Admin and users can create endpoint with same url (#4876)

Signed-off-by: Thomas Quandt <[email protected]>

Author: thquad

src/frontend/packages/core/src/features/endpoints/create-endpoint/create-endpoint-cf-step-1/create-endpoint-cf-step-1.component.html

@@ -2,19 +2,19 @@
   <h1 class="create-endpoint__section-title">{{endpoint.definition.label}} Information</h1>
   <mat-form-field>
     <input matInput id="name" name="name" formControlName="nameField" placeholder="Name"
-      [appUnique]="registerForm.value.overwriteEndpointsField ? (existingAdminEndpoints | async)?.names : (existingEndpoints | async)?.names">
+      [appUnique]="(customEndpoints | async)?.names">
     <mat-error *ngIf="registerForm.controls.nameField.errors?.required">Name is required</mat-error>
     <mat-error *ngIf="registerForm.controls.nameField.errors?.appUnique">Name is not unique</mat-error>
   </mat-form-field>
   <mat-form-field novalidate>
     <input matInput id="url" name="url" formControlName="urlField" type="url" required placeholder="Endpoint Address"
       pattern="{{urlValidation}}" 
-      [appUnique]="registerForm.value.overwriteEndpointsField ? (existingAdminEndpoints | async)?.urls : (existingEndpoints | async)?.urls">
+      [appUnique]="(customEndpoints | async)?.urls">
     <mat-error *ngIf="registerForm.controls.urlField.errors?.required">URL is required</mat-error>
     <mat-error *ngIf="registerForm.controls.urlField.errors?.pattern">Invalid API URL</mat-error>
     <mat-error *ngIf="registerForm.controls.urlField.errors?.appUnique">URL is not unique</mat-error>
   </mat-form-field>
-  <mat-checkbox matInput *appUserPermission="overwritePermission | async" name="overwriteEndpoints" 
+  <mat-checkbox matInput *ngIf="userEndpointsAndIsAdmin | async" name="overwriteEndpoints" 
     formControlName="overwriteEndpointsField" (change)="toggleOverwriteEndpoints()"
     [ngClass]="{'hide': fixedUrl, 'show': !fixedUrl}">Automatically overwrite user endpoints
   </mat-checkbox>

src/frontend/packages/core/src/features/endpoints/create-endpoint/create-endpoint-cf-step-1/create-endpoint-cf-step-1.component.ts

@@ -4,17 +4,16 @@ import { ActivatedRoute } from '@angular/router';
 import { Observable } from 'rxjs';
 import { filter, map, pairwise } from 'rxjs/operators';
 
-import { getFullEndpointApiUrl } from '../../../../../../store/src/endpoint-utils';
 import { entityCatalog } from '../../../../../../store/src/entity-catalog/entity-catalog';
 import {
   StratosCatalogEndpointEntity,
 } from '../../../../../../store/src/entity-catalog/entity-catalog-entity/entity-catalog-entity';
 import { ActionState } from '../../../../../../store/src/reducers/api-request-reducer/types';
 import { stratosEntityCatalog } from '../../../../../../store/src/stratos-entity-catalog';
-import { StratosCurrentUserPermissions } from '../../../../core/permissions/stratos-user-permissions.checker';
 import { getIdFromRoute } from '../../../../core/utils.service';
 import { IStepperStep, StepOnNextFunction } from '../../../../shared/components/stepper/step/step.component';
 import { SessionService } from '../../../../shared/services/session.service';
+import { CurrentUserPermissionsService } from '../../../../core/permissions/current-user-permissions.service';
 import { SnackBarService } from '../../../../shared/services/snackbar.service';
 import { ConnectEndpointConfig } from '../../connect.service';
 import { getSSOClientRedirectURI } from '../../endpoint-helpers';
@@ -63,9 +62,10 @@ export class CreateEndpointCfStep1Component extends CreateEndpointHelperComponen
     private fb: FormBuilder,
     activatedRoute: ActivatedRoute,
     private snackBarService: SnackBarService,
-    sessionService: SessionService
+    sessionService: SessionService,
+    currentUserPermissionsService: CurrentUserPermissionsService
   ) {
-    super(sessionService);
+    super(sessionService, currentUserPermissionsService);
 
     this.registerForm = this.fb.group({
       nameField: ['', [Validators.required]],
@@ -78,24 +78,6 @@ export class CreateEndpointCfStep1Component extends CreateEndpointHelperComponen
       overwriteEndpointsField: [false, []],
     });
 
-    const currentPage$ = stratosEntityCatalog.endpoint.store.getAll.getPaginationMonitor().currentPage$;
-    this.existingAdminEndpoints = currentPage$.pipe(
-      map(endpoints => ({
-        names: endpoints.filter(ep => ep.creator.admin).map(ep => ep.name),
-        urls: endpoints.filter(ep => ep.creator.admin).map(ep => getFullEndpointApiUrl(ep)),
-      }))
-    );
-    this.existingEndpoints = currentPage$.pipe(
-      map(endpoints => ({
-        names: endpoints.map(ep => ep.name),
-        urls: endpoints.map(ep => getFullEndpointApiUrl(ep)),
-      }))
-    );
-
-    this.overwritePermission = this.sessionService.userEndpointsNotDisabled().pipe(
-      map(enabled => enabled ? [StratosCurrentUserPermissions.EDIT_ADMIN_ENDPOINT] : [])
-    );
-
     const epType = getIdFromRoute(activatedRoute, 'type');
     const epSubType = getIdFromRoute(activatedRoute, 'subtype');
     this.endpoint = entityCatalog.getEndpoint(epType, epSubType);

src/frontend/packages/core/src/features/endpoints/create-endpoint/create-endpoint-helper.ts

@@ -1,8 +1,9 @@
-import { Observable } from 'rxjs';
+import { Observable, combineLatest } from 'rxjs';
 import { map } from 'rxjs/operators';
 
 import { getFullEndpointApiUrl } from '../../../../../store/src/endpoint-utils';
 import { stratosEntityCatalog } from '../../../../../store/src/stratos-entity-catalog';
+import { CurrentUserPermissionsService } from '../../../core/permissions/current-user-permissions.service';
 import { StratosCurrentUserPermissions } from '../../../core/permissions/stratos-user-permissions.checker';
 import { SessionService } from '../../../shared/services/session.service';
 
@@ -13,29 +14,61 @@ type EndpointObservable = Observable<{
 
 export class CreateEndpointHelperComponent {
 
-  overwritePermission: Observable<StratosCurrentUserPermissions[]>;
-  existingEndpoints: EndpointObservable;
-  existingAdminEndpoints: EndpointObservable;
+  userEndpointsAndIsAdmin: Observable<boolean>;
+  customEndpoints: EndpointObservable;
 
   constructor(
-    public sessionService: SessionService
+    public sessionService: SessionService,
+    public currentUserPermissionsService: CurrentUserPermissionsService
   ) {
     const currentPage$ = stratosEntityCatalog.endpoint.store.getAll.getPaginationMonitor().currentPage$;
-    this.existingAdminEndpoints = currentPage$.pipe(
+    const existingAdminEndpoints = currentPage$.pipe(
       map(endpoints => ({
         names: endpoints.filter(ep => ep.creator.admin).map(ep => ep.name),
         urls: endpoints.filter(ep => ep.creator.admin).map(ep => getFullEndpointApiUrl(ep)),
       }))
     );
-    this.existingEndpoints = currentPage$.pipe(
+    const existingUserEndpoints = currentPage$.pipe(
+      map(endpoints => ({
+        names: endpoints.filter(ep => !ep.creator.admin).map(ep => ep.name),
+        urls: endpoints.filter(ep => !ep.creator.admin).map(ep => getFullEndpointApiUrl(ep)),
+      }))
+    );
+    const existingEndpoints = currentPage$.pipe(
       map(endpoints => ({
         names: endpoints.map(ep => ep.name),
         urls: endpoints.map(ep => getFullEndpointApiUrl(ep)),
       }))
     );
 
-    this.overwritePermission = this.sessionService.userEndpointsNotDisabled().pipe(
-      map(enabled => enabled ? [StratosCurrentUserPermissions.EDIT_ADMIN_ENDPOINT] : [])
+    const isAdmin = this.currentUserPermissionsService.can(StratosCurrentUserPermissions.EDIT_ADMIN_ENDPOINT);
+    const userEndpointsNotDisabled = this.sessionService.userEndpointsNotDisabled();
+
+    this.userEndpointsAndIsAdmin = combineLatest([
+      isAdmin,
+      userEndpointsNotDisabled
+    ]).pipe(
+      map(([admin, userEndpoints]) => admin && userEndpoints)
     );
+
+    this.customEndpoints = combineLatest([
+      userEndpointsNotDisabled,
+      isAdmin,
+      existingEndpoints,
+      existingAdminEndpoints,
+      existingUserEndpoints
+    ]).pipe(
+      map(([userEndpointsEnabled, admin, endpoints, adminEndpoints, userEndpoints]) => {
+        if (userEndpointsEnabled){
+          if (admin){
+            return adminEndpoints;
+          }else{
+            return userEndpoints;
+          }
+        }
+        return endpoints;
+      })
+    );
+
   }
 }

src/frontend/packages/git/src/shared/components/git-registration/git-registration.component.html

@@ -19,19 +19,19 @@ <h3>Select the type of {{gitTypes[epSubType].label}} to register</h3>
         <div *ngIf="showEndpointFields" class="select-step__endpoint-form">
           <mat-form-field>
             <input matInput id="name" name="name" formControlName="nameField" placeholder="Name"
-              [appUnique]="registerForm.value.overwriteEndpointsField ? (existingAdminEndpoints | async)?.names : (existingEndpoints | async)?.names">
+              [appUnique]="(customEndpoints | async)?.names">
             <mat-error *ngIf="registerForm.controls.nameField.errors?.required">Name is required</mat-error>
             <mat-error *ngIf="registerForm.controls.nameField.errors?.appUnique">Name is not unique</mat-error>
           </mat-form-field>
           <mat-form-field novalidate>
             <input matInput id="url" name="url" formControlName="urlField" type="url" required
               placeholder="Endpoint Address" pattern="{{urlValidation}}"
-              [appUnique]="registerForm.value.overwriteEndpointsField ? (existingAdminEndpoints | async)?.urls : (existingEndpoints | async)?.urls">
+              [appUnique]="(customEndpoints | async)?.urls">
             <mat-error *ngIf="registerForm.controls.urlField.errors?.required">URL is required</mat-error>
             <mat-error *ngIf="registerForm.controls.urlField.errors?.pattern">Invalid API URL</mat-error>
             <mat-error *ngIf="registerForm.controls.urlField.errors?.appUnique">URL is not unique</mat-error>
           </mat-form-field>
-          <mat-checkbox matInput *appUserPermission="overwritePermission | async" name="overwriteEndpoints" 
+          <mat-checkbox matInput *ngIf="userEndpointsAndIsAdmin | async" name="overwriteEndpoints" 
             formControlName="overwriteEndpointsField" (change)="toggleOverwriteEndpoints()"
             [ngClass]="{'hide': fixedUrl, 'show': !fixedUrl}">Automatically overwrite user endpoints
           </mat-checkbox>

src/frontend/packages/git/src/shared/components/git-registration/git-registration.component.ts

@@ -12,6 +12,7 @@ import { getIdFromRoute } from '../../../../../core/src/core/utils.service';
 import { ConnectEndpointConfig } from '../../../../../core/src/features/endpoints/connect.service';
 import { StepOnNextFunction } from '../../../../../core/src/shared/components/stepper/step/step.component';
 import { SessionService } from '../../../../../core/src/shared/services/session.service';
+import { CurrentUserPermissionsService } from '../../../../../core/src/core/permissions/current-user-permissions.service';
 import { SnackBarService } from '../../../../../core/src/shared/services/snackbar.service';
 import { getFullEndpointApiUrl } from '../../../../../store/src/endpoint-utils';
 import { entityCatalog } from '../../../../../store/src/public-api';
@@ -76,8 +77,9 @@ export class GitRegistrationComponent extends CreateEndpointHelperComponent impl
     private snackBarService: SnackBarService,
     private endpointsService: EndpointsService,
     public sessionService: SessionService,
+    public currentUserPermissionsService: CurrentUserPermissionsService
   ) {
-    super(sessionService);
+    super(sessionService, currentUserPermissionsService);
     this.epSubType = getIdFromRoute(activatedRoute, 'subtype');
     const githubLabel = entityCatalog.getEndpoint(GIT_ENDPOINT_TYPE, GIT_ENDPOINT_SUB_TYPES.GITHUB).definition.label || 'Github';
     const gitlabLabel = entityCatalog.getEndpoint(GIT_ENDPOINT_TYPE, GIT_ENDPOINT_SUB_TYPES.GITLAB).definition.label || 'Gitlab';

src/jetstream/cnsi.go

@@ -149,18 +149,18 @@ func (p *portalProxy) DoRegisterEndpoint(cnsiName string, apiEndpoint string, sk
 		}
 		// check if we've already got this APIEndpoint in this DB
 		for _, duplicate := range duplicateEndpoints {
-			// cant create same admin endpoint
-			if len(duplicate.Creator) == 0 {
+			// cant create same system endpoint
+			if len(duplicate.Creator) == 0 && isAdmin {
 				return interfaces.CNSIRecord{}, interfaces.NewHTTPShadowError(
 					http.StatusBadRequest,
-					"Can not register same admin endpoint multiple times",
-					"Can not register same admin endpoint multiple times",
+					"Can not register same system endpoint multiple times",
+					"Can not register same system endpoint multiple times",
 				)
 			}
 
 			// cant create same user endpoint
 			// can create same user endpoint if overwriteEndpoint true
-			if duplicate.Creator == userId || isAdmin && !overwriteEndpoints {
+			if duplicate.Creator == userId {
 				return interfaces.CNSIRecord{}, interfaces.NewHTTPShadowError(
 					http.StatusBadRequest,
 					"Can not register same endpoint multiple times",
@@ -169,6 +169,7 @@ func (p *portalProxy) DoRegisterEndpoint(cnsiName string, apiEndpoint string, sk
 			}
 		}
 
+		/*
 		if isAdmin && overwriteEndpoints {
 			for _, duplicate := range duplicateEndpoints {
 				log.Infof("An administrator is registering an endpoint with the same API URL ('%+v') as an endpoint administrator's. The existing duplicate endpoint ('%+v') will be removed", apiEndpoint, duplicate.GUID)
@@ -182,6 +183,7 @@ func (p *portalProxy) DoRegisterEndpoint(cnsiName string, apiEndpoint string, sk
 				}
 			}
 		}
+		*/
 
 	}