Skip to content

Commit

Permalink
Related-Bug: #1532666
Browse files Browse the repository at this point in the history 
1. Earlier we used to allow only admin role users, due to which we had to get
    all the roles per project while log-in, if there are a lot of projects for this
    user, then it used to take lot of time to get this info, so login time was more.
2. Corrected the hash value of mon_net_dashboard -> mon_networking_dashboard
3. But still in R2.20 it is not advised to login using member role, only admin
    role, as this is only not to burden keystone while login with all tenant
    role-get. API Server thorws permission denied in r2.20 for non-admin role
    projects.

Conflicts:
	src/serverroot/common/auth.api.js
	src/serverroot/orchestration/plugins/cloudstack/cloudstack.authApi.js
	src/serverroot/orchestration/plugins/no-orch/noOrchestration.api.js
	src/serverroot/orchestration/plugins/openstack/keystone.api.js
	src/serverroot/orchestration/plugins/vcenter/vcenter.authApi.js
	webroot/js/handlers/ContentHandler.js
	webroot/js/handlers/LayoutHandler.js

Change-Id: I07263eeef23e028740f2b9edfa6e34ac28e49362
  • Loading branch information
@biswajit-mandal
biswajit-mandal committed Feb 10, 2016
1 parent a9cc1b9 commit 27fc201
Show file tree
Hide file tree
Showing 14 changed files with 411 additions and 148 deletions.
27 changes: 25 additions & 2 deletions src/serverroot/common/auth.api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,9 +139,22 @@ function getServiceCatalog (req, callback)
});
}

function getUIUserRoleByTenant (userObj, callback)
{
var req = userObj['req'];
return getAuthMethod[req.session.loggedInOrchestrationMode].getUIUserRoleByTenant(userObj,
callback);
}

function getUIRolesByExtRoles (req, extRoles)
{
return getAuthMethod[req.session.loggedInOrchestrationMode].getUserRoleByAuthResponse(extRoles);
return getAuthMethod[req.session.loggedInOrchestrationMode].getUIRolesByExtRoles(extRoles);
}

function getExtUserRoleByTenant (userObj, callback)
{
var req = userObj['req'];
return getAuthMethod[req.session.loggedInOrchestrationMode].getExtUserRoleByTenant(userObj, callback);
}

function getCookieObjs (req, appData, callback)
Expand All @@ -166,6 +179,13 @@ function getUserAuthDataByConfigAuthObj (loggedInOrchestrationMode, authObj, cal
callback);
}

function getDomainNameByUUID (request, uuid, domList)
{
return getAuthMethod[request.session.loggedInOrchestrationMode].getDomainNameByUUID(request,
uuid,
domList);
}

exports.doAuthenticate = doAuthenticate;
exports.getTenantList = getTenantList;
exports.getTokenObj = getTokenObj;
Expand All @@ -178,9 +198,12 @@ exports.getDomainList = getDomainList;
exports.getProjectList = getProjectList;
exports.isDefaultDomain = isDefaultDomain;
exports.getNewTokenObjByToken = getNewTokenObjByToken;
exports.getUIRolesByExtRoles = getUIRolesByExtRoles;
exports.getDefaultDomain = getDefaultDomain;
exports.getCookieObjs = getCookieObjs;
exports.getSessionExpiryTime = getSessionExpiryTime;
exports.getUserAuthDataByConfigAuthObj = getUserAuthDataByConfigAuthObj;
exports.getExtUserRoleByTenant = getExtUserRoleByTenant;
exports.getDomainNameByUUID = getDomainNameByUUID;
exports.getUIUserRoleByTenant = getUIUserRoleByTenant;
exports.getUIRolesByExtRoles = getUIRolesByExtRoles;

57 changes: 42 additions & 15 deletions src/serverroot/common/configServer.utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,21 +96,14 @@ function getTenantListAndSyncDomain (request, appData, callback)
if ((null != domId) && (false == authApi.isDefaultDomain(request, domId))) {
domId =
commonUtils.convertUUIDToString(tenantList['tenants'][i]['domain_id']);
if ((null != domain) && (domId != domain)) {
tenantList['tenants'].splice(i, 1);
i--;
projCnt--;
continue;
}
}
if ((null != domId) && (null == tmpDomainObjs[domId])) {
domainObjs['domains'].push({'fq_name': [domId], 'uuid': domId});
tmpDomainObjs[domId] = domId;
if (false == authApi.isDefaultDomain(request, domId)) {
var domUrl = '/domain/' + domId;
commonUtils.createReqObj(domArr, domUrl,
global.HTTP_REQUEST_GET, null,
null, null, appData);
if (null == tmpDomainObjs[domId]) {
tmpDomainObjs[domId] = domId;
if (false == authApi.isDefaultDomain(request, domId)) {
var domUrl = '/domain/' + domId;
commonUtils.createReqObj(domArr, domUrl,
global.HTTP_REQUEST_GET, null,
null, null, appData);
}
}
}
}
Expand All @@ -120,9 +113,43 @@ function getTenantListAndSyncDomain (request, appData, callback)
function(err, confData) {
getDomainsFromApiServer(appData, function(err, domList) {
if ((null != err) || (null == domList) || (null == domList['domains'])) {
/* We did not find any domain in API Server */
if ('v3' == request.session.authApiVersion) {
/* In v2, we have default-domain for all projects */
tenantList['tenants'] = [];
}
callback(null, domainObjs, tenantList, domList);
return;
}
tmpDomainObjs = {};
for (var i = 0; i < projCnt; i++) {
var domId = tenantList['tenants'][i]['domain_id'];
if ((null != domId) &&
(false == authApi.isDefaultDomain(request, domId))) {
domId =
commonUtils.convertUUIDToString(tenantList['tenants'][i]['domain_id']);
var domFqn = authApi.getDomainNameByUUID(request, domId,
domList['domains']);
if ((null == tmpDomainObjs[domId]) && (null != domFqn)) {
domainObjs['domains'].push({'fq_name': [domFqn], 'uuid': domId});
tmpDomainObjs[domId] = domId;
}
if ((null != domain) && (domFqn != domain)) {
tenantList['tenants'].splice(i, 1);
i--;
projCnt--;
} else {
tenantList['tenants'][i]['domain_name'] = domFqn;
}
} else {
var defDomain = authApi.getDefaultDomain(request);
if (null == tmpDomainObjs[domId]) {
domainObjs['domains'].push({'fq_name': [defDomain], 'uuid': domId});
tmpDomainObjs[domId] = domId;
}
tenantList['tenants'][i]['domain_name'] = defDomain;
}
}
var allDomList = domList['domains'];
var allDomCnt = allDomList.length;
var domCnt = domainObjs['domains'].length;
Expand Down
48 changes: 46 additions & 2 deletions src/serverroot/orchestration/plugins/cloudstack/cloudstack.authApi.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,53 @@ function getUserRoleByAuthResponse (cloudStackUserLoginResp)
{
var userType = cloudStackUserLoginResp['loginresponse']['type'];
if (CLOUDSTACK_USER_TYPE_ADMIN == userType) {
return global.STR_ROLE_ADMIN;
return [global.STR_ROLE_ADMIN];
} else {
global.STR_ROLE_USER;
return [global.STR_ROLE_USER];
}
}

function getUIUserRoleByTenant (userObj, callback)
{
var userRoles = [global.STR_ROLE_USER];
if ((null == userObj) || (null == userObj.req)) {
callback(null, userRoles);
return;
}
userRoles =
commonUtils.getValueByJsonPath(userObj.req,
'session;userRole',
[global.STR_ROLE_USER]);
callback(null, userRoles);
}

function getUIRolesByExtRoles (extRoles)
{
var roles = [];
if ((null == extRoles) || (!extRoles.length)) {
return [global.STR_ROLE_USER];
}
var roleCnt = extRoles.length;
for (var i = 0; i < roleCnt; i++) {
roles.push(extRoles[i]['name']);
}
if (-1 != roles.indexOf('admin')) {
return [global.STR_ROLE_ADMIN];
}
return [global.STR_ROLE_USER];
}

function getExtUserRoleByTenant (userObj, callback)
{
getUIUserRoleByTenant(userObj, function(uiRoles) {
if (-1 != uiRoles.indexOf(global.STR_ROLE_ADMIN)) {
callback(null, {'roles': [{'name': 'admin'}]});
return;
}
callback(null, {'roles': [{'name': 'Member'}]});
});
}

function getUsers (req, callback)
{
var postData = {};
Expand Down Expand Up @@ -203,4 +244,7 @@ exports.formatTenantList = formatTenantList;
exports.getProjectList = getProjectList;
exports.getSessionExpiryTime = getSessionExpiryTime;
exports.getUserAuthDataByConfigAuthObj = getUserAuthDataByConfigAuthObj;
exports.getUIUserRoleByTenant = getUIUserRoleByTenant;
exports.getExtUserRoleByTenant = getExtUserRoleByTenant;
exports.getUIRolesByExtRoles = getUIRolesByExtRoles;

45 changes: 45 additions & 0 deletions src/serverroot/orchestration/plugins/no-orch/noOrchestration.api.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ var config = process.mainModule.exports['config'];
var commonUtils = require('../../../utils/common.utils');
var messages = require('../../../common/messages');
var configUtils = require('../../../common/configServer.utils');
var roleMap = require('../../../web/core/rolemap.api');

function authenticate (req, res, appData, callback)
{
Expand Down Expand Up @@ -114,6 +115,47 @@ function getFlavors (req, callback)
callback(null, list);
}

function getUIUserRoleByTenant (userObj, callback)
{
var userRoles = [global.STR_ROLE_USER];
if ((null == userObj) || (null == userObj.req)) {
callback(null, userRoles);
return;
}
userRoles =
commonUtils.getValueByJsonPath(userObj.req,
'session;userRole',
[global.STR_ROLE_USER]);
callback(null, userRoles);
}

function getExtUserRoleByTenant (userObj, callback)
{
getUIUserRoleByTenant(userObj, function(uiRoles) {
if (-1 != uiRoles.indexOf(global.STR_ROLE_ADMIN)) {
callback(null, {'roles': [{'name': 'admin'}]});
return;
}
callback(null, {'roles': [{'name': 'Member'}]});
});
}

function getUIRolesByExtRoles (extRoles)
{
var roles = [];
if ((null == extRoles) || (!extRoles.length)) {
return [global.STR_ROLE_USER];
}
var roleCnt = extRoles.length;
for (var i = 0; i < roleCnt; i++) {
roles.push(extRoles[i]['name']);
}
if (-1 != roles.indexOf('admin')) {
return [global.STR_ROLE_ADMIN];
}
return [global.STR_ROLE_USER];
}

function getOSHostList (req, callback)
{
var list = {"hosts": []};
Expand Down Expand Up @@ -173,4 +215,7 @@ exports.getCookieObjs = getCookieObjs;
exports.getSessionExpiryTime = getSessionExpiryTime;
exports.getToken = getToken;
exports.getUserAuthDataByConfigAuthObj = getUserAuthDataByConfigAuthObj;
exports.getUIUserRoleByTenant = getUIUserRoleByTenant;
exports.getExtUserRoleByTenant = getExtUserRoleByTenant;
exports.getUIRolesByExtRoles = getUIRolesByExtRoles;

0 comments on commit 27fc201

Please sign in to comment.