diff --git a/awx/ui/static/js/controllers/Teams.js b/awx/ui/static/js/controllers/Teams.js index a20d92fc69..dd2607dfbb 100644 --- a/awx/ui/static/js/controllers/Teams.js +++ b/awx/ui/static/js/controllers/Teams.js @@ -163,12 +163,15 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, var master = {}; var id = $routeParams.team_id; var relatedSets = {}; + + scope.PermissionAddAllowed = false; // Retrieve each related set and any lookups if (scope.teamLoadedRemove) { scope.teamLoadedRemove(); } scope.teamLoadedRemove = scope.$on('teamLoaded', function() { + CheckAccess({ scope: scope }); Rest.setUrl(scope['organization_url']); Rest.get() .success( function(data, status, headers, config) { @@ -177,7 +180,7 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, }) .error( function(data, status, headers, config) { ProcessErrors(scope, data, status, null, - { hdr: 'Error!', msg: 'Failed to retrieve: ' + scope.orgnization_url + '. GET status: ' + status }); + { hdr: 'Error!', msg: 'Failed to retrieve organization: ' + scope.orgnization_url + '. GET status: ' + status }); }); for (var set in relatedSets) { scope.search(relatedSets[set].iterator); @@ -253,9 +256,12 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.add = function(set) { $rootScope.flashMessage = null; if (set == 'permissions') { - if (CheckAccess()) { + if (scope.PermissionAddAllowed) { $location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/add'); } + else { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } } else { $location.path('/' + base + '/' + $routeParams.team_id + '/' + set); @@ -266,9 +272,12 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.edit = function(set, id, name) { $rootScope.flashMessage = null; if (set == 'permissions') { - if (CheckAccess()) { + if (scope.PermissionAddAllowed) { $location.path('/' + base + '/' + $routeParams.team_id + '/' + set + '/' + id); - } + } + else { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } } else { $location.path('/' + set + '/' + id); @@ -282,7 +291,7 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, var action = function() { var url; if (set == 'permissions') { - if (CheckAccess()) { + if (scope.PermissionAddAllowed) { url = GetBasePath('base') + 'permissions/' + itm_id + '/'; Rest.setUrl(url); Rest.destroy() @@ -295,7 +304,10 @@ function TeamsEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, ProcessErrors(scope, data, status, null, { hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status }); }); - } + } + else { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } } else { var url = defaultUrl + $routeParams.team_id + '/' + set + '/'; diff --git a/awx/ui/static/js/controllers/Users.js b/awx/ui/static/js/controllers/Users.js index 6e7147ff5b..9c29967f78 100644 --- a/awx/ui/static/js/controllers/Users.js +++ b/awx/ui/static/js/controllers/Users.js @@ -182,11 +182,14 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, var id = $routeParams.user_id; var relatedSets = {}; + scope.PermissionAddAllowed = false; + // After the Organization is loaded, retrieve each related set scope.$on('userLoaded', function() { for (var set in relatedSets) { scope.search(relatedSets[set].iterator); } + CheckAccess({ scope: scope }); //Does the user have access add Permissions? }); // Retrieve detail record and prepopulate the form @@ -263,9 +266,12 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.add = function(set) { $rootScope.flashMessage = null; if (set == 'permissions') { - if (CheckAccess()) { + if (scope.PermissionAddAllowed) { $location.path('/' + base + '/' + $routeParams.user_id + '/' + set + '/add'); } + else { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } } else { $location.path('/' + base + '/' + $routeParams.user_id + '/' + set); @@ -276,9 +282,12 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, scope.edit = function(set, id, name) { $rootScope.flashMessage = null; if (set == 'permissions') { - if (CheckAccess()) { + if (scope.PermissionAddAllowed) { $location.path('/users/' + $routeParams.user_id + '/permissions/' + id); } + else { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } } else { $location.path('/' + set + '/' + id); @@ -292,7 +301,7 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, var action = function() { var url; if (set == 'permissions') { - if (CheckAccess()) { + if (scope.PermissionAddAllowed) { url = GetBasePath('base') + 'permissions/' + itm_id + '/'; Rest.setUrl(url); Rest.destroy() @@ -305,7 +314,10 @@ function UsersEdit ($scope, $rootScope, $compile, $location, $log, $routeParams, ProcessErrors(scope, data, status, null, { hdr: 'Error!', msg: 'Call to ' + url + ' failed. DELETE returned status: ' + status }); }); - } + } + else { + Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + } } else { url = defaultUrl + $routeParams.user_id + '/' + set + '/'; diff --git a/awx/ui/static/js/forms/Users.js b/awx/ui/static/js/forms/Users.js index 9d46ec649f..ec64ad38e5 100644 --- a/awx/ui/static/js/forms/Users.js +++ b/awx/ui/static/js/forms/Users.js @@ -157,7 +157,8 @@ angular.module('UserFormDefinition', []) ngClick: "add('permissions')", icon: 'icon-plus', label: 'Add', - awToolTip: 'Add a permission for this user' + awToolTip: 'Add a permission for this user', + ngShow: 'PermissionAddAllowed == true' } }, diff --git a/awx/ui/static/js/helpers/Access.js b/awx/ui/static/js/helpers/Access.js index 2a9cfdfb6a..c8002dd981 100644 --- a/awx/ui/static/js/helpers/Access.js +++ b/awx/ui/static/js/helpers/Access.js @@ -7,10 +7,13 @@ angular.module('AccessHelper', ['RestServices', 'Utilities', 'ngCookies']) .factory('CheckAccess', ['$rootScope', 'Alert', 'Rest', 'GetBasePath','ProcessErrors', function($rootScope, Alert, Rest, GetBasePath, ProcessErrors) { return function(params) { + // set PermissionAddAllowed to true or false based on user access. admins and org admins are granted + // accesss. var me = $rootScope.current_user; - var access = false; + var scope = params.scope; + if (me.is_superuser) { - access = true; + scope.PermissionAddAllowed = true; } else { if (me.related.admin_of_organizations) { @@ -18,7 +21,10 @@ angular.module('AccessHelper', ['RestServices', 'Utilities', 'ngCookies']) Rest.get() .success( function(data, status, headers, config) { if (data.results.length > 0) { - access = true; + scope.PermissionAddAllowed = true; + } + else { + scope.PermissionAddAllowed = false; } }) .error( function(data, status, headers, config) { @@ -28,10 +34,10 @@ angular.module('AccessHelper', ['RestServices', 'Utilities', 'ngCookies']) }); } } - if (!access) { - Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); - } - return access; + //if (!access) { + // Alert('Access Denied', 'You do not have access to this function. Please contact your system administrator.'); + //} + //return access; } }]) diff --git a/awx/ui/static/lib/ansible/form-generator.js b/awx/ui/static/lib/ansible/form-generator.js index 84e6d3820f..e427e353b1 100644 --- a/awx/ui/static/lib/ansible/form-generator.js +++ b/awx/ui/static/lib/ansible/form-generator.js @@ -1036,6 +1036,7 @@ angular.module('FormGenerator', ['GeneratorHelpers', 'ngCookies']) html += (form.related[itm].actions[act]['class']) ? form.related[itm].actions[act]['class'] : "btn-success"; html += "\" "; html += this.attr(action,'ngClick'); + html += (action['ngShow']) ? this.attr(action,'ngShow') : ""; html += (action.awToolTip) ? this.attr(action,'awToolTip') : ""; html += (action.awToolTip) ? "data-placement=\"right\" " : ""; html += ">";