Change creator visibility and fix permission bug (#4876)

thquad · richard-cox · commit 7fdd7dd421b1 · 2021-04-16T09:13:07.000+01:00
Signed-off-by: Thomas Quandt &lt;thquad@gmail.com&gt;
diff --git a/src/frontend/packages/core/src/shared/components/list/list-types/endpoint/endpoint-card/endpoint-card.component.ts b/src/frontend/packages/core/src/shared/components/list/list-types/endpoint/endpoint-card/endpoint-card.component.ts
@@ -140,9 +140,10 @@ export class EndpointCardComponent extends CardCell<EndpointModel> implements On
       this.sessionService.userEndpointsEnabled(),
       this.sessionService.userEndpointsNotDisabled(),
       this.currentUserPermissionsService.can(StratosCurrentUserPermissions.EDIT_ADMIN_ENDPOINT),
+      this.currentUserPermissionsService.can(StratosCurrentUserPermissions.EDIT_ENDPOINT)
     ]).pipe(
-      map(([userEndpointsEnabled, userEndpointsNotDisabled, isAdmin]) => {
-        return userEndpointsEnabled || (userEndpointsNotDisabled && isAdmin);
+      map(([userEndpointsEnabled, userEndpointsNotDisabled, isAdmin, isEndpointAdmin]) => {
+        return (userEndpointsEnabled && (isAdmin || isEndpointAdmin)) || (userEndpointsNotDisabled && isAdmin);
       })
     );
   }
diff --git a/src/frontend/packages/core/src/shared/components/list/list-types/endpoint/endpoint-list.helpers.ts b/src/frontend/packages/core/src/shared/components/list/list-types/endpoint/endpoint-list.helpers.ts
@@ -183,7 +183,7 @@ export class EndpointListHelper {
             row$
           ]).pipe(
             map(([userEndpointsEnabled, isAdmin, isEndpointAdmin, row]) => {
-              if (!userEndpointsEnabled || row.creator.admin) {
+              if (!userEndpointsEnabled || row.creator.system) {
                 return isAdmin;
               } else {
                 return isEndpointAdmin || isAdmin;
@@ -207,7 +207,7 @@ export class EndpointListHelper {
             row$
           ]).pipe(
             map(([userEndpointsEnabled, isAdmin, isEndpointAdmin, row]) => {
-              if (!userEndpointsEnabled || row.creator.admin) {
+              if (!userEndpointsEnabled || row.creator.system) {
                 return isAdmin;
               } else {
                 return isEndpointAdmin || isAdmin;
diff --git a/src/frontend/packages/core/src/shared/components/list/list-types/endpoint/endpoints-list-config.service.ts b/src/frontend/packages/core/src/shared/components/list/list-types/endpoint/endpoints-list-config.service.ts
@@ -130,9 +130,11 @@ export class EndpointsListConfigService implements IListConfig<EndpointModel> {
       sessionService.userEndpointsEnabled(),
       sessionService.userEndpointsNotDisabled(),
       currentUserPermissionsService.can(StratosCurrentUserPermissions.EDIT_ADMIN_ENDPOINT),
+      currentUserPermissionsService.can(StratosCurrentUserPermissions.EDIT_ENDPOINT)
     ]).pipe(
-      map(([userEndpointsEnabled, userEndpointsNotDisabled, isAdmin]) => {
-        return userEndpointsEnabled || (userEndpointsNotDisabled && isAdmin);
+      first(),
+      map(([userEndpointsEnabled, userEndpointsNotDisabled, isAdmin, isEndpointAdmin]) => {
+        return (userEndpointsEnabled && (isAdmin || isEndpointAdmin)) || (userEndpointsNotDisabled && isAdmin);
       })
     ).subscribe(enabled => {
       if (enabled) {
diff --git a/src/jetstream/cnsi.go b/src/jetstream/cnsi.go
@@ -203,7 +203,6 @@ func (p *portalProxy) DoRegisterEndpoint(cnsiName string, apiEndpoint string, sk
 	newCNSI.SSOAllowed = ssoAllowed
 	newCNSI.SubType = subType
 
-	// admins currently can't create user endpoints
 	if p.GetConfig().UserEndpointsEnabled != config.UserEndpointsConfigEnum.Disabled && (!isAdmin || !createSystemEndpoint) {
 		newCNSI.Creator = userId
 	}
diff --git a/src/jetstream/info.go b/src/jetstream/info.go
@@ -102,7 +102,7 @@ func (p *portalProxy) getInfo(c echo.Context) (*interfaces.Info, error) {
 
 		// set the creator preemptively as admin, if no id is found
 		endpoint.Creator = &interfaces.CreatorInfo{
-			Name:   "system",
+			Name:   "Global Endpoint",
 			Admin:  false,
 			System: true,
 		}

Original file line number	Diff line number	Diff line change
`@@ -203,7 +203,6 @@ func (p *portalProxy) DoRegisterEndpoint(cnsiName string, apiEndpoint string, sk`
`203`	`203`	`newCNSI.SSOAllowed = ssoAllowed`
`204`	`204`	`newCNSI.SubType = subType`
`205`	`205`
`206`		`- // admins currently can't create user endpoints`
`207`	`206`	`if p.GetConfig().UserEndpointsEnabled != config.UserEndpointsConfigEnum.Disabled && (!isAdmin \|\| !createSystemEndpoint) {`
`208`	`207`	`newCNSI.Creator = userId`
`209`	`208`	`}`
Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ func (p portalProxy) getInfo(c echo.Context) (interfaces.Info, error) {`
`102`	`102`
`103`	`103`	`// set the creator preemptively as admin, if no id is found`
`104`	`104`	`endpoint.Creator = &interfaces.CreatorInfo{`
`105`		`- Name: "system",`
	`105`	`+ Name: "Global Endpoint",`
`106`	`106`	`Admin: false,`
`107`	`107`	`System: true,`
`108`	`108`	`}`