1081664682

Committed 22 Nov 2023 02:11PM UTC coverage: 82.798% (-17.2%) from 99.964%

Build # 1081664682

Build Type

Pull #4214

gitlab-ci

Committed by

tranchitella

Commit Message

fix: Fixed the infinite page redirects when the back button is pressed

Remove the location and navigate from the useLocationParams.setValue callback
dependencies as they change the set function that is presented in other
useEffect dependencies. This happens when the back button is clicked, which
leads to the location changing infinitely.

Changelog: Title
Ticket: MEN-6847
Ticket: MEN-6796

Signed-off-by: Ihor Aleksandrychiev <ihor.aleksandrychiev@northern.tech>
Signed-off-by: Fabio Tranchitella <fabio.tranchitella@northern.tech>

Pull Request Pull Request #4214: fix: Fixed the infinite page redirects when the back button is pressed

Run Details

4319 of 6292 branches covered (0.0%)

8332 of 10063 relevant lines covered (82.8%)

191.0 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.18

/src/js/constants/userConstants.js

'use strict';

// Copyright 2015 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.
import { apiUrl } from '../api/general-api';
import { ALL_DEVICES } from './deviceConstants';
import { ALL_RELEASES } from './releaseConstants';

export const useradmApiUrlv1 = `${apiUrl.v1}/useradm`;
export const useradmApiUrlv2 = `${apiUrl.v2}/useradm`;
export { useradmApiUrlv1 as useradmApiUrl };

const staticRolesByName = {
  admin: 'RBAC_ROLE_PERMIT_ALL',
  readOnly: 'RBAC_ROLE_OBSERVER',
  ci: 'RBAC_ROLE_CI',
  deploymentsManager: 'RBAC_ROLE_DEPLOYMENTS_MANAGER',
  terminalAccess: 'RBAC_ROLE_REMOTE_TERMINAL'
};

export const PermissionTypes = {
  Any: 'any',
  Get: 'GET',
  Post: 'POST',
  Put: 'PUT',
  Delete: 'DELETE',
  Patch: 'PATCH',
  DeviceGroup: 'DEVICE_GROUP',
  DeviceId: 'DEVICE_ID'
};

const permissionSetIds = {
  Basic: 'Basic',
  ConfigureDevices: 'ConfigureDevices',
  ConnectToDevices: 'ConnectToDevices',
  DeployToDevices: 'DeployToDevices',
  ManageDevices: 'ManageDevices',
  ManageReleases: 'ManageReleases',
  ManageUsers: 'ManageUsers',
  ReadAuditLogs: 'ReadAuditLogs',
  ReadDevices: 'ReadDevices',
  ReadReleases: 'ReadReleases',
  ReadUsers: 'ReadUsers',
  SuperUser: 'SuperUser',
  UploadArtifacts: 'UploadArtifacts'
};

export const uiPermissionsById = {
  configure: {
    explanations: { groups: `'Configure' allows the user to use mender-configure features and apply configurations.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.ConfigureDevices },
    title: 'Configure',
    value: 'configure',
    verbs: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post]
  },
  connect: {
    explanations: { groups: `'Connect' allows the user to use mender-connect features and Troubleshoot add-ons.` },
    permissionLevel: 2,
    permissionSets: { groups: permissionSetIds.ConnectToDevices },
    title: 'Connect',
    value: 'connect',
    verbs: [PermissionTypes.Get, PermissionTypes.Put]
  },
  deploy: {
    explanations: { groups: `'Deploy' allows the user to deploy software or configuration updates to devices.` },
    permissionLevel: 2,
    permissionSets: { deployments: permissionSetIds.DeployToDevices, groups: permissionSetIds.DeployToDevices },
    title: 'Deploy',
    value: 'deploy',
    verbs: [PermissionTypes.Post]
  },
  manage: {
    explanations: {
      groups: `'Manage' allows the user to edit device name, notes, and manage authentication status. For 'All devices' it also allows the user to edit and create device groups.`,
      releases: `'Manage' allows the user to upload new artifacts, edit release descriptions and remove artifacts.`
    },
    permissionLevel: 2,
    permissionSets: {
      groups: permissionSetIds.ManageDevices,
      releases: permissionSetIds.ManageReleases,
      userManagement: permissionSetIds.ManageUsers
    },
    title: 'Manage',
    value: 'manage',
    verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
  },
  read: {
    explanations: { groups: `'Read' allows the user to view devices.` },
    permissionLevel: 1,
    permissionSets: {
      auditlog: permissionSetIds.ReadAuditLogs,
      groups: permissionSetIds.ReadDevices,
      releases: permissionSetIds.ReadReleases,
      userManagement: permissionSetIds.ReadUsers
    },
    title: 'Read',
    value: 'read',
    verbs: [PermissionTypes.Get, PermissionTypes.Post]
  },
  upload: {
    explanations: { groups: `'Upload' allows the user to upload new Artifacts.` },
    unscopedOnly: { releases: true },
    permissionLevel: 1,
    permissionSets: { releases: permissionSetIds.UploadArtifacts },
    title: 'Upload',
    value: 'upload',
    verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
  }
};

/**
 * _uiPermissions_ represent the possible permissions/ rights that can be given for the area
 * _endpoints_ represent the possible endpoints this definition might be affecting in the UI and what
 *              functionality might be affected
 *
 */
export const scopedPermissionAreas = {
  groups: { key: 'groups', excessiveAccessSelector: ALL_DEVICES, scopeType: 'DeviceGroups' },
  releases: { key: 'releases', excessiveAccessSelector: ALL_RELEASES, scopeType: 'Releases' }
};

export const uiPermissionsByArea = {
  auditlog: {
    endpoints: [{ path: /\/(auditlog)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }],
    explanation:
      'Granting access to the audit log will allow tracing changes to devices, releases and user accounts, as well as providing information about deployments.',
    uiPermissions: [uiPermissionsById.read],
    title: 'System audit log'
  },
  deployments: {
    endpoints: [
      { path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Post, PermissionTypes.Put], uiPermissions: [uiPermissionsById.deploy] },
      { path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      { path: /\/(deployments\/config)/i, types: [PermissionTypes.Get, PermissionTypes.Put], uiPermissions: [uiPermissionsById.manage] }
    ],
    explanation: 'Providing deploy permissions will allow deployments to be created using the releases and devices a user has access to.',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.deploy],
    title: 'Deployments'
  },
  groups: {
    endpoints: [
      {
        path: /\/(devauth|inventory|deviceconfig|devicemonitor|deviceconnect\/devices)/i,
        types: [PermissionTypes.Get],
        uiPermissions: [uiPermissionsById.read]
      },
      { path: /\/(devauth|inventory)/i, types: [PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] },
      { path: /\/(deviceconfig)/i, types: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.configure] },
      { path: /\/(deviceconnect\/devices)/i, types: [PermissionTypes.Get, PermissionTypes.Post], uiPermissions: [uiPermissionsById.connect] }
    ],
    explanation: 'Device group management permissions control the degree to which devices in a group can be accessed and moved to other groups.',
    scope: scopedPermissionAreas.groups.scopeType,
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.deploy, uiPermissionsById.configure, uiPermissionsById.connect],
    title: 'Group Management'
  },
  releases: {
    endpoints: [
      { path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      {
        path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i,
        types: [PermissionTypes.Post, PermissionTypes.Put],
        uiPermissions: [uiPermissionsById.read, uiPermissionsById.upload]
      },
      {
        path: /\/(deployments\/artifacts|deployments\/deployments\/releases)/i,
        types: [PermissionTypes.Delete],
        uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage]
      }
    ],
    explanation: 'Release permissions can be granted to allow artifact & release modifications, as well as the creation of new releases.',
    scope: 'ReleaseTags',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.upload],
    title: 'Releases'
  },
  userManagement: {
    endpoints: [
      { path: /\/(useradm)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
      { path: /\/(useradm)/i, types: [PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] }
    ],
    explanation:
      'User management permissions should be granted carefully, as these allow privilege increases for any users managed by a user with user management permissions',
    uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage],
    title: 'User Management'
  }
};

export const emptyUiPermissions = Object.freeze({
  auditlog: [],
  deployments: [],
  groups: Object.freeze({}),
  releases: Object.freeze({}),
  userManagement: []
});

export const emptyRole = Object.freeze({
  name: undefined,
  description: '',
  permissions: [],
  uiPermissions: Object.freeze({ ...emptyUiPermissions })
});

const permissionMapper = permission => permission.value;
export const itemUiPermissionsReducer = (accu, { item, uiPermissions }) => (item ? { ...accu, [item]: uiPermissions } : accu);

const checkSinglePermission = (permission, requiredPermission) =>
  requiredPermission === permission || uiPermissionsById[permission].permissionLevel > uiPermissionsById[requiredPermission].permissionLevel;

export const checkPermissionsObject = (permissions, requiredPermission, scopedAccess, superAccess) =>
  permissions[superAccess]?.some(permission => checkSinglePermission(permission, requiredPermission)) ||
  permissions[scopedAccess]?.some(permission => checkSinglePermission(permission, requiredPermission));

export const rolesById = Object.freeze({
  [staticRolesByName.admin]: {
    name: 'Admin',
    value: staticRolesByName.admin,
    description: 'Full access',
    permissions: [], // permissions refers to the values returned from the backend
    uiPermissions: {
      ...emptyUiPermissions,
      auditlog: uiPermissionsByArea.auditlog.uiPermissions.map(permissionMapper),
      deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
      groups: { [ALL_DEVICES]: uiPermissionsByArea.groups.uiPermissions.map(permissionMapper) },
      releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) },
      userManagement: uiPermissionsByArea.userManagement.uiPermissions.map(permissionMapper)
    }
  },
  [staticRolesByName.readOnly]: {
    name: 'Read Access',
    value: staticRolesByName.readOnly,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      deployments: [uiPermissionsById.read.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] },
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] },
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [staticRolesByName.ci]: {
    name: 'Releases Manager',
    value: staticRolesByName.ci,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) }
    }
  },
  [staticRolesByName.deploymentsManager]: {
    name: 'Deployments Manager',
    value: staticRolesByName.deploymentsManager,
    description: '',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
      groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] },
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
    }
  },
  [staticRolesByName.terminalAccess]: {
    name: 'Troubleshooting',
    value: staticRolesByName.terminalAccess,
    description: 'Access to the troubleshooting features: Remote Terminal, File Transfer, Port Forwarding',
    permissions: [],
    uiPermissions: {
      ...emptyUiPermissions,
      groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
    }
  }
});

export const defaultPermissionSets = {
  [permissionSetIds.Basic]: {
    name: permissionSetIds.Basic,
    result: {
      // this is needed to prevent the detailed permissions of the basic permission set from being interpreted as allowing read & management access to user endpoints
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.SuperUser]: {
    name: permissionSetIds.SuperUser,
    result: {
      ...rolesById[staticRolesByName.admin].uiPermissions
    }
  },
  [permissionSetIds.ManageUsers]: {
    name: permissionSetIds.ManageUsers,
    result: {
      userManagement: [uiPermissionsById.manage.value]
    }
  },
  [permissionSetIds.ReadAuditLogs]: {
    name: permissionSetIds.ReadAuditLogs,
    result: {
      auditlog: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.ReadReleases]: {
    name: permissionSetIds.ReadReleases,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
    }
  },
  [permissionSetIds.ReadUsers]: {
    name: permissionSetIds.ReadUsers,
    result: {
      userManagement: [uiPermissionsById.read.value]
    }
  },
  [permissionSetIds.UploadArtifacts]: {
    name: permissionSetIds.UploadArtifacts,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.upload.value] }
    }
  },
  [permissionSetIds.ManageReleases]: {
    name: permissionSetIds.ManageReleases,
    result: {
      releases: { [ALL_RELEASES]: [uiPermissionsById.manage.value] }
    }
  },
  [permissionSetIds.ConfigureDevices]: {
    name: permissionSetIds.ConfigureDevices,
    result: {
      deployments: [uiPermissionsById.read.value, uiPermissionsById.deploy.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.configure.value] }
    }
  },
  [permissionSetIds.ConnectToDevices]: {
    name: permissionSetIds.ConnectToDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.connect.value] }
    }
  },
  [permissionSetIds.DeployToDevices]: {
    name: permissionSetIds.DeployToDevices,
    result: {
      deployments: [uiPermissionsById.deploy.value, uiPermissionsById.manage.value, uiPermissionsById.read.value],
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.deploy.value] }
    }
  },
  [permissionSetIds.ManageDevices]: {
    name: permissionSetIds.ManageDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.manage.value] }
    }
  },
  [permissionSetIds.ReadDevices]: {
    name: permissionSetIds.ReadDevices,
    result: {
      groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] }
    }
  }
};

export const RECEIVED_QR_CODE = 'RECEIVED_QR_CODE';

export const SUCCESSFULLY_LOGGED_IN = 'SUCCESSFULLY_LOGGED_IN';
export const USER_LOGOUT = 'USER_LOGOUT';
export const RECEIVED_ACTIVATION_CODE = 'RECEIVED_ACTIVATION_CODE';
export const RECEIVED_USER_LIST = 'RECEIVED_USER_LIST';
export const RECEIVED_USER = 'RECEIVED_USER';
export const CREATED_USER = 'CREATED_USER';
export const REMOVED_USER = 'REMOVED_USER';
export const UPDATED_USER = 'UPDATED_USER';

export const RECEIVED_PERMISSION_SETS = 'RECEIVED_PERMISSION_SETS';
export const RECEIVED_ROLES = 'RECEIVED_ROLES';
export const CREATED_ROLE = 'CREATED_ROLE';
export const UPDATED_ROLE = 'UPDATED_ROLE';
export const REMOVED_ROLE = 'REMOVED_ROLE';

export const SET_CUSTOM_COLUMNS = 'SET_CUSTOM_COLUMNS';
export const SET_GLOBAL_SETTINGS = 'SET_GLOBAL_SETTINGS';
export const SET_USER_SETTINGS = 'SET_USER_SETTINGS';
export const SET_SHOW_CONNECT_DEVICE = 'SET_SHOW_CONNECT_DEVICE';
export const SET_TOOLTIP_STATE = 'SET_TOOLTIP_STATE';
export const SET_TOOLTIPS_STATE = 'SET_TOOLTIPS_STATE';

export const OWN_USER_ID = 'me';

export const rolesByName = {
  ...staticRolesByName,
  deploymentCreation: { action: 'CREATE_DEPLOYMENT', object: { type: 'DEVICE_GROUP', value: undefined } },
  groupAccess: { action: 'VIEW_DEVICE', object: { type: 'DEVICE_GROUP', value: undefined } },
  userManagement: { action: 'http', object: { type: 'any', value: `${useradmApiUrlv1}/.*` } }
};
export const twoFAStates = {
  enabled: 'enabled',
  disabled: 'disabled',
  unverified: 'unverified'
};
export const settingsKeys = { initialized: 'settings-initialized' };

export const READ_STATES = {
  read: 'read',
  seen: 'seen',
  unread: 'unread'
};

1	'use strict';
2
3	// Copyright 2015 Northern.tech AS
4	//
5	// Licensed under the Apache License, Version 2.0 (the "License");
6	// you may not use this file except in compliance with the License.
7	// You may obtain a copy of the License at
8	//
9	// http://www.apache.org/licenses/LICENSE-2.0
10	//
11	// Unless required by applicable law or agreed to in writing, software
12	// distributed under the License is distributed on an "AS IS" BASIS,
13	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	// See the License for the specific language governing permissions and
15	// limitations under the License.
16	import { apiUrl } from '../api/general-api';
17	import { ALL_DEVICES } from './deviceConstants';
18	import { ALL_RELEASES } from './releaseConstants';
19
20	export const useradmApiUrlv1 = `${apiUrl.v1}/useradm`;	183✔
21	export const useradmApiUrlv2 = `${apiUrl.v2}/useradm`;	183✔
22	export { useradmApiUrlv1 as useradmApiUrl };
23
24	const staticRolesByName = {	183✔
25	admin: 'RBAC_ROLE_PERMIT_ALL',
26	readOnly: 'RBAC_ROLE_OBSERVER',
27	ci: 'RBAC_ROLE_CI',
28	deploymentsManager: 'RBAC_ROLE_DEPLOYMENTS_MANAGER',
29	terminalAccess: 'RBAC_ROLE_REMOTE_TERMINAL'
30	};
31
32	export const PermissionTypes = {	183✔
33	Any: 'any',
34	Get: 'GET',
35	Post: 'POST',
36	Put: 'PUT',
37	Delete: 'DELETE',
38	Patch: 'PATCH',
39	DeviceGroup: 'DEVICE_GROUP',
40	DeviceId: 'DEVICE_ID'
41	};
42
43	const permissionSetIds = {	183✔
44	Basic: 'Basic',
45	ConfigureDevices: 'ConfigureDevices',
46	ConnectToDevices: 'ConnectToDevices',
47	DeployToDevices: 'DeployToDevices',
48	ManageDevices: 'ManageDevices',
49	ManageReleases: 'ManageReleases',
50	ManageUsers: 'ManageUsers',
51	ReadAuditLogs: 'ReadAuditLogs',
52	ReadDevices: 'ReadDevices',
53	ReadReleases: 'ReadReleases',
54	ReadUsers: 'ReadUsers',
55	SuperUser: 'SuperUser',
56	UploadArtifacts: 'UploadArtifacts'
57	};
58
59	export const uiPermissionsById = {	183✔
60	configure: {
61	explanations: { groups: `'Configure' allows the user to use mender-configure features and apply configurations.` },
62	permissionLevel: 2,
63	permissionSets: { groups: permissionSetIds.ConfigureDevices },
64	title: 'Configure',
65	value: 'configure',
66	verbs: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post]
67	},
68	connect: {
69	explanations: { groups: `'Connect' allows the user to use mender-connect features and Troubleshoot add-ons.` },
70	permissionLevel: 2,
71	permissionSets: { groups: permissionSetIds.ConnectToDevices },
72	title: 'Connect',
73	value: 'connect',
74	verbs: [PermissionTypes.Get, PermissionTypes.Put]
75	},
76	deploy: {
77	explanations: { groups: `'Deploy' allows the user to deploy software or configuration updates to devices.` },
78	permissionLevel: 2,
79	permissionSets: { deployments: permissionSetIds.DeployToDevices, groups: permissionSetIds.DeployToDevices },
80	title: 'Deploy',
81	value: 'deploy',
82	verbs: [PermissionTypes.Post]
83	},
84	manage: {
85	explanations: {
86	groups: `'Manage' allows the user to edit device name, notes, and manage authentication status. For 'All devices' it also allows the user to edit and create device groups.`,
87	releases: `'Manage' allows the user to upload new artifacts, edit release descriptions and remove artifacts.`
88	},
89	permissionLevel: 2,
90	permissionSets: {
91	groups: permissionSetIds.ManageDevices,
92	releases: permissionSetIds.ManageReleases,
93	userManagement: permissionSetIds.ManageUsers
94	},
95	title: 'Manage',
96	value: 'manage',
97	verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
98	},
99	read: {
100	explanations: { groups: `'Read' allows the user to view devices.` },
101	permissionLevel: 1,
102	permissionSets: {
103	auditlog: permissionSetIds.ReadAuditLogs,
104	groups: permissionSetIds.ReadDevices,
105	releases: permissionSetIds.ReadReleases,
106	userManagement: permissionSetIds.ReadUsers
107	},
108	title: 'Read',
109	value: 'read',
110	verbs: [PermissionTypes.Get, PermissionTypes.Post]
111	},
112	upload: {
113	explanations: { groups: `'Upload' allows the user to upload new Artifacts.` },
114	unscopedOnly: { releases: true },
115	permissionLevel: 1,
116	permissionSets: { releases: permissionSetIds.UploadArtifacts },
117	title: 'Upload',
118	value: 'upload',
119	verbs: [PermissionTypes.Post, PermissionTypes.Put, PermissionTypes.Patch]
120	}
121	};
122
123	/**
124	* _uiPermissions_ represent the possible permissions/ rights that can be given for the area
125	* _endpoints_ represent the possible endpoints this definition might be affecting in the UI and what
126	* functionality might be affected
127	*
128	*/
129	export const scopedPermissionAreas = {	183✔
130	groups: { key: 'groups', excessiveAccessSelector: ALL_DEVICES, scopeType: 'DeviceGroups' },
131	releases: { key: 'releases', excessiveAccessSelector: ALL_RELEASES, scopeType: 'Releases' }
132	};
133
134	export const uiPermissionsByArea = {	183✔
135	auditlog: {
136	endpoints: [{ path: /\/(auditlog)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] }],
137	explanation:
138	'Granting access to the audit log will allow tracing changes to devices, releases and user accounts, as well as providing information about deployments.',
139	uiPermissions: [uiPermissionsById.read],
140	title: 'System audit log'
141	},
142	deployments: {
143	endpoints: [
144	{ path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Post, PermissionTypes.Put], uiPermissions: [uiPermissionsById.deploy] },
145	{ path: /\/(deployments\/deployments)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
146	{ path: /\/(deployments\/config)/i, types: [PermissionTypes.Get, PermissionTypes.Put], uiPermissions: [uiPermissionsById.manage] }
147	],
148	explanation: 'Providing deploy permissions will allow deployments to be created using the releases and devices a user has access to.',
149	uiPermissions: [uiPermissionsById.read, uiPermissionsById.deploy],
150	title: 'Deployments'
151	},
152	groups: {
153	endpoints: [
154	{
155	path: /\/(devauth\|inventory\|deviceconfig\|devicemonitor\|deviceconnect\/devices)/i,
156	types: [PermissionTypes.Get],
157	uiPermissions: [uiPermissionsById.read]
158	},
159	{ path: /\/(devauth\|inventory)/i, types: [PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] },
160	{ path: /\/(deviceconfig)/i, types: [PermissionTypes.Get, PermissionTypes.Put, PermissionTypes.Post], uiPermissions: [uiPermissionsById.configure] },
161	{ path: /\/(deviceconnect\/devices)/i, types: [PermissionTypes.Get, PermissionTypes.Post], uiPermissions: [uiPermissionsById.connect] }
162	],
163	explanation: 'Device group management permissions control the degree to which devices in a group can be accessed and moved to other groups.',
164	scope: scopedPermissionAreas.groups.scopeType,
165	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.deploy, uiPermissionsById.configure, uiPermissionsById.connect],
166	title: 'Group Management'
167	},
168	releases: {
169	endpoints: [
170	{ path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
171	{
172	path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i,
173	types: [PermissionTypes.Post, PermissionTypes.Put],
174	uiPermissions: [uiPermissionsById.read, uiPermissionsById.upload]
175	},
176	{
177	path: /\/(deployments\/artifacts\|deployments\/deployments\/releases)/i,
178	types: [PermissionTypes.Delete],
179	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage]
180	}
181	],
182	explanation: 'Release permissions can be granted to allow artifact & release modifications, as well as the creation of new releases.',
183	scope: 'ReleaseTags',
184	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage, uiPermissionsById.upload],
185	title: 'Releases'
186	},
187	userManagement: {
188	endpoints: [
189	{ path: /\/(useradm)/i, types: [PermissionTypes.Get], uiPermissions: [uiPermissionsById.read] },
190	{ path: /\/(useradm)/i, types: [PermissionTypes.Post], uiPermissions: [uiPermissionsById.manage] }
191	],
192	explanation:
193	'User management permissions should be granted carefully, as these allow privilege increases for any users managed by a user with user management permissions',
194	uiPermissions: [uiPermissionsById.read, uiPermissionsById.manage],
195	title: 'User Management'
196	}
197	};
198
199	export const emptyUiPermissions = Object.freeze({	183✔
200	auditlog: [],
201	deployments: [],
202	groups: Object.freeze({}),
203	releases: Object.freeze({}),
204	userManagement: []
205	});
206
207	export const emptyRole = Object.freeze({	183✔
208	name: undefined,
209	description: '',
210	permissions: [],
211	uiPermissions: Object.freeze({ ...emptyUiPermissions })
212	});
213
214	const permissionMapper = permission => permission.value;	3,294✔
215	export const itemUiPermissionsReducer = (accu, { item, uiPermissions }) => (item ? { ...accu, [item]: uiPermissions } : accu);	183✔
216
217	const checkSinglePermission = (permission, requiredPermission) =>	183✔
218	requiredPermission === permission \|\| uiPermissionsById[permission].permissionLevel > uiPermissionsById[requiredPermission].permissionLevel;	×
219
220	export const checkPermissionsObject = (permissions, requiredPermission, scopedAccess, superAccess) =>	183✔
221	permissions[superAccess]?.some(permission => checkSinglePermission(permission, requiredPermission)) \|\|	×
222	permissions[scopedAccess]?.some(permission => checkSinglePermission(permission, requiredPermission));	×
223
224	export const rolesById = Object.freeze({	183✔
225	[staticRolesByName.admin]: {
226	name: 'Admin',
227	value: staticRolesByName.admin,
228	description: 'Full access',
229	permissions: [], // permissions refers to the values returned from the backend
230	uiPermissions: {
231	...emptyUiPermissions,
232	auditlog: uiPermissionsByArea.auditlog.uiPermissions.map(permissionMapper),
233	deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
234	groups: { [ALL_DEVICES]: uiPermissionsByArea.groups.uiPermissions.map(permissionMapper) },
235	releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) },
236	userManagement: uiPermissionsByArea.userManagement.uiPermissions.map(permissionMapper)
237	}
238	},
239	[staticRolesByName.readOnly]: {
240	name: 'Read Access',
241	value: staticRolesByName.readOnly,
242	description: '',
243	permissions: [],
244	uiPermissions: {
245	...emptyUiPermissions,
246	deployments: [uiPermissionsById.read.value],
247	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] },
248	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] },
249	userManagement: [uiPermissionsById.read.value]
250	}
251	},
252	[staticRolesByName.ci]: {
253	name: 'Releases Manager',
254	value: staticRolesByName.ci,
255	description: '',
256	permissions: [],
257	uiPermissions: {
258	...emptyUiPermissions,
259	releases: { [ALL_RELEASES]: uiPermissionsByArea.releases.uiPermissions.map(permissionMapper) }
260	}
261	},
262	[staticRolesByName.deploymentsManager]: {
263	name: 'Deployments Manager',
264	value: staticRolesByName.deploymentsManager,
265	description: '',
266	permissions: [],
267	uiPermissions: {
268	...emptyUiPermissions,
269	deployments: uiPermissionsByArea.deployments.uiPermissions.map(permissionMapper),
270	groups: { [ALL_DEVICES]: [uiPermissionsById.deploy.value] },
271	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
272	}
273	},
274	[staticRolesByName.terminalAccess]: {
275	name: 'Troubleshooting',
276	value: staticRolesByName.terminalAccess,
277	description: 'Access to the troubleshooting features: Remote Terminal, File Transfer, Port Forwarding',
278	permissions: [],
279	uiPermissions: {
280	...emptyUiPermissions,
281	groups: { [ALL_DEVICES]: [uiPermissionsById.connect.value] }
282	}
283	}
284	});
285
286	export const defaultPermissionSets = {	183✔
287	[permissionSetIds.Basic]: {
288	name: permissionSetIds.Basic,
289	result: {
290	// this is needed to prevent the detailed permissions of the basic permission set from being interpreted as allowing read & management access to user endpoints
291	userManagement: [uiPermissionsById.read.value]
292	}
293	},
294	[permissionSetIds.SuperUser]: {
295	name: permissionSetIds.SuperUser,
296	result: {
297	...rolesById[staticRolesByName.admin].uiPermissions
298	}
299	},
300	[permissionSetIds.ManageUsers]: {
301	name: permissionSetIds.ManageUsers,
302	result: {
303	userManagement: [uiPermissionsById.manage.value]
304	}
305	},
306	[permissionSetIds.ReadAuditLogs]: {
307	name: permissionSetIds.ReadAuditLogs,
308	result: {
309	auditlog: [uiPermissionsById.read.value]
310	}
311	},
312	[permissionSetIds.ReadReleases]: {
313	name: permissionSetIds.ReadReleases,
314	result: {
315	releases: { [ALL_RELEASES]: [uiPermissionsById.read.value] }
316	}
317	},
318	[permissionSetIds.ReadUsers]: {
319	name: permissionSetIds.ReadUsers,
320	result: {
321	userManagement: [uiPermissionsById.read.value]
322	}
323	},
324	[permissionSetIds.UploadArtifacts]: {
325	name: permissionSetIds.UploadArtifacts,
326	result: {
327	releases: { [ALL_RELEASES]: [uiPermissionsById.upload.value] }
328	}
329	},
330	[permissionSetIds.ManageReleases]: {
331	name: permissionSetIds.ManageReleases,
332	result: {
333	releases: { [ALL_RELEASES]: [uiPermissionsById.manage.value] }
334	}
335	},
336	[permissionSetIds.ConfigureDevices]: {
337	name: permissionSetIds.ConfigureDevices,
338	result: {
339	deployments: [uiPermissionsById.read.value, uiPermissionsById.deploy.value],
340	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.configure.value] }
341	}
342	},
343	[permissionSetIds.ConnectToDevices]: {
344	name: permissionSetIds.ConnectToDevices,
345	result: {
346	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.connect.value] }
347	}
348	},
349	[permissionSetIds.DeployToDevices]: {
350	name: permissionSetIds.DeployToDevices,
351	result: {
352	deployments: [uiPermissionsById.deploy.value, uiPermissionsById.manage.value, uiPermissionsById.read.value],
353	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.deploy.value] }
354	}
355	},
356	[permissionSetIds.ManageDevices]: {
357	name: permissionSetIds.ManageDevices,
358	result: {
359	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value, uiPermissionsById.manage.value] }
360	}
361	},
362	[permissionSetIds.ReadDevices]: {
363	name: permissionSetIds.ReadDevices,
364	result: {
365	groups: { [ALL_DEVICES]: [uiPermissionsById.read.value] }
366	}
367	}
368	};
369
370	export const RECEIVED_QR_CODE = 'RECEIVED_QR_CODE';	183✔
371
372	export const SUCCESSFULLY_LOGGED_IN = 'SUCCESSFULLY_LOGGED_IN';	183✔
373	export const USER_LOGOUT = 'USER_LOGOUT';	183✔
374	export const RECEIVED_ACTIVATION_CODE = 'RECEIVED_ACTIVATION_CODE';	183✔
375	export const RECEIVED_USER_LIST = 'RECEIVED_USER_LIST';	183✔
376	export const RECEIVED_USER = 'RECEIVED_USER';	183✔
377	export const CREATED_USER = 'CREATED_USER';	183✔
378	export const REMOVED_USER = 'REMOVED_USER';	183✔
379	export const UPDATED_USER = 'UPDATED_USER';	183✔
380
381	export const RECEIVED_PERMISSION_SETS = 'RECEIVED_PERMISSION_SETS';	183✔
382	export const RECEIVED_ROLES = 'RECEIVED_ROLES';	183✔
383	export const CREATED_ROLE = 'CREATED_ROLE';	183✔
384	export const UPDATED_ROLE = 'UPDATED_ROLE';	183✔
385	export const REMOVED_ROLE = 'REMOVED_ROLE';	183✔
386
387	export const SET_CUSTOM_COLUMNS = 'SET_CUSTOM_COLUMNS';	183✔
388	export const SET_GLOBAL_SETTINGS = 'SET_GLOBAL_SETTINGS';	183✔
389	export const SET_USER_SETTINGS = 'SET_USER_SETTINGS';	183✔
390	export const SET_SHOW_CONNECT_DEVICE = 'SET_SHOW_CONNECT_DEVICE';	183✔
391	export const SET_TOOLTIP_STATE = 'SET_TOOLTIP_STATE';	183✔
392	export const SET_TOOLTIPS_STATE = 'SET_TOOLTIPS_STATE';	183✔
393
394	export const OWN_USER_ID = 'me';	183✔
395
396	export const rolesByName = {	183✔
397	...staticRolesByName,
398	deploymentCreation: { action: 'CREATE_DEPLOYMENT', object: { type: 'DEVICE_GROUP', value: undefined } },
399	groupAccess: { action: 'VIEW_DEVICE', object: { type: 'DEVICE_GROUP', value: undefined } },
400	userManagement: { action: 'http', object: { type: 'any', value: `${useradmApiUrlv1}/.*` } }
401	};
402	export const twoFAStates = {	183✔
403	enabled: 'enabled',
404	disabled: 'disabled',
405	unverified: 'unverified'
406	};
407	export const settingsKeys = { initialized: 'settings-initialized' };	183✔
408
409	export const READ_STATES = {	183✔
410	read: 'read',
411	seen: 'seen',
412	unread: 'unread'
413	};

mendersoftware / gui / 1081664682

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous