919001084

pending completion

Build # 919001084

Build Type

Pull #3839

gitlab-ci

Committed by

mzedel

Commit Message

revert: "chore: bump node from 20.2.0-alpine to 20.3.1-alpine"

This reverts commit cbfcd7663.

Signed-off-by: Manuel Zedel <manuel.zedel@northern.tech>

Pull Request Pull Request #3839: Combined PRs

Run Details

4399 of 6397 branches covered (68.77%)

8302 of 10074 relevant lines covered (82.41%)

162.96 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.62

/src/js/constants/userConstants.js

'use strict';

// Copyright 2015 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.
import { apiUrl } from '../api/general-api';
import { ALL_DEVICES } from './deviceConstants';
import { ALL_RELEASES } from './releaseConstants';

export const useradmApiUrlv1 = `${apiUrl.v1}/useradm`;
export const useradmApiUrlv2 = `${apiUrl.v2}/useradm`;
export { useradmApiUrlv1 as useradmApiUrl };

const staticRolesByName = {
  admin: 'RBAC_ROLE_PERMIT_ALL',
  readOnly: 'RBAC_ROLE_OBSERVER',
  ci: 'RBAC_ROLE_CI',
  deploymentsManager: 'RBAC_ROLE_DEPLOYMENTS_MANAGER',
  terminalAccess: 'RBAC_ROLE_REMOTE_TERMINAL'
};

export const PermissionTypes = {
  Any: 'any',
  Get: 'GET',
  Post: 'POST',
  Put: 'PUT',
  Delete: 'DELETE',
  Patch: 'PATCH',
  DeviceGroup: 'DEVICE_GROUP',
  DeviceId: 'DEVICE_ID'
};

const permissionSetIds = {
  Basic: 'Basic',
  ConfigureDevices: 'ConfigureDevices',
  ConnectToDevices: 'ConnectToDevices',
  DeployToDevices: 'DeployToDevices',
  ManageDevices: 'ManageDevices',
  ManageReleases: 'ManageReleases',
  ManageUsers: 'ManageUsers',
  ReadAuditLogs: 'ReadAuditLogs',
  ReadDevices: 'ReadDevices',
  ReadReleases: 'ReadReleases',
  ReadUsers: 'ReadUsers',
  SuperUser: 'SuperUser',
  UploadArtifacts: 'UploadArtifacts'
};

export const uiPermissionsById = {
  configure: {
    explanations: { groups: `'Configure' allows the user to use mender-configure features and apply configurations.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.ConfigureDevices },
    title: 'Configure',
    value: 'configure',
    verbs: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post]
  },
  connect: {
    explanations: { groups: `'Connect' allows the user to use mender-connect features and Troubleshoot add-ons.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.ConnectToDevices },
    title: 'Connect',
    value: 'connect',
    verbs: [PermissionTypes.Get, PermissionTypes.Put]
  },
  deploy: {
    explanations: { groups: `'Deploy' allows the user to deploy software or configuration updates to devices.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.DeployToDevices },
    title: 'Deploy',
    value: 'deploy',
    verbs: [PermissionTypes.Post]
  },
  manage: {
    explanations: {
      groups: `'Manage' allows the user to edit device name, notes, and manage authentication status. For 'All devices' it also allows the user to edit and create device groups.`,
      releases: `'Manage' allows the user to upload new artifacts, edit release descriptions and remove artifacts.`
    },
    permissionLevel: 2,
    permissionSets: {
      groups: permissionSetIds.ManageDevices,
      releases: permissionSetIds.ManageReleases,
      userManagement: permissionSetIds.ManageUsers
    },
    title: 'Manage',
    value: 'manage',
    verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
  },
  read: {
    explanations: { groups: `'Read' allows the user to view devices.` },
    permissionLevel: 1,
    permissionSets: {
      auditlog: permissionSetIds.ReadAuditLogs,
      groups: permissionSetIds.ReadDevices,
      releases: permissionSetIds.ReadReleases,
      userManagement: permissionSetIds.ReadUsers
    },
    title: 'Read',
    value: 'read',
    verbs: [PermissionTypes.Get, PermissionTypes.Post]
  },
  upload: {
    explanations: { groups: `'Upload' allows the user to upload new Artifacts.` },
    unscopedOnly: { releases: true },
    permissionLevel: 1,
    permissionSets: { releases: permissionSetIds.UploadArtifacts },
    title: 'Upload',
    value: 'upload',
    verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
  }
};

export const defaultPermissionSets = {
  [permissionSetIds.Basic]: { name: permissionSetIds.Basic },
  [permissionSetIds.SuperUser]: { name: permissionSetIds.SuperUser },
  [permissionSetIds.ManageUsers]: {
    name: permissionSetIds.ManageUsers,
    result: {
      userManagement: [uiPermissionsById.manage.value]
    }
  },
  [permissionSetIds.ReadAuditLogs]: {
    name: permissionSetIds.ReadAuditLogs,
    result: {
      auditlog: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.ReadReleases]: {
    name: permissionSetIds.ReadReleases,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
    }
  },
  [permissionSetIds.ReadUsers]: {
    name: permissionSetIds.ReadUsers,
    result: {
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.UploadArtifacts]: {
    name: permissionSetIds.UploadArtifacts,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.upload.value] }
    }
  },
  [permissionSetIds.ManageReleases]: {
    name: permissionSetIds.ManageReleases,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.manage.value] }
    }
  },
  [permissionSetIds.ConfigureDevices]: {
    name: permissionSetIds.ConfigureDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.configure.value] }
    }
  },
  [permissionSetIds.ConnectToDevices]: {
    name: permissionSetIds.ConnectToDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
    }
  },
  [permissionSetIds.DeployToDevices]: {
    name: permissionSetIds.DeployToDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] }
    }
  },
  [permissionSetIds.ManageDevices]: {
    name: permissionSetIds.ManageDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.manage.value] }
    }
  },
  [permissionSetIds.ReadDevices]: {
    name: permissionSetIds.ReadDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] }
    }
  }
};
/**
 * _uiPermissions_ represent the possible permissions/ rights that can be given for the area
 * _endpoints_ represent the possible endpoints this definition might be affecting in the UI and what
 *              functionality might be affected
 *
 */
export const uiPermissionsByArea = {
  auditlog: {
    endpoints: [{ path: /\/(auditlog)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }],
    explanation:
      'Granting access to the audit log will allow tracing changes to devices, releases and user accounts, as well as providing information about deployments.',
    uiPermissions: [uiPermissionsById.read],
    title: 'System audit log'
  },
  deployments: {
    endpoints: [
      { path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Post, PermissionTypes.Put], uiPermissions: [uiPermissionsById.deploy] },
      { path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }
    ],
    explanation: 'Providing deploy permissions will allow deployments to be created using the releases and devices a user has access to.',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.deploy],
    title: 'Deployments'
  },
  groups: {
    endpoints: [
      {
        path: /\/(devauth|inventory|deviceconfig|devicemonitor|deviceconnect\/devices)/i,
        types: [PermissionTypes.Get],
        uiPermissions: [uiPermissionsById.read]
      },
      { path: /\/(devauth|inventory)/i, types: [PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] },
      { path: /\/(deviceconfig)/i, types: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.configure] },
      { path: /\/(deviceconnect\/devices)/i, types: [PermissionTypes.Get, PermissionTypes.Post], uiPermissions: [uiPermissionsById.connect] }
    ],
    explanation: 'Device group management permissions control the degree to which devices in a group can be accessed and moved to other groups.',
    scope: 'DeviceGroups',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.deploy, uiPermissionsById.configure, uiPermissionsById.connect],
    title: 'Group Management'
  },
  releases: {
    endpoints: [
      { path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      {
        path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i,
        types: [PermissionTypes.Post, PermissionTypes.Put],
        uiPermissions: [uiPermissionsById.read, uiPermissionsById.upload]
      },
      {
        path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i,
        types: [PermissionTypes.Delete],
        uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage]
      }
    ],
    explanation: 'Release permissions can be granted to allow artifact & release modifications, as well as the creation of new releases.',
    scope: 'ReleaseTags',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.upload],
    title: 'Releases'
  },
  userManagement: {
    endpoints: [
      { path: /\/(useradm)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      { path: /\/(useradm)/i, types: [PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] }
    ],
    explanation:
      'User management permissions should be granted carefully, as these allow privilege increases for any users managed by a user with user management permissions',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage],
    title: 'User Management'
  }
};

export const emptyUiPermissions = Object.freeze({
  auditlog: [],
  deployments: [],
  groups: Object.freeze({}),
  releases: Object.freeze({}),
  userManagement: []
});

export const emptyRole = Object.freeze({
  name: undefined,
  description: '',
  permissions: [],
  uiPermissions: Object.freeze({ ...emptyUiPermissions })
});

const permissionMapper = permission => permission.value;
export const itemUiPermissionsReducer = (accu, { item, uiPermissions }) => (item ? { ...accu, [item]: uiPermissions } : accu);

const checkSinglePermission = (permission, requiredPermission) =>
  requiredPermission === permission || uiPermissionsById[permission].permissionLevel > uiPermissionsById[requiredPermission].permissionLevel;

export const checkPermissionsObject = (permissions, requiredPermission, scopedAccess, superAccess) =>
  permissions[superAccess]?.some(permission => checkSinglePermission(permission, requiredPermission)) ||
  permissions[scopedAccess]?.some(permission => checkSinglePermission(permission, requiredPermission));

export const rolesById = Object.freeze({
  [staticRolesByName.admin]: {
    name: 'Admin',
    value: staticRolesByName.admin,
    description: 'Full access',
    permissions: [], // permissions refers to the values returned from the backend
    uiPermissions: {
      ...emptyUiPermissions,
      auditlog: uiPermissionsByArea.auditlog.uiPermissions.map(permissionMapper),
      deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
      groups: { [ALL_DEVICES]: uiPermissionsByArea.groups.uiPermissions.map(permissionMapper) },
      releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) },
      userManagement: uiPermissionsByArea.userManagement.uiPermissions.map(permissionMapper)
    }
  },
  [staticRolesByName.readOnly]: {
    name: 'Read Access',
    value: staticRolesByName.readOnly,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      deployments: [uiPermissionsById.read.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] },
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] },
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [staticRolesByName.ci]: {
    name: 'Releases Manager',
    value: staticRolesByName.ci,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) }
    }
  },
  [staticRolesByName.deploymentsManager]: {
    name: 'Deployments Manager',
    value: staticRolesByName.deploymentsManager,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
      groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] },
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
    }
  },
  [staticRolesByName.terminalAccess]: {
    name: 'Troubleshooting',
    value: staticRolesByName.terminalAccess,
    description: 'Access to the troubleshooting features: Remote Terminal, File Transfer, Port Forwarding',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
    }
  }
});

export const RECEIVED_QR_CODE = 'RECEIVED_QR_CODE';

export const SUCCESSFULLY_LOGGED_IN = 'SUCCESSFULLY_LOGGED_IN';
export const USER_LOGOUT = 'USER_LOGOUT';
export const RECEIVED_ACTIVATION_CODE = 'RECEIVED_ACTIVATION_CODE';
export const RECEIVED_USER_LIST = 'RECEIVED_USER_LIST';
export const RECEIVED_USER = 'RECEIVED_USER';
export const CREATED_USER = 'CREATED_USER';
export const REMOVED_USER = 'REMOVED_USER';
export const UPDATED_USER = 'UPDATED_USER';

export const RECEIVED_PERMISSION_SETS = 'RECEIVED_PERMISSION_SETS';
export const RECEIVED_ROLES = 'RECEIVED_ROLES';
export const CREATED_ROLE = 'CREATED_ROLE';
export const UPDATED_ROLE = 'UPDATED_ROLE';
export const REMOVED_ROLE = 'REMOVED_ROLE';

export const SET_CUSTOM_COLUMNS = 'SET_CUSTOM_COLUMNS';
export const SET_GLOBAL_SETTINGS = 'SET_GLOBAL_SETTINGS';
export const SET_USER_SETTINGS = 'SET_USER_SETTINGS';
export const SET_SHOW_HELP = 'SET_SHOW_HELP';
export const SET_SHOW_CONNECT_DEVICE = 'SET_SHOW_CONNECT_DEVICE';

export const OWN_USER_ID = 'me';

export const rolesByName = {
  ...staticRolesByName,
  deploymentCreation: { action: 'CREATE_DEPLOYMENT', object: { type: 'DEVICE_GROUP', value: undefined } },
  groupAccess: { action: 'VIEW_DEVICE', object: { type: 'DEVICE_GROUP', value: undefined } },
  userManagement: { action: 'http', object: { type: 'any', value: `${useradmApiUrlv1}/.*` } }
};
export const twoFAStates = {
  enabled: 'enabled',
  disabled: 'disabled',
  unverified: 'unverified'
};
export const settingsKeys = { initialized: 'settings-initialized' };

1	'use strict';
2
3	// Copyright 2015 Northern.tech AS
4	//
5	// Licensed under the Apache License, Version 2.0 (the "License");
6	// you may not use this file except in compliance with the License.
7	// You may obtain a copy of the License at
8	//
9	// http://www.apache.org/licenses/LICENSE-2.0
10	//
11	// Unless required by applicable law or agreed to in writing, software
12	// distributed under the License is distributed on an "AS IS" BASIS,
13	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	// See the License for the specific language governing permissions and
15	// limitations under the License.
16	import { apiUrl } from '../api/general-api';
17	import { ALL_DEVICES } from './deviceConstants';
18	import { ALL_RELEASES } from './releaseConstants';
19
20	export const useradmApiUrlv1 = `${apiUrl.v1}/useradm`;	187✔
21	export const useradmApiUrlv2 = `${apiUrl.v2}/useradm`;	187✔
22	export { useradmApiUrlv1 as useradmApiUrl };
23
24	const staticRolesByName = {	187✔
25	admin: 'RBAC_ROLE_PERMIT_ALL',
26	readOnly: 'RBAC_ROLE_OBSERVER',
27	ci: 'RBAC_ROLE_CI',
28	deploymentsManager: 'RBAC_ROLE_DEPLOYMENTS_MANAGER',
29	terminalAccess: 'RBAC_ROLE_REMOTE_TERMINAL'
30	};
31
32	export const PermissionTypes = {	187✔
33	Any: 'any',
34	Get: 'GET',
35	Post: 'POST',
36	Put: 'PUT',
37	Delete: 'DELETE',
38	Patch: 'PATCH',
39	DeviceGroup: 'DEVICE_GROUP',
40	DeviceId: 'DEVICE_ID'
41	};
42
43	const permissionSetIds = {	187✔
44	Basic: 'Basic',
45	ConfigureDevices: 'ConfigureDevices',
46	ConnectToDevices: 'ConnectToDevices',
47	DeployToDevices: 'DeployToDevices',
48	ManageDevices: 'ManageDevices',
49	ManageReleases: 'ManageReleases',
50	ManageUsers: 'ManageUsers',
51	ReadAuditLogs: 'ReadAuditLogs',
52	ReadDevices: 'ReadDevices',
53	ReadReleases: 'ReadReleases',
54	ReadUsers: 'ReadUsers',
55	SuperUser: 'SuperUser',
56	UploadArtifacts: 'UploadArtifacts'
57	};
58
59	export const uiPermissionsById = {	187✔
60	configure: {
61	explanations: { groups: `'Configure' allows the user to use mender-configure features and apply configurations.` },
62	permissionLevel: 2,
63	permissionSets: { groups: permissionSetIds.ConfigureDevices },
64	title: 'Configure',
65	value: 'configure',
66	verbs: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post]
67	},
68	connect: {
69	explanations: { groups: `'Connect' allows the user to use mender-connect features and Troubleshoot add-ons.` },
70	permissionLevel: 2,
71	permissionSets: { groups: permissionSetIds.ConnectToDevices },
72	title: 'Connect',
73	value: 'connect',
74	verbs: [PermissionTypes.Get, PermissionTypes.Put]
75	},
76	deploy: {
77	explanations: { groups: `'Deploy' allows the user to deploy software or configuration updates to devices.` },
78	permissionLevel: 2,
79	permissionSets: { groups: permissionSetIds.DeployToDevices },
80	title: 'Deploy',
81	value: 'deploy',
82	verbs: [PermissionTypes.Post]
83	},
84	manage: {
85	explanations: {
86	groups: `'Manage' allows the user to edit device name, notes, and manage authentication status. For 'All devices' it also allows the user to edit and create device groups.`,
87	releases: `'Manage' allows the user to upload new artifacts, edit release descriptions and remove artifacts.`
88	},
89	permissionLevel: 2,
90	permissionSets: {
91	groups: permissionSetIds.ManageDevices,
92	releases: permissionSetIds.ManageReleases,
93	userManagement: permissionSetIds.ManageUsers
94	},
95	title: 'Manage',
96	value: 'manage',
97	verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
98	},
99	read: {
100	explanations: { groups: `'Read' allows the user to view devices.` },
101	permissionLevel: 1,
102	permissionSets: {
103	auditlog: permissionSetIds.ReadAuditLogs,
104	groups: permissionSetIds.ReadDevices,
105	releases: permissionSetIds.ReadReleases,
106	userManagement: permissionSetIds.ReadUsers
107	},
108	title: 'Read',
109	value: 'read',
110	verbs: [PermissionTypes.Get, PermissionTypes.Post]
111	},
112	upload: {
113	explanations: { groups: `'Upload' allows the user to upload new Artifacts.` },
114	unscopedOnly: { releases: true },
115	permissionLevel: 1,
116	permissionSets: { releases: permissionSetIds.UploadArtifacts },
117	title: 'Upload',
118	value: 'upload',
119	verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
120	}
121	};
122
123	export const defaultPermissionSets = {	187✔
124	[permissionSetIds.Basic]: { name: permissionSetIds.Basic },
125	[permissionSetIds.SuperUser]: { name: permissionSetIds.SuperUser },
126	[permissionSetIds.ManageUsers]: {
127	name: permissionSetIds.ManageUsers,
128	result: {
129	userManagement: [uiPermissionsById.manage.value]
130	}
131	},
132	[permissionSetIds.ReadAuditLogs]: {
133	name: permissionSetIds.ReadAuditLogs,
134	result: {
135	auditlog: [uiPermissionsById.read.value]
136	}
137	},
138	[permissionSetIds.ReadReleases]: {
139	name: permissionSetIds.ReadReleases,
140	result: {
141	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
142	}
143	},
144	[permissionSetIds.ReadUsers]: {
145	name: permissionSetIds.ReadUsers,
146	result: {
147	userManagement: [uiPermissionsById.read.value]
148	}
149	},
150	[permissionSetIds.UploadArtifacts]: {
151	name: permissionSetIds.UploadArtifacts,
152	result: {
153	releases: { [ALL_RELEASES]: [uiPermissionsById.upload.value] }
154	}
155	},
156	[permissionSetIds.ManageReleases]: {
157	name: permissionSetIds.ManageReleases,
158	result: {
159	releases: { [ALL_RELEASES]: [uiPermissionsById.manage.value] }
160	}
161	},
162	[permissionSetIds.ConfigureDevices]: {
163	name: permissionSetIds.ConfigureDevices,
164	result: {
165	groups: { [ALL_DEVICES]: [uiPermissionsById.configure.value] }
166	}
167	},
168	[permissionSetIds.ConnectToDevices]: {
169	name: permissionSetIds.ConnectToDevices,
170	result: {
171	groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
172	}
173	},
174	[permissionSetIds.DeployToDevices]: {
175	name: permissionSetIds.DeployToDevices,
176	result: {
177	groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] }
178	}
179	},
180	[permissionSetIds.ManageDevices]: {
181	name: permissionSetIds.ManageDevices,
182	result: {
183	groups: { [ALL_DEVICES]: [uiPermissionsById.manage.value] }
184	}
185	},
186	[permissionSetIds.ReadDevices]: {
187	name: permissionSetIds.ReadDevices,
188	result: {
189	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] }
190	}
191	}
192	};
193	/**
194	* _uiPermissions_ represent the possible permissions/ rights that can be given for the area
195	* _endpoints_ represent the possible endpoints this definition might be affecting in the UI and what
196	* functionality might be affected
197	*
198	*/
199	export const uiPermissionsByArea = {	187✔
200	auditlog: {
201	endpoints: [{ path: /\/(auditlog)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }],
202	explanation:
203	'Granting access to the audit log will allow tracing changes to devices, releases and user accounts, as well as providing information about deployments.',
204	uiPermissions: [uiPermissionsById.read],
205	title: 'System audit log'
206	},
207	deployments: {
208	endpoints: [
209	{ path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Post, PermissionTypes.Put], uiPermissions: [uiPermissionsById.deploy] },
210	{ path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }
211	],
212	explanation: 'Providing deploy permissions will allow deployments to be created using the releases and devices a user has access to.',
213	uiPermissions: [uiPermissionsById.read, uiPermissionsById.deploy],
214	title: 'Deployments'
215	},
216	groups: {
217	endpoints: [
218	{
219	path: /\/(devauth\|inventory\|deviceconfig\|devicemonitor\|deviceconnect\/devices)/i,
220	types: [PermissionTypes.Get],
221	uiPermissions: [uiPermissionsById.read]
222	},
223	{ path: /\/(devauth\|inventory)/i, types: [PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] },
224	{ path: /\/(deviceconfig)/i, types: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.configure] },
225	{ path: /\/(deviceconnect\/devices)/i, types: [PermissionTypes.Get, PermissionTypes.Post], uiPermissions: [uiPermissionsById.connect] }
226	],
227	explanation: 'Device group management permissions control the degree to which devices in a group can be accessed and moved to other groups.',
228	scope: 'DeviceGroups',
229	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.deploy, uiPermissionsById.configure, uiPermissionsById.connect],
230	title: 'Group Management'
231	},
232	releases: {
233	endpoints: [
234	{ path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
235	{
236	path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i,
237	types: [PermissionTypes.Post, PermissionTypes.Put],
238	uiPermissions: [uiPermissionsById.read, uiPermissionsById.upload]
239	},
240	{
241	path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i,
242	types: [PermissionTypes.Delete],
243	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage]
244	}
245	],
246	explanation: 'Release permissions can be granted to allow artifact & release modifications, as well as the creation of new releases.',
247	scope: 'ReleaseTags',
248	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.upload],
249	title: 'Releases'
250	},
251	userManagement: {
252	endpoints: [
253	{ path: /\/(useradm)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
254	{ path: /\/(useradm)/i, types: [PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] }
255	],
256	explanation:
257	'User management permissions should be granted carefully, as these allow privilege increases for any users managed by a user with user management permissions',
258	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage],
259	title: 'User Management'
260	}
261	};
262
263	export const emptyUiPermissions = Object.freeze({	187✔
264	auditlog: [],
265	deployments: [],
266	groups: Object.freeze({}),
267	releases: Object.freeze({}),
268	userManagement: []
269	});
270
271	export const emptyRole = Object.freeze({	187✔
272	name: undefined,
273	description: '',
274	permissions: [],
275	uiPermissions: Object.freeze({ ...emptyUiPermissions })
276	});
277
278	const permissionMapper = permission => permission.value;	3,366✔
279	export const itemUiPermissionsReducer = (accu, { item, uiPermissions }) => (item ? { ...accu, [item]: uiPermissions } : accu);	187✔
280
281	const checkSinglePermission = (permission, requiredPermission) =>	187✔
282	requiredPermission === permission \|\| uiPermissionsById[permission].permissionLevel > uiPermissionsById[requiredPermission].permissionLevel;	3!
283
284	export const checkPermissionsObject = (permissions, requiredPermission, scopedAccess, superAccess) =>	187✔
285	permissions[superAccess]?.some(permission => checkSinglePermission(permission, requiredPermission)) \|\|	3!
286	permissions[scopedAccess]?.some(permission => checkSinglePermission(permission, requiredPermission));	×
287
288	export const rolesById = Object.freeze({	187✔
289	[staticRolesByName.admin]: {
290	name: 'Admin',
291	value: staticRolesByName.admin,
292	description: 'Full access',
293	permissions: [], // permissions refers to the values returned from the backend
294	uiPermissions: {
295	...emptyUiPermissions,
296	auditlog: uiPermissionsByArea.auditlog.uiPermissions.map(permissionMapper),
297	deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
298	groups: { [ALL_DEVICES]: uiPermissionsByArea.groups.uiPermissions.map(permissionMapper) },
299	releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) },
300	userManagement: uiPermissionsByArea.userManagement.uiPermissions.map(permissionMapper)
301	}
302	},
303	[staticRolesByName.readOnly]: {
304	name: 'Read Access',
305	value: staticRolesByName.readOnly,
306	description: '',
307	permissions: [],
308	uiPermissions: {
309	...emptyUiPermissions,
310	deployments: [uiPermissionsById.read.value],
311	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] },
312	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] },
313	userManagement: [uiPermissionsById.read.value]
314	}
315	},
316	[staticRolesByName.ci]: {
317	name: 'Releases Manager',
318	value: staticRolesByName.ci,
319	description: '',
320	permissions: [],
321	uiPermissions: {
322	...emptyUiPermissions,
323	releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) }
324	}
325	},
326	[staticRolesByName.deploymentsManager]: {
327	name: 'Deployments Manager',
328	value: staticRolesByName.deploymentsManager,
329	description: '',
330	permissions: [],
331	uiPermissions: {
332	...emptyUiPermissions,
333	deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
334	groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] },
335	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
336	}
337	},
338	[staticRolesByName.terminalAccess]: {
339	name: 'Troubleshooting',
340	value: staticRolesByName.terminalAccess,
341	description: 'Access to the troubleshooting features: Remote Terminal, File Transfer, Port Forwarding',
342	permissions: [],
343	uiPermissions: {
344	...emptyUiPermissions,
345	groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
346	}
347	}
348	});
349
350	export const RECEIVED_QR_CODE = 'RECEIVED_QR_CODE';	187✔
351
352	export const SUCCESSFULLY_LOGGED_IN = 'SUCCESSFULLY_LOGGED_IN';	187✔
353	export const USER_LOGOUT = 'USER_LOGOUT';	187✔
354	export const RECEIVED_ACTIVATION_CODE = 'RECEIVED_ACTIVATION_CODE';	187✔
355	export const RECEIVED_USER_LIST = 'RECEIVED_USER_LIST';	187✔
356	export const RECEIVED_USER = 'RECEIVED_USER';	187✔
357	export const CREATED_USER = 'CREATED_USER';	187✔
358	export const REMOVED_USER = 'REMOVED_USER';	187✔
359	export const UPDATED_USER = 'UPDATED_USER';	187✔
360
361	export const RECEIVED_PERMISSION_SETS = 'RECEIVED_PERMISSION_SETS';	187✔
362	export const RECEIVED_ROLES = 'RECEIVED_ROLES';	187✔
363	export const CREATED_ROLE = 'CREATED_ROLE';	187✔
364	export const UPDATED_ROLE = 'UPDATED_ROLE';	187✔
365	export const REMOVED_ROLE = 'REMOVED_ROLE';	187✔
366
367	export const SET_CUSTOM_COLUMNS = 'SET_CUSTOM_COLUMNS';	187✔
368	export const SET_GLOBAL_SETTINGS = 'SET_GLOBAL_SETTINGS';	187✔
369	export const SET_USER_SETTINGS = 'SET_USER_SETTINGS';	187✔
370	export const SET_SHOW_HELP = 'SET_SHOW_HELP';	187✔
371	export const SET_SHOW_CONNECT_DEVICE = 'SET_SHOW_CONNECT_DEVICE';	187✔
372
373	export const OWN_USER_ID = 'me';	187✔
374
375	export const rolesByName = {	187✔
376	...staticRolesByName,
377	deploymentCreation: { action: 'CREATE_DEPLOYMENT', object: { type: 'DEVICE_GROUP', value: undefined } },
378	groupAccess: { action: 'VIEW_DEVICE', object: { type: 'DEVICE_GROUP', value: undefined } },
379	userManagement: { action: 'http', object: { type: 'any', value: `${useradmApiUrlv1}/.*` } }
380	};
381	export const twoFAStates = {	187✔
382	enabled: 'enabled',
383	disabled: 'disabled',
384	unverified: 'unverified'
385	};
386	export const settingsKeys = { initialized: 'settings-initialized' };	187✔

mendersoftware / gui / 919001084

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous