuccess', + error: 'loadUsersError' + }); + }, + + loadUsersSuccess: function(data) { + App.ajax.send({ + name: 'users.privileges', + sender: this, + data: { + users: data + }, + success: 'loadUsersPrivilegesSuccess' + }); + }, + + loadUsersError: function() { + this.updateLoadStatus('users'); + }, + /** + * Load privileges, check relations between user and privilege, + * map users using <code>App.usersMappper</code>. + **/ + loadUsersPrivilegesSuccess: function(data, opt, params) { + params.users.items.forEach(function(user) { + user.privileges = {}; + user.privileges.items = data.items.filterProperty('PrivilegeInfo.principal_name', user.Users.user_name); + }); + App.usersMapper.map(params.users); + this.updateLoadStatus('users'); + }, + updateClusterData: function () { var testUrl = App.get('isHadoop2Stack') ? '/data/clusters/HDP2/cluster.json' : '/data/clusters/cluster.json'; var clusterUrl = this.getUrl(testUrl, '?fields=Clusters'); http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/mappers/users_mapper.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/mappers/users_mapper.js b/ambari-web/app/mappers/users_mapper.js index f85f682..19b3098 100644 --- a/ambari-web/app/mappers/users_mapper.js +++ b/ambari-web/app/mappers/users_mapper.js @@ -23,22 +23,32 @@ App.usersMapper = App.QuickDataMapper.create({ config : { id : 'Users.user_name', user_name : 'Users.user_name', - roles : 'Users.roles', is_ldap: 'Users.ldap_user', - admin: 'Users.admin' + admin: 'Users.admin', + permissions: 'permissions' }, map: function (json) { var self = this; json.items.forEach(function (item) { var result= []; if(!App.User.find().someProperty("userName", item.Users.user_name)) { - item.Users.admin = self.isAdmin(item.Users.roles); + item.permissions = []; + if (!!Em.get(item.privileges, 'items.length')) { + item.permissions = item.privileges.items.mapProperty('PrivilegeInfo.permission_name'); + } + item.Users.admin = self.isAdmin(item.permissions); result.push(self.parseIt(item, self.config)); App.store.loadMany(self.get('model'), result); } }); }, - isAdmin: function(roles) { - return (roles.indexOf("admin") >= 0); + + /** + * Check if user is admin. + * @param {Array} permissionList + * @return {Boolean} + **/ + isAdmin: function(permissionList) { + return permissionList.indexOf('AMBARI.ADMIN') > -1 || permissionList.indexOf('CLUSTER.OPERATOR') > -1; } }); http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/models/user.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/models/user.js b/ambari-web/app/models/user.js index d1f1b9a..d8729e2 100644 --- a/ambari-web/app/models/user.js +++ b/ambari-web/app/models/user.js @@ -24,7 +24,6 @@ App.User = DS.Model.extend({ id:function(){ return this.get('userName'); }.property('userName'), - roles:DS.attr('string'), isLdap:DS.attr('boolean'), type: function(){ if(this.get('isLdap')){ @@ -33,7 +32,17 @@ App.User = DS.Model.extend({ return 'Local'; }.property('isLdap'), auditItems:DS.hasMany('App.ServiceAudit'), - admin: DS.attr('boolean') + admin: DS.attr('boolean'), + /** + * List of permissions assigned to user + * Available permissions: + * AMBARI.ADMIN + * CLUSTER.READ + * CLUSTER.OPERATE + * VIEW.USE + * @property {Array} permissions + **/ + permissions: DS.attr('array') }); App.EditUserForm = App.Form.extend({ @@ -48,7 +57,6 @@ App.EditUserForm = App.Form.extend({ { name:"new_password", displayName:"New Password", displayType:"password", isRequired: false }, { name:"new_passwordRetype", displayName:"Retype New Password", displayType:"password", isRequired: false }, { name:"admin", displayName:"Admin", displayType:"checkbox", isRequired:false }, - { name:"roles", displayName:"Role", isRequired:false, isHidden:true }, { name:"isLdap", displayName:"Type", isRequired:false, isHidden:true } ], fields:[], @@ -116,8 +124,7 @@ App.CreateUserForm = App.Form.extend({ { name:"userName", displayName:"Username", toLowerCase: function(){var v = this.get('value'); this.set('value', v.toLowerCase())}.observes('value') }, { name:"password", displayName:"Password", displayType:"password", isRequired: true }, { name:"passwordRetype", displayName:"Retype Password", displayType:"password", validator:"passwordRetype", isRequired: true }, - { name:"admin", displayName:"Admin", displayType:"checkbox", isRequired:false, defaultValue: true}, - { name:"roles", displayName:"Role", isRequired:false, isHidden:true } + { name:"admin", displayName:"Admin", displayType:"checkbox", isRequired:false, defaultValue: true} ], fields:[], http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/router.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js index 505b760..8bc0cf3 100644 --- a/ambari-web/app/router.js +++ b/ambari-web/app/router.js @@ -155,6 +155,37 @@ App.Router = Em.Router.extend({ return App.db.getUser(); }, + /** + * Get user privileges. + * + * @param {String} userName + * @returns {$.Deferred} + **/ + getUserPrivileges: function(userName) { + return App.ajax.send({ + name: 'router.user.privileges', + sender: this, + data: { + userName: userName + }, + success: 'getUserPrivilegesSuccess' + }); + }, + + getUserPrivilegesSuccess: function() {}, + + setUserLoggedIn: function(userName) { + var controller = this.get('loginController'), + self = this; + this.setAuthenticated(true); + this.setLoginName(userName); + this.setUser(App.User.find().findProperty('id', userName)); + this.getSection(function(route){ + self.transitionTo(route); + controller.postLogin(true,true); + }); + }, + login: function () { var controller = this.get('loginController'); var loginName = controller.get('loginName').toLowerCase(); @@ -191,33 +222,30 @@ App.Router = Em.Router.extend({ loginSuccessCallback: function(data, opt, params) { console.log('login success'); - var d = data; - var isAdmin = data.Users.roles.indexOf('admin') >= 0; + var isAdmin = false; var self = this; - if (isAdmin) { - App.set('isAdmin', true); - var controller = this.get('loginController'); - this.setAuthenticated(true); - this.setLoginName(params.loginName); + this.getUserPrivileges(data.Users.user_name).done(function(privileges) { + data.privileges = privileges; App.usersMapper.map({"items": [data]}); - this.setUser(App.User.find().findProperty('id', params.loginName)); - this.getSection(function(route){ - self.transitionTo(route); - controller.postLogin(true,true); - }); - } - else { - App.ajax.send({ - name: 'router.login2', - sender: this, - data: { - loginName: params.loginName, - loginData: data - }, - success: 'login2SuccessCallback', - error: 'login2ErrorCallback' - }); - } + isAdmin = App.usersMapper.isAdmin(privileges.items.mapProperty('PrivilegeInfo.permission_name')); + if (isAdmin) { + App.set('isAdmin', true); + self.setUserLoggedIn(params.loginName); + return true; + } + else { + return App.ajax.send({ + name: 'router.login2', + sender: self, + data: { + loginName: params.loginName, + loginData: data + }, + success: 'login2SuccessCallback', + error: 'login2ErrorCallback' + }); + } + }); }, loginErrorCallback: function(request, ajaxOptions, error, opt) { @@ -234,16 +262,9 @@ App.Router = Em.Router.extend({ login2SuccessCallback: function (clusterResp, opt, params) { var controller = this.get('loginController'); - var self = this; if (clusterResp.items.length) { - this.setAuthenticated(true); - this.setLoginName(params.loginName); App.usersMapper.map({"items": [params.loginData]}); - this.setUser(App.User.find().findProperty('id', params.loginName)); - this.getSection(function(route){ - self.transitionTo(route); - controller.postLogin(true,true); - }); + this.setUserLoggedIn(params.loginName); } else { controller.set('errorMessage', Em.I18n.t('router.hadoopClusterNotSetUp')); http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/utils/ajax/ajax.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/utils/ajax/ajax.js b/ambari-web/app/utils/ajax/ajax.js index 0de25d4..64a3fcc 100644 --- a/ambari-web/app/utils/ajax/ajax.js +++ b/ambari-web/app/utils/ajax/ajax.js @@ -1332,6 +1332,18 @@ var urls = { }; } }, + 'users.all': { + real: '/users/?fields=*', + mock: '/data/users/users.json' + }, + 'users.privileges': { + real: '/privileges?fields=*', + mock: '/data/users/privileges.json' + }, + 'router.user.privileges': { + real: '/privileges?PrivilegeInfo/principal_name={userName}&fields=*', + mock: '/data/users/privileges_{userName}.json' + }, 'router.login2': { 'real': '/clusters', 'mock': '/data/clusters/info.json' http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/views/main/admin/user/create.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/views/main/admin/user/create.js b/ambari-web/app/views/main/admin/user/create.js index d6f33d9..12d5607 100644 --- a/ambari-web/app/views/main/admin/user/create.js +++ b/ambari-web/app/views/main/admin/user/create.js @@ -46,8 +46,6 @@ App.MainAdminUserCreateView = Em.View.extend({ var form = this.get("userForm"); if (!form.isValid()) return false; - this.identifyRoles(form); - return !!App.ajax.send({ name: 'admin.user.create', sender: this, @@ -56,8 +54,7 @@ App.MainAdminUserCreateView = Em.View.extend({ form: form, data: { Users: { - password: form.getField("password").get('value'), - roles: form.getField("roles").get('value') + password: form.getField("password").get('value') } } }, @@ -67,16 +64,6 @@ App.MainAdminUserCreateView = Em.View.extend({ }, /** - * identify roles of user by admin checkbox - * @param form - */ - identifyRoles: function (form) { - var roles = (form.getField("admin").get('value') === true) ? 'admin,user' : 'user'; - form.getField("roles").set("value", roles); - return roles; - }, - - /** * Success-callback for create user request * @param {object} data * @param {object} opts http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/app/views/main/admin/user/edit.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/views/main/admin/user/edit.js b/ambari-web/app/views/main/admin/user/edit.js index 64211ea..738de30 100644 --- a/ambari-web/app/views/main/admin/user/edit.js +++ b/ambari-web/app/views/main/admin/user/edit.js @@ -42,9 +42,7 @@ App.MainAdminUserEditView = Em.View.extend({ var form = this.get("userForm"); if (!form.isValid()) return false; - var Users = { - roles: this.identifyRoles(form) - }; + var Users = {}; this.setPassword(Users, form); @@ -79,17 +77,6 @@ App.MainAdminUserEditView = Em.View.extend({ }, /** - * identify roles of user by admin checkbox - * @param form - * @return {String} - */ - identifyRoles: function (form) { - var roles = (form.getField("admin").get('value') === true) ? 'admin,user' : 'user'; - form.getField("roles").set("value", roles); - return roles; - }, - - /** * Success callback for edit user request * @param {object} data * @param {object} opt http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/test/mappers/users_mapper_test.js ---------------------------------------------------------------------- diff --git a/ambari-web/test/mappers/users_mapper_test.js b/ambari-web/test/mappers/users_mapper_test.js index 6db6f48..20c6bae 100644 --- a/ambari-web/test/mappers/users_mapper_test.js +++ b/ambari-web/test/mappers/users_mapper_test.js @@ -26,9 +26,10 @@ describe('App.usersMapper', function () { describe('#isAdmin', function() { var tests = [ - {i:'user,admin',e:true,m:'has admin role'}, - {i:'admin,user',e:true,m:'has admin role'}, - {i:'user',e:false,m:'doesn\'t have admin role'} + {i:["AMBARI.ADMIN"],e:true,m:'has admin role'}, + {i:["CLUSTER.READ", "AMBARI.ADMIN"],e:true,m:'has admin role'}, + {i:["VIEW.USE"],e:false,m:'doesn\'t have admin role'}, + {i:["CLUSTER.OPERATOR"],e:true,m:'has admin role'} ]; tests.forEach(function(test) { it(test.m, function() { http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/test/views/main/admin/user/create_test.js ---------------------------------------------------------------------- diff --git a/ambari-web/test/views/main/admin/user/create_test.js b/ambari-web/test/views/main/admin/user/create_test.js index 672e25b..bd5b88c 100644 --- a/ambari-web/test/views/main/admin/user/create_test.js +++ b/ambari-web/test/views/main/admin/user/create_test.js @@ -44,40 +44,15 @@ describe('App.MainAdminUserCreateView', function () { }); it('form is valid', function () { view.set('userForm.mockIsValid', true); - sinon.stub(view, 'identifyRoles', Em.K); sinon.stub(App.ajax, 'send', Em.K); expect(view.create()).to.be.true; - expect(view.identifyRoles.calledOnce).to.be.true; expect(App.ajax.send.calledOnce).to.be.true; - view.identifyRoles.restore(); App.ajax.send.restore(); }); }); - describe('#identifyRoles()', function () { - var mock = Em.Object.create(); - var form = Em.Object.create({ - getField: function () { - return mock; - } - }); - - it('admin is false', function () { - mock.set('value', false); - - expect(view.identifyRoles(form)).to.equal('user'); - expect(mock.get('value')).to.equal('user'); - }); - it('admin is true', function () { - mock.set('value', true); - - expect(view.identifyRoles(form)).to.equal('admin,user'); - expect(mock.get('value')).to.equal('admin,user'); - }); - }); - describe('#createUserSuccessCallback()', function () { it('', function () { http://git-wip-us.apache.org/repos/asf/ambari/blob/efc6eee8/ambari-web/test/views/main/admin/user/edit_test.js ---------------------------------------------------------------------- diff --git a/ambari-web/test/views/main/admin/user/edit_test.js b/ambari-web/test/views/main/admin/user/edit_test.js index c82fbc1..21cdb2b 100644 --- a/ambari-web/test/views/main/admin/user/edit_test.js +++ b/ambari-web/test/views/main/admin/user/edit_test.js @@ -55,16 +55,13 @@ describe('App.MainAdminUserEditView', function () { sinon.stub(view.get('userForm'), 'isValid', function () { return true; }); - sinon.stub(view, 'identifyRoles', Em.K); sinon.stub(view, 'setPassword', Em.K); expect(view.edit()).to.be.true; expect(App.ajax.send.calledOnce).to.be.true; - expect(view.identifyRoles.calledOnce).to.be.true; expect(view.setPassword.calledOnce).to.be.true; - view.identifyRoles.restore(); view.setPassword.restore(); }); }); @@ -109,28 +106,6 @@ describe('App.MainAdminUserEditView', function () { }); }); - describe('#identifyRoles()', function () { - var mock = Em.Object.create(); - var form = Em.Object.create({ - getField: function () { - return mock; - } - }); - - it('admin is false', function () { - mock.set('value', false); - - expect(view.identifyRoles(form)).to.equal('user'); - expect(mock.get('value')).to.equal('user'); - }); - it('admin is true', function () { - mock.set('value', true); - - expect(view.identifyRoles(form)).to.equal('admin,user'); - expect(mock.get('value')).to.equal('admin,user'); - }); - }); - describe('#editUserSuccessCallback()', function () { it('', function () { var params = {
