947088195

pending completion

Build # 947088195

Build Type

Pull #2661

gitlab-ci

Committed by

mzedel

Commit Message

chore: improved device filter scrolling behaviour

Signed-off-by: Manuel Zedel <manuel.zedel@northern.tech>

Pull Request Pull Request #2661: chore: added lint rules for hooks usage

Run Details

4411 of 6415 branches covered (68.76%)

297 of 440 new or added lines in 62 files covered. (67.5%)

1617 existing lines in 163 files now uncovered.

8311 of 10087 relevant lines covered (82.39%)

192.12 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.75

/src/js/constants/userConstants.js

'use strict';

// Copyright 2015 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.
import { apiUrl } from '../api/general-api';
import { ALL_DEVICES } from './deviceConstants';
import { ALL_RELEASES } from './releaseConstants';

export const useradmApiUrlv1 = `${apiUrl.v1}/useradm`;
export const useradmApiUrlv2 = `${apiUrl.v2}/useradm`;
export { useradmApiUrlv1 as useradmApiUrl };

const staticRolesByName = {
  admin: 'RBAC_ROLE_PERMIT_ALL',
  readOnly: 'RBAC_ROLE_OBSERVER',
  ci: 'RBAC_ROLE_CI',
  deploymentsManager: 'RBAC_ROLE_DEPLOYMENTS_MANAGER',
  terminalAccess: 'RBAC_ROLE_REMOTE_TERMINAL'
};

export const PermissionTypes = {
  Any: 'any',
  Get: 'GET',
  Post: 'POST',
  Put: 'PUT',
  Delete: 'DELETE',
  Patch: 'PATCH',
  DeviceGroup: 'DEVICE_GROUP',
  DeviceId: 'DEVICE_ID'
};

const permissionSetIds = {
  Basic: 'Basic',
  ConfigureDevices: 'ConfigureDevices',
  ConnectToDevices: 'ConnectToDevices',
  DeployToDevices: 'DeployToDevices',
  ManageDevices: 'ManageDevices',
  ManageReleases: 'ManageReleases',
  ManageUsers: 'ManageUsers',
  ReadAuditLogs: 'ReadAuditLogs',
  ReadDevices: 'ReadDevices',
  ReadReleases: 'ReadReleases',
  ReadUsers: 'ReadUsers',
  SuperUser: 'SuperUser',
  UploadArtifacts: 'UploadArtifacts'
};

export const uiPermissionsById = {
  configure: {
    explanations: { groups: `'Configure' allows the user to use mender-configure features and apply configurations.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.ConfigureDevices },
    title: 'Configure',
    value: 'configure',
    verbs: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post]
  },
  connect: {
    explanations: { groups: `'Connect' allows the user to use mender-connect features and Troubleshoot add-ons.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.ConnectToDevices },
    title: 'Connect',
    value: 'connect',
    verbs: [PermissionTypes.Get, PermissionTypes.Put]
  },
  deploy: {
    explanations: { groups: `'Deploy' allows the user to deploy software or configuration updates to devices.` },
    permissionLevel: 2,
    permissionSets: { deployments: permissionSetIds.DeployToDevices, groups: permissionSetIds.DeployToDevices },
    title: 'Deploy',
    value: 'deploy',
    verbs: [PermissionTypes.Post]
  },
  manage: {
    explanations: {
      groups: `'Manage' allows the user to edit device name, notes, and manage authentication status. For 'All devices' it also allows the user to edit and create device groups.`,
      releases: `'Manage' allows the user to upload new artifacts, edit release descriptions and remove artifacts.`
    },
    permissionLevel: 2,
    permissionSets: {
      groups: permissionSetIds.ManageDevices,
      releases: permissionSetIds.ManageReleases,
      userManagement: permissionSetIds.ManageUsers
    },
    title: 'Manage',
    value: 'manage',
    verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
  },
  read: {
    explanations: { groups: `'Read' allows the user to view devices.` },
    permissionLevel: 1,
    permissionSets: {
      auditlog: permissionSetIds.ReadAuditLogs,
      groups: permissionSetIds.ReadDevices,
      releases: permissionSetIds.ReadReleases,
      userManagement: permissionSetIds.ReadUsers
    },
    title: 'Read',
    value: 'read',
    verbs: [PermissionTypes.Get, PermissionTypes.Post]
  },
  upload: {
    explanations: { groups: `'Upload' allows the user to upload new Artifacts.` },
    unscopedOnly: { releases: true },
    permissionLevel: 1,
    permissionSets: { releases: permissionSetIds.UploadArtifacts },
    title: 'Upload',
    value: 'upload',
    verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
  }
};

export const defaultPermissionSets = {
  [permissionSetIds.Basic]: { name: permissionSetIds.Basic },
  [permissionSetIds.SuperUser]: { name: permissionSetIds.SuperUser },
  [permissionSetIds.ManageUsers]: {
    name: permissionSetIds.ManageUsers,
    result: {
      userManagement: [uiPermissionsById.manage.value]
    }
  },
  [permissionSetIds.ReadAuditLogs]: {
    name: permissionSetIds.ReadAuditLogs,
    result: {
      auditlog: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.ReadReleases]: {
    name: permissionSetIds.ReadReleases,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
    }
  },
  [permissionSetIds.ReadUsers]: {
    name: permissionSetIds.ReadUsers,
    result: {
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.UploadArtifacts]: {
    name: permissionSetIds.UploadArtifacts,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.upload.value] }
    }
  },
  [permissionSetIds.ManageReleases]: {
    name: permissionSetIds.ManageReleases,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.manage.value] }
    }
  },
  [permissionSetIds.ConfigureDevices]: {
    name: permissionSetIds.ConfigureDevices,
    result: {
      deployments: [uiPermissionsById.read.value, uiPermissionsById.deploy.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.configure.value] }
    }
  },
  [permissionSetIds.ConnectToDevices]: {
    name: permissionSetIds.ConnectToDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.connect.value] }
    }
  },
  [permissionSetIds.DeployToDevices]: {
    name: permissionSetIds.DeployToDevices,
    result: {
      deployments: [uiPermissionsById.deploy.value, uiPermissionsById.manage.value, uiPermissionsById.read.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.deploy.value] }
    }
  },
  [permissionSetIds.ManageDevices]: {
    name: permissionSetIds.ManageDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.manage.value] }
    }
  },
  [permissionSetIds.ReadDevices]: {
    name: permissionSetIds.ReadDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] }
    }
  }
};
/**
 * _uiPermissions_ represent the possible permissions/ rights that can be given for the area
 * _endpoints_ represent the possible endpoints this definition might be affecting in the UI and what
 *              functionality might be affected
 *
 */
export const scopedPermissionAreas = {
  groups: { key: 'groups', excessiveAccessSelector: ALL_DEVICES, scopeType: 'DeviceGroups' },
  releases: { key: 'releases', excessiveAccessSelector: ALL_RELEASES, scopeType: 'Releases' }
};

export const uiPermissionsByArea = {
  auditlog: {
    endpoints: [{ path: /\/(auditlog)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }],
    explanation:
      'Granting access to the audit log will allow tracing changes to devices, releases and user accounts, as well as providing information about deployments.',
    uiPermissions: [uiPermissionsById.read],
    title: 'System audit log'
  },
  deployments: {
    endpoints: [
      { path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Post, PermissionTypes.Put], uiPermissions: [uiPermissionsById.deploy] },
      { path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      { path: /\/(deployments\/config)/i, types: [PermissionTypes.Get, PermissionTypes.Put], uiPermissions: [uiPermissionsById.manage] }
    ],
    explanation: 'Providing deploy permissions will allow deployments to be created using the releases and devices a user has access to.',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.deploy],
    title: 'Deployments'
  },
  groups: {
    endpoints: [
      {
        path: /\/(devauth|inventory|deviceconfig|devicemonitor|deviceconnect\/devices)/i,
        types: [PermissionTypes.Get],
        uiPermissions: [uiPermissionsById.read]
      },
      { path: /\/(devauth|inventory)/i, types: [PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] },
      { path: /\/(deviceconfig)/i, types: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.configure] },
      { path: /\/(deviceconnect\/devices)/i, types: [PermissionTypes.Get, PermissionTypes.Post], uiPermissions: [uiPermissionsById.connect] }
    ],
    explanation: 'Device group management permissions control the degree to which devices in a group can be accessed and moved to other groups.',
    scope: scopedPermissionAreas.groups.scopeType,
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.deploy, uiPermissionsById.configure, uiPermissionsById.connect],
    title: 'Group Management'
  },
  releases: {
    endpoints: [
      { path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      {
        path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i,
        types: [PermissionTypes.Post, PermissionTypes.Put],
        uiPermissions: [uiPermissionsById.read, uiPermissionsById.upload]
      },
      {
        path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i,
        types: [PermissionTypes.Delete],
        uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage]
      }
    ],
    explanation: 'Release permissions can be granted to allow artifact & release modifications, as well as the creation of new releases.',
    scope: 'ReleaseTags',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.upload],
    title: 'Releases'
  },
  userManagement: {
    endpoints: [
      { path: /\/(useradm)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      { path: /\/(useradm)/i, types: [PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] }
    ],
    explanation:
      'User management permissions should be granted carefully, as these allow privilege increases for any users managed by a user with user management permissions',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage],
    title: 'User Management'
  }
};

export const emptyUiPermissions = Object.freeze({
  auditlog: [],
  deployments: [],
  groups: Object.freeze({}),
  releases: Object.freeze({}),
  userManagement: []
});

export const emptyRole = Object.freeze({
  name: undefined,
  description: '',
  permissions: [],
  uiPermissions: Object.freeze({ ...emptyUiPermissions })
});

const permissionMapper = permission => permission.value;
export const itemUiPermissionsReducer = (accu, { item, uiPermissions }) => (item ? { ...accu, [item]: uiPermissions } : accu);

const checkSinglePermission = (permission, requiredPermission) =>
  requiredPermission === permission || uiPermissionsById[permission].permissionLevel > uiPermissionsById[requiredPermission].permissionLevel;

export const checkPermissionsObject = (permissions, requiredPermission, scopedAccess, superAccess) =>
  permissions[superAccess]?.some(permission => checkSinglePermission(permission, requiredPermission)) ||
  permissions[scopedAccess]?.some(permission => checkSinglePermission(permission, requiredPermission));

export const rolesById = Object.freeze({
  [staticRolesByName.admin]: {
    name: 'Admin',
    value: staticRolesByName.admin,
    description: 'Full access',
    permissions: [], // permissions refers to the values returned from the backend
    uiPermissions: {
      ...emptyUiPermissions,
      auditlog: uiPermissionsByArea.auditlog.uiPermissions.map(permissionMapper),
      deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
      groups: { [ALL_DEVICES]: uiPermissionsByArea.groups.uiPermissions.map(permissionMapper) },
      releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) },
      userManagement: uiPermissionsByArea.userManagement.uiPermissions.map(permissionMapper)
    }
  },
  [staticRolesByName.readOnly]: {
    name: 'Read Access',
    value: staticRolesByName.readOnly,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      deployments: [uiPermissionsById.read.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] },
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] },
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [staticRolesByName.ci]: {
    name: 'Releases Manager',
    value: staticRolesByName.ci,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) }
    }
  },
  [staticRolesByName.deploymentsManager]: {
    name: 'Deployments Manager',
    value: staticRolesByName.deploymentsManager,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
      groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] },
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
    }
  },
  [staticRolesByName.terminalAccess]: {
    name: 'Troubleshooting',
    value: staticRolesByName.terminalAccess,
    description: 'Access to the troubleshooting features: Remote Terminal, File Transfer, Port Forwarding',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
    }
  }
});

export const RECEIVED_QR_CODE = 'RECEIVED_QR_CODE';

export const SUCCESSFULLY_LOGGED_IN = 'SUCCESSFULLY_LOGGED_IN';
export const USER_LOGOUT = 'USER_LOGOUT';
export const RECEIVED_ACTIVATION_CODE = 'RECEIVED_ACTIVATION_CODE';
export const RECEIVED_USER_LIST = 'RECEIVED_USER_LIST';
export const RECEIVED_USER = 'RECEIVED_USER';
export const CREATED_USER = 'CREATED_USER';
export const REMOVED_USER = 'REMOVED_USER';
export const UPDATED_USER = 'UPDATED_USER';

export const RECEIVED_PERMISSION_SETS = 'RECEIVED_PERMISSION_SETS';
export const RECEIVED_ROLES = 'RECEIVED_ROLES';
export const CREATED_ROLE = 'CREATED_ROLE';
export const UPDATED_ROLE = 'UPDATED_ROLE';
export const REMOVED_ROLE = 'REMOVED_ROLE';

export const SET_CUSTOM_COLUMNS = 'SET_CUSTOM_COLUMNS';
export const SET_GLOBAL_SETTINGS = 'SET_GLOBAL_SETTINGS';
export const SET_USER_SETTINGS = 'SET_USER_SETTINGS';
export const SET_SHOW_HELP = 'SET_SHOW_HELP';
export const SET_SHOW_CONNECT_DEVICE = 'SET_SHOW_CONNECT_DEVICE';

export const OWN_USER_ID = 'me';

export const rolesByName = {
  ...staticRolesByName,
  deploymentCreation: { action: 'CREATE_DEPLOYMENT', object: { type: 'DEVICE_GROUP', value: undefined } },
  groupAccess: { action: 'VIEW_DEVICE', object: { type: 'DEVICE_GROUP', value: undefined } },
  userManagement: { action: 'http', object: { type: 'any', value: `${useradmApiUrlv1}/.*` } }
};
export const twoFAStates = {
  enabled: 'enabled',
  disabled: 'disabled',
  unverified: 'unverified'
};
export const settingsKeys = { initialized: 'settings-initialized' };

1	'use strict';
2
3	// Copyright 2015 Northern.tech AS
4	//
5	// Licensed under the Apache License, Version 2.0 (the "License");
6	// you may not use this file except in compliance with the License.
7	// You may obtain a copy of the License at
8	//
9	// http://www.apache.org/licenses/LICENSE-2.0
10	//
11	// Unless required by applicable law or agreed to in writing, software
12	// distributed under the License is distributed on an "AS IS" BASIS,
13	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	// See the License for the specific language governing permissions and
15	// limitations under the License.
16	import { apiUrl } from '../api/general-api';
17	import { ALL_DEVICES } from './deviceConstants';
18	import { ALL_RELEASES } from './releaseConstants';
19
20	export const useradmApiUrlv1 = `${apiUrl.v1}/useradm`;	187✔
21	export const useradmApiUrlv2 = `${apiUrl.v2}/useradm`;	187✔
22	export { useradmApiUrlv1 as useradmApiUrl };
23
24	const staticRolesByName = {	187✔
25	admin: 'RBAC_ROLE_PERMIT_ALL',
26	readOnly: 'RBAC_ROLE_OBSERVER',
27	ci: 'RBAC_ROLE_CI',
28	deploymentsManager: 'RBAC_ROLE_DEPLOYMENTS_MANAGER',
29	terminalAccess: 'RBAC_ROLE_REMOTE_TERMINAL'
30	};
31
32	export const PermissionTypes = {	187✔
33	Any: 'any',
34	Get: 'GET',
35	Post: 'POST',
36	Put: 'PUT',
37	Delete: 'DELETE',
38	Patch: 'PATCH',
39	DeviceGroup: 'DEVICE_GROUP',
40	DeviceId: 'DEVICE_ID'
41	};
42
43	const permissionSetIds = {	187✔
44	Basic: 'Basic',
45	ConfigureDevices: 'ConfigureDevices',
46	ConnectToDevices: 'ConnectToDevices',
47	DeployToDevices: 'DeployToDevices',
48	ManageDevices: 'ManageDevices',
49	ManageReleases: 'ManageReleases',
50	ManageUsers: 'ManageUsers',
51	ReadAuditLogs: 'ReadAuditLogs',
52	ReadDevices: 'ReadDevices',
53	ReadReleases: 'ReadReleases',
54	ReadUsers: 'ReadUsers',
55	SuperUser: 'SuperUser',
56	UploadArtifacts: 'UploadArtifacts'
57	};
58
59	export const uiPermissionsById = {	187✔
60	configure: {
61	explanations: { groups: `'Configure' allows the user to use mender-configure features and apply configurations.` },
62	permissionLevel: 2,
63	permissionSets: { groups: permissionSetIds.ConfigureDevices },
64	title: 'Configure',
65	value: 'configure',
66	verbs: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post]
67	},
68	connect: {
69	explanations: { groups: `'Connect' allows the user to use mender-connect features and Troubleshoot add-ons.` },
70	permissionLevel: 2,
71	permissionSets: { groups: permissionSetIds.ConnectToDevices },
72	title: 'Connect',
73	value: 'connect',
74	verbs: [PermissionTypes.Get, PermissionTypes.Put]
75	},
76	deploy: {
77	explanations: { groups: `'Deploy' allows the user to deploy software or configuration updates to devices.` },
78	permissionLevel: 2,
79	permissionSets: { deployments: permissionSetIds.DeployToDevices, groups: permissionSetIds.DeployToDevices },
80	title: 'Deploy',
81	value: 'deploy',
82	verbs: [PermissionTypes.Post]
83	},
84	manage: {
85	explanations: {
86	groups: `'Manage' allows the user to edit device name, notes, and manage authentication status. For 'All devices' it also allows the user to edit and create device groups.`,
87	releases: `'Manage' allows the user to upload new artifacts, edit release descriptions and remove artifacts.`
88	},
89	permissionLevel: 2,
90	permissionSets: {
91	groups: permissionSetIds.ManageDevices,
92	releases: permissionSetIds.ManageReleases,
93	userManagement: permissionSetIds.ManageUsers
94	},
95	title: 'Manage',
96	value: 'manage',
97	verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
98	},
99	read: {
100	explanations: { groups: `'Read' allows the user to view devices.` },
101	permissionLevel: 1,
102	permissionSets: {
103	auditlog: permissionSetIds.ReadAuditLogs,
104	groups: permissionSetIds.ReadDevices,
105	releases: permissionSetIds.ReadReleases,
106	userManagement: permissionSetIds.ReadUsers
107	},
108	title: 'Read',
109	value: 'read',
110	verbs: [PermissionTypes.Get, PermissionTypes.Post]
111	},
112	upload: {
113	explanations: { groups: `'Upload' allows the user to upload new Artifacts.` },
114	unscopedOnly: { releases: true },
115	permissionLevel: 1,
116	permissionSets: { releases: permissionSetIds.UploadArtifacts },
117	title: 'Upload',
118	value: 'upload',
119	verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
120	}
121	};
122
123	export const defaultPermissionSets = {	187✔
124	[permissionSetIds.Basic]: { name: permissionSetIds.Basic },
125	[permissionSetIds.SuperUser]: { name: permissionSetIds.SuperUser },
126	[permissionSetIds.ManageUsers]: {
127	name: permissionSetIds.ManageUsers,
128	result: {
129	userManagement: [uiPermissionsById.manage.value]
130	}
131	},
132	[permissionSetIds.ReadAuditLogs]: {
133	name: permissionSetIds.ReadAuditLogs,
134	result: {
135	auditlog: [uiPermissionsById.read.value]
136	}
137	},
138	[permissionSetIds.ReadReleases]: {
139	name: permissionSetIds.ReadReleases,
140	result: {
141	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
142	}
143	},
144	[permissionSetIds.ReadUsers]: {
145	name: permissionSetIds.ReadUsers,
146	result: {
147	userManagement: [uiPermissionsById.read.value]
148	}
149	},
150	[permissionSetIds.UploadArtifacts]: {
151	name: permissionSetIds.UploadArtifacts,
152	result: {
153	releases: { [ALL_RELEASES]: [uiPermissionsById.upload.value] }
154	}
155	},
156	[permissionSetIds.ManageReleases]: {
157	name: permissionSetIds.ManageReleases,
158	result: {
159	releases: { [ALL_RELEASES]: [uiPermissionsById.manage.value] }
160	}
161	},
162	[permissionSetIds.ConfigureDevices]: {
163	name: permissionSetIds.ConfigureDevices,
164	result: {
165	deployments: [uiPermissionsById.read.value, uiPermissionsById.deploy.value],
166	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.configure.value] }
167	}
168	},
169	[permissionSetIds.ConnectToDevices]: {
170	name: permissionSetIds.ConnectToDevices,
171	result: {
172	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.connect.value] }
173	}
174	},
175	[permissionSetIds.DeployToDevices]: {
176	name: permissionSetIds.DeployToDevices,
177	result: {
178	deployments: [uiPermissionsById.deploy.value, uiPermissionsById.manage.value, uiPermissionsById.read.value],
179	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.deploy.value] }
180	}
181	},
182	[permissionSetIds.ManageDevices]: {
183	name: permissionSetIds.ManageDevices,
184	result: {
185	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.manage.value] }
186	}
187	},
188	[permissionSetIds.ReadDevices]: {
189	name: permissionSetIds.ReadDevices,
190	result: {
191	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] }
192	}
193	}
194	};
195	/**
196	* _uiPermissions_ represent the possible permissions/ rights that can be given for the area
197	* _endpoints_ represent the possible endpoints this definition might be affecting in the UI and what
198	* functionality might be affected
199	*
200	*/
201	export const scopedPermissionAreas = {	187✔
202	groups: { key: 'groups', excessiveAccessSelector: ALL_DEVICES, scopeType: 'DeviceGroups' },
203	releases: { key: 'releases', excessiveAccessSelector: ALL_RELEASES, scopeType: 'Releases' }
204	};
205
206	export const uiPermissionsByArea = {	187✔
207	auditlog: {
208	endpoints: [{ path: /\/(auditlog)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }],
209	explanation:
210	'Granting access to the audit log will allow tracing changes to devices, releases and user accounts, as well as providing information about deployments.',
211	uiPermissions: [uiPermissionsById.read],
212	title: 'System audit log'
213	},
214	deployments: {
215	endpoints: [
216	{ path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Post, PermissionTypes.Put], uiPermissions: [uiPermissionsById.deploy] },
217	{ path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
218	{ path: /\/(deployments\/config)/i, types: [PermissionTypes.Get, PermissionTypes.Put], uiPermissions: [uiPermissionsById.manage] }
219	],
220	explanation: 'Providing deploy permissions will allow deployments to be created using the releases and devices a user has access to.',
221	uiPermissions: [uiPermissionsById.read, uiPermissionsById.deploy],
222	title: 'Deployments'
223	},
224	groups: {
225	endpoints: [
226	{
227	path: /\/(devauth\|inventory\|deviceconfig\|devicemonitor\|deviceconnect\/devices)/i,
228	types: [PermissionTypes.Get],
229	uiPermissions: [uiPermissionsById.read]
230	},
231	{ path: /\/(devauth\|inventory)/i, types: [PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] },
232	{ path: /\/(deviceconfig)/i, types: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.configure] },
233	{ path: /\/(deviceconnect\/devices)/i, types: [PermissionTypes.Get, PermissionTypes.Post], uiPermissions: [uiPermissionsById.connect] }
234	],
235	explanation: 'Device group management permissions control the degree to which devices in a group can be accessed and moved to other groups.',
236	scope: scopedPermissionAreas.groups.scopeType,
237	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.deploy, uiPermissionsById.configure, uiPermissionsById.connect],
238	title: 'Group Management'
239	},
240	releases: {
241	endpoints: [
242	{ path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
243	{
244	path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i,
245	types: [PermissionTypes.Post, PermissionTypes.Put],
246	uiPermissions: [uiPermissionsById.read, uiPermissionsById.upload]
247	},
248	{
249	path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i,
250	types: [PermissionTypes.Delete],
251	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage]
252	}
253	],
254	explanation: 'Release permissions can be granted to allow artifact & release modifications, as well as the creation of new releases.',
255	scope: 'ReleaseTags',
256	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.upload],
257	title: 'Releases'
258	},
259	userManagement: {
260	endpoints: [
261	{ path: /\/(useradm)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
262	{ path: /\/(useradm)/i, types: [PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] }
263	],
264	explanation:
265	'User management permissions should be granted carefully, as these allow privilege increases for any users managed by a user with user management permissions',
266	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage],
267	title: 'User Management'
268	}
269	};
270
271	export const emptyUiPermissions = Object.freeze({	187✔
272	auditlog: [],
273	deployments: [],
274	groups: Object.freeze({}),
275	releases: Object.freeze({}),
276	userManagement: []
277	});
278
279	export const emptyRole = Object.freeze({	187✔
280	name: undefined,
281	description: '',
282	permissions: [],
283	uiPermissions: Object.freeze({ ...emptyUiPermissions })
284	});
285
286	const permissionMapper = permission => permission.value;	3,366✔
287	export const itemUiPermissionsReducer = (accu, { item, uiPermissions }) => (item ? { ...accu, [item]: uiPermissions } : accu);	187✔
288
289	const checkSinglePermission = (permission, requiredPermission) =>	187✔
290	requiredPermission === permission \|\| uiPermissionsById[permission].permissionLevel > uiPermissionsById[requiredPermission].permissionLevel;	3!
291
292	export const checkPermissionsObject = (permissions, requiredPermission, scopedAccess, superAccess) =>	187✔
293	permissions[superAccess]?.some(permission => checkSinglePermission(permission, requiredPermission)) \|\|	3!
UNCOV 294	permissions[scopedAccess]?.some(permission => checkSinglePermission(permission, requiredPermission));	×
295
296	export const rolesById = Object.freeze({	187✔
297	[staticRolesByName.admin]: {
298	name: 'Admin',
299	value: staticRolesByName.admin,
300	description: 'Full access',
301	permissions: [], // permissions refers to the values returned from the backend
302	uiPermissions: {
303	...emptyUiPermissions,
304	auditlog: uiPermissionsByArea.auditlog.uiPermissions.map(permissionMapper),
305	deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
306	groups: { [ALL_DEVICES]: uiPermissionsByArea.groups.uiPermissions.map(permissionMapper) },
307	releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) },
308	userManagement: uiPermissionsByArea.userManagement.uiPermissions.map(permissionMapper)
309	}
310	},
311	[staticRolesByName.readOnly]: {
312	name: 'Read Access',
313	value: staticRolesByName.readOnly,
314	description: '',
315	permissions: [],
316	uiPermissions: {
317	...emptyUiPermissions,
318	deployments: [uiPermissionsById.read.value],
319	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] },
320	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] },
321	userManagement: [uiPermissionsById.read.value]
322	}
323	},
324	[staticRolesByName.ci]: {
325	name: 'Releases Manager',
326	value: staticRolesByName.ci,
327	description: '',
328	permissions: [],
329	uiPermissions: {
330	...emptyUiPermissions,
331	releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) }
332	}
333	},
334	[staticRolesByName.deploymentsManager]: {
335	name: 'Deployments Manager',
336	value: staticRolesByName.deploymentsManager,
337	description: '',
338	permissions: [],
339	uiPermissions: {
340	...emptyUiPermissions,
341	deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
342	groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] },
343	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
344	}
345	},
346	[staticRolesByName.terminalAccess]: {
347	name: 'Troubleshooting',
348	value: staticRolesByName.terminalAccess,
349	description: 'Access to the troubleshooting features: Remote Terminal, File Transfer, Port Forwarding',
350	permissions: [],
351	uiPermissions: {
352	...emptyUiPermissions,
353	groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
354	}
355	}
356	});
357
358	export const RECEIVED_QR_CODE = 'RECEIVED_QR_CODE';	187✔
359
360	export const SUCCESSFULLY_LOGGED_IN = 'SUCCESSFULLY_LOGGED_IN';	187✔
361	export const USER_LOGOUT = 'USER_LOGOUT';	187✔
362	export const RECEIVED_ACTIVATION_CODE = 'RECEIVED_ACTIVATION_CODE';	187✔
363	export const RECEIVED_USER_LIST = 'RECEIVED_USER_LIST';	187✔
364	export const RECEIVED_USER = 'RECEIVED_USER';	187✔
365	export const CREATED_USER = 'CREATED_USER';	187✔
366	export const REMOVED_USER = 'REMOVED_USER';	187✔
367	export const UPDATED_USER = 'UPDATED_USER';	187✔
368
369	export const RECEIVED_PERMISSION_SETS = 'RECEIVED_PERMISSION_SETS';	187✔
370	export const RECEIVED_ROLES = 'RECEIVED_ROLES';	187✔
371	export const CREATED_ROLE = 'CREATED_ROLE';	187✔
372	export const UPDATED_ROLE = 'UPDATED_ROLE';	187✔
373	export const REMOVED_ROLE = 'REMOVED_ROLE';	187✔
374
375	export const SET_CUSTOM_COLUMNS = 'SET_CUSTOM_COLUMNS';	187✔
376	export const SET_GLOBAL_SETTINGS = 'SET_GLOBAL_SETTINGS';	187✔
377	export const SET_USER_SETTINGS = 'SET_USER_SETTINGS';	187✔
378	export const SET_SHOW_HELP = 'SET_SHOW_HELP';	187✔
379	export const SET_SHOW_CONNECT_DEVICE = 'SET_SHOW_CONNECT_DEVICE';	187✔
380
381	export const OWN_USER_ID = 'me';	187✔
382
383	export const rolesByName = {	187✔
384	...staticRolesByName,
385	deploymentCreation: { action: 'CREATE_DEPLOYMENT', object: { type: 'DEVICE_GROUP', value: undefined } },
386	groupAccess: { action: 'VIEW_DEVICE', object: { type: 'DEVICE_GROUP', value: undefined } },
387	userManagement: { action: 'http', object: { type: 'any', value: `${useradmApiUrlv1}/.*` } }
388	};
389	export const twoFAStates = {	187✔
390	enabled: 'enabled',
391	disabled: 'disabled',
392	unverified: 'unverified'
393	};
394	export const settingsKeys = { initialized: 'settings-initialized' };	187✔

mendersoftware / gui / 947088195

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous