cloudfoundry-community
diff --git a/‎deploy/kubernetes/console/README.md‎
Lines changed: 1 addition & 0 deletions b/‎deploy/kubernetes/console/README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎deploy/kubernetes/console/templates/deployment.yaml‎
Lines changed: 2 additions & 0 deletions b/‎deploy/kubernetes/console/templates/deployment.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎deploy/kubernetes/console/values.schema.json‎
Lines changed: 5 additions & 0 deletions b/‎deploy/kubernetes/console/values.schema.json‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎deploy/kubernetes/console/values.yaml‎
Lines changed: 3 additions & 0 deletions b/‎deploy/kubernetes/console/values.yaml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/frontend/packages/cloud-foundry/src/shared/services/current-user-permissions-and-cfchecker.service.spec.ts‎
Lines changed: 10 additions & 0 deletions b/‎src/frontend/packages/cloud-foundry/src/shared/services/current-user-permissions-and-cfchecker.service.spec.ts‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/frontend/packages/core/src/core/endpoints.service.spec.ts‎
Lines changed: 3 additions & 1 deletion b/‎src/frontend/packages/core/src/core/endpoints.service.spec.ts‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/frontend/packages/core/src/core/endpoints.service.ts‎
Lines changed: 8 additions & 4 deletions b/‎src/frontend/packages/core/src/core/endpoints.service.ts‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎src/frontend/packages/core/src/core/entity-favorite-star/entity-favorite-star.component.spec.ts‎
Lines changed: 3 additions & 1 deletion b/‎src/frontend/packages/core/src/core/entity-favorite-star/entity-favorite-star.component.spec.ts‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎src/frontend/packages/core/src/core/permissions/current-user-permissions.service.spec.ts‎
Lines changed: 10 additions & 0 deletions b/‎src/frontend/packages/core/src/core/permissions/current-user-permissions.service.spec.ts‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/frontend/packages/core/src/core/permissions/stratos-user-permissions.checker.ts‎
Lines changed: 9 additions & 4 deletions b/‎src/frontend/packages/core/src/core/permissions/stratos-user-permissions.checker.ts‎
Lines changed: 9 additions & 4 deletions
@@ -78,6 +78,7 @@ The following table lists the configurable parameters of the Stratos Helm chart
 |console.userInviteSubject|Email subject of the user invitation message||
 |console.techPreview|Enable/disable Tech Preview features|false|
 |console.apiKeysEnabled|Enable/disable API key-based access to Stratos API (disabled, admin_only, all_users)|admin_only|
+|console.userEndpointsEnabled|Enable/disable user endpoints or let only admins view and manage user endpoints (disabled, admin_only, enabled)|disabled|
 |console.ui.listMaxSize|Override the default maximum number of entities that a configured list can fetch. When a list meets this amount additional pages are not fetched||
 |console.ui.listAllowLoadMaxed|If the maximum list size is met give the user the option to fetch all results|false|
 |console.localAdminPassword|Use local admin user instead of UAA - set to a password to enable||
 
@@ -288,6 +288,8 @@ spec:
           value: {{ default "false" .Values.console.techPreview | quote }}
         - name: API_KEYS_ENABLED
           value: {{ default "admin_only" .Values.console.apiKeysEnabled | quote }}
+        - name: USER_ENDPOINTS_ENABLED
+          value: {{ default "disabled" .Values.console.userEndpointsEnabled | quote }}
         - name: HELM_CACHE_FOLDER
           value: /helm-cache
         {{- if .Values.console.ui }}
 
@@ -14,6 +14,11 @@
           "enum": ["disabled", "admin_only", "all_users"],
           "description": "Enable API keys for admins, all users or nobody"
         },
+        "userEndpointsEnabled": {
+          "type": "string",
+          "enum": ["disabled", "admin_only", "enabled"],
+          "description": "Enable, disable or let only admins view and create user endpoints"
+        },
         "autoRegisterCF": {
           "type": ["string", "null"]
         },
 
@@ -70,6 +70,9 @@ console:
   # Enable/disable API key-based access to Stratos API
   apiKeysEnabled: admin_only
 
+  # Enable/disable user endpoints
+  userEndpointsEnabled: disabled
+
   ui:
     # Override the default maximum number of entities that a configured list can fetch. When a list meets this amount additional pages are not fetched 
     listMaxSize:
 
@@ -64,6 +64,11 @@ describe('CurrentUserPermissionsService with CF checker', () => {
             CfScopeStrings.CF_READ_SCOPE,
           ]
         },
+        creator: {
+          name: 'admin',
+          admin: true,
+          system: false
+        },
         metricsAvailable: false,
         connectionStatus: 'connected',
         system_shared_token: false,
@@ -102,6 +107,11 @@ describe('CurrentUserPermissionsService with CF checker', () => {
             StratosScopeStrings.SCIM_READ
           ]
         },
+        creator: {
+          name: 'admin',
+          admin: true,
+          system: false
+        },
         metricsAvailable: false,
         connectionStatus: 'connected',
         system_shared_token: false,
 
@@ -3,6 +3,7 @@ import { createBasicStoreModule } from '@stratosui/store/testing';
 
 import { PaginationMonitorFactory } from '../../../store/src/monitors/pagination-monitor.factory';
 import { CoreTestingModule } from '../../test-framework/core-test.modules';
+import { SessionService } from '../shared/services/session.service';
 import { CoreModule } from './core.module';
 import { EndpointsService } from './endpoints.service';
 import { UtilsService } from './utils.service';
@@ -13,7 +14,8 @@ describe('EndpointsService', () => {
       providers: [
         EndpointsService,
         UtilsService,
-        PaginationMonitorFactory
+        PaginationMonitorFactory,
+        SessionService
       ],
       imports: [
         CoreModule,
 
@@ -14,6 +14,7 @@ import { endpointEntitiesSelector, endpointStatusSelector } from '../../../store
 import { EndpointModel, EndpointState } from '../../../store/src/types/endpoint.types';
 import { IEndpointFavMetadata, UserFavorite } from '../../../store/src/types/user-favorites.types';
 import { endpointHasMetricsByAvailable } from '../features/endpoints/endpoint-helpers';
+import { SessionService } from '../shared/services/session.service';
 import { EndpointHealthChecks } from './endpoints-health-checks';
 import { UserService } from './user.service';
 
@@ -50,7 +51,8 @@ export class EndpointsService implements CanActivate {
   constructor(
     private store: Store<EndpointOnlyAppState>,
     private userService: UserService,
-    private endpointHealthChecks: EndpointHealthChecks
+    private endpointHealthChecks: EndpointHealthChecks,
+    private sessionService: SessionService
   ) {
     this.endpoints$ = store.select(endpointEntitiesSelector);
     this.haveRegistered$ = this.endpoints$.pipe(map(endpoints => !!Object.keys(endpoints).length));
@@ -99,17 +101,19 @@ export class EndpointsService implements CanActivate {
         this.haveRegistered$,
         this.haveConnected$,
         this.userService.isAdmin$,
+        this.userService.isEndpointAdmin$,
+        this.sessionService.userEndpointsEnabled(),
         this.disablePersistenceFeatures$
       ),
-      map(([state, haveRegistered, haveConnected, isAdmin, disablePersistenceFeatures]
-        : [[AuthState, EndpointState], boolean, boolean, boolean, boolean]) => {
+      map(([state, haveRegistered, haveConnected, isAdmin, isEndpointAdmin, userEndpointsEnabled, disablePersistenceFeatures]
+        : [[AuthState, EndpointState], boolean, boolean, boolean, boolean, boolean, boolean]) => {
         const [authState] = state;
         if (authState.sessionData.valid) {
           // Redirect to endpoints if there's no connected endpoints
           let redirect: string;
           if (!disablePersistenceFeatures) {
             if (!haveRegistered) {
-              redirect = isAdmin ? '/endpoints' : '/noendpoints';
+              redirect = isAdmin || (userEndpointsEnabled && isEndpointAdmin) ? '/endpoints' : '/noendpoints';
             } else if (!haveConnected) {
               redirect = '/endpoints';
             }
 
@@ -8,6 +8,7 @@ import { UserFavoriteManager } from '../../../../store/src/user-favorite-manager
 import { BaseTestModulesNoShared } from '../../../test-framework/core-test.helper';
 import { ConfirmationDialogService } from '../../shared/components/confirmation-dialog.service';
 import { DialogConfirmComponent } from '../../shared/components/dialog-confirm/dialog-confirm.component';
+import { SessionService } from '../../shared/services/session.service';
 import { EntityFavoriteStarComponent } from './entity-favorite-star.component';
 
 describe('EntityFavoriteStarComponent', () => {
@@ -28,7 +29,8 @@ describe('EntityFavoriteStarComponent', () => {
             overlayContainerElement = document.createElement('div');
             return { getContainerElement: () => overlayContainerElement };
           }
-        }
+        },
+        SessionService
       ],
       declarations: [
         DialogConfirmComponent
 
@@ -50,6 +50,11 @@ describe('CurrentUserPermissionsService', () => {
             StratosScopeStrings.STRATOS_CHANGE_PASSWORD,
           ]
         },
+        creator: {
+          name: 'admin',
+          admin: true,
+          system: false
+        },
         metricsAvailable: false,
         connectionStatus: 'connected',
         system_shared_token: false,
@@ -83,6 +88,11 @@ describe('CurrentUserPermissionsService', () => {
             StratosScopeStrings.SCIM_READ
           ]
         },
+        creator: {
+          name: 'admin',
+          admin: true,
+          system: false
+        },
         metricsAvailable: false,
         connectionStatus: 'connected',
         system_shared_token: false,
 
@@ -20,7 +20,8 @@ import {
 
 
 export enum StratosCurrentUserPermissions {
-  ENDPOINT_REGISTER = 'register.endpoint',
+  EDIT_ENDPOINT = 'edit-endpoint',
+  EDIT_ADMIN_ENDPOINT = 'edit-admin-endpoint',
   PASSWORD_CHANGE = 'change-password',
   EDIT_PROFILE = 'edit-profile',
   /**
@@ -35,12 +36,12 @@ export enum StratosPermissionStrings {
   STRATOS_ADMIN = 'isAdmin'
 }
 
-
 export enum StratosScopeStrings {
   STRATOS_CHANGE_PASSWORD = 'password.write',
   SCIM_READ = 'scim.read',
   SCIM_WRITE = 'scim.write',
-  STRATOS_NOAUTH = 'stratos.noauth'
+  STRATOS_NOAUTH = 'stratos.noauth',
+  STRATOS_ENDPOINTADMIN = 'stratos.endpointadmin'
 }
 
 export enum StratosPermissionTypes {
@@ -53,7 +54,11 @@ export enum StratosPermissionTypes {
 // Every group result must be true in order for the permission to be true. A group result is true if all or some of it's permissions are
 // true (see `getCheckFromConfig`).
 export const stratosPermissionConfigs: IPermissionConfigs = {
-  [StratosCurrentUserPermissions.ENDPOINT_REGISTER]: new PermissionConfig(
+  [StratosCurrentUserPermissions.EDIT_ENDPOINT]: new PermissionConfig(
+    StratosPermissionTypes.STRATOS_SCOPE,
+    StratosScopeStrings.STRATOS_ENDPOINTADMIN
+  ),
+  [StratosCurrentUserPermissions.EDIT_ADMIN_ENDPOINT]: new PermissionConfig(
     StratosPermissionTypes.STRATOS,
     StratosPermissionStrings.STRATOS_ADMIN
   ),