ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rz...@apache.org
Subject ambari git commit: AMBARI-14381. Role-Based Access Control: UX and Bugs (rzang)
Date Wed, 16 Dec 2015 01:25:39 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-rbac-sso 57d081706 -> d9ae4d4af


AMBARI-14381. Role-Based Access Control: UX and Bugs (rzang)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d9ae4d4a
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d9ae4d4a
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d9ae4d4a

Branch: refs/heads/branch-rbac-sso
Commit: d9ae4d4af4897877d2b8c52f2a8b855482f25aa9
Parents: 57d0817
Author: Richard Zang <rzang@apache.org>
Authored: Tue Dec 15 11:32:41 2015 -0800
Committer: Richard Zang <rzang@apache.org>
Committed: Tue Dec 15 17:23:40 2015 -0800

----------------------------------------------------------------------
 .../clusters/ClustersManageAccessCtrl.js          | 14 +++++++++++++-
 .../controllers/clusters/UserAccessListCtrl.js    | 12 +++++++++---
 .../scripts/controllers/groups/GroupsEditCtrl.js  |  4 +++-
 .../scripts/controllers/users/UsersShowCtrl.js    |  5 ++++-
 .../app/views/clusters/userAccessList.html        |  7 +++++--
 .../ui/admin-web/app/views/groups/edit.html       |  8 +++++++-
 .../ui/admin-web/app/views/leftNavbar.html        |  2 +-
 .../ui/admin-web/app/views/users/list.html        |  3 +++
 .../ui/admin-web/app/views/users/show.html        | 12 +++++++++---
 .../global/user_settings_controller.js            | 11 ++++++++++-
 ambari-web/app/messages.js                        |  4 ++++
 ambari-web/app/templates/common/settings.hbs      | 18 ++++++++++++++----
 12 files changed, 82 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClustersManageAccessCtrl.js
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClustersManageAccessCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClustersManageAccessCtrl.js
index 1f3d3f6..27454ee 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClustersManageAccessCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/ClustersManageAccessCtrl.js
@@ -27,10 +27,22 @@ angular.module('ambariAdminConsole')
       // Refresh data for rendering
       $scope.permissionsEdit = permissions;
       $scope.permissions = angular.copy(permissions);
+      var orderedRoles = [
+        'CLUSTER.USER',
+        'SERVICE.OPERATOR',
+        'SERVICE.ADMINISTRATOR',
+        'CLUSTER.OPERATOR',
+        'CLUSTER.ADMINISTRATOR'
+      ];
+      var pms = [];
+      for (var key in orderedRoles) {
+        pms.push($scope.permissions[orderedRoles[key]]);
+      }
+      $scope.permissions = pms;
     })
     .catch(function(data) {
       Alert.error('Cannot load cluster data', data.data.message);
-    });;
+    });
   }
  
   reloadClusterData();

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/UserAccessListCtrl.js
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/UserAccessListCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/UserAccessListCtrl.js
index 4799e93..c9b14fc 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/UserAccessListCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/UserAccessListCtrl.js
@@ -83,7 +83,10 @@ function($scope, $location, Cluster, $modal, $rootScope, $routeParams,
Permissio
           principal_name: user.principal_name,
           principal_type: user.principal_type
         }}]
-        ).then($scope.loadUsers)
+        ).then(function() {
+          Alert.success(user.principal_name + " changed to " + user.permission_label);
+          $scope.loadUsers();
+        })
         .catch(function(data) {
           Alert.error('Cannot save permissions', data.data.message);
           $scope.loadUsers();
@@ -100,8 +103,11 @@ function($scope, $location, Cluster, $modal, $rootScope, $routeParams,
Permissio
 
   $scope.roleFilterOptions = [
     {label: 'All', value: ''},
-    {label: 'Operator', value: 'CLUSTER.OPERATE'},
-    {label:'Read Only', value: 'CLUSTER.READ'}
+    {label: 'Cluster User', value: 'CLUSTER.USER'},
+    {label:'Cluster Administrator', value: 'CLUSTER.ADMINISTRATOR'},
+    {label:'Cluster Operator', value: 'CLUSTER.OPERATOR'},
+    {label:'Service Administrator', value: 'SERVICE.ADMINISTRATOR'},
+    {label:'Service Operator', value: 'SERVICE.OPERATOR'}
   ];
   $scope.currentRoleFilter = $scope.roleFilterOptions[0];
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/groups/GroupsEditCtrl.js
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/groups/GroupsEditCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/groups/GroupsEditCtrl.js
index 9e0c220..d35b309 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/groups/GroupsEditCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/groups/GroupsEditCtrl.js
@@ -103,7 +103,9 @@ angular.module('ambariAdminConsole')
     });
 
     $scope.privileges = data.data.items.length ? privileges : null;
-    $scope.dataLoaded = true;
+    $scope.noClusterPriv = $.isEmptyObject(privileges.clusters);
+    $scope.noViewPriv = $.isEmptyObject(privileges.views)
+    $scope.hidePrivileges = $scope.noClusterPriv && $scope.noViewPriv;    $scope.dataLoaded
= true;
   }).catch(function(data) {
     Alert.error('Cannot load privileges', data.data.message);
   });

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
index cd4e020..5c75afc 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/users/UsersShowCtrl.js
@@ -180,11 +180,14 @@ angular.module('ambariAdminConsole')
       });
 
       $scope.privileges = data.data.items.length ? privileges : null;
+      $scope.noClusterPriv = $.isEmptyObject(privileges.clusters);
+      $scope.noViewPriv = $.isEmptyObject(privileges.views)
+      $scope.hidePrivileges = $scope.noClusterPriv && $scope.noViewPriv;
       $scope.dataLoaded = true;
 
     }).catch(function(data) {
       Alert.error('Cannot load privileges', data.data.message);
     });
   }
-  loadPrivileges();  
+  loadPrivileges();
 }]);

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/userAccessList.html
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/userAccessList.html
b/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/userAccessList.html
index 64369ab..6ef6041 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/userAccessList.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/clusters/userAccessList.html
@@ -19,12 +19,12 @@
 <div class="users-pane">
   <div class="clearfix">
     <ol class="breadcrumb pull-left">
-      <li class="active">Roles</li>
+      <li class="active">{{clusterId}} Roles</li>
     </ol>
   </div>
   <hr>
   <div class="pull-right">
-    <i class="glyphicon glyphicon-th-large layout-switch-icon disabled" ng-click="switchToBlock()"
tooltip="Switch to block view"></i>
+    <i class="glyphicon glyphicon-th-large layout-switch-icon disabled" ng-click="switchToBlock()"
tooltip="Switch&nbsp;to&nbsp;block&nbsp;view"></i>
     <i class="glyphicon glyphicon-list layout-switch-icon"></i>
   </div>
   <table class="table table-striped table-hover">
@@ -72,6 +72,9 @@
     </tr>
     </tbody>
   </table>
+  <div class="alert alert-info col-sm-12" ng-show="!users.length">
+    No users to display.
+  </div>
   <div class="col-sm-12">
     <div class="pull-right left-margin">
       <pagination class="paginator" total-items="totalUsers" max-size="maxVisiblePages"
items-per-page="usersPerPage" ng-model="currentPage" ng-change="pageChanged()"></pagination>

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html
index 4934e1e..ad571b8 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/groups/edit.html
@@ -47,7 +47,7 @@
   <div class="form-group">
       <label for="" class="col-sm-2 control-label">Privileges</label>
       <div class="col-sm-10">
-        <table class="table">
+        <table class="table" ng-hide="hidePrivileges">
           <thead>
             <tr>
               <th>Cluster</th>
@@ -64,6 +64,9 @@
                 <span tooltip="{{item}}" ng-repeat="item in privilege">{{item | translate}}{{$last
? '' : ', '}}</span>
               </td>
             </tr>
+            <tr>
+              <td ng-show="noClusterPriv">No cluster privileges</td>
+            </tr>
           </tbody>
           <thead class="view-permission-header">
             <tr>
@@ -81,6 +84,9 @@
                 <span tooltip="{{item}}" ng-repeat="item in privilege.privileges">{{item
| translate}}{{$last ? '' : ', '}}</span>
               </td>
             </tr>
+            <tr>
+              <td ng-show="noViewPriv">No view privileges</td>
+            </tr>
           </tbody>
         </table>
         <div class="alert alert-info hide-soft" ng-class="{'visible' : !privileges}">This
group does not have any privileges.</div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/views/leftNavbar.html
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/leftNavbar.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/leftNavbar.html
index 7ff564a..40e2505 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/leftNavbar.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/leftNavbar.html
@@ -65,7 +65,7 @@
 
         <ul class="nav nav-pills nav-stacked" ng-show="cluster.Clusters.provisioning_state
== 'INSTALLED' ">
           <li ng-class="{active: isActive('clusters.manageAccess')}">
-            <a href="#/clusters/{{cluster.Clusters.cluster_name}}/manageAccess" class="permissions">Roles</a>
+            <a href="#/clusters/{{cluster.Clusters.cluster_name}}/userAccessList" class="permissions">Roles</a>
           </li>
           <li><a href="#/dashboard"  class="gotodashboard">Go to Dashboard</a></li>
         </ul>

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/list.html
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/list.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/users/list.html
index f2da12a..3305306 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/list.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/users/list.html
@@ -75,6 +75,9 @@
       </tr>
     </tbody>
   </table>
+  <div class="alert alert-info col-sm-12" ng-show="!users.length">
+    No users to display.
+  </div>
   <div class="col-sm-12">
     <div class="pull-right left-margin">
       <pagination class="paginator" total-items="totalUsers" max-size="maxVisiblePages"
items-per-page="usersPerPage" ng-model="currentPage" ng-change="pageChanged()"></pagination>

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
----------------------------------------------------------------------
diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html b/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
index ca89e39..38bb355 100644
--- a/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
+++ b/ambari-admin/src/main/resources/ui/admin-web/app/views/users/show.html
@@ -69,14 +69,14 @@
     <div class="form-group" >
       <label for="" class="col-sm-2 control-label">Privileges</label>
       <div class="col-sm-10">
-        <table class="table">
+        <table class="table" ng-hide="hidePrivileges || user.admin">
           <thead>
             <tr>
               <th>Cluster</th>
               <th>Cluster Role</th>
             </tr>
           </thead>
-          <tbody ng-hide="user.admin">
+          <tbody>
             <tr ng-repeat="(name, privilege) in privileges.clusters">
               <td>
                 <span class="glyphicon glyphicon-cloud"></span> 
@@ -86,6 +86,9 @@
                 <span tooltip="{{item}}" ng-repeat="item in privilege">{{item | translate}}{{$last
? '' : ', '}}</span>
               </td>
             </tr>
+            <tr>
+              <td ng-show="noClusterPriv">No cluster privileges</td>
+            </tr>
           </tbody>
           <thead class="view-permission-header">
             <tr>
@@ -93,7 +96,7 @@
               <th>View Permissions</th>
             </tr>
           </thead>
-          <tbody ng-hide="user.admin">
+          <tbody>
             <tr ng-repeat="(name, privilege) in privileges.views">
               <td>
                 <span class="glyphicon glyphicon-th"></span>
@@ -103,6 +106,9 @@
                 <span tooltip="{{item}}" ng-repeat="item in privilege.privileges">{{item
| translate}}{{$last ? '' : ', '}}</span>
               </td>
             </tr>
+            <tr>
+              <td ng-show="noViewPriv">No view privileges</td>
+            </tr>
           </tbody>
         </table>
         <div class="alert alert-info" ng-show="!privileges && !user.admin">This
user does not have any privileges.</div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-web/app/controllers/global/user_settings_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/global/user_settings_controller.js b/ambari-web/app/controllers/global/user_settings_controller.js
index 8a50059..5dfe104 100644
--- a/ambari-web/app/controllers/global/user_settings_controller.js
+++ b/ambari-web/app/controllers/global/user_settings_controller.js
@@ -244,6 +244,9 @@ App.UserSettingsController = Em.Controller.extend(App.UserPref, {
     privileges.clusters = clusters;
     privileges.views = views;
     this.set('privileges', data.items.length ? privileges : null);
+    this.set('noClusterPriv', $.isEmptyObject(privileges.clusters));
+    this.set('noViewPriv', $.isEmptyObject(privileges.views));
+    this.set('hidePrivileges', this.get('noClusterPriv') && this.get('noViewPriv'));
   },
 
   /**
@@ -280,7 +283,13 @@ App.UserSettingsController = Em.Controller.extend(App.UserPref, {
 
         privileges: self.get('privileges'),
 
-        isAdmin: App.get('isAmbariAdmin')
+        isAdmin: App.get('isAdmin'),
+
+        noClusterPriv: self.get('noClusterPriv'),
+
+        noViewPriv: self.get('noViewPriv'),
+
+        hidePrivileges: self.get('hidePrivileges') || App.get('isAdmin')
       }),
 
       /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-web/app/messages.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/messages.js b/ambari-web/app/messages.js
index 8ab24d4..8ef7d57 100644
--- a/ambari-web/app/messages.js
+++ b/ambari-web/app/messages.js
@@ -48,6 +48,10 @@ Em.I18n.translations = {
   'app.settings.notShowBgOperations': 'Do not show this dialog again when starting a background
operation',
   'app.settings.categories.general': 'General',
   'app.settings.categories.locale': 'Locale',
+  'app.settings.no.view.privileges': 'No view privileges',
+  'app.settings.no.cluster.privileges': 'No cluster privileges',
+  'app.settings.admin.all.privileges': 'This user is an Ambari Admin and has all privileges.',
+  'app.settings.no.privileges': 'This user does not have any privileges.',
 
   'app.aboutAmbari.getInvolved': 'Get involved!',
   'app.aboutAmbari.version': 'Version',

http://git-wip-us.apache.org/repos/asf/ambari/blob/d9ae4d4a/ambari-web/app/templates/common/settings.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/settings.hbs b/ambari-web/app/templates/common/settings.hbs
index 899b9cf..c938fa7 100644
--- a/ambari-web/app/templates/common/settings.hbs
+++ b/ambari-web/app/templates/common/settings.hbs
@@ -40,7 +40,7 @@
     </label>
   </div>
   <div>
-    {{#unless view.isAdmin}}
+    {{#unless view.hidePrivileges}}
       <table class="table">
         <thead>
         <tr>
@@ -62,6 +62,11 @@
             </td>
           </tr>
         {{/each}}
+        {{#if noClusterPriv}}
+          <tr>
+              <td>{{t app.settings.no.cluster.privileges}}</td>
+          </tr>
+        {{/if}}
         </tbody>
         <thead class="view-permission-header">
         <tr>
@@ -69,7 +74,7 @@
           <th>View Permissions</th>
         </tr>
         </thead>
-        <tbody ng-hide="user.admin">
+        <tbody>
         {{#each v in view.privileges.views}}
           <tr>
             <td>
@@ -83,14 +88,19 @@
             </td>
           </tr>
         {{/each}}
+        {{#if noViewPriv}}
+            <tr>
+                <td>{{t app.settings.no.view.privileges}}</td>
+            </tr>
+        {{/if}}
         </tbody>
       </table>
     {{/unless}}
     {{#if view.isAdmin}}
-      <div class="alert alert-info">This user is an Ambari Admin and has all privileges.</div>
+      <div class="alert alert-info">{{t app.settings.admin.all.privileges}}</div>
     {{else}}
       {{#unless view.privileges}}
-        <div class="alert alert-info">This user does not have any privileges.</div>
+        <div class="alert alert-info">{{t app.settings.no.privileges}}</div>
       {{/unless}}
     {{/if}}
   </div>


Mime
View raw message