Adding ACL management to frontend - DependencyTrack/dependency-track#140

Author: stevespringett

src/i18n/locales/en.json

@@ -312,6 +312,7 @@
     "permissions": "Permissions",
     "base_url": "Base URL",
     "enable_svg_badge": "Enable SVG badge support (unauthenticated)",
+    "enable_acl": "Enable portfolio access control (beta)",
     "enable_bom_cyclonedx": "Enable CycloneDX",
     "enable_bom_spdx": "Enable SPDX",
     "enable_email": "Enable email",
@@ -417,7 +418,10 @@
     "internal": "Internal",
     "delete_repository": "Delete Repository",
     "repository_created": "Repository created",
-    "repository_deleted": "Repository deleted"
+    "repository_deleted": "Repository deleted",
+    "portfolio_access_control": "Portfolio Access Control",
+    "project_access": "Project access",
+    "select_project": "Select Project"
   },
   "condition": {
     "warning": "Warning",

src/shared/api.json

@@ -47,5 +47,7 @@
   "URL_POLICY": "api/v1/policy",
   "URL_POLICY_VIOLATION": "api/v1/violation",
   "URL_POLICY_VIOLATION_ANALYSIS": "api/v1/violation/analysis",
-  "URL_LICENSE_GROUP": "api/v1/licenseGroup"
+  "URL_LICENSE_GROUP": "api/v1/licenseGroup",
+  "URL_ACL_MAPPING": "api/v1/acl/mapping",
+  "URL_ACL_TEAM": "api/v1/acl/team"
 }

src/views/administration/AdminMenu.vue

@@ -208,7 +208,12 @@
                 component: "Permissions",
                 name: this.$t('admin.permissions'),
                 href: "#permissionsTab"
-              }
+              },
+              {
+                component: "PortfolioAccessControl",
+                name: this.$t('admin.portfolio_access_control'),
+                href: "#portfolioAclTab"
+              },
             ]
           }
         ]

src/views/administration/Administration.vue

@@ -51,6 +51,7 @@
   import OidcGroups from "./accessmanagement/OidcGroups";
   import Teams from "./accessmanagement/Teams";
   import Permissions from "./accessmanagement/Permissions";
+  import PortfolioAccessControl from "./accessmanagement/PortfolioAccessControl";
 
   export default {
     components: {
@@ -61,7 +62,7 @@
       Cargo, Composer, Gem, Hex, Maven, Npm, Nuget, Python,
       Alerts, Templates,
       FortifySsc, DefectDojo, KennaSecurity,
-      LdapUsers, ManagedUsers, OidcUsers, OidcGroups, Teams, Permissions
+      LdapUsers, ManagedUsers, OidcUsers, OidcGroups, Teams, Permissions, PortfolioAccessControl
     },
     created() {
       // Specifies the admin plugin metadata (Vue component, i18n name, and href) of the plugin to load

src/views/administration/accessmanagement/PortfolioAccessControl.vue

@@ -0,0 +1,225 @@
+<template>
+  <b-card no-body :header="header">
+    <b-card-body>
+      <div id="customToolbar">
+        <c-switch id="isAclEnabled" color="primary" v-model="isAclEnabled" label v-bind="labelIcon" />{{$t('admin.enable_acl')}}
+      </div>
+      <bootstrap-table
+        ref="table"
+        :columns="columns"
+        :data="data"
+        :options="options">
+      </bootstrap-table>
+    </b-card-body>
+  </b-card>
+</template>
+
+<script>
+import xssFilters from "xss-filters";
+import common from "../../../shared/common";
+import i18n from "../../../i18n";
+import bootstrapTableMixin from "../../../mixins/bootstrapTableMixin";
+import EventBus from "../../../shared/eventbus";
+import ActionableListGroupItem from "../../components/ActionableListGroupItem";
+import SelectProjectModal from "./SelectProjectModal";
+import permissionsMixin from "../../../mixins/permissionsMixin";
+import {Switch as cSwitch} from "@coreui/vue";
+import BInputGroupFormInput from "../../../forms/BInputGroupFormInput";
+import configPropertyMixin from "../mixins/configPropertyMixin";
+
+export default {
+  props: {
+    header: String
+  },
+  mixins: [bootstrapTableMixin, configPropertyMixin],
+  components: {
+    cSwitch
+  },
+  data() {
+    return {
+      isAclEnabled: false,
+      labelIcon: {
+        dataOn: '\u2713',
+        dataOff: '\u2715'
+      },
+      columns: [
+        {
+          title: this.$t('admin.team_name'),
+          field: "name",
+          sortable: false,
+          formatter(value, row, index) {
+            return xssFilters.inHTMLData(common.valueWithDefault(value, ""));
+          }
+        }
+      ],
+      data: [],
+      options: {
+        search: true,
+        showColumns: true,
+        showRefresh: true,
+        pagination: true,
+        silentSort: false,
+        sidePagination: 'client',
+        queryParamsType: 'pageSize',
+        pageList: '[10, 25, 50, 100]',
+        pageSize: 10,
+        icons: {
+          refresh: 'fa-refresh'
+        },
+        detailView: true,
+        detailViewIcon: false,
+        detailViewByClick: true,
+        detailFormatter: (index, row) => {
+          return this.vueFormatter({
+            i18n,
+            template: `
+                <b-row class="expanded-row">
+                  <b-col sm="6">
+                    <b-form-group :label="this.$t('admin.project_access')">
+                      <div class="list-group">
+                        <span v-for="project in projects">
+                          <actionable-list-group-item :value="projectLabel(project.name, project.version)" delete-icon="true" v-on:actionClicked="removeProjectMapping(project.uuid)"/>
+                        </span>
+                        <actionable-list-group-item add-icon="true" v-on:actionClicked="$root.$emit('bv::show::modal', 'selectProjectModal')"/>
+                      </div>
+                    </b-form-group>
+                  </b-col>
+                  <b-col sm="6">
+                  </b-col>
+                  <select-project-modal v-on:selection="updateProjectSelection" />
+                </b-row>
+              `,
+            mixins: [permissionsMixin],
+            components: {
+              cSwitch,
+              ActionableListGroupItem,
+              SelectProjectModal,
+              BInputGroupFormInput
+            },
+            data() {
+              return {
+                team: row,
+                name: row.name,
+                projects: row.mappedLdapGroups,
+                labelIcon: {
+                  dataOn: '\u2713',
+                  dataOff: '\u2715'
+                }
+              }
+            },
+            methods: {
+              projectLabel: function(name, version) {
+                if (version) {
+                  return name + " " + version;
+                } else {
+                  return name;
+                }
+              },
+              updateProjectSelection: function(selections) {
+                this.$root.$emit('bv::hide::modal', 'selectProjectModal');
+                for (let i=0; i<selections.length; i++) {
+                  let selection = selections[i];
+                  let url = `${this.$api.BASE_URL}/${this.$api.URL_ACL_MAPPING}`;
+                  this.axios.put(url, {
+                    team: this.team.uuid,
+                    project: selection.uuid
+                  }).then((response) => {
+                    if (this.projects === undefined || this.projects === null) {
+                      this.projects = [];
+                    }
+                    this.projects.push({name:selection.name, version:selection.version, uuid:selection.uuid});
+                    this.projects.sort();
+                    this.$toastr.s(this.$t('message.updated'));
+                  }).catch((error) => {
+                    if (error.response.status === 304) {
+                      //this.$toastr.w(this.$t('condition.unsuccessful_action'));
+                    } else {
+                      this.$toastr.w(this.$t('condition.unsuccessful_action'));
+                    }
+                  });
+                }
+              },
+              removeProjectMapping: function(projectUuid) {
+                let url = `${this.$api.BASE_URL}/${this.$api.URL_ACL_MAPPING}/team/${this.team.uuid}/project/${projectUuid}`;
+                this.axios.delete(url).then((response) => {
+                  let k = [];
+                  for (let i=0; i<this.projects.length; i++) {
+                    if (this.projects[i].uuid !== projectUuid) {
+                      k.push(this.projects[i]);
+                    }
+                  }
+                  this.projects = k;
+                  this.$toastr.s(this.$t('message.updated'));
+                }).catch((error) => {
+                  this.$toastr.w(this.$t('condition.unsuccessful_action'));
+                });
+              }
+            },
+            mounted() {
+              let url = `${this.$api.BASE_URL}/${this.$api.URL_ACL_TEAM}/${this.team.uuid}`;
+              this.axios
+                .get(url)
+                .then(response => {
+                  this.projects = response.data;
+                })
+                .catch(error => {
+                  this.$toastr.w(this.$t("condition.unsuccessful_action"));
+                });
+            }
+          })
+        },
+        onExpandRow: this.vueFormatterInit,
+        toolbar: '#customToolbar',
+        responseHandler: function (res, xhr) {
+          res.total = xhr.getResponseHeader("X-Total-Count");
+          return res;
+        },
+        url: `${this.$api.BASE_URL}/${this.$api.URL_TEAM}`
+      }
+    };
+  },
+  methods: {
+    refreshTable: function() {
+      this.$refs.table.refresh({
+        silent: true
+      });
+    },
+    updateProperties: function() {
+      this.updateConfigProperties([
+        {groupName: 'access-management', propertyName: 'acl.enabled', propertyValue: this.isAclEnabled}
+      ]);
+    },
+    updateConfigProperties: function(configProperties) {
+      let props = [];
+      for (let i=0; i<configProperties.length; i++) {
+        let prop = configProperties[i];
+        prop.propertyValue = common.trimToNull(prop.propertyValue);
+        props.push(prop);
+      }
+      let url = `${this.$api.BASE_URL}/${this.$api.URL_CONFIG_PROPERTY}/aggregate`;
+      this.axios.post(url, props).then((response) => {
+        this.$toastr.s(this.$t('admin.configuration_saved'));
+      }).catch((error) => {
+        this.$toastr.w(this.$t('condition.unsuccessful_action'));
+      });
+    },
+  },
+  watch:{
+    isAclEnabled() {
+      this.updateProperties();
+    }
+  },
+  created() {
+    this.axios.get(this.configUrl).then((response) => {
+      let configItems = response.data.filter(function (item) { return item.groupName === "access-management" });
+      for (let i=0; i<configItems.length; i++) {
+        let item = configItems[i];
+        switch (item.propertyName) {
+          case "acl.enabled":
+            this.isAclEnabled = common.toBoolean(item.propertyValue); break;
+        }
+      }
+    });
+  }
+}
+</script>

src/views/administration/accessmanagement/SelectProjectModal.vue

@@ -0,0 +1,107 @@
+<template>
+  <b-modal id="selectProjectModal" size="lg" hide-header-close no-stacking :title="$t('admin.select_project')">
+    <div id="projectsToolbar" class="bs-table-custom-toolbar">
+      <c-switch style="margin-left:1rem; margin-right:.5rem" id="showInactiveProjects" color="primary" v-model="showInactiveProjects" label v-bind="labelIcon" /><span class="text-muted">{{ $t('message.show_inactive_projects') }}</span>
+    </div>
+    <bootstrap-table
+      ref="table"
+      :columns="columns"
+      :data="data"
+      :options="options">
+    </bootstrap-table>
+    <template v-slot:modal-footer="{ cancel }">
+      <b-button size="md" variant="secondary" @click="cancel()">{{ $t('message.cancel') }}</b-button>
+      <b-button size="md" variant="primary" @click="$emit('selection', $refs.table.getSelections())">{{ $t('message.select') }}</b-button>
+    </template>
+  </b-modal>
+</template>
+
+<script>
+import xssFilters from "xss-filters";
+import permissionsMixin from "../../../mixins/permissionsMixin";
+import common from "../../../shared/common";
+import { Switch as cSwitch } from '@coreui/vue';
+
+export default {
+  mixins: [permissionsMixin],
+  components: {
+    cSwitch
+  },
+  data() {
+    return {
+      showInactiveProjects: false,
+      labelIcon: {
+        dataOn: '\u2713',
+        dataOff: '\u2715'
+      },
+      columns: [
+        {
+          field: "state",
+          checkbox: true,
+          align: "center"
+        },
+        {
+          title: this.$t('message.project_name'),
+          field: "name",
+          sortable: true,
+          formatter(value, row, index) {
+            let url = xssFilters.uriInUnQuotedAttr("../projects/" + row.uuid);
+            return `<a href="${url}">${xssFilters.inHTMLData(value)}</a>`;
+          }
+        },
+        {
+          title: this.$t('message.version'),
+          field: "version",
+          sortable: true,
+          formatter(value, row, index) {
+            return xssFilters.inHTMLData(common.valueWithDefault(value, ""));
+          }
+        }
+      ],
+      data: [],
+      options: {
+        search: true,
+        showColumns: true,
+        showRefresh: true,
+        pagination: true,
+        silentSort: false,
+        sidePagination: 'server',
+        queryParamsType: 'pageSize',
+        pageList: '[10, 25, 50, 100]',
+        pageSize: 10,
+        icons: {
+          refresh: 'fa-refresh'
+        },
+        toolbar: '#projectsToolbar',
+        responseHandler: function (res, xhr) {
+          res.total = xhr.getResponseHeader("X-Total-Count");
+          return res;
+        },
+        url: this.apiUrl()
+      }
+    };
+  },
+  methods: {
+    apiUrl: function () {
+      let url = `${this.$api.BASE_URL}/${this.$api.URL_PROJECT}`;
+      if (this.showInactiveProjects === undefined) {
+        url += "?excludeInactive=true";
+      } else {
+        url += "?excludeInactive=" + !this.showInactiveProjects;
+      }
+      return url;
+    },
+    refreshTable: function() {
+      this.$refs.table.refresh({
+        url: this.apiUrl(),
+        silent: true
+      });
+    }
+  },
+  watch:{
+    showInactiveProjects() {
+      this.refreshTable();
+    }
+  },
+}
+</script>