mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 09:13:39 +00:00
user acl for device trust ui (#23493)
* feat: user acl for device trust ui * Update lib/web/ui/usercontext.go Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com> * revert e ref to current from master * Update web/packages/teleport/src/stores/storeUserContext.ts Co-authored-by: Lisa Kim <lisa@goteleport.com> * Update web/packages/teleport/src/teleportContext.tsx Co-authored-by: Lisa Kim <lisa@goteleport.com> * update defaultAllowRules to RW() * commend added to highlight preset rules should be same when added to defaultAllowRules --------- Co-authored-by: Zac Bergquist <zac.bergquist@goteleport.com> Co-authored-by: Lisa Kim <lisa@goteleport.com>
This commit is contained in:
parent
c26d911cfd
commit
786be9ef0c
|
@ -189,6 +189,7 @@ func NewPresetAuditorRole() types.Role {
|
|||
|
||||
// defaultAllowRules has the Allow rules that should be set as default when they were not explicitly defined.
|
||||
// This is used to update the current cluster roles when deploying a new resource.
|
||||
// Rules defined in preset template should be exactly the same rule when added here.
|
||||
func defaultAllowRules() map[string][]types.Rule {
|
||||
return map[string][]types.Rule{
|
||||
teleport.PresetAuditorRoleName: {
|
||||
|
@ -203,6 +204,7 @@ func defaultAllowRules() map[string][]types.Rule {
|
|||
types.NewRule(types.KindSAMLIdPServiceProvider, RW()),
|
||||
types.NewRule(types.KindOktaImportRule, RW()),
|
||||
types.NewRule(types.KindOktaAssignment, RW()),
|
||||
types.NewRule(types.KindDevice, append(RW(), types.VerbCreateEnrollToken, types.VerbEnroll)),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
@ -95,6 +95,8 @@ type userACL struct {
|
|||
License access `json:"license"`
|
||||
// Plugins defines whether the user has access to manage hosted plugin instances
|
||||
Plugins access `json:"plugins"`
|
||||
// DeviceTrust defines access to device trust.
|
||||
DeviceTrust access `json:"deviceTrust"`
|
||||
}
|
||||
|
||||
type authType string
|
||||
|
@ -204,6 +206,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto.
|
|||
directorySharing := userRoles.DesktopDirectorySharing()
|
||||
download := newAccess(userRoles, ctx, types.KindDownload)
|
||||
license := newAccess(userRoles, ctx, types.KindLicense)
|
||||
deviceTrust := newAccess(userRoles, ctx, types.KindDevice)
|
||||
|
||||
acl := userACL{
|
||||
AccessRequests: requestAccess,
|
||||
|
@ -229,6 +232,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto.
|
|||
Download: download,
|
||||
License: license,
|
||||
Plugins: pluginsAccess,
|
||||
DeviceTrust: deviceTrust,
|
||||
}
|
||||
|
||||
// local user
|
||||
|
|
|
@ -51,6 +51,7 @@ export const fullAcl: Acl = {
|
|||
license: fullAccess,
|
||||
download: fullAccess,
|
||||
plugins: fullAccess,
|
||||
deviceTrust: fullAccess,
|
||||
};
|
||||
|
||||
export const userContext = makeUserContext({
|
||||
|
|
|
@ -54,6 +54,8 @@ export default function makeAcl(json): Acl {
|
|||
const license = json.license || defaultAccess;
|
||||
const download = json.download || defaultAccess;
|
||||
|
||||
const deviceTrust = json.deviceTrust || defaultAccess;
|
||||
|
||||
return {
|
||||
authConnectors,
|
||||
trustedClusters,
|
||||
|
@ -78,6 +80,7 @@ export default function makeAcl(json): Acl {
|
|||
connectionDiagnostic,
|
||||
license,
|
||||
download,
|
||||
deviceTrust,
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -71,6 +71,7 @@ export interface Acl {
|
|||
license: Access;
|
||||
download: Access;
|
||||
plugins: Access;
|
||||
deviceTrust: Access;
|
||||
}
|
||||
|
||||
export interface User {
|
||||
|
|
|
@ -190,6 +190,13 @@ test('undefined values in context response gives proper default values', async (
|
|||
create: false,
|
||||
remove: false,
|
||||
},
|
||||
deviceTrust: {
|
||||
list: false,
|
||||
read: false,
|
||||
edit: false,
|
||||
create: false,
|
||||
remove: false,
|
||||
},
|
||||
clipboardSharingEnabled: true,
|
||||
desktopSessionRecordingEnabled: true,
|
||||
directorySharingEnabled: true,
|
||||
|
|
|
@ -175,4 +175,8 @@ export default class StoreUserContext extends Store<UserContext> {
|
|||
hasPluginsAccess() {
|
||||
return this.state.acl.plugins.list || this.state.acl.plugins.create;
|
||||
}
|
||||
|
||||
getDeviceTrustAccess() {
|
||||
return this.state.acl.deviceTrust;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -98,6 +98,7 @@ class TeleportContext implements types.Context {
|
|||
downloadCenter: false,
|
||||
discover: false,
|
||||
plugins: false,
|
||||
deviceTrust: false,
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -120,6 +121,7 @@ class TeleportContext implements types.Context {
|
|||
downloadCenter: userContext.hasDownloadCenterListAccess(),
|
||||
discover: userContext.hasDiscoverAccess(),
|
||||
plugins: userContext.hasPluginsAccess(),
|
||||
deviceTrust: userContext.getDeviceTrustAccess().list,
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
@ -90,4 +90,5 @@ export interface FeatureFlags {
|
|||
downloadCenter: boolean;
|
||||
discover: boolean;
|
||||
plugins: boolean;
|
||||
deviceTrust: boolean;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue