Application routing now uses SecureComponent and hasPermission function (#1288)

- Some menu options were not showing even if the user has access to perform the operations (IAM Policies) - Deleted unecessary backend endpoints.go logic, instead using SecureComponent to validate application routes and Menu options rendering - All the logic related to routes and permissions is now in the permissions.ts file - Added SecureComponent to List Users page - Separated Menu options and routing logic for AdminConsole and OperatorConsole - Tools are hidden if user don't have access to them or MinIO is running in fs mode (heal, audit log, etc - Hide change-password button if user don't have access - Hide create user button if user don't have access - fixed some bugs when ldap/oidc is enabled Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
2021-12-13 22:37:22 -08:00
parent db5ae3e09f
commit 3b2c740fe0
47 changed files with 1331 additions and 1482 deletions
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -5223,12 +5223,6 @@ func init() {
        "operator": {
          "type": "boolean"
        },
-        "pages": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
        "permissions": {
          "type": "object",
          "additionalProperties": {
@@ -11074,12 +11068,6 @@ func init() {
        "operator": {
          "type": "boolean"
        },
-        "pages": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
        "permissions": {
          "type": "object",
          "additionalProperties": {
--- a/restapi/user_session.go
+++ b/restapi/user_session.go
@@ -31,7 +31,8 @@ import (

 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
-	"github.com/minio/console/pkg/acl"
+	"github.com/minio/console/pkg/auth/idp/oauth2"
+	"github.com/minio/console/pkg/auth/ldap"
 	"github.com/minio/console/restapi/operations"
 	"github.com/minio/console/restapi/operations/user_api"
 )
@@ -111,15 +112,6 @@ func getSessionResponse(session *models.Principal) (*models.SessionResponse, *mo
 	if err != nil {
 		return nil, prepareError(err, errorGenericInvalidSession)
 	}
-	// by default every user starts with an empty array of available val
-	// therefore we would have access only to pages that doesn't require any privilege
-	// ie: service-account page
-	var actions []string
-	// if a policy is assigned to this user we parse the val from there
-	if policy != nil {
-		actions = acl.GetActionsStringFromPolicy(policy)
-	}
-
 	currTime := time.Now().UTC()

 	// This actions will be global, meaning has to be attached to all resources
@@ -229,7 +221,6 @@ func getSessionResponse(session *models.Principal) (*models.SessionResponse, *mo
 		return nil, prepareError(err)
 	}
 	sessionResp := &models.SessionResponse{
-		Pages:           acl.GetAuthorizedEndpoints(actions),
 		Features:        getListOfEnabledFeatures(),
 		Status:          models.SessionResponseStatusOk,
 		Operator:        false,
@@ -241,12 +232,20 @@ func getSessionResponse(session *models.Principal) (*models.SessionResponse, *mo

 // getListOfEnabledFeatures returns a list of features
 func getListOfEnabledFeatures() []string {
-	var features []string
+	features := []string{}
 	logSearchURL := getLogSearchURL()
+	oidcEnabled := oauth2.IsIDPEnabled()
+	ldapEnabled := ldap.GetLDAPEnabled()

 	if logSearchURL != "" {
 		features = append(features, "log-search")
 	}
+	if oidcEnabled {
+		features = append(features, "oidc-idp", "external-idp")
+	}
+	if ldapEnabled {
+		features = append(features, "ldap-idp", "external-idp")
+	}

 	return features
 }