Merge pull request #956 from spadgett/canI-editor-checks

OpenShift Bot · web-flow · commit b503ddd5e353 · 2016-11-30T10:46:25.000-05:00
Merged by openshift-bot
diff --git a/app/scripts/controllers/addConfigVolume.js b/app/scripts/controllers/addConfigVolume.js
@@ -15,6 +15,7 @@ angular.module('openshiftConsole')
                        $scope,
                        $window,
                        APIService,
+                       AuthorizationService,
                        BreadcrumbsService,
                        DataService,
                        Navigate,
@@ -95,6 +96,12 @@ angular.module('openshiftConsole')
       .then(_.spread(function(project, context) {
         $scope.project = project;
 
+        if (!AuthorizationService.canI(resourceGroupVersion, 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update ' +
+                               humanizeKind($routeParams.kind) + ' ' + $routeParams.name + '.', 'access_denied');
+          return;
+        }
+
         var orderByDisplayName = $filter('orderByDisplayName');
         var getErrorDetails = $filter('getErrorDetails');
         var generateName = $filter('generateName');
@@ -125,17 +132,18 @@ angular.module('openshiftConsole')
         DataService.list("configmaps", context, null, { errorNotification: false }).then(function(configMapData) {
           $scope.configMaps = orderByDisplayName(configMapData.by("metadata.name"));
         }, function(e) {
-          if (e.status === 403) {
+          if (e.code === 403) {
             $scope.configMaps = [];
             return;
           }
 
           displayError('Could not load config maps', getErrorDetails(e));
         });
+
         DataService.list("secrets", context, null, { errorNotification: false }).then(function(secretData) {
           $scope.secrets = orderByDisplayName(secretData.by("metadata.name"));
         }, function(e) {
-          if (e.status === 403) {
+          if (e.code === 403) {
             $scope.secrets = [];
             return;
           }
diff --git a/app/scripts/controllers/attachPVC.js b/app/scripts/controllers/attachPVC.js
@@ -8,16 +8,18 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('AttachPVCController', function($filter,
-                                              $routeParams,
-                                              $scope,
-                                              $window,
-                                              APIService,
-                                              BreadcrumbsService,
-                                              DataService,
-                                              Navigate,
-                                              ProjectsService,
-                                              StorageService) {
+  .controller('AttachPVCController',
+              function($filter,
+                       $routeParams,
+                       $scope,
+                       $window,
+                       APIService,
+                       AuthorizationService,
+                       BreadcrumbsService,
+                       DataService,
+                       Navigate,
+                       ProjectsService,
+                       StorageService) {
     if (!$routeParams.kind || !$routeParams.name) {
       Navigate.toErrorPage("Kind or name parameter missing.");
       return;
@@ -73,6 +75,12 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI(resourceGroupVersion, 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update ' +
+                               $filter('humanizeKind')($routeParams.kind) + ' ' + $routeParams.name + '.', 'access_denied');
+          return;
+        }
+
         var orderByDisplayName = $filter('orderByDisplayName');
         var getErrorDetails = $filter('getErrorDetails');
         var generateName = $filter('generateName');
diff --git a/app/scripts/controllers/createConfigMap.js b/app/scripts/controllers/createConfigMap.js
@@ -13,6 +13,7 @@ angular.module('openshiftConsole')
                         $routeParams,
                         $scope,
                         $window,
+                        AuthorizationService,
                         DataService,
                         Navigate,
                         ProjectsService) {
@@ -41,6 +42,11 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI('configmaps', 'create', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to create config maps in project ' + $routeParams.project + '.', 'access_denied');
+          return;
+        }
+
         $scope.configMap = {
           apiVersion: 'v1',
           kind: 'ConfigMap',
diff --git a/app/scripts/controllers/createPersistentVolumeClaim.js b/app/scripts/controllers/createPersistentVolumeClaim.js
@@ -8,7 +8,17 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('CreatePersistentVolumeClaimController', function ($filter, $routeParams, $scope, $window, ApplicationGenerator, DataService, Navigate, ProjectsService,keyValueEditorUtils) {
+  .controller('CreatePersistentVolumeClaimController',
+              function($filter,
+                       $routeParams,
+                       $scope,
+                       $window,
+                       ApplicationGenerator,
+                       AuthorizationService,
+                       DataService,
+                       Navigate,
+                       ProjectsService,
+                       keyValueEditorUtils) {
     $scope.alerts = {};
     $scope.projectName = $routeParams.project;
     $scope.accessModes="ReadWriteOnce";
@@ -35,6 +45,11 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI('persistentvolumeclaims', 'create', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to create persistent volume claims in project ' + $routeParams.project + '.', 'access_denied');
+          return;
+        }
+
         $scope.createPersistentVolumeClaim = function() {
           if ($scope.createPersistentVolumeClaimForm.$valid) {
             $scope.disableInputs = true;
diff --git a/app/scripts/controllers/createRoute.js b/app/scripts/controllers/createRoute.js
@@ -8,7 +8,16 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('CreateRouteController', function ($filter, $routeParams, $scope, $window, ApplicationGenerator, DataService, Navigate, ProjectsService) {
+  .controller('CreateRouteController',
+              function($filter,
+                       $routeParams,
+                       $scope,
+                       $window,
+                       ApplicationGenerator,
+                       AuthorizationService,
+                       DataService,
+                       Navigate,
+                       ProjectsService) {
     $scope.alerts = {};
     $scope.renderOptions = {
       hideFilterWidget: true
@@ -42,6 +51,11 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI('routes', 'create', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to create routes in project ' + $routeParams.project + '.', 'access_denied');
+          return;
+        }
+
         var labels = {},
             orderByDisplayName = $filter('orderByDisplayName');
 
diff --git a/app/scripts/controllers/createSecret.js b/app/scripts/controllers/createSecret.js
@@ -8,7 +8,18 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('CreateSecretController', function ($filter, $location, $routeParams, $scope, $window, AlertMessageService, ApplicationGenerator, DataService, Navigate, ProjectsService) {
+  .controller('CreateSecretController',
+              function($filter,
+                       $location,
+                       $routeParams,
+                       $scope,
+                       $window,
+                       AlertMessageService,
+                       ApplicationGenerator,
+                       AuthorizationService,
+                       DataService,
+                       Navigate,
+                       ProjectsService) {
     $scope.alerts = {};
     $scope.projectName = $routeParams.project;
 
@@ -42,6 +53,11 @@ angular.module('openshiftConsole')
         $scope.context = context;
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI('secrets', 'create', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to create secrets in project ' + $routeParams.project + '.', 'access_denied');
+          return;
+        }
+
         $scope.postCreateAction = function(newSecret, creationAlerts) {
           _.each(creationAlerts, function(alert) {
             AlertMessageService.addAlert(alert);
diff --git a/app/scripts/controllers/edit/autoscaler.js b/app/scripts/controllers/edit/autoscaler.js
@@ -14,6 +14,7 @@ angular.module('openshiftConsole')
                         $routeParams,
                         $window,
                         APIService,
+                        AuthorizationService,
                         BreadcrumbsService,
                         DataService,
                         HPAService,
@@ -79,6 +80,12 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.project = project;
 
+        var verb = $routeParams.kind === 'HorizontalPodAutoscaler' ? 'update' : 'create';
+        if (!AuthorizationService.canI({ resource: 'horizontalpodautoscalers', group: 'extensions' }, verb, $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to ' + verb + ' horizontal pod autoscalers in project ' + $routeParams.project + '.', 'access_denied');
+          return;
+        }
+
         var createHPA = function() {
           $scope.disableInputs = true;
           var hpa = {
diff --git a/app/scripts/controllers/edit/buildConfig.js b/app/scripts/controllers/edit/buildConfig.js
@@ -7,7 +7,20 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('EditBuildConfigController', function ($scope, $routeParams, DataService, SecretsService, ProjectsService, $filter, ApplicationGenerator, Navigate, $location, AlertMessageService, SOURCE_URL_PATTERN, keyValueEditorUtils) {
+  .controller('EditBuildConfigController',
+              function($scope,
+                       $filter,
+                       $location,
+                       $routeParams,
+                       AlertMessageService,
+                       ApplicationGenerator,
+                       AuthorizationService,
+                       DataService,
+                       Navigate,
+                       ProjectsService,
+                       SOURCE_URL_PATTERN,
+                       SecretsService,
+                       keyValueEditorUtils) {
 
     $scope.projectName = $routeParams.project;
     $scope.buildConfig = null;
@@ -120,6 +133,12 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI('buildconfigs', 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update build config ' +
+                               $routeParams.buildconfig + '.', 'access_denied');
+          return;
+        }
+
         DataService.get("buildconfigs", $routeParams.buildconfig, context).then(
           // success
           function(buildConfig) {
diff --git a/app/scripts/controllers/edit/deploymentConfig.js b/app/scripts/controllers/edit/deploymentConfig.js
@@ -7,7 +7,21 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('EditDeploymentConfigController', function ($scope, $routeParams, $uibModal, DataService, BreadcrumbsService, SecretsService, ProjectsService, $filter, Navigate, $location, AlertMessageService, SOURCE_URL_PATTERN, keyValueEditorUtils) {
+  .controller('EditDeploymentConfigController',
+              function($scope,
+                       $filter,
+                       $location,
+                       $routeParams,
+                       $uibModal,
+                       AlertMessageService,
+                       AuthorizationService,
+                       BreadcrumbsService,
+                       DataService,
+                       Navigate,
+                       ProjectsService,
+                       SecretsService,
+                       SOURCE_URL_PATTERN,
+                       keyValueEditorUtils) {
     $scope.projectName = $routeParams.project;
     $scope.deploymentConfig = null;
     $scope.alerts = {};
@@ -55,6 +69,13 @@ angular.module('openshiftConsole')
       .then(_.spread(function(project, context) {
         $scope.project = project;
         $scope.context = context;
+
+        if (!AuthorizationService.canI('deploymentconfigs', 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update deployment config ' +
+                               $routeParams.deploymentconfig + '.', 'access_denied');
+          return;
+        }
+
         DataService.get("deploymentconfigs", $routeParams.deploymentconfig, context).then(
           // success
           function(deploymentConfig) {
diff --git a/app/scripts/controllers/edit/healthChecks.js b/app/scripts/controllers/edit/healthChecks.js
@@ -14,6 +14,7 @@ angular.module('openshiftConsole')
                         $routeParams,
                         $scope,
                         AlertMessageService,
+                        AuthorizationService,
                         BreadcrumbsService,
                         APIService,
                         DataService,
@@ -72,6 +73,12 @@ angular.module('openshiftConsole')
           resource: APIService.kindToResource($routeParams.kind),
           group: $routeParams.group
         };
+
+        if (!AuthorizationService.canI(resourceGroupVersion, 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update ' + displayName + '.', 'access_denied');
+          return;
+        }
+
         DataService.get(resourceGroupVersion, $scope.name, context).then(
           function(result) {
             // Modify a copy of the resource.
diff --git a/app/scripts/controllers/edit/route.js b/app/scripts/controllers/edit/route.js
@@ -8,15 +8,17 @@
  * Controller of the openshiftConsole
  */
 angular.module('openshiftConsole')
-  .controller('EditRouteController', function ($filter,
-                                               $location,
-                                               $routeParams,
-                                               $scope,
-                                               AlertMessageService,
-                                               DataService,
-                                               Navigate,
-                                               ProjectsService,
-                                               RoutesService) {
+  .controller('EditRouteController',
+              function($filter,
+                       $location,
+                       $routeParams,
+                       $scope,
+                       AlertMessageService,
+                       AuthorizationService,
+                       DataService,
+                       Navigate,
+                       ProjectsService,
+                       RoutesService) {
     $scope.alerts = {};
     $scope.renderOptions = {
       hideFilterWidget: true
@@ -46,6 +48,11 @@ angular.module('openshiftConsole')
         // Update project breadcrumb with display name.
         $scope.breadcrumbs[0].title = $filter('displayName')(project);
 
+        if (!AuthorizationService.canI('routes', 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update route ' + $routeParams.routeName + '.', 'access_denied');
+          return;
+        }
+
         var orderByDisplayName = $filter('orderByDisplayName');
 
         var route;
diff --git a/app/scripts/controllers/edit/yaml.js b/app/scripts/controllers/edit/yaml.js
@@ -15,6 +15,7 @@ angular.module('openshiftConsole')
                                               $window,
                                               AlertMessageService,
                                               APIService,
+                                              AuthorizationService,
                                               BreadcrumbsService,
                                               DataService,
                                               Navigate,
@@ -70,6 +71,12 @@ angular.module('openshiftConsole')
           group: $routeParams.group
         };
 
+        if (!AuthorizationService.canI(resourceGroupVersion, 'update', $routeParams.project)) {
+          Navigate.toErrorPage('You do not have authority to update ' +
+                               humanizeKind($routeParams.kind) + ' ' + $routeParams.name + '.', 'access_denied');
+          return;
+        }
+
         DataService.get(resourceGroupVersion, $scope.name, context).then(
           function(result) {
             // Modify a copy of the resource.
diff --git a/app/scripts/controllers/setLimits.js b/app/scripts/controllers/setLimits.js
diff --git a/dist/scripts/scripts.js b/dist/scripts/scripts.js
