Merge pull request ceph#62149 from rhcs-dashboard/fix-access-perm-ui

mgr/dashboard: fix access control permissions for roles

Reviewed-by: Afreen Misbah <[email protected]>

Author: afreen23

src/pybind/mgr/dashboard/frontend/src/app/ceph/dashboard-v3/dashboard-pie/dashboard-pie.component.ts

@@ -15,9 +15,9 @@ export class DashboardPieComponent implements OnChanges, OnInit {
   @Input()
   data: any;
   @Input()
-  highThreshold: number;
+  highThreshold = 0;
   @Input()
-  lowThreshold: number;
+  lowThreshold = 0;
 
   color: string;
 
@@ -162,15 +162,15 @@ export class DashboardPieComponent implements OnChanges, OnInit {
     const percentAvailable = this.calcPercentage(max - current, max);
     const percentUsed = this.calcPercentage(current, max);
 
-    if (fullRatioPercent >= 0 && percentUsed >= fullRatioPercent) {
+    if (fullRatioPercent > 0 && percentUsed >= fullRatioPercent) {
       this.color = 'chart-color-red';
-    } else if (nearFullRatioPercent >= 0 && percentUsed >= nearFullRatioPercent) {
+    } else if (nearFullRatioPercent > 0 && percentUsed >= nearFullRatioPercent) {
       this.color = 'chart-color-yellow';
     } else {
       this.color = 'chart-color-blue';
     }
 
-    if (fullRatioPercent >= 0 && nearFullRatioPercent >= 0) {
+    if (fullRatioPercent > 0 && nearFullRatioPercent > 0) {
       chart.dataset[0].data = [
         Math.round(nearFullRatioPercent),
         Math.round(Math.abs(nearFullRatioPercent - fullRatioPercent)),

src/pybind/mgr/dashboard/frontend/src/app/ceph/dashboard-v3/dashboard/dashboard-v3.component.html

@@ -227,7 +227,7 @@
                    [fullHeight]="true"
                    aria-label="Capacity card">
             <ng-container class="ms-4 me-4"
-                          *ngIf="capacity && osdSettings">
+                          *ngIf="capacity">
               <cd-dashboard-pie [data]="{max: capacity.total_bytes, current: capacity.total_used_raw_bytes}"
                                 [lowThreshold]="osdSettings.nearfull_ratio"
                                 [highThreshold]="osdSettings.full_ratio">

src/pybind/mgr/dashboard/frontend/src/app/ceph/dashboard-v3/dashboard/dashboard-v3.component.ts

@@ -26,6 +26,7 @@ import { MgrModuleService } from '~/app/shared/api/mgr-module.service';
 import { AlertClass } from '~/app/shared/enum/health-icon.enum';
 import { HardwareService } from '~/app/shared/api/hardware.service';
 import { SettingsService } from '~/app/shared/api/settings.service';
+import { OsdSettings } from '~/app/shared/models/osd-settings';
 
 @Component({
   selector: 'cd-dashboard-v3',
@@ -35,7 +36,7 @@ import { SettingsService } from '~/app/shared/api/settings.service';
 export class DashboardV3Component extends PrometheusListHelper implements OnInit, OnDestroy {
   detailsCardData: DashboardDetails = {};
   osdSettingsService: any;
-  osdSettings: any;
+  osdSettings = new OsdSettings();
   interval = new Subscription();
   permissions: Permissions;
   enabledFeature$: FeatureTogglesMap$;
@@ -117,7 +118,8 @@ export class DashboardV3Component extends PrometheusListHelper implements OnInit
     }
     this.interval = this.refreshIntervalService.intervalData$.subscribe(() => {
       this.getHealth();
-      this.getCapacityCardData();
+      this.getCapacity();
+      if (this.permissions.configOpt.read) this.getOsdSettings();
       if (this.hardwareEnabled) this.hardwareSubject.next([]);
     });
     this.getPrometheusData(this.prometheusService.lastHourDateObject);
@@ -165,16 +167,19 @@ export class DashboardV3Component extends PrometheusListHelper implements OnInit
     );
   }
 
-  getCapacityCardData() {
+  private getCapacity() {
+    this.capacityService = this.healthService.getClusterCapacity().subscribe((data: any) => {
+      this.capacity = data;
+    });
+  }
+
+  private getOsdSettings() {
     this.osdSettingsService = this.osdService
       .getOsdSettings()
       .pipe(take(1))
-      .subscribe((data: any) => {
+      .subscribe((data: OsdSettings) => {
         this.osdSettings = data;
       });
-    this.capacityService = this.healthService.getClusterCapacity().subscribe((data: any) => {
-      this.capacity = data;
-    });
   }
 
   public getPrometheusData(selectedTime: any) {

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-multisite-details/rgw-multisite-details.component.html

@@ -1,6 +1,7 @@
 <cd-rgw-multisite-tabs></cd-rgw-multisite-tabs>
 <div>
-  <cd-alert-panel *ngIf="!rgwModuleStatus"
+  <!-- Show the alert only when the user has the permission to configure -->
+  <cd-alert-panel *ngIf="permissions.configOpt.create && !rgwModuleStatus"
                   type="info"
                   spacingClass="mb-3"
                   class="d-flex align-items-center"
@@ -18,32 +19,32 @@
        Cluster->Services</a>
   </cd-alert-panel>
   <cd-table-actions class="btn-group mb-4 me-2"
-                    [permission]="permission"
+                    [permission]="permissions.rgw"
                     [selection]="selection"
                     [tableActions]="multisiteReplicationActions">
   </cd-table-actions>
   <cd-table-actions *ngIf="showMigrateAndReplicationActions"
                     class="btn-group mb-4 me-2 secondary"
-                    [permission]="permission"
+                    [permission]="permissions.rgw"
                     [btnColor]="'light'"
                     [selection]="selection"
                     [tableActions]="migrateTableAction">
   </cd-table-actions>
   <cd-table-actions *ngIf="!showMigrateAndReplicationActions"
                     class="btn-group mb-4 me-2"
-                    [permission]="permission"
+                    [permission]="permissions.rgw"
                     [selection]="selection"
                     [tableActions]="createTableActions"
                     [primaryDropDown]="true">
   </cd-table-actions>
   <cd-table-actions class="btn-group mb-4 me-2"
-                    [permission]="permission"
+                    [permission]="permissions.rgw"
                     [btnColor]="'light'"
                     [selection]="selection"
                     [tableActions]="importAction">
   </cd-table-actions>
   <cd-table-actions class="btn-group mb-4 me-2"
-                    [permission]="permission"
+                    [permission]="permissions.rgw"
                     [btnColor]="'light'"
                     [selection]="selection"
                     [tableActions]="exportAction">

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-multisite-details/rgw-multisite-details.component.ts

@@ -21,7 +21,7 @@ import { Icons } from '~/app/shared/enum/icons.enum';
 import { NotificationType } from '~/app/shared/enum/notification-type.enum';
 import { CdTableAction } from '~/app/shared/models/cd-table-action';
 import { CdTableSelection } from '~/app/shared/models/cd-table-selection';
-import { Permission } from '~/app/shared/models/permissions';
+import { Permissions } from '~/app/shared/models/permissions';
 import { AuthStorageService } from '~/app/shared/services/auth-storage.service';
 import { ModalService } from '~/app/shared/services/modal.service';
 import { NotificationService } from '~/app/shared/services/notification.service';
@@ -43,6 +43,8 @@ import { RgwMultisiteWizardComponent } from '../rgw-multisite-wizard/rgw-multisi
 import { RgwMultisiteSyncPolicyComponent } from '../rgw-multisite-sync-policy/rgw-multisite-sync-policy.component';
 import { ModalCdsService } from '~/app/shared/services/modal-cds.service';
 import { RgwMultisiteService } from '~/app/shared/api/rgw-multisite.service';
+import { MgrModuleInfo } from '~/app/shared/models/mgr-modules.interface';
+import { RGW } from '../utils/constants';
 
 const BASE_URL = 'rgw/multisite/configuration';
 
@@ -68,7 +70,7 @@ export class RgwMultisiteDetailsComponent implements OnDestroy, OnInit {
   blockUI: NgBlockUI;
 
   icons = Icons;
-  permission: Permission;
+  permissions: Permissions;
   selection = new CdTableSelection();
   createTableActions: CdTableAction[];
   migrateTableAction: CdTableAction[];
@@ -144,7 +146,7 @@ export class RgwMultisiteDetailsComponent implements OnDestroy, OnInit {
     private rgwMultisiteService: RgwMultisiteService,
     private changeDetectionRef: ChangeDetectorRef
   ) {
-    this.permission = this.authStorageService.getPermissions().rgw;
+    this.permissions = this.authStorageService.getPermissions();
   }
 
   openModal(entity: any | string, edit = false) {
@@ -305,27 +307,24 @@ export class RgwMultisiteDetailsComponent implements OnDestroy, OnInit {
         },
         (_error) => {}
       );
-    this.mgrModuleService.list().subscribe((moduleData: any) => {
-      this.rgwModuleData = moduleData.filter((module: object) => module['name'] === 'rgw');
-      if (this.rgwModuleData.length > 0) {
-        this.rgwModuleStatus = this.rgwModuleData[0].enabled;
-      }
-    });
+
+    // Only get the module status if you can read from configOpt
+    if (this.permissions.configOpt.read) this.getRgwModuleStatus();
   }
-  /* setConfigValues() {
-    this.rgwDaemonService
-      .setMultisiteConfig(
-        this.defaultsInfo['defaultRealmName'],
-        this.defaultsInfo['defaultZonegroupName'],
-        this.defaultsInfo['defaultZoneName']
-      )
-      .subscribe(() => {});
-  }*/
 
   ngOnDestroy() {
     this.sub.unsubscribe();
   }
 
+  private getRgwModuleStatus() {
+    this.mgrModuleService.list().subscribe((moduleData: MgrModuleInfo[]) => {
+      this.rgwModuleData = moduleData.filter((module: MgrModuleInfo) => module.name === RGW);
+      if (this.rgwModuleData.length > 0) {
+        this.rgwModuleStatus = this.rgwModuleData[0].enabled;
+      }
+    });
+  }
+
   private abstractTreeData(multisiteInfo: [object, object, object]): any[] {
     let allNodes: object[] = [];
     let rootNodes = {};
@@ -637,7 +636,7 @@ export class RgwMultisiteDetailsComponent implements OnDestroy, OnInit {
     };
 
     if (!this.rgwModuleStatus) {
-      $obs = this.mgrModuleService.enable('rgw');
+      $obs = this.mgrModuleService.enable(RGW);
     }
     $obs.subscribe(
       () => undefined,

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/utils/constants.ts

@@ -0,0 +1 @@
+export const RGW = 'rgw';

src/pybind/mgr/dashboard/frontend/src/app/core/navigation/administration/administration.component.html

@@ -1,7 +1,6 @@
 <cds-overflow-menu [customTrigger]="customTrigger"
                    [flip]="true">
-  <li class="cds--overflow-menu-options__option mb-2"
-      *ngIf="userPermission.read">
+  <li class="cds--overflow-menu-options__option mb-2">
     <button routerLink="/user-management"
             class="cds--overflow-menu-options__btn"
             i18n>User management</button>

src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.html

@@ -40,7 +40,8 @@
       <div class="cds--btn cds--btn--icon-only cds--header__action">
         <cd-dashboard-help></cd-dashboard-help>
       </div>
-      <div class="cds--btn cds--btn--icon-only cds--header__action">
+      <div class="cds--btn cds--btn--icon-only cds--header__action"
+           *ngIf="permissions.user.read">
         <cd-administration></cd-administration>
       </div>
       <div class="cds--btn cds--btn--icon-only cds--header__action">
@@ -94,6 +95,7 @@
         </cds-sidenav-item>
         <!-- Multi-cluster Dashboard -->
         <cds-sidenav-menu title="Multi-Cluster"
+                          *ngIf="permissions.configOpt.read"
                           i18n-title>
           <svg cdsIcon="edge-cluster"
                icon

src/pybind/mgr/dashboard/frontend/src/app/shared/api/mgr-module.service.ts

@@ -6,6 +6,7 @@ import { Observable, timer as observableTimer } from 'rxjs';
 import { NotificationService } from '../services/notification.service';
 import { TableComponent } from '../datatable/table/table.component';
 import { Router } from '@angular/router';
+import { MgrModuleInfo } from '../models/mgr-modules.interface';
 
 @Injectable({
   providedIn: 'root'
@@ -28,8 +29,8 @@ export class MgrModuleService {
    * Get the list of Ceph Mgr modules and their state (enabled/disabled).
    * @return {Observable<Object[]>}
    */
-  list(): Observable<Object[]> {
-    return this.http.get<Object[]>(`${this.url}`);
+  list(): Observable<MgrModuleInfo[]> {
+    return this.http.get<MgrModuleInfo[]>(`${this.url}`);
   }
 
   /**

src/pybind/mgr/dashboard/frontend/src/app/shared/models/mgr-modules.interface.ts

@@ -0,0 +1,21 @@
+export interface MgrModuleInfo {
+  name: string;
+  enabled: boolean;
+  always_on: boolean;
+  options: Record<string, MgrModuleOption>;
+}
+
+interface MgrModuleOption {
+  name: string;
+  type: string;
+  level: string;
+  flags: number;
+  default_value: number;
+  min: string;
+  max: string;
+  enum_allowed: string[];
+  desc: string;
+  long_desc: string;
+  tags: string[];
+  see_also: string[];
+}