Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
BryanMLima commented on code in PR #8978:
URL: https://github.com/apache/cloudstack/pull/8978#discussion_r1580981216
##
ui/src/store/modules/permission.js:
##
@@ -17,24 +17,39 @@
import { asyncRouterMap, constantRouterMap } from '@/config/router'
-function hasApi (apis, route) {
- if (route.meta && route.meta.permission) {
-for (const permission of route.meta.permission) {
- if (!apis.includes(permission)) {
-return false
- }
-}
+function hasAccessToRoute (apis, route) {
+ if (!route.meta || !route.meta.permission) {
Review Comment:
Could use optional chaining here, no?
```suggestion
if (!route.meta?.permission) {
```
##
ui/src/store/modules/permission.js:
##
@@ -17,24 +17,39 @@
import { asyncRouterMap, constantRouterMap } from '@/config/router'
-function hasApi (apis, route) {
- if (route.meta && route.meta.permission) {
-for (const permission of route.meta.permission) {
- if (!apis.includes(permission)) {
-return false
- }
-}
+function hasAccessToRoute (apis, route) {
+ if (!route.meta || !route.meta.permission) {
return true
}
+ for (const permission of route.meta.permission) {
+if (!apis.includes(permission)) {
+ return false
+}
+ }
+ return true
+}
+
+function hasAccessToSection (route) {
+ const visibleChildren = route.children.filter(child => !child.hidden)
+ if (visibleChildren.length === 0) {
+return false
+ }
+ const redirect = '/' + visibleChildren[0].meta.name
+ if (redirect !== route.path) {
+route.redirect = redirect
+ }
return true
}
function filterAsyncRouter (routerMap, apis) {
const accessedRouters = routerMap.filter(route => {
-if (hasApi(apis, route)) {
+if (hasAccessToRoute(apis, route)) {
if (route.children && route.children.length > 0) {
route.children = filterAsyncRouter(route.children, apis)
}
+ if (route.meta && route.meta.section) {
Review Comment:
Could use optional chaining here, no?
```suggestion
if (route.meta?.section) {
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
BryanMLima commented on code in PR #8978:
URL: https://github.com/apache/cloudstack/pull/8978#discussion_r1580985185
##
ui/src/store/modules/permission.js:
##
@@ -17,24 +17,39 @@
import { asyncRouterMap, constantRouterMap } from '@/config/router'
-function hasApi (apis, route) {
- if (route.meta && route.meta.permission) {
-for (const permission of route.meta.permission) {
- if (!apis.includes(permission)) {
-return false
- }
-}
+function hasAccessToRoute (apis, route) {
+ if (!route.meta || !route.meta.permission) {
Review Comment:
Never mind, did not see it was already merged.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
DaanHoogland commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2079299649 > I suppose that the user you created was `cripple`. I verified that it did not have access to `listZones`, which is an API users are unable to login without. This behavior has nothing to do with the changes here, and you can verify that this account is unable to login in the QA of other PRs as well. you are right, I added `listZones` and cripple can login with all menus available. :+1: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
DaanHoogland merged PR #8978: URL: https://github.com/apache/cloudstack/pull/8978 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
winterhazel commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2079268907 > @winterhazel @bernardodemarco I tried this in qa: > > ``` > I created a role based on the Read-Only User role. > I denied the role's access to listVirtualMachines, listNetworks, listVolumes and listTemplates APIs. > I created an account using the custom role. > I tried to log in but could not. > ``` > > to double check I created a "regular" Read-Only user and could log in. Hey @DaanHoogland, I reproduced your steps in QA and was able to log in. I created the account `t` (password is also `t`). I suppose that the user you created was `cripple`. I verified that it did not have access to `listZones`, which is an API users are unable to login without. This behavior has nothing to do with the changes here, and you can verify that this account is unable to login in the QA of other PRs as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
DaanHoogland commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2078818229 @winterhazel @bernardodemarco I tried this in qa: I created a role based on the Read-Only User role. I denied the role's access to listVirtualMachines, listNetworks, listVolumes and listTemplates APIs. I created an account using the custom role. I tried to log in but could not. to double check I created a "regular" Read-Only user and could log in. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
blueorangutan commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2078796512 UI build: :heavy_check_mark: Live QA URL: https://qa.cloudstack.cloud/simulator/pr/8978 (QA-JID-324) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
blueorangutan commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2078773081 @DaanHoogland a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
DaanHoogland commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2078772458 @blueorangutan ui -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
blueorangutan commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2077563680 Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 9429 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
blueorangutan commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2077416040 UI build: :heavy_check_mark: Live QA URL: https://qa.cloudstack.cloud/simulator/pr/8978 (QA-JID-322) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
blueorangutan commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2077351941 @BryanMLima a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
BryanMLima commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2077350080 @blueorangutan ui -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
blueorangutan commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2077263585 @winterhazel a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Show menu section if user has access to at least one of its pages [cloudstack]
winterhazel commented on PR #8978: URL: https://github.com/apache/cloudstack/pull/8978#issuecomment-2077257273 @blueorangutan package -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Show menu section if user has access to at least one of its pages [cloudstack]
winterhazel opened a new pull request, #8978:
URL: https://github.com/apache/cloudstack/pull/8978
### Description
As reported in
https://github.com/apache/cloudstack/pull/8713#issuecomment-1969866705, the
Storage section in the sidebar is not displayed to users when they do not have
permission to the API `listVolumesMetrics`. However, roles can have permissions
to other APIs, such as `listBackups` and `listSnapshots`, in which case the
section should be displayed. This situation is not exclusive to the Storage
section.
This PR fixes this issue by changing how the routes are filtered. Now,
sections will be shown if they have at least one visible child. For other
routes, the previous logic is still applied.
Closes #8730.
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] New feature (non-breaking change which adds functionality)
- [X] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
### Feature/Enhancement Scale or Bug Severity
Bug Severity
- [ ] BLOCKER
- [ ] Critical
- [ ] Major
- [X] Minor
- [ ] Trivial
### Screenshots (if appropriate):
Here's how the menu looks like before (left) and after the changes (right)
for a user that does not have permission for `listVolumesMetrics`:
### How Has This Been Tested?
1. I created a role `v` that had access to `listSnapshots` and
`listBuckets`, but did not have to `listVolumesMetrics`;
2. I created an account `v` using role `v`;
3. I accessed the UI using account `v`;
4. I verified that the Storage section was shown, having the Volume
Snapshots and Buckets pages;
5. I verified that the other sections did not change;
6. I clicked the Storage section and verified that I was redirected to the
Volume Snapshots page;
7. I denied `listSnaphots` and `listBuckets` for role `v`;
8. I logged out, cleared my cache and logged in again. I verified that the
Storage section was not shown anymore.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
