Repository: ambari Updated Branches: refs/heads/trunk 430c01d6a -> cb2212aeb
AMBARI-16436. Unauthorized user can get access to admin pages by pointing to their URLs (alexantonenko) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/cb2212ae Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/cb2212ae Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/cb2212ae Branch: refs/heads/trunk Commit: cb2212aeb60fbf796c226ae235ea40124e300f23 Parents: 430c01d Author: Alex Antonenko <hiv...@gmail.com> Authored: Tue May 10 19:44:00 2016 +0300 Committer: Alex Antonenko <hiv...@gmail.com> Committed: Tue May 10 19:44:00 2016 +0300 ---------------------------------------------------------------------- .../ui/admin-web/app/scripts/controllers/mainCtrl.js | 8 ++++++++ .../ui/admin-web/test/unit/controllers/mainCtrl_test.js | 1 + ambari-web/app/routes/main.js | 10 ++++++++++ 3 files changed, 19 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/cb2212ae/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js ---------------------------------------------------------------------- diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js index 5d1d261..2878f88 100644 --- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js +++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/mainCtrl.js @@ -34,6 +34,14 @@ angular.module('ambariAdminConsole') $rootScope.supports = data.data ? data.data : {}; }); + $http.get(Settings.baseUrl + "/users/" + Auth.getCurrentUser() + "/authorizations?fields=*") + .then(function(data) { + var auth = !!data.data && !!data.data.items ? data.data.items.map(function (a){return a.AuthorizationInfo.authorization_id}) : []; + if(auth.indexOf('AMBARI.RENAME_CLUSTER') == -1){ + $window.location = "/#/main/dashboard"; + } + }); + $scope.about = function() { var ambariVersion = $scope.ambariVersion; var modalInstance = $modal.open({ http://git-wip-us.apache.org/repos/asf/ambari/blob/cb2212ae/ambari-admin/src/main/resources/ui/admin-web/test/unit/controllers/mainCtrl_test.js ---------------------------------------------------------------------- diff --git a/ambari-admin/src/main/resources/ui/admin-web/test/unit/controllers/mainCtrl_test.js b/ambari-admin/src/main/resources/ui/admin-web/test/unit/controllers/mainCtrl_test.js index e12a61d..12c914e 100644 --- a/ambari-admin/src/main/resources/ui/admin-web/test/unit/controllers/mainCtrl_test.js +++ b/ambari-admin/src/main/resources/ui/admin-web/test/unit/controllers/mainCtrl_test.js @@ -98,6 +98,7 @@ describe('#Auth', function () { ] }); $httpBackend.whenGET(/\/persist\/user-pref-.*/).respond(200, {data: {data: {addingNewRepository: true}}}); + $httpBackend.whenGET(/\/api\/v1\/users\/admin\/authorizations.*/).respond(200, {data: {data: {items: [{AuthorizationInfo : {authorization_id : "AMBARI.RENAME_CLUSTER"}}]}}}); scope = $rootScope.$new(); scope.$apply(); ctrl = $controller('MainCtrl', {$scope: scope}); http://git-wip-us.apache.org/repos/asf/ambari/blob/cb2212ae/ambari-web/app/routes/main.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/routes/main.js b/ambari-web/app/routes/main.js index c27ef54..5cf68d0 100644 --- a/ambari-web/app/routes/main.js +++ b/ambari-web/app/routes/main.js @@ -384,6 +384,11 @@ module.exports = Em.Route.extend(App.RouterRedirections, { adminKerberos: Em.Route.extend({ route: '/kerberos', + enter: function (router, transition) { + if (router.get('loggedIn') && !App.isAuthorized('CLUSTER.TOGGLE_KERBEROS')) { + router.transitionTo('main.dashboard.index'); + } + }, index: Em.Route.extend({ route: '/', connectOutlets: function (router, context) { @@ -521,6 +526,11 @@ module.exports = Em.Route.extend(App.RouterRedirections, { }), adminServiceAccounts: Em.Route.extend({ route: '/serviceAccounts', + enter: function (router, transition) { + if (router.get('loggedIn') && !App.isAuthorized('AMBARI.SET_SERVICE_USERS_GROUP')) { + router.transitionTo('main.dashboard.index'); + } + }, connectOutlets: function (router) { router.set('mainAdminController.category', "adminServiceAccounts"); router.get('mainAdminController').connectOutlet('mainAdminServiceAccounts');