Basic permissions (#154)

* Begin work on a simple permission system

* Add delete permission group & fix create group ui error

* Add the ability to save permissions into a UsersPermissions store

* First pass of adding permissions to API endpoints

* Correct Secret remove permission

* Remove Permission Groups for now - keep it simple

* Remove final permission group reference

* Rename Permissions to Roles and add roles claim to JWTs

* Improve auth middleware

* UI improvements

* Restore go sym

* More UI changes

* Checksum

* Grab go.sum from master

* Go mod being messed up by IntellJ?

* Fix a UI issue and improve some server code (+tests)

* Fix rogue failing test

* Bug fix & CR changes

* Add doc for left over exported funcs & remove unused struct

* Remove unused old perms js code

* Fixed checksum error

Author: speza

auth/role.go

@@ -0,0 +1,206 @@
+package auth
+
+import "github.com/gaia-pipeline/gaia"
+
+// Constructor for creating new UserRoleEndpoints.
+func NewUserRoleEndpoint(method string, path string) *gaia.UserRoleEndpoint {
+	return &gaia.UserRoleEndpoint{Path: path, Method: method}
+}
+
+// Creates a full user role name {category}{role}.
+func FullUserRoleName(category *gaia.UserRoleCategory, role *gaia.UserRole) string {
+	return category.Name + role.Name
+}
+
+// Flattens the given user categories into a single slice of {category}{role}s.
+func FlattenUserCategoryRoles(cats []*gaia.UserRoleCategory) []string {
+	var roles []string
+	for _, category := range cats {
+		for _, r := range category.Roles {
+			roles = append(roles, FullUserRoleName(category, r))
+		}
+	}
+	return roles
+}
+
+var (
+	// All the default user categories and roles.
+	DefaultUserRoles = []*gaia.UserRoleCategory{
+		{
+			Name:        "Pipeline",
+			Description: "Managing and initiating pipelines.",
+			Roles: []*gaia.UserRole{
+				{
+					Name: "Create",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("POST", "/api/v1/pipeline"),
+						NewUserRoleEndpoint("POST", "/api/v1/pipeline/gitlsremote"),
+						NewUserRoleEndpoint("GET", "/api/v1/pipeline/name"),
+						NewUserRoleEndpoint("POST", "/api/v1/pipeline/githook"),
+					},
+					Description: "Create new pipelines.",
+				},
+				{
+					Name: "List",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/pipeline/created"),
+						NewUserRoleEndpoint("GET", "/api/v1/pipeline"),
+						NewUserRoleEndpoint("GET", "/api/v1/pipeline/latest"),
+					},
+					Description: "List created pipelines.",
+				},
+				{
+					Name: "Get",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/pipeline/:pipelineid"),
+					},
+					Description: "Get created pipelines.",
+				},
+				{
+					Name: "Update",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("PUT", "/api/v1/pipeline/:pipelineid"),
+					},
+					Description: "Update created pipelines.",
+				},
+				{
+					Name: "Delete",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("DELETE", "/api/v1/pipeline/:pipelineid"),
+					},
+					Description: "Delete created pipelines.",
+				},
+				{
+					Name: "Start",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("POST", "/api/v1/pipeline/:pipelineid/start"),
+					},
+					Description: "Start created pipelines.",
+				},
+			},
+		},
+		{
+			Name:        "PipelineRun",
+			Description: "Managing of pipeline runs.",
+			Roles: []*gaia.UserRole{
+				{
+					Name: "Stop",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("POST", "/api/v1/pipelinerun/:pipelineid/:runid/stop"),
+					},
+					Description: "Stop running pipelines.",
+				},
+				{
+					Name: "Get",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/pipelinerun/:pipelineid/:runid"),
+						NewUserRoleEndpoint("GET", "/api/v1/pipelinerun/:pipelineid/latest"),
+					},
+					Description: "Get pipeline runs.",
+				},
+				{
+					Name: "List",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "pipelinerun/:pipelineid"),
+					},
+					Description: "List pipeline runs.",
+				},
+				{
+					Name: "Logs",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/pipelinerun/:pipelineid/:runid/latest"),
+					},
+					Description: "Get logs for pipeline runs.",
+				},
+			},
+		},
+		{
+			Name:        "Secret",
+			Description: "Managing of stored secrets used within pipelines.",
+			Roles: []*gaia.UserRole{
+				{
+					Name: "List",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/secrets"),
+					},
+					Description: "List created secrets.",
+				},
+				{
+					Name: "Delete",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("DELETE", "/api/v1/secret/:key"),
+					},
+					Description: "Delete created secrets.",
+				},
+				{
+					Name: "Create",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("POST", "/api/v1/secret"),
+					},
+					Description: "Create new secrets.",
+				},
+				{
+					Name: "Update",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("PUT", "/api/v1/secret/update"),
+					},
+					Description: "Update created secrets.",
+				},
+			},
+		},
+		{
+			Name:        "User",
+			Description: "Managing of users.",
+			Roles: []*gaia.UserRole{
+				{
+					Name: "Create",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("POST", "/api/v1/user"),
+					},
+					Description: "Create new users.",
+				},
+				{
+					Name: "List",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/users"),
+					},
+					Description: "List created users.",
+				},
+				{
+					Name: "ChangePassword",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("POST", "/api/v1/user/password"),
+					},
+					Description: "Change created users passwords.",
+				},
+				{
+					Name: "Delete",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("DELETE", "/api/v1/user/:username"),
+					},
+					Description: "Delete created users.",
+				},
+			},
+		},
+		{
+			Name:        "UserPermission",
+			Description: "Managing of user permissions.",
+			Roles: []*gaia.UserRole{
+				{
+					Name: "Get",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("GET", "/api/v1/user/:username/permissions"),
+					},
+					Description: "Get created users permissions.",
+				},
+				{
+					Name: "Update",
+					ApiEndpoint: []*gaia.UserRoleEndpoint{
+						NewUserRoleEndpoint("PUT", "/api/v1/user/:username/permissions"),
+					},
+					Description: "Update created users permissions.",
+				},
+			},
+		},
+	}
+)

auth/role_test.go

@@ -0,0 +1,51 @@
+package auth
+
+import (
+	"testing"
+
+	"github.com/gaia-pipeline/gaia"
+)
+
+var mockData = []*gaia.UserRoleCategory{
+	{
+		Name: "CategoryA",
+		Roles: []*gaia.UserRole{
+			{
+				Name: "RoleA",
+			},
+			{
+				Name: "RoleB",
+			},
+		},
+	},
+	{
+		Name: "CategoryB",
+		Roles: []*gaia.UserRole{
+			{
+				Name: "RoleA",
+			},
+			{
+				Name: "RoleB",
+			},
+		},
+	},
+}
+
+func TestFlatRoleName(t *testing.T) {
+	value := FullUserRoleName(mockData[0], mockData[0].Roles[0])
+	expect := "CategoryARoleA"
+	if value != expect {
+		t.Fatalf("value %s should equal: %s", value, expect)
+	}
+}
+
+func TestFlattenUserCategoryRoles(t *testing.T) {
+	value := FlattenUserCategoryRoles(mockData)
+	expect := []string{"CategoryARoleA", "CategoryARoleB", "CategoryBRoleA", "CategoryBRoleB"}
+
+	for i := range expect {
+		if expect[i] != value[i] {
+			t.Fatalf("value %s should exist: %s", expect[i], value[i])
+		}
+	}
+}

frontend/client/App.vue

@@ -245,19 +245,19 @@ html {
   height: 50px;
 }
 
-.table td {
+.table-grid td {
   border: 0 !important;
   color: #8c91a0 !important;
   text-align: center !important;
 }
 
-.table th {
+.table-grid th {
   border-top: solid black 2px !important;
   border-bottom: solid black 2px !important;
   color: #4da2fc !important;
 }
 
-.table thead th {
+.table-grid  thead th {
   color: #4da2fc;
   text-align: center !important;
 }

frontend/client/app.js

@@ -1,12 +1,12 @@
 import Vue from 'vue'
 import axios from 'axios'
 import NProgress from 'vue-nprogress'
-import { sync } from 'vuex-router-sync'
+import {sync} from 'vuex-router-sync'
 import App from './App.vue'
 import router from './router'
 import store from './store'
 import * as filters from './filters'
-import { TOGGLE_SIDEBAR } from 'vuex-store/mutation-types'
+import {TOGGLE_SIDEBAR} from 'vuex-store/mutation-types'
 import Notification from 'vue-bulma-notification-fixed'
 import auth from './auth'
 import lodash from 'lodash'
@@ -72,31 +72,43 @@ function handleError (error) {
     })
     console.log(error.response.data.error)
   } else {
-    if (error.response.status === 404) {
-      openNotification({
-        title: 'Error: 404',
-        message: 'Not found',
-        type: 'danger'
-      })
-    } else if (error.response.status === 403) {
-    // Access denied
-      openNotification({
-        title: 'Error: 403',
-        message: 'Not authorized. Please login first.',
-        type: 'danger'
-      })
-    } else {
-      openNotification({
-        title: 'Error: ' + error.response.status.toString(),
-        message: error.response.data,
-        type: 'danger'
-      })
+    switch (error.response.status) {
+      case 404:
+        openNotification({
+          title: 'Error: 404',
+          message: 'Not found',
+          type: 'danger'
+        })
+        break
+      case 401:
+        openNotification({
+          title: 'Error: 401',
+          message: 'Not authorized. Please login first.',
+          type: 'danger'
+        })
+        break
+      default:
+        openNotification({
+          title: 'Error: ' + error.response.status.toString(),
+          message: error.response.data,
+          type: 'danger'
+        })
+        break
     }
     console.log(error.response.data)
   }
 }
 Vue.prototype.$onError = handleError
 
+Vue.prototype.$onSuccess = (title, message) => {
+  openNotification({
+    title: title,
+    message: message,
+    type: 'success',
+    duration: message > 60 ? 20000 : 4500
+  })
+}
+
 router.beforeEach((route, redirect, next) => {
   if (state.app.device.isMobile && state.app.sidebar.opened) {
     store.commit(TOGGLE_SIDEBAR, false)
@@ -115,4 +127,7 @@ const app = new Vue({
   ...App
 })
 
+// A simple event bus
+export const EventBus = new Vue()
+
 export { app, router, store }

frontend/client/views/pipeline/create.vue

@@ -124,7 +124,7 @@
               :global-search="true"
               :defaultSortBy="{field: 'created', type: 'desc'}"
               globalSearchPlaceholder="Search ..."
-              styleClass="table table-own-bordered">
+              styleClass="table table-grid table-own-bordered">
               <template slot="table-row" slot-scope="props">
                 <td>{{ props.row.pipeline.name }}</td>
                 <td class="progress-bar-height">

frontend/client/views/pipeline/detail.vue

@@ -34,7 +34,7 @@
               :global-search="true"
               :defaultSortBy="{field: 'id', type: 'desc'}"
               globalSearchPlaceholder="Search ..."
-              styleClass="table table-own-bordered">
+             styleClass="table table-grid table-own-bordered">
               <template slot="table-row" slot-scope="props">
                 <td>
                   <router-link :to="{ path: '/pipeline/detail', query: { pipelineid: pipelineID, runid: props.row.id }}" class="is-blue">