yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-31 20:51:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(#12954): restrict roles and policy in settings for admins only (#13073)

Browse Source 
* fix(#12954): restrict roles and policy in settings for admins only

* chore: address comments
This commit is contained in:
Sachin Chaurasiya 2023-09-05 15:19:24 +05:30 committed by GitHub
parent 011eaf8ad5
commit 80c11ab4f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 282 additions and 440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
openmetadata-ui/src/main/resources/ui/src/components/router/AdminProtectedRoute.tsx
View File

@ -19,15 +19,16 @@ import { ROUTES } from '../../constants/constants';
import { useAuth } from '../../hooks/authHooks';
interface AdminProtectedRouteProps extends RouteProps {
hasPermission: boolean;
hasPermission?: boolean;
}
const AdminProtectedRoute = (routeProps: AdminProtectedRouteProps) => {
const { isAdminUser } = useAuth();
const hasPermission = Boolean(routeProps.hasPermission);
if (isAdminUser || routeProps.hasPermission) {
if (isAdminUser || hasPermission) {
return <Route {...routeProps} />;
} else if (!routeProps.hasPermission) {
} else if (!hasPermission) {
return <ErrorPlaceHolder type={ERROR_PLACEHOLDER_TYPE.PERMISSION} />;
} else {
return <Redirect to={ROUTES.SIGNIN} />;

12
openmetadata-ui/src/main/resources/ui/src/components/router/GlobalSettingRouter.tsx
View File

@ -175,17 +175,13 @@ const GlobalSettingRouter = () => {
<AdminProtectedRoute
exact
component={RolesListPage}
hasPermission={userPermissions.hasViewPermissions(
ResourceEntity.ROLE,
permissions
)}
path={getSettingPath(
GlobalSettingsMenuCategory.ACCESS,
GlobalSettingOptions.ROLES
)}
/>
<Route
<AdminProtectedRoute
exact
component={RolesDetailPage}
path={getSettingPath(
@ -201,16 +197,12 @@ const GlobalSettingRouter = () => {
<AdminProtectedRoute
exact
component={PoliciesListPage}
hasPermission={userPermissions.hasViewPermissions(
ResourceEntity.POLICY,
permissions
)}
path={getSettingPath(
GlobalSettingsMenuCategory.ACCESS,
GlobalSettingOptions.POLICIES
)}
/>
<Route
<AdminProtectedRoute
exact
component={PoliciesDetailPage}
path={getSettingPath(

26
openmetadata-ui/src/main/resources/ui/src/pages/PoliciesPage/PoliciesDetailPage/PoliciesDetailPage.test.tsx
View File

@ -57,20 +57,6 @@ jest.mock('components/Loader/Loader', () =>
jest.fn().mockReturnValue(<div>Loader</div>)
);
jest.mock('components/PermissionProvider/PermissionProvider', () => ({
usePermissionProvider: jest.fn().mockReturnValue({
getEntityPermissionByFqn: jest.fn().mockReturnValue({
Create: true,
Delete: true,
ViewAll: true,
EditAll: true,
EditDescription: true,
EditDisplayName: true,
EditCustomFields: true,
}),
}),
}));
jest.mock('../../../constants/HelperTextUtil', () => ({
NO_PERMISSION_FOR_ACTION: '',
NO_PERMISSION_TO_VIEW: '',
@ -80,18 +66,6 @@ jest.mock('../../../utils/CommonUtils', () => ({
getEntityName: jest.fn().mockReturnValue(''),
}));
jest.mock('../../../utils/PermissionsUtils', () => ({
DEFAULT_ENTITY_PERMISSION: {
Create: true,
Delete: true,
ViewAll: true,
EditAll: true,
EditDescription: true,
EditDisplayName: true,
EditCustomFields: true,
},
}));
jest.mock('../../../utils/RouterUtils', () => ({
getAddPolicyRulePath: jest.fn(),
getEditPolicyRulePath: jest.fn(),

83
openmetadata-ui/src/main/resources/ui/src/pages/PoliciesPage/PoliciesDetailPage/PoliciesDetailPage.tsx
View File

@ -22,7 +22,6 @@ import {
Row,
Space,
Tabs,
Tooltip,
Typography,
} from 'antd';
import { ReactComponent as EditIcon } from 'assets/svg/edit-new.svg';
@ -32,12 +31,6 @@ import ErrorPlaceHolder from 'components/common/error-with-placeholder/ErrorPlac
import RichTextEditorPreviewer from 'components/common/rich-text-editor/RichTextEditorPreviewer';
import TitleBreadcrumb from 'components/common/title-breadcrumb/title-breadcrumb.component';
import Loader from 'components/Loader/Loader';
import { usePermissionProvider } from 'components/PermissionProvider/PermissionProvider';
import {
OperationPermission,
ResourceEntity,
} from 'components/PermissionProvider/PermissionProvider.interface';
import { ERROR_PLACEHOLDER_TYPE } from 'enums/common.enum';
import { compare } from 'fast-json-patch';
import { isEmpty, isUndefined, startCase } from 'lodash';
import React, { useCallback, useEffect, useMemo, useState } from 'react';
@ -59,7 +52,6 @@ import { EntityType } from '../../../enums/entity.enum';
import { Rule } from '../../../generated/api/policies/createPolicy';
import { Policy } from '../../../generated/entity/policies/policy';
import { EntityReference } from '../../../generated/type/entityReference';
import { DEFAULT_ENTITY_PERMISSION } from '../../../utils/PermissionsUtils';
import {
getAddPolicyRulePath,
getEditPolicyRulePath,
@ -78,7 +70,6 @@ const PoliciesDetailPage = () => {
const { t } = useTranslation();
const history = useHistory();
const { fqn } = useParams<{ fqn: string }>();
const { getEntityPermissionByFqn } = usePermissionProvider();
const [policy, setPolicy] = useState<Policy>({} as Policy);
const [isLoading, setLoading] = useState<boolean>(false);
@ -87,10 +78,6 @@ const PoliciesDetailPage = () => {
const [selectedEntity, setEntity] =
useState<{ attribute: Attribute; record: EntityReference }>();
const [policyPermission, setPolicyPermission] = useState<OperationPermission>(
DEFAULT_ENTITY_PERMISSION
);
const policiesPath = getSettingPath(
GlobalSettingsMenuCategory.ACCESS,
GlobalSettingOptions.POLICIES
@ -110,21 +97,6 @@ const PoliciesDetailPage = () => {
[policy]
);
const fetchPolicyPermission = async () => {
setLoading(true);
try {
const response = await getEntityPermissionByFqn(
ResourceEntity.POLICY,
fqn
);
setPolicyPermission(response);
} catch (error) {
showErrorToast(error as AxiosError);
} finally {
setLoading(false);
}
};
const fetchPolicy = async () => {
setLoading(true);
try {
@ -256,7 +228,6 @@ const PoliciesDetailPage = () => {
(rule: Rule) => {
return (
<Dropdown
disabled={!policyPermission.EditAll}
overlay={
<Menu
items={[
@ -307,15 +278,8 @@ const PoliciesDetailPage = () => {
}
placement="bottomRight"
trigger={['click']}>
<Tooltip
title={
policyPermission.EditAll
? t('label.manage-rule')
: t('message.no-permission-for-action')
}>
<Button
data-testid={`manage-button-${rule.name}`}
disabled={!policyPermission.EditAll}
icon={<EllipsisOutlined className="text-grey-body" rotate={90} />}
size="small"
type="text"
@ -323,22 +287,15 @@ const PoliciesDetailPage = () => {
e.stopPropagation();
}}
/>
</Tooltip>
</Dropdown>
);
},
[policy, policyPermission]
[policy]
);
useEffect(() => {
fetchPolicyPermission();
}, [fqn]);
useEffect(() => {
if (policyPermission.ViewAll || policyPermission.ViewBasic) {
fetchPolicy();
}
}, [policyPermission, fqn]);
}, [fqn]);
if (isLoading) {
return <Loader />;
@ -347,7 +304,7 @@ const PoliciesDetailPage = () => {
return (
<div data-testid="policy-details-container">
<TitleBreadcrumb titleLinks={breadcrumb} />
{policyPermission.ViewAll || policyPermission.ViewBasic ? (
<>
{isEmpty(policy) ? (
<ErrorPlaceHolder>
@ -375,14 +332,12 @@ const PoliciesDetailPage = () => {
{getEntityName(policy)}
</Typography.Title>
<Description
hasEditAccess
className="m-b-md"
description={policy.description || ''}
entityFqn={policy.fullyQualifiedName}
entityName={getEntityName(policy)}
entityType={EntityType.POLICY}
hasEditAccess={
policyPermission.EditAll || policyPermission.EditDescription
}
isEdit={editDescription}
onCancel={() => setEditDescription(false)}
onDescriptionEdit={() => setEditDescription(true)}
@ -394,35 +349,19 @@ const PoliciesDetailPage = () => {
{isEmpty(policy.rules) ? (
<ErrorPlaceHolder />
) : (
<Space
className="w-full tabpane-space"
direction="vertical">
<Tooltip
title={
policyPermission.EditAll
? t('label.add-entity', {
entity: t('label.rule'),
})
: t('message.no-permission-for-action')
}>
<Space className="w-full tabpane-space" direction="vertical">
<Button
data-testid="add-rule"
disabled={!policyPermission.EditAll}
type="primary"
onClick={() =>
history.push(getAddPolicyRulePath(fqn))
}>
onClick={() => history.push(getAddPolicyRulePath(fqn))}>
{t('label.add-entity', {
entity: t('label.rule'),
})}
</Button>
</Tooltip>
<Space className="w-full" direction="vertical" size={20}>
{policy.rules.map((rule) => (
<Card
data-testid="rule-card"
key={rule.name || 'rule'}>
<Card data-testid="rule-card" key={rule.name || 'rule'}>
<Space
align="baseline"
className="w-full justify-between p-b-lg"
@ -514,7 +453,7 @@ const PoliciesDetailPage = () => {
</TabPane>
<TabPane key="roles" tab={t('label.role-plural')}>
<PoliciesDetailsList
hasAccess={policyPermission.EditAll}
hasAccess
list={policy.roles ?? []}
type="role"
onDelete={(record) =>
@ -524,7 +463,7 @@ const PoliciesDetailPage = () => {
</TabPane>
<TabPane key="teams" tab={t('label.team-plural')}>
<PoliciesDetailsList
hasAccess={policyPermission.EditAll}
hasAccess
list={policy.teams ?? []}
type="team"
onDelete={(record) =>
@ -536,9 +475,7 @@ const PoliciesDetailPage = () => {
</div>
)}
</>
) : (
<ErrorPlaceHolder type={ERROR_PLACEHOLDER_TYPE.PERMISSION} />
)}
{selectedEntity && (
<Modal
centered

14
openmetadata-ui/src/main/resources/ui/src/pages/RolesPage/RolesDetailPage/RolesDetailPage.test.tsx
View File

@ -60,20 +60,6 @@ jest.mock('../../../utils/RouterUtils', () => ({
getTeamsWithFqnPath: jest.fn(),
}));
jest.mock('components/PermissionProvider/PermissionProvider', () => ({
usePermissionProvider: jest.fn().mockReturnValue({
getEntityPermissionByFqn: jest.fn().mockReturnValue({
Create: true,
Delete: true,
ViewAll: true,
EditAll: true,
EditDescription: true,
EditDisplayName: true,
EditCustomFields: true,
}),
}),
}));
describe('Test Roles Details Page', () => {
it('Should render the detail component', async () => {
render(<RolesDetailPage />);

60
openmetadata-ui/src/main/resources/ui/src/pages/RolesPage/RolesDetailPage/RolesDetailPage.tsx
View File

@ -11,17 +11,12 @@
* limitations under the License.
*/
import { Button, Modal, Space, Tabs, Tooltip, Typography } from 'antd';
import { Button, Modal, Space, Tabs, Typography } from 'antd';
import { AxiosError } from 'axios';
import Description from 'components/common/description/Description';
import ErrorPlaceHolder from 'components/common/error-with-placeholder/ErrorPlaceHolder';
import TitleBreadcrumb from 'components/common/title-breadcrumb/title-breadcrumb.component';
import Loader from 'components/Loader/Loader';
import { usePermissionProvider } from 'components/PermissionProvider/PermissionProvider';
import {
OperationPermission,
ResourceEntity,
} from 'components/PermissionProvider/PermissionProvider.interface';
import { ERROR_PLACEHOLDER_TYPE } from 'enums/common.enum';
import { compare } from 'fast-json-patch';
import { isEmpty, isUndefined } from 'lodash';
@ -39,7 +34,6 @@ import {
import { EntityType } from '../../../enums/entity.enum';
import { Role } from '../../../generated/entity/teams/role';
import { EntityReference } from '../../../generated/type/entityReference';
import { DEFAULT_ENTITY_PERMISSION } from '../../../utils/PermissionsUtils';
import { getSettingPath } from '../../../utils/RouterUtils';
import { showErrorToast } from '../../../utils/ToastUtils';
import AddAttributeModal from '../AddAttributeModal/AddAttributeModal';
@ -58,7 +52,6 @@ interface AddAttribute {
const RolesDetailPage = () => {
const history = useHistory();
const { t } = useTranslation();
const { getEntityPermissionByFqn } = usePermissionProvider();
const { fqn } = useParams<{ fqn: string }>();
const [role, setRole] = useState<Role>({} as Role);
@ -70,10 +63,6 @@ const RolesDetailPage = () => {
const [addAttribute, setAddAttribute] = useState<AddAttribute>();
const [rolePermission, setRolePermission] = useState<OperationPermission>(
DEFAULT_ENTITY_PERMISSION
);
const rolesPath = getSettingPath(
GlobalSettingsMenuCategory.ACCESS,
GlobalSettingOptions.ROLES
@ -93,18 +82,6 @@ const RolesDetailPage = () => {
[role]
);
const fetchRolePermission = async () => {
setLoading(true);
try {
const response = await getEntityPermissionByFqn(ResourceEntity.ROLE, fqn);
setRolePermission(response);
} catch (error) {
showErrorToast(error as AxiosError);
} finally {
setLoading(false);
}
};
const fetchRole = async () => {
setLoading(true);
try {
@ -238,14 +215,8 @@ const RolesDetailPage = () => {
};
useEffect(() => {
fetchRolePermission();
}, [fqn]);
useEffect(() => {
if (rolePermission.ViewAll || rolePermission.ViewBasic) {
fetchRole();
}
}, [rolePermission, fqn]);
}, [fqn]);
if (isLoading) {
return <Loader />;
@ -254,7 +225,7 @@ const RolesDetailPage = () => {
return (
<div data-testid="role-details-container">
<TitleBreadcrumb titleLinks={breadcrumb} />
{rolePermission.ViewAll || rolePermission.ViewBasic ? (
<>
{isEmpty(role) ? (
<ErrorPlaceHolder type={ERROR_PLACEHOLDER_TYPE.CUSTOM}>
@ -283,14 +254,12 @@ const RolesDetailPage = () => {
{getEntityName(role)}
</Typography.Title>
<Description
hasEditAccess
className="m-b-md"
description={role.description || ''}
entityFqn={role.fullyQualifiedName}
entityName={getEntityName(role)}
entityType={EntityType.ROLE}
hasEditAccess={
rolePermission.EditAll || rolePermission.EditDescription
}
isEdit={editDescription}
onCancel={() => setEditDescription(false)}
onDescriptionEdit={() => setEditDescription(true)}
@ -300,17 +269,8 @@ const RolesDetailPage = () => {
<Tabs data-testid="tabs" defaultActiveKey="policies">
<TabPane key="policies" tab={t('label.policy-plural')}>
<Space className="w-full" direction="vertical">
<Tooltip
title={
rolePermission.EditAll
? t('label.add-entity', {
entity: t('label.policy'),
})
: t('message.no-permission-for-action')
}>
<Button
data-testid="add-policy"
disabled={!rolePermission.EditAll}
type="primary"
onClick={() =>
setAddAttribute({
@ -322,9 +282,9 @@ const RolesDetailPage = () => {
entity: t('label.policy'),
})}
</Button>
</Tooltip>
<RolesDetailPageList
hasAccess={rolePermission.EditAll}
hasAccess
list={role.policies ?? []}
type="policy"
onDelete={(record) =>
@ -335,7 +295,7 @@ const RolesDetailPage = () => {
</TabPane>
<TabPane key="teams" tab={t('label.team-plural')}>
<RolesDetailPageList
hasAccess={rolePermission.EditAll}
hasAccess
list={role.teams ?? []}
type="team"
onDelete={(record) =>
@ -345,7 +305,7 @@ const RolesDetailPage = () => {
</TabPane>
<TabPane key="users" tab={t('label.user-plural')}>
<RolesDetailPageList
hasAccess={rolePermission.EditAll}
hasAccess
list={role.users ?? []}
type="user"
onDelete={(record) =>
@ -357,9 +317,7 @@ const RolesDetailPage = () => {
</div>
)}
</>
) : (
<ErrorPlaceHolder type={ERROR_PLACEHOLDER_TYPE.PERMISSION} />
)}
{selectedEntity && (
<Modal
centered

10
openmetadata-ui/src/main/resources/ui/src/utils/GlobalSettingsUtils.tsx
View File

@ -102,19 +102,13 @@ export const getGlobalSettingsMenuWithPermission = (
items: [
{
label: i18next.t('label.role-plural'),
isProtected: userPermissions.hasViewPermissions(
ResourceEntity.ROLE,
permissions
),
isProtected: Boolean(isAdminUser),
key: 'access.roles',
icon: <RolesIcon className="side-panel-icons" />,
},
{
label: i18next.t('label.policy-plural'),
isProtected: userPermissions.hasViewPermissions(
ResourceEntity.POLICY,
permissions
),
isProtected: Boolean(isAdminUser),
key: 'access.policies',
icon: <PoliciesIcon className="side-panel-icons" />,
},