refactor: refactor skyline:xxx policies

1. Update skyline:project_admin, skyline:project_member, syline:project_reader, skyline:system_admin, skyline:system_reader to admin, member, reader 2. Update actions/list page used by skyline policy to normal policy Change-Id: I4d06dbd871d7a1f982d574abbcfee9246fedf870
2022-07-08 10:39:47 +08:00 · 2022-07-08 10:39:47 +08:00 · 408b7bf692
commit 408b7bf692
parent 7f65bf6bfc
13 changed files with 37 additions and 72 deletions
--- a/src/pages/compute/containers/Hypervisors/ComputeHost/index.jsx
+++ b/src/pages/compute/containers/Hypervisors/ComputeHost/index.jsx
@ -16,7 +16,6 @@ import { observer, inject } from 'mobx-react';
 import Base from 'containers/List';
 import { serviceStatus, serviceState } from 'resources/nova/service';
 import globalComputeHostStore from 'stores/nova/compute-host';
-import { onlyAdminCanReadPolicy } from 'resources/skyline/policy';
 import { getOptions } from 'utils';
 import actionConfigs from './actions';

@ -26,7 +25,7 @@ export class ComputeHost extends Base {
  }

  get policy() {
-    return onlyAdminCanReadPolicy;
+    return 'os_compute_api:os-services:list';
  }

  get name() {
--- a/src/pages/configuration/containers/Setting/actions/Edit.jsx
+++ b/src/pages/configuration/containers/Setting/actions/Edit.jsx
@ -17,6 +17,7 @@ import { ModalAction } from 'containers/Action';
 import globalSettingStore from 'stores/skyline/setting';
 import CodeEditor from 'components/CodeEditor';
 import { inject, observer } from 'mobx-react';
+import { onlyAdminCanChangePolicy } from 'resources/skyline/policy';

 export class Edit extends ModalAction {
  get id() {
@ -27,7 +28,7 @@ export class Edit extends ModalAction {
    return this.item.key;
  }

-  static policy = 'skyline:system_admin';
+  static policy = onlyAdminCanChangePolicy;

  static allowed() {
    return Promise.resolve(true);
--- a/src/pages/configuration/containers/Setting/actions/Reset.jsx
+++ b/src/pages/configuration/containers/Setting/actions/Reset.jsx
@ -14,6 +14,7 @@

 import { ConfirmAction } from 'containers/Action';
 import globalSettingStore from 'stores/skyline/setting';
+import { onlyAdminCanChangePolicy } from 'resources/skyline/policy';

 export default class Reset extends ConfirmAction {
  get id() {
@ -38,7 +39,7 @@ export default class Reset extends ConfirmAction {

  getItemName = (data) => data.key;

-  policy = 'skyline:system_admin';
+  policy = onlyAdminCanChangePolicy;

  onSubmit = (item) => {
    const { key: id } = item || this.item;
--- a/src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx
+++ b/src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx
@ -13,7 +13,7 @@
 // limitations under the License.

 import { ConfirmAction } from 'containers/Action';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalLbaasStore from 'stores/octavia/loadbalancer';
 import globalRootStore from 'stores/root';

@ -62,10 +62,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/pages/network/containers/Network/actions/CreateNetwork.jsx
+++ b/src/pages/network/containers/Network/actions/CreateNetwork.jsx
@ -19,7 +19,7 @@ import globalNetworkStore from 'stores/neutron/network';
 import globalProjectStore from 'stores/keystone/project';
 import { isEmpty, isFunction } from 'lodash';
 import Notify from 'components/Notify';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalNeutronStore from 'stores/neutron/neutron';
 import { subnetIpv6Tip } from 'resources/neutron/network';
 import networkUtil from './networkUtil';
@ -73,7 +73,7 @@ export class CreateNetwork extends ModalAction {
  }

  get isSystemAdmin() {
-    return checkPolicyRule('skyline:system_admin');
+    return checkSystemAdmin();
  }

  static get disableSubmit() {
--- a/src/pages/network/containers/Network/actions/Delete.jsx
+++ b/src/pages/network/containers/Network/actions/Delete.jsx
@ -14,7 +14,7 @@

 import { ConfirmAction } from 'containers/Action';
 import globalNetworkStore from 'stores/neutron/network';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalRootStore from 'stores/root';

 export default class DeleteAction extends ConfirmAction {
@ -49,10 +49,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/pages/network/containers/Network/actions/Edit.jsx
+++ b/src/pages/network/containers/Network/actions/Edit.jsx
@ -15,7 +15,7 @@
 import { inject, observer } from 'mobx-react';
 import { ModalAction } from 'containers/Action';
 import globalNetworkStore from 'stores/neutron/network';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalRootStore from 'stores/root';
 import { getYesNoList } from 'utils/index';

@ -57,7 +57,7 @@ export class Edit extends ModalAction {
  };

  get isSystemAdmin() {
-    return checkPolicyRule('skyline:system_admin');
+    return checkSystemAdmin();
  }

  get formItems() {
--- a/src/pages/network/containers/VPN/EndpointGroup/actions/Delete.jsx
+++ b/src/pages/network/containers/VPN/EndpointGroup/actions/Delete.jsx
@ -13,7 +13,7 @@
 // limitations under the License.

 import { ConfirmAction } from 'containers/Action';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalVPNEndPointGroupStore from 'stores/neutron/vpn-endpoint-group';
 import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection';
 import globalRootStore from 'stores/root';
@ -52,10 +52,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/pages/network/containers/VPN/IKEPolicy/actions/Delete.jsx
+++ b/src/pages/network/containers/VPN/IKEPolicy/actions/Delete.jsx
@ -13,7 +13,7 @@
 // limitations under the License.

 import { ConfirmAction } from 'containers/Action';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalVpnIKEPolicyStore from 'stores/neutron/vpn-ike-policy';
 import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection';
 import globalRootStore from 'stores/root';
@ -50,10 +50,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/pages/network/containers/VPN/IPsecPolicy/actions/Delete.jsx
+++ b/src/pages/network/containers/VPN/IPsecPolicy/actions/Delete.jsx
@ -13,7 +13,7 @@
 // limitations under the License.

 import { ConfirmAction } from 'containers/Action';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalVpnIPsecPolicyStore from 'stores/neutron/vpn-ipsec-policy';
 import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection';
 import globalRootStore from 'stores/root';
@ -50,10 +50,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/pages/network/containers/VPN/IPsecSiteConnection/actions/Delete.jsx
+++ b/src/pages/network/containers/VPN/IPsecSiteConnection/actions/Delete.jsx
@ -13,7 +13,7 @@
 // limitations under the License.

 import { ConfirmAction } from 'containers/Action';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection';
 import globalRootStore from 'stores/root';

@ -49,10 +49,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/pages/network/containers/VPN/VPNGateway/actions/Delete.jsx
+++ b/src/pages/network/containers/VPN/VPNGateway/actions/Delete.jsx
@ -13,7 +13,7 @@
 // limitations under the License.

 import { ConfirmAction } from 'containers/Action';
-import { checkPolicyRule } from 'resources/skyline/policy';
+import { checkSystemAdmin } from 'resources/skyline/policy';
 import globalVpnServicesStore from 'stores/neutron/vpn-service';
 import globalRootStore from 'stores/root';
 import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection';
@ -50,10 +50,7 @@ export default class DeleteAction extends ConfirmAction {

  isCurrentProject(item) {
    const rootStore = globalRootStore;
-    if (
-      !checkPolicyRule('skyline:system_admin') &&
-      item.project_id !== rootStore.user.project.id
-    ) {
+    if (!checkSystemAdmin && item.project_id !== rootStore.user.project.id) {
      return false;
    }
    return true;
--- a/src/resources/skyline/policy.js
+++ b/src/resources/skyline/policy.js
@ -152,8 +152,8 @@ const checkPolicyRules = (rules, every, actionName, isAliasPolicy) => {

 export const systemRoleIsReader = () => {
  const { roles = [] } = globalRootStore.user || {};
-  const readerRole = 'system_reader';
-  const adminRoles = ['system_admin', 'admin'];
+  const readerRole = 'reader';
+  const adminRoles = ['admin'];
  const hasReaderRole = roles.some((it) => it.name === readerRole);
  if (!hasReaderRole) {
    return false;
@ -209,40 +209,25 @@ const checkItemPolicy = ({
 export default checkItemPolicy;

 export const allCanReadPolicy = {
-  rules: [
-    'skyline:system_admin',
-    'skyline:system_reader',
-    'skyline:project_admin',
-    'skyline:project_member',
-    'skyline:project_reader',
-  ],
-  every: false,
-};
-
-export const onlyProjectCanReadPolicy = {
-  rules: [
-    'skyline:project_admin',
-    'skyline:project_member',
-    'skyline:project_reader',
-  ],
+  rules: ['admin', 'reader', 'member'],
  every: false,
 };

 export const allCanChangePolicy = {
-  rules: [
-    'skyline:system_admin',
-    'skyline:project_admin',
-    'skyline:project_member',
-  ],
-  every: false,
-};
-
-export const onlyProjectCanChangePolicy = {
-  rules: ['skyline:project_admin', 'skyline:project_member'],
+  rules: ['admin', 'member'],
  every: false,
 };

 export const onlyAdminCanReadPolicy = {
-  rules: ['skyline:system_admin', 'skyline:system_reader'],
+  rules: ['admin', 'reader'],
  every: false,
 };
+
+export const onlyAdminCanChangePolicy = {
+  rules: ['admin'],
+  every: false,
+};
+
+export const checkSystemAdmin = () => {
+  return globalRootStore.hasAdminRole;
+};