Skip to content
This repository has been archived by the owner on Jan 3, 2024. It is now read-only.

Commit

Permalink
Merge pull request swarmpit#655 from NeilInnes/view_only_user
Browse files Browse the repository at this point in the history 
View/Read only users
  • Loading branch information
@nohaapav
nohaapav authored May 11, 2023
2 parents a8af1be + 8d84a31 commit 850a7f9
Show file tree
Hide file tree
Showing 35 changed files with 322 additions and 156 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,10 @@ Swarmpit is published on port `888` by default.

Refer to following [document](https://github.com/swarmpit/swarmpit/blob/master/doc/configuration.md)

## User Types

Refer to following [document](https://github.com/swarmpit/swarmpit/blob/master/doc/user_types.md)

## Development

Swarmpit is written purely in Clojure and utilizes React on front-end. CouchDB is used to persist application data & InfluxDB for cluster statistics.
Expand Down
15 changes: 15 additions & 0 deletions doc/user_types.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# User Types

# User & Admin Roles

Both User & Admin have full access to make modifications to all stacks, services, secrets etc. - however, only Admin users can create/edit other users.

# View Only Role

As you would expect, 'View only' users can not make any modifications except pinning/unpinning dashboard entries and changing their password.
With the exception of secret values (which are kept secret to full users and admins), they can view all information.

<p align="center">
<img src="https://raw.githubusercontent.com/swarmpit/swarmpit/master/resources/public/CreateUser.png" width="50%" style="text-align: center">
<img src="https://raw.githubusercontent.com/swarmpit/swarmpit/master/resources/public/UserList.png" style="text-align: center">
</p>
Binary file added resources/public/CreateUser.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added resources/public/UserList.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
28 changes: 24 additions & 4 deletions src/clj/swarmpit/authorization.clj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
[buddy.auth.accessrules :refer [success error wrap-access-rules]]
[swarmpit.handler :refer [resp-error]]
[swarmpit.token :refer [admin?]]
[swarmpit.token :refer [user?]]
[swarmpit.couchdb.client :as cc]))

(defn- authenticated-access
Expand All @@ -25,6 +26,15 @@
(error {:code 403
:message "Unauthorized admin access"}))))

(defn- user-access
[{:keys [identity]}]
(let [username (get-in identity [:usr :username])
user (cc/user-by-username username)]
(if (or (admin? user) (user? user))
true
(error {:code 403
:message "Unauthorized user access"}))))

(defn- owner-access
[{:keys [path-params identity]}]
(let [user (get-in identity [:usr :username])
Expand Down Expand Up @@ -65,16 +75,26 @@
:handler {:and [authenticated-access admin-access]}}
{:pattern #"^/api/registry/(dockerhub|v2|ecr|acr|gitlab)/[a-zA-Z0-9]*/repositories$"
:request-method :get
:handler {:and [authenticated-access registry-access]}}
:handler {:and [authenticated-access registry-access user-access]}}
{:pattern #"^/api/registry/(dockerhub|v2|ecr|acr|gitlab)/[a-zA-Z0-9]*/tags$"
:request-method :get
:handler {:and [authenticated-access registry-access]}}
:handler {:and [authenticated-access registry-access user-access]}}
{:pattern #"^/api/registry/(dockerhub|v2|ecr|acr|gitlab)/[a-zA-Z0-9]*/ports$"
:request-method :get
:handler {:and [authenticated-access registry-access]}}
:handler {:and [authenticated-access registry-access user-access]}}
{:pattern #"^/api/registry/(dockerhub|v2|ecr|acr|gitlab)/[a-zA-Z0-9]*$"
:request-method #{:get :delete :post}
:handler {:and [authenticated-access owner-access]}}
:handler {:and [authenticated-access owner-access user-access]}}
{:pattern #"^/api/.*/dashboard$"
:request-method #{:delete :post}
:handler {:and [authenticated-access]}} ;;Allow pin/unpin by authenticated
{:pattern #"^/api/.*"
:request-method #{:delete :post}
:handler {:and [authenticated-access user-access]}} ;;Restrict ALL delete/post to user level and higher
{:pattern #"^/api/secrets/$"
:handler {:and [authenticated-access user-access]}} ;;Restrict getting secrets to user level and higher
{:pattern #"^/api/secrets/.*$"
:handler {:and [authenticated-access user-access]}} ;;Restrict getting secrets to user level and higher
{:pattern #"^/api/.*"
:handler authenticated-access}])

Expand Down
4 changes: 4 additions & 0 deletions src/cljc/swarmpit/token.cljc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@
[user]
(= "admin" (:role user)))

(defn user?
[user]
(or (= "admin" (:role user)) (= "user" (:role user))))

(defn token-value
[token]
(second (str/split token #" ")))
Expand Down
5 changes: 3 additions & 2 deletions src/cljs/swarmpit/component/account_settings.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@
[material.components :as comp]
[swarmpit.component.password :as password]
[swarmpit.component.api-access :as api-access]
[sablono.core :refer-macros [html]]))
[sablono.core :refer-macros [html]]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand All @@ -30,4 +31,4 @@
{:maxWidth "sm"
:className "Swarmpit-container"}
(form-password)
(form-api-access))]])))
(form-api-access))]])))
9 changes: 5 additions & 4 deletions src/cljs/swarmpit/component/common.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,11 @@
(comp/grid
{:container true
:spacing 2}
(comp/grid
{:item true
:xs 12}
(toolbar/list-toobar title items filtered-items toolbar-render-metadata))
(if (not= "" toolbar-render-metadata)
(comp/grid
{:item true
:xs 12}
(toolbar/list-toobar title items filtered-items toolbar-render-metadata)))
(comp/grid
{:item true
:xs 12}
Expand Down
12 changes: 7 additions & 5 deletions src/cljs/swarmpit/component/config/info.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@
[swarmpit.base64 :as base64]
[sablono.core :refer-macros [html]]
[clojure.contrib.inflect :as inflect]
[rum.core :as rum]))
[rum.core :as rum]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -119,10 +120,11 @@
(comp/grid
{:container true
:spacing 2}
(comp/grid
{:item true
:xs 12}
(toolbar/toolbar "Config" (:configName config) form-actions))
(if (storage/user?)
(comp/grid
{:item true
:xs 12}
(toolbar/toolbar "Config" (:configName config) form-actions)))
(comp/grid
{:item true
:xs 12}
Expand Down
7 changes: 5 additions & 2 deletions src/cljs/swarmpit/component/config/list.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
[swarmpit.url :refer [dispatch!]]
[sablono.core :refer-macros [html]]
[rum.core :as rum]
[swarmpit.component.common :as common]))
[swarmpit.component.common :as common]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -84,4 +85,6 @@
(reverse))
render-metadata
onclick-handler
toolbar-render-metadata))))
(if (storage/user?)
toolbar-render-metadata
"")))))
12 changes: 7 additions & 5 deletions src/cljs/swarmpit/component/network/info.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
[swarmpit.routes :as routes]
[sablono.core :refer-macros [html]]
[rum.core :as rum]
[clojure.string :as str]))
[clojure.string :as str]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -133,10 +134,11 @@
(comp/grid
{:container true
:spacing 2}
(comp/grid
{:item true
:xs 12}
(toolbar/toolbar "Network" (:networkName network) form-actions))
(if (storage/user?)
(comp/grid
{:item true
:xs 12}
(toolbar/toolbar "Network" (:networkName network) form-actions)))
(comp/grid
{:item true
:xs 12}
Expand Down
7 changes: 5 additions & 2 deletions src/cljs/swarmpit/component/network/list.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@
[swarmpit.url :refer [dispatch!]]
[sablono.core :refer-macros [html]]
[rum.core :as rum]
[swarmpit.component.common :as common]))
[swarmpit.component.common :as common]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -79,4 +80,6 @@
filtered-items
render-metadata
onclick-handler
toolbar-render-metadata))))
(if (storage/user?)
toolbar-render-metadata
"")))))
11 changes: 8 additions & 3 deletions src/cljs/swarmpit/component/registry/list.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
[swarmpit.url :refer [dispatch!]]
[sablono.core :refer-macros [html]]
[cljs.core :as core]
[rum.core :as rum]))
[rum.core :as rum]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -181,6 +182,10 @@
distributions
filtered-distributions
render-metadata
onclick-handler
toolbar-render-metadata))))
(if (storage/user?)
onclick-handler
"")
(if (storage/user?)
toolbar-render-metadata
"")))))

11 changes: 8 additions & 3 deletions src/cljs/swarmpit/component/secret/list.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
[swarmpit.routes :as routes]
[swarmpit.url :refer [dispatch!]]
[sablono.core :refer-macros [html]]
[rum.core :as rum]))
[rum.core :as rum]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -74,5 +75,9 @@
(sort-by :createdAt)
(reverse))
render-metadata
onclick-handler
toolbar-render-metadata))))
(if (storage/user?)
onclick-handler
nil)
(if (storage/user?)
toolbar-render-metadata
"")))))
29 changes: 26 additions & 3 deletions src/cljs/swarmpit/component/service/info.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@
[swarmpit.ajax :as ajax]
[swarmpit.routes :as routes]
[sablono.core :refer-macros [html]]
[rum.core :as rum]))
[rum.core :as rum]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand Down Expand Up @@ -167,6 +168,18 @@
(filter #(not (= "shutdown" (:state %)))))
tasks/onclick-handler))))

(defn form-pin-action
[service service-id pinned?]
(if pinned?
{:onClick #(detach-service-handler service-id)
:icon (comp/svg icon/pin-path)
:group false
:name "Detach"}
{:onClick #(pin-service-handler service-id)
:icon (comp/svg icon/pin-path)
:group false
:name "Pin"}))

(defn form-actions
[service service-id pinned?]
[(if pinned?
Expand Down Expand Up @@ -348,7 +361,12 @@
(comp/grid
{:item true
:xs 12}
(toolbar/toolbar "Service" (:serviceName service) (form-actions service id pinned?)))
(toolbar/toolbar
"Service"
(:serviceName service)
(if (storage/user?)
(form-actions service id pinned?)
[(form-pin-action service id pinned?)])))
(comp/grid
{:item true
:sm 6
Expand Down Expand Up @@ -385,7 +403,12 @@
(comp/grid
{:item true
:xs 12}
(toolbar/toolbar "Service" (:serviceName service) (form-actions service id pinned?)))
(toolbar/toolbar
"Service"
(:serviceName service)
(if (storage/user?)
(form-actions service id pinned?)
[(form-pin-action service id pinned?)])))
(form-settings-grid service tasks stats)
(form-tasks-grid service tasks)
(form-networks-grid networks id immutable?)
Expand Down
21 changes: 12 additions & 9 deletions src/cljs/swarmpit/component/service/info/configs.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
[swarmpit.routes :as routes]
[swarmpit.url :refer [dispatch!]]
[sablono.core :refer-macros [html]]
[rum.core :as rum]))
[rum.core :as rum]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand All @@ -24,14 +25,16 @@
(comp/card-header
{:className "Swarmpit-table-card-header"
:title (comp/typography {:variant "h6"} "Configs")
:action (comp/icon-button
{:aria-label "Edit"
:disabled immutable?
:href (routes/path-for-frontend
:service-edit
{:id service-id}
{:section 2})}
(comp/svg icon/edit-path))})
:action (if (storage/user?)
(comp/icon-button
{:aria-label "Edit"
:disabled immutable?
:href (routes/path-for-frontend
:service-edit
{:id service-id}
{:section 2})}
(comp/svg icon/edit-path))
nil)})
(if (empty? configs)
(comp/card-content
{}
Expand Down
21 changes: 12 additions & 9 deletions src/cljs/swarmpit/component/service/info/deployment.cljs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@
[material.component.form :as form]
[swarmpit.routes :as routes]
[sablono.core :refer-macros [html]]
[rum.core :as rum]))
[rum.core :as rum]
[swarmpit.storage :as storage]))

(enable-console-print!)

Expand All @@ -28,14 +29,16 @@
(comp/card-header
{:className "Swarmpit-form-card-header"
:title (comp/typography {:variant "h6"} "Deployment")
:action (comp/icon-button
{:aria-label "Edit"
:disabled immutable?
:href (routes/path-for-frontend
:service-edit
{:id service-id}
{:section 4})}
(comp/svg icon/edit-path))})
:action (if (storage/user?)
(comp/icon-button
{:aria-label "Edit"
:disabled immutable?
:href (routes/path-for-frontend
:service-edit
{:id service-id}
{:section 4})}
(comp/svg icon/edit-path))
nil)})
(comp/card-content
{}
(comp/grid
Expand Down
Loading

0 comments on commit 850a7f9

Please sign in to comment.