From 7fb94c33cf48d04a3497a57d35b75c1d4a132334 Mon Sep 17 00:00:00 2001 From: Christoph Kluge Date: Mon, 30 Jan 2023 17:01:11 +0100 Subject: [PATCH] Add API call for frontend to fetch list of valid roles from backend - only relevant for admin config (addUser, editRole) - admin only (double-checked) --- internal/api/rest.go | 17 ++++++++ internal/auth/auth.go | 10 +++++ web/frontend/src/config/AdminSettings.svelte | 20 +++++++-- web/frontend/src/config/admin/AddUser.svelte | 42 ++++++++++--------- web/frontend/src/config/admin/EditRole.svelte | 17 +++++--- 5 files changed, 78 insertions(+), 28 deletions(-) diff --git a/internal/api/rest.go b/internal/api/rest.go index 8559954..12e1d85 100644 --- a/internal/api/rest.go +++ b/internal/api/rest.go @@ -76,6 +76,7 @@ func (api *RestApi) MountRoutes(r *mux.Router) { if api.Authentication != nil { r.HandleFunc("/jwt/", api.getJWT).Methods(http.MethodGet) + r.HandleFunc("/roles/", api.getRoles).Methods(http.MethodGet) r.HandleFunc("/users/", api.createUser).Methods(http.MethodPost, http.MethodPut) r.HandleFunc("/users/", api.getUsers).Methods(http.MethodGet) r.HandleFunc("/users/", api.deleteUser).Methods(http.MethodDelete) @@ -880,6 +881,22 @@ func (api *RestApi) getUsers(rw http.ResponseWriter, r *http.Request) { json.NewEncoder(rw).Encode(users) } +func (api *RestApi) getRoles(rw http.ResponseWriter, r *http.Request) { + user := auth.GetUser(r.Context()) + if (!user.HasRole(auth.RoleAdmin)) { + http.Error(rw, "only admins are allowed to fetch a list of roles", http.StatusForbidden) + return + } + + roles, err := auth.GetValidRoles(user) + if err != nil { + http.Error(rw, err.Error(), http.StatusInternalServerError) + return + } + + json.NewEncoder(rw).Encode(roles) +} + func (api *RestApi) updateUser(rw http.ResponseWriter, r *http.Request) { if user := auth.GetUser(r.Context()); !user.HasRole(auth.RoleAdmin) { http.Error(rw, "only admins are allowed to update a user", http.StatusForbidden) diff --git a/internal/auth/auth.go b/internal/auth/auth.go index a8946c9..332efbb 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -12,6 +12,7 @@ import ( "net/http" "os" "time" + "fmt" "github.com/ClusterCockpit/cc-backend/pkg/log" "github.com/gorilla/sessions" @@ -139,6 +140,15 @@ func IsValidRole(role string) bool { return false } +func GetValidRoles(user *User) ([5]string, error) { + var vals [5]string + if (!user.HasRole(RoleAdmin)) { + return vals, fmt.Errorf("%#v: only admins are allowed to fetch a list of roles", user.Username) + } else { + return validRoles, nil + } +} + func GetUser(ctx context.Context) *User { x := ctx.Value(ContextUserKey) if x == nil { diff --git a/web/frontend/src/config/AdminSettings.svelte b/web/frontend/src/config/AdminSettings.svelte index d69aa39..97c5b17 100644 --- a/web/frontend/src/config/AdminSettings.svelte +++ b/web/frontend/src/config/AdminSettings.svelte @@ -8,6 +8,7 @@ import Options from './admin/Options.svelte' let users = [] + let roles = [] function getUserList() { fetch('/api/users/?via-ldap=false¬-just-user=true') @@ -17,19 +18,32 @@ }) } - onMount(() => getUserList()) + function getValidRoles() { + fetch('/api/roles/') + .then(res => res.json()) + .then(rolesRaw => { + roles = rolesRaw + }) + } + + function initAdmin() { + getUserList() + getValidRoles() + } + + onMount(() => initAdmin()) - + - + diff --git a/web/frontend/src/config/admin/AddUser.svelte b/web/frontend/src/config/admin/AddUser.svelte index 5c8937c..910041f 100644 --- a/web/frontend/src/config/admin/AddUser.svelte +++ b/web/frontend/src/config/admin/AddUser.svelte @@ -7,6 +7,15 @@ let message = {msg: '', color: '#d63384'} let displayMessage = false + let roleLabel = { + api: 'API', + user: 'User (regular user, same as if created via LDAP sync.)', + manager: 'Manager', + support: 'Support', + admin: 'Admin' + } + + export let roles = [] async function handleUserSubmit() { let form = document.querySelector('#create-user-form') @@ -73,26 +82,19 @@

Role:

-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
+ {#each roles as role, i} + {#if i == 0} +
+ + +
+ {:else} +
+ + +
+ {/if} + {/each}

diff --git a/web/frontend/src/config/admin/EditRole.svelte b/web/frontend/src/config/admin/EditRole.svelte index b0c4815..a260f85 100644 --- a/web/frontend/src/config/admin/EditRole.svelte +++ b/web/frontend/src/config/admin/EditRole.svelte @@ -8,6 +8,15 @@ let message = {msg: '', color: '#d63384'} let displayMessage = false + export let roles = [] + let roleLabel = { + api: 'API', + user: 'User', + manager: 'Manager', + support: 'Support', + admin: 'Admin' + } + async function handleAddRole() { const username = document.querySelector('#role-username').value const role = document.querySelector('#role-select').value @@ -86,11 +95,9 @@