gh-155 Make the Dashboard Role-aware

Author: ghillert

ui/app/index.html

@@ -40,27 +40,27 @@
           </p>
           <p ng-if="user.authenticationEnabled && !user.isAuthenticated" class="navbar-text navbar-right">Not logged in</p>
           <ul class="nav navbar-nav navbar-right">
-            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated"
+            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated" roles="['ROLE_VIEW']"
                 ng-class="{ active: $state.includes('home.apps') }">
-              <a ui-sref="home.apps.tabs.appsList">Apps</a>
+              <a ui-sref="home.apps.tabs.appsList">Apps</a>{{roles}}
             </li>
-            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated"
+            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated" roles="['ROLE_VIEW']"
                 ng-class="{ active: $state.includes('home.runtime') }">
                <a ui-sref="home.runtime.tabs.runtimeAppsList">Runtime</a>
             </li>
-            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated"
+            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated" roles="['ROLE_VIEW']"
                 ng-show="features.streamsEnabled" ng-class="{ active: $state.includes('home.streams') }">
                <a ui-sref="home.streams.tabs.definitions">Streams</a>
             </li>
-            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated"
+            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated" roles="['ROLE_VIEW']"
                 ng-show="features.tasksEnabled" ng-class="{ active: $state.includes('home.tasks') }">
               <a ui-sref="home.tasks.tabs.definitions">Tasks</a>
             </li>
-            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated"
+            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated" roles="['ROLE_VIEW']"
                 ng-show="features.tasksEnabled" ng-class="{ active: $state.includes('home.jobs') }">
               <a ui-sref="home.jobs.tabs.executions">Jobs</a>
             </li>
-            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated"
+            <li ng-hide="user.authenticationEnabled && !user.isAuthenticated" roles="['ROLE_VIEW']"
                 ng-show="features.analyticsEnabled" ng-class="{ active: $state.includes('home.analytics') }">
               <a ui-sref="home.analytics.tabs.dashboard">Analytics</a>
             </li>
@@ -81,6 +81,5 @@
     <div growl></div>
     <div ui-view ng-cloak cg-busy="{promise:cgbusy,delay:0,minDuration:500}"></div>
     <script src="lib/requirejs/require.js" data-main="scripts/main"></script>
-
 </body>
 </html>

ui/app/scripts/app/views/apps-list.html

@@ -4,17 +4,17 @@
             <div>
                 <table class="col-lg-12 tab-content-header"><tr>
                     <td class="col-xs-8">
-                        <button id="registerAppsButton" type="button" ng-click="registerApps()"
+                        <button id="registerAppsButton" roles="['ROLE_CREATE']" type="button" ng-click="registerApps()"
                                 class="btn btn-default"
                         ><span class="glyphicon glyphicon-plus"></span>
                             Register Application(s)
                         </button>
-                        <button id="unregisterSelectedAppsButton" type="button" ng-click="unregisterSelectedApps()"
+                        <button id="unregisterSelectedAppsButton" roles="['ROLE_CREATE']" type="button" ng-click="unregisterSelectedApps()"
                                 class="btn btn-default" ng-disabled="isNoneSelected()"
                         ><span class="glyphicon glyphicon-trash"></span>
                             Unregister Application(s)
                         </button>
-                        <button id="bulkImportAppsButton" type="button" ng-click="bulkImportApps()"
+                        <button id="bulkImportAppsButton" roles="['ROLE_CREATE']" type="button" ng-click="bulkImportApps()"
                                 class="btn btn-default"
                         ><span class="glyphicon glyphicon-import"></span>
                             Bulk Import Applications
@@ -29,7 +29,8 @@
     <thead>
     <tr>
         <th>
-            <input id="selectAllAppsCheckbox" type="checkbox" ng-model="toggleSelectAll" ng-model-options="{ getterSetter: true }" ui-indeterminate="isSomeButNotAllSelected()"/>
+            <input id="selectAllAppsCheckbox" type="checkbox" ng-model="toggleSelectAll" ng-model-options="{ getterSetter: true }" ui-indeterminate="isSomeButNotAllSelected()"
+                   roles="['ROLE_CREATE']"/>
         </th>
         <th>Name</th>
         <th>Type</th>
@@ -40,7 +41,7 @@
     <tbody>
 
     <tr dir-paginate="item in pageable.items | itemsPerPage: pageable.pageSize" total-items="pageable.total">
-        <td><input type="checkbox" ng-model="item.select" ng-model-options="{ getterSetter: true }"/></td>
+        <td><input type="checkbox" ng-model="item.select" ng-model-options="{ getterSetter: true }" roles="['ROLE_CREATE']"/></td>
         <td>{{item.name}}</td>
         <td>{{item.type}}</td>
         <td>{{item.uri}}</td>
@@ -51,7 +52,7 @@
             </button>
         </td>
         <td class="action-column">
-            <button type="button" ng-click="unregister(item, $index)"
+            <button roles="['ROLE_CREATE']" type="button" ng-click="unregister(item, $index)"
                     class="btn btn-default" title="Unregister"
             ><span class="glyphicon glyphicon-trash"></span>
             </button>

ui/app/scripts/auth/controllers/login.js

@@ -20,6 +20,7 @@
  * @author Gunnar Hillert
  * @author Alex Boyko
  */
+
 define([], function () {
   'use strict';
   return ['$scope', '$state', 'userService', 'DataflowUtils', '$log', '$rootScope', '$http',
@@ -36,9 +37,21 @@ define([], function () {
                 $rootScope.user.isFormLogin = true;
                 $http.defaults.headers.common[$rootScope.xAuthTokenHeaderName] = response.data;
 
+                var securityInfoUrl = '/security/info';
+                var timeout = 20000;
+                var promiseHttp = $http.get(securityInfoUrl, {timeout: timeout});
                 utils.growl.success('User ' + $scope.loginForm.username + ' logged in.');
                 $scope.loginForm = {};
-                $state.go('home.apps.tabs.appsList');
+
+                promiseHttp.then(function(response) {
+                  console.log('Security info retrieved ...', response.data);
+                  $rootScope.user.roles = response.data.roles;
+                  $state.go('home.apps.tabs.appsList');
+                }, function(errorResponse) {
+                  var errorMessage = 'Error retrieving security info from ' + securityInfoUrl + ' (timeout: ' + timeout + 'ms)';
+                  console.log(errorMessage, errorResponse);
+                  $('.splash .container').html(errorMessage);
+                });
               },
               function(response) {
                 utils.growl.error(response.data[0].message);

ui/app/scripts/auth/services.js

@@ -29,6 +29,15 @@ define(['angular'], function (angular) {
             authenticationEnabled: securityInfo.authenticationEnabled,
             isAuthenticated: securityInfo.authenticated,
             username: securityInfo.username,
+            roles: securityInfo.roles,
+            hasRole: function(role) {
+              if (user.roles.indexOf(role) >= 0){
+                return true;
+              }
+              else {
+                return false;
+              }
+            },
             isFormLogin: false
           };
           return user;

ui/app/scripts/directives.js

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2016 the original author or authors.
+ * Copyright 2014-2017 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,43 @@
 define(['angular', 'xregexp', 'moment'], function(angular) {
   'use strict';
   angular.module('dataflowMain.directives', [])
+    .directive('roles', ['userService', '$rootScope', function(userService, $rootScope) {
+
+      function applyRoles(scope, elem) {
+        var found = false;
+
+        if(userService.isAuthenticated){
+          angular.forEach(scope.roles, function(role){
+            found = userService.hasRole(role);
+            console.log('Needed one for the following roles ' + scope.roles + '. Found: ' + found);
+          });
+        }
+        else {
+          found = true;
+        }
+        if (found) {
+          elem.show();
+        }
+        else {
+          elem.hide();
+        }
+      }
+
+      return {
+        restrict: 'A',
+        scope: {
+          roles: '='
+        },
+        link: function (scope, elem) {
+          scope.$watch('userService.isAuthenticated', function() {
+            applyRoles(scope, elem);
+          }, true);
+          $rootScope.$watch('user.roles', function() {
+            applyRoles(scope, elem);
+          }, true);
+        }
+      };
+    }])
     .directive('dataflowParseUrls', [function() {
       var urlPattern = /(http|ftp|https):\/\/[\w-]+(\.[\w-]+)+([\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-])?/gi;
 

ui/app/scripts/routes.js

@@ -57,6 +57,7 @@ define(['./app'], function (dashboard) {
       template: '<ui-view/>',
       data:{
         authenticate: true,
+        roles: ['ROLE_VIEW'],
         feature: 'tasksEnabled'
       }
     })
@@ -65,6 +66,7 @@ define(['./app'], function (dashboard) {
       template: '<ui-view/>',
       data:{
         authenticate: true,
+        roles: ['ROLE_VIEW'],
         feature: 'tasksEnabled'
       }
     })
@@ -73,29 +75,33 @@ define(['./app'], function (dashboard) {
       template: '<ui-view/>',
       data: {
         authenticate: true,
+        roles: ['ROLE_VIEW'],
         feature: 'analyticsEnabled'
       }
     })
     .state('home.apps', {
       abstract: true,
       template: '<ui-view/>',
       data: {
-        authenticate: true
+        authenticate: true,
+        roles: ['ROLE_VIEW']
       }
     })
     .state('home.streams', {
       abstract:true,
       template: '<ui-view/>',
       data:{
         authenticate: true,
+        roles: ['ROLE_VIEW'],
         feature: 'streamsEnabled'
       }
     })
     .state('home.runtime', {
       abstract:true,
       template: '<ui-view/>',
       data:{
-        authenticate: true
+        authenticate: true,
+        roles: ['ROLE_VIEW']
       }
     })
     .state('home.jobs.tabs', {
@@ -147,6 +153,13 @@ define(['./app'], function (dashboard) {
         authenticate: false
       }
     })
+    .state('home.rolesMissing', {
+      url : '/roles-missing',
+      templateUrl : sharedTemplatesPath + '/roles-missing.html',
+      data:{
+        authenticate: false
+      }
+    })
     .state('home.streams.tabs', {
       url : 'streams',
       abstract:true,
@@ -444,6 +457,19 @@ define(['./app'], function (dashboard) {
           $state.go('login');
           event.preventDefault();
         }
+        else if (userService.authenticationEnabled && toState.data.authenticate &&
+          userService.isAuthenticated && toState.data.roles && toState.data.roles.length > 0) {
+          $log.info('State requires one of the following roles: ' + toState.data.roles);
+          var found = false;
+          angular.forEach(toState.data.roles, function(role){
+            found = userService.hasRole(role);
+          });
+          if (!found) {
+            $log.info('You do not have any of the necessary role(s) ' + toState.data.roles);
+            $state.go('home.rolesMissing', {feature: toState.data.roles});
+            event.preventDefault();
+          }
+        }
       });
   });
   return dashboard;

ui/app/scripts/shared/views/roles-missing.html

@@ -0,0 +1,6 @@
+<h1>Roles Missing</h1>
+
+<p class="index-page--subtitle">
+  It appears that you are missing the proper roles to use the Dashboard. Please contact your administrator to rectify the
+  situation.
+</p>

ui/app/scripts/stream/views/definitions.html

@@ -50,21 +50,21 @@
             </button>
         </td>
         <td class="action-column">
-            <button type="button" ng-click="undeployStream(item)"
+            <button type="button" ng-click="undeployStream(item)" roles="['ROLE_CREATE']"
                     ng-disabled="item.status === 'deploying' || item.status === 'undeployed'"
                     class="btn btn-default"
                     ><span class="glyphicon glyphicon-stop"></span> Undeploy
             </button>
         </td>
         <td class="action-column">
-            <button type="button" ng-click="deployStream(item)"
+            <button type="button" ng-click="deployStream(item)" roles="['ROLE_CREATE']"
                     ng-disabled="item.status === 'deploying' || item.status === 'deployed' || item.status === 'incomplete' || item.status === 'failed'"
                     class="btn btn-default"
                     ><span class="glyphicon glyphicon-play"></span> Deploy
             </button>
         </td>
         <td class="action-column">
-            <button type="button" ng-click="clickModal(item)"
+            <button type="button" ng-click="clickModal(item)" roles="['ROLE_CREATE']"
                     class="btn btn-default" data-toggle="modal" data-target="#confirm-destroy"
                     ><span class="glyphicon glyphicon-remove"></span> Destroy
             </button>

ui/app/scripts/stream/views/streams.html

@@ -10,7 +10,7 @@ <h1 class="no-user-selection">Streams</h1>
         <li ng-class="{ active: $state.includes('home.streams.tabs.definitions') }"><a
                 ui-sref="home.streams.tabs.definitions">Definitions</a>
         </li>
-        <li ng-class="{ active: $state.includes('home.streams.tabs.create') }"><a
+        <li ng-class="{ active: $state.includes('home.streams.tabs.create') }" roles="['ROLE_CREATE']"><a
                 ui-sref="home.streams.tabs.create">Create Stream</a>
     </ul>
     <div class="tab-content">

ui/app/scripts/task/views/definitions.html

@@ -5,7 +5,7 @@
         <table class="col-lg-12 tab-content-header"><tr>
           <td class="col-xs-8">
             <button id="bulkDefineTasksButton" type="button" ng-click="bulkDefineTasks()"
-                    class="btn btn-default"
+                    class="btn btn-default" roles="['ROLE_CREATE']"
             ><span class="glyphicon glyphicon-import"></span>
               Bulk Define Tasks
             </button>