/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /** * A directive for managing all users in the system. */ angular.module('settings').directive('guacSettingsUsers', [function guacSettingsUsers() { return { // Element only restrict: 'E', replace: true, scope: { }, templateUrl: 'app/settings/templates/settingsUsers.html', controller: ['$scope', '$injector', function settingsUsersController($scope, $injector) { // Required types var ManageableUser = $injector.get('ManageableUser'); var PermissionSet = $injector.get('PermissionSet'); // Required services var $location = $injector.get('$location'); var authenticationService = $injector.get('authenticationService'); var dataSourceService = $injector.get('dataSourceService'); var guacNotification = $injector.get('guacNotification'); var permissionService = $injector.get('permissionService'); var userService = $injector.get('userService'); // Identifier of the current user var currentUsername = authenticationService.getCurrentUsername(); /** * An action to be provided along with the object sent to * showStatus which closes the currently-shown status dialog. */ var ACKNOWLEDGE_ACTION = { name : "SETTINGS_USERS.ACTION_ACKNOWLEDGE", // Handle action callback : function acknowledgeCallback() { guacNotification.showStatus(false); } }; /** * The identifiers of all data sources accessible by the current * user. * * @type String[] */ var dataSources = authenticationService.getAvailableDataSources(); /** * All visible users, along with their corresponding data sources. * * @type ManageableUser[] */ $scope.manageableUsers = null; /** * The name of the new user to create, if any, when user creation * is requested via newUser(). * * @type String */ $scope.newUsername = ""; /** * Map of data source identifiers to all permissions associated * with the current user within that data source, or null if the * user's permissions have not yet been loaded. * * @type Object. */ $scope.permissions = null; /** * Array of all user properties that are filterable. * * @type String[] */ $scope.filteredUserProperties = [ 'user.username' ]; /** * Returns whether critical data has completed being loaded. * * @returns {Boolean} * true if enough data has been loaded for the user interface * to be useful, false otherwise. */ $scope.isLoaded = function isLoaded() { return $scope.manageableUsers !== null && $scope.permissions !== null; }; /** * Returns the identifier of the data source that should be used by * default when creating a new user. * * @return {String} * The identifier of the data source that should be used by * default when creating a new user, or null if user creation * is not allowed. */ $scope.getDefaultDataSource = function getDefaultDataSource() { // Abort if permissions have not yet loaded if (!$scope.permissions) return null; // For each data source for (var dataSource in $scope.permissions) { // Retrieve corresponding permission set var permissionSet = $scope.permissions[dataSource]; // Can create users if adminstrator or have explicit permission if (PermissionSet.hasSystemPermission(permissionSet, PermissionSet.SystemPermissionType.ADMINISTER) || PermissionSet.hasSystemPermission(permissionSet, PermissionSet.SystemPermissionType.CREATE_USER)) return dataSource; } // No data sources allow user creation return null; }; /** * Returns whether the current user can create new users within at * least one data source. * * @return {Boolean} * true if the current user can create new users within at * least one data source, false otherwise. */ $scope.canCreateUsers = function canCreateUsers() { return $scope.getDefaultDataSource() !== null; }; /** * Returns whether the current user can create new users or make * changes to existing users within at least one data source. The * user management interface as a whole is useless if this function * returns false. * * @return {Boolean} * true if the current user can create new users or make * changes to existing users within at least one data source, * false otherwise. */ var canManageUsers = function canManageUsers() { // Abort if permissions have not yet loaded if (!$scope.permissions) return false; // Creating users counts as management if ($scope.canCreateUsers()) return true; // For each data source for (var dataSource in $scope.permissions) { // Retrieve corresponding permission set var permissionSet = $scope.permissions[dataSource]; // Can manage users if granted explicit update or delete if (PermissionSet.hasUserPermission(permissionSet, PermissionSet.ObjectPermissionType.UPDATE) || PermissionSet.hasUserPermission(permissionSet, PermissionSet.ObjectPermissionType.DELETE)) return true; } // No data sources allow management of users return false; }; // Retrieve current permissions dataSourceService.apply( permissionService.getPermissions, dataSources, currentUsername ) .then(function permissionsRetrieved(permissions) { // Store retrieved permissions $scope.permissions = permissions; // Return to home if there's nothing to do here if (!canManageUsers()) $location.path('/'); var userPromise; // If users can be created, list all readable users if ($scope.canCreateUsers()) userPromise = dataSourceService.apply(userService.getUsers, dataSources); // Otherwise, list only updateable/deletable users else userPromise = dataSourceService.apply(userService.getUsers, dataSources, [ PermissionSet.ObjectPermissionType.UPDATE, PermissionSet.ObjectPermissionType.DELETE ]); userPromise.then(function usersReceived(allUsers) { var addedUsers = {}; $scope.manageableUsers = []; // For each user in each data source angular.forEach(dataSources, function addUserList(dataSource) { angular.forEach(allUsers[dataSource], function addUser(user) { // Do not add the same user twice if (addedUsers[user.username]) return; // Link to default creation data source if we cannot manage this user if (!PermissionSet.hasSystemPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.ADMINISTER) && !PermissionSet.hasUserPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.UPDATE, user.username) && !PermissionSet.hasUserPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.DELETE, user.username)) dataSource = $scope.getDefaultDataSource(); // Add user to overall list addedUsers[user.username] = user; $scope.manageableUsers.push(new ManageableUser ({ 'dataSource' : dataSource, 'user' : user })); }); }); }); }); }] }; }]);