diff --git a/src/pages/compute/containers/Hypervisors/ComputeHost/index.jsx b/src/pages/compute/containers/Hypervisors/ComputeHost/index.jsx index 7bbd143a..94a7c126 100644 --- a/src/pages/compute/containers/Hypervisors/ComputeHost/index.jsx +++ b/src/pages/compute/containers/Hypervisors/ComputeHost/index.jsx @@ -16,7 +16,6 @@ import { observer, inject } from 'mobx-react'; import Base from 'containers/List'; import { serviceStatus, serviceState } from 'resources/nova/service'; import globalComputeHostStore from 'stores/nova/compute-host'; -import { onlyAdminCanReadPolicy } from 'resources/skyline/policy'; import { getOptions } from 'utils'; import actionConfigs from './actions'; @@ -26,7 +25,7 @@ export class ComputeHost extends Base { } get policy() { - return onlyAdminCanReadPolicy; + return 'os_compute_api:os-services:list'; } get name() { diff --git a/src/pages/configuration/containers/Setting/actions/Edit.jsx b/src/pages/configuration/containers/Setting/actions/Edit.jsx index b4bbfaa3..fbac00f3 100644 --- a/src/pages/configuration/containers/Setting/actions/Edit.jsx +++ b/src/pages/configuration/containers/Setting/actions/Edit.jsx @@ -17,6 +17,7 @@ import { ModalAction } from 'containers/Action'; import globalSettingStore from 'stores/skyline/setting'; import CodeEditor from 'components/CodeEditor'; import { inject, observer } from 'mobx-react'; +import { onlyAdminCanChangePolicy } from 'resources/skyline/policy'; export class Edit extends ModalAction { get id() { @@ -27,7 +28,7 @@ export class Edit extends ModalAction { return this.item.key; } - static policy = 'skyline:system_admin'; + static policy = onlyAdminCanChangePolicy; static allowed() { return Promise.resolve(true); diff --git a/src/pages/configuration/containers/Setting/actions/Reset.jsx b/src/pages/configuration/containers/Setting/actions/Reset.jsx index ada9fefc..74912574 100644 --- a/src/pages/configuration/containers/Setting/actions/Reset.jsx +++ b/src/pages/configuration/containers/Setting/actions/Reset.jsx @@ -14,6 +14,7 @@ import { ConfirmAction } from 'containers/Action'; import globalSettingStore from 'stores/skyline/setting'; +import { onlyAdminCanChangePolicy } from 'resources/skyline/policy'; export default class Reset extends ConfirmAction { get id() { @@ -38,7 +39,7 @@ export default class Reset extends ConfirmAction { getItemName = (data) => data.key; - policy = 'skyline:system_admin'; + policy = onlyAdminCanChangePolicy; onSubmit = (item) => { const { key: id } = item || this.item; diff --git a/src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx b/src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx index 7efa8937..a6785d9d 100644 --- a/src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx +++ b/src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx @@ -13,7 +13,7 @@ // limitations under the License. import { ConfirmAction } from 'containers/Action'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalLbaasStore from 'stores/octavia/loadbalancer'; import globalRootStore from 'stores/root'; @@ -62,10 +62,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/pages/network/containers/Network/actions/CreateNetwork.jsx b/src/pages/network/containers/Network/actions/CreateNetwork.jsx index c2f6ea44..62eaaaf2 100644 --- a/src/pages/network/containers/Network/actions/CreateNetwork.jsx +++ b/src/pages/network/containers/Network/actions/CreateNetwork.jsx @@ -19,7 +19,7 @@ import globalNetworkStore from 'stores/neutron/network'; import globalProjectStore from 'stores/keystone/project'; import { isEmpty, isFunction } from 'lodash'; import Notify from 'components/Notify'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalNeutronStore from 'stores/neutron/neutron'; import { subnetIpv6Tip } from 'resources/neutron/network'; import networkUtil from './networkUtil'; @@ -73,7 +73,7 @@ export class CreateNetwork extends ModalAction { } get isSystemAdmin() { - return checkPolicyRule('skyline:system_admin'); + return checkSystemAdmin(); } static get disableSubmit() { diff --git a/src/pages/network/containers/Network/actions/Delete.jsx b/src/pages/network/containers/Network/actions/Delete.jsx index 1fa7ed03..85a2ed11 100644 --- a/src/pages/network/containers/Network/actions/Delete.jsx +++ b/src/pages/network/containers/Network/actions/Delete.jsx @@ -14,7 +14,7 @@ import { ConfirmAction } from 'containers/Action'; import globalNetworkStore from 'stores/neutron/network'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalRootStore from 'stores/root'; export default class DeleteAction extends ConfirmAction { @@ -49,10 +49,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/pages/network/containers/Network/actions/Edit.jsx b/src/pages/network/containers/Network/actions/Edit.jsx index 521caa9f..a819c2e2 100644 --- a/src/pages/network/containers/Network/actions/Edit.jsx +++ b/src/pages/network/containers/Network/actions/Edit.jsx @@ -15,7 +15,7 @@ import { inject, observer } from 'mobx-react'; import { ModalAction } from 'containers/Action'; import globalNetworkStore from 'stores/neutron/network'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalRootStore from 'stores/root'; import { getYesNoList } from 'utils/index'; @@ -57,7 +57,7 @@ export class Edit extends ModalAction { }; get isSystemAdmin() { - return checkPolicyRule('skyline:system_admin'); + return checkSystemAdmin(); } get formItems() { diff --git a/src/pages/network/containers/VPN/EndpointGroup/actions/Delete.jsx b/src/pages/network/containers/VPN/EndpointGroup/actions/Delete.jsx index 2ea5d8a0..f60f97db 100644 --- a/src/pages/network/containers/VPN/EndpointGroup/actions/Delete.jsx +++ b/src/pages/network/containers/VPN/EndpointGroup/actions/Delete.jsx @@ -13,7 +13,7 @@ // limitations under the License. import { ConfirmAction } from 'containers/Action'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalVPNEndPointGroupStore from 'stores/neutron/vpn-endpoint-group'; import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection'; import globalRootStore from 'stores/root'; @@ -52,10 +52,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/pages/network/containers/VPN/IKEPolicy/actions/Delete.jsx b/src/pages/network/containers/VPN/IKEPolicy/actions/Delete.jsx index b264998a..b064dca8 100644 --- a/src/pages/network/containers/VPN/IKEPolicy/actions/Delete.jsx +++ b/src/pages/network/containers/VPN/IKEPolicy/actions/Delete.jsx @@ -13,7 +13,7 @@ // limitations under the License. import { ConfirmAction } from 'containers/Action'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalVpnIKEPolicyStore from 'stores/neutron/vpn-ike-policy'; import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection'; import globalRootStore from 'stores/root'; @@ -50,10 +50,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/pages/network/containers/VPN/IPsecPolicy/actions/Delete.jsx b/src/pages/network/containers/VPN/IPsecPolicy/actions/Delete.jsx index ff18b846..f5a7cda0 100644 --- a/src/pages/network/containers/VPN/IPsecPolicy/actions/Delete.jsx +++ b/src/pages/network/containers/VPN/IPsecPolicy/actions/Delete.jsx @@ -13,7 +13,7 @@ // limitations under the License. import { ConfirmAction } from 'containers/Action'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalVpnIPsecPolicyStore from 'stores/neutron/vpn-ipsec-policy'; import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection'; import globalRootStore from 'stores/root'; @@ -50,10 +50,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/pages/network/containers/VPN/IPsecSiteConnection/actions/Delete.jsx b/src/pages/network/containers/VPN/IPsecSiteConnection/actions/Delete.jsx index 078d45f2..2d213768 100644 --- a/src/pages/network/containers/VPN/IPsecSiteConnection/actions/Delete.jsx +++ b/src/pages/network/containers/VPN/IPsecSiteConnection/actions/Delete.jsx @@ -13,7 +13,7 @@ // limitations under the License. import { ConfirmAction } from 'containers/Action'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection'; import globalRootStore from 'stores/root'; @@ -49,10 +49,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin() && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/pages/network/containers/VPN/VPNGateway/actions/Delete.jsx b/src/pages/network/containers/VPN/VPNGateway/actions/Delete.jsx index 7bbf7afa..adc6e371 100644 --- a/src/pages/network/containers/VPN/VPNGateway/actions/Delete.jsx +++ b/src/pages/network/containers/VPN/VPNGateway/actions/Delete.jsx @@ -13,7 +13,7 @@ // limitations under the License. import { ConfirmAction } from 'containers/Action'; -import { checkPolicyRule } from 'resources/skyline/policy'; +import { checkSystemAdmin } from 'resources/skyline/policy'; import globalVpnServicesStore from 'stores/neutron/vpn-service'; import globalRootStore from 'stores/root'; import globalVpnIPsecConnectionStore from 'stores/neutron/vpn-ipsec-connection'; @@ -50,10 +50,7 @@ export default class DeleteAction extends ConfirmAction { isCurrentProject(item) { const rootStore = globalRootStore; - if ( - !checkPolicyRule('skyline:system_admin') && - item.project_id !== rootStore.user.project.id - ) { + if (!checkSystemAdmin && item.project_id !== rootStore.user.project.id) { return false; } return true; diff --git a/src/resources/skyline/policy.js b/src/resources/skyline/policy.js index 343b6bf0..c668a1e3 100644 --- a/src/resources/skyline/policy.js +++ b/src/resources/skyline/policy.js @@ -152,8 +152,8 @@ const checkPolicyRules = (rules, every, actionName, isAliasPolicy) => { export const systemRoleIsReader = () => { const { roles = [] } = globalRootStore.user || {}; - const readerRole = 'system_reader'; - const adminRoles = ['system_admin', 'admin']; + const readerRole = 'reader'; + const adminRoles = ['admin']; const hasReaderRole = roles.some((it) => it.name === readerRole); if (!hasReaderRole) { return false; @@ -209,40 +209,25 @@ const checkItemPolicy = ({ export default checkItemPolicy; export const allCanReadPolicy = { - rules: [ - 'skyline:system_admin', - 'skyline:system_reader', - 'skyline:project_admin', - 'skyline:project_member', - 'skyline:project_reader', - ], - every: false, -}; - -export const onlyProjectCanReadPolicy = { - rules: [ - 'skyline:project_admin', - 'skyline:project_member', - 'skyline:project_reader', - ], + rules: ['admin', 'reader', 'member'], every: false, }; export const allCanChangePolicy = { - rules: [ - 'skyline:system_admin', - 'skyline:project_admin', - 'skyline:project_member', - ], - every: false, -}; - -export const onlyProjectCanChangePolicy = { - rules: ['skyline:project_admin', 'skyline:project_member'], + rules: ['admin', 'member'], every: false, }; export const onlyAdminCanReadPolicy = { - rules: ['skyline:system_admin', 'skyline:system_reader'], + rules: ['admin', 'reader'], every: false, }; + +export const onlyAdminCanChangePolicy = { + rules: ['admin'], + every: false, +}; + +export const checkSystemAdmin = () => { + return globalRootStore.hasAdminRole; +};