From ed946aa3f706696530ca344c228af514135e55d2 Mon Sep 17 00:00:00 2001 From: Pavel Zavora Date: Fri, 27 May 2022 12:24:59 +0200 Subject: [PATCH] chore(ui): simplify and document functions --- ui/src/admin/containers/influxdb/UserPage.tsx | 4 +- .../influxdb/util/allOrParticularSelection.ts | 5 +- .../computeUsersEffectiveDBPermissions.ts | 8 +-- .../influxdb/util/userPermissions.ts | 70 +++++++++---------- .../util/allOrParticularSelection.test.ts | 2 +- .../influxdb/util/userPermissions.test.ts | 30 ++------ 6 files changed, 52 insertions(+), 67 deletions(-) diff --git a/ui/src/admin/containers/influxdb/UserPage.tsx b/ui/src/admin/containers/influxdb/UserPage.tsx index cb42d1907..e6ee6130a 100644 --- a/ui/src/admin/containers/influxdb/UserPage.tsx +++ b/ui/src/admin/containers/influxdb/UserPage.tsx @@ -182,11 +182,11 @@ const UserPage = ({ } setRunning(true) try { + // append to existing all-scoped permissions in OSS, they manage administrator status const permissions = toUserPermissions( - user, userDBPermissions, changedPermissions, - isEnterprise + isEnterprise ? [] : user.permissions.filter(x => x.scope === 'all') ) await updatePermissionsAsync(user, permissions) } finally { diff --git a/ui/src/admin/containers/influxdb/util/allOrParticularSelection.ts b/ui/src/admin/containers/influxdb/util/allOrParticularSelection.ts index d41ce21b1..187e4c6e5 100644 --- a/ui/src/admin/containers/influxdb/util/allOrParticularSelection.ts +++ b/ui/src/admin/containers/influxdb/util/allOrParticularSelection.ts @@ -1,6 +1,7 @@ /** - * A function that ensures that when all ('*') option is selected, - * particular options get de-selected and vice versa. + * AllOrParticularSelection function ensures that when all ('*') option is selected, + * particular options are de-selected, and when a particular option is selected '*' + * option is deselected. */ export default function allOrParticularSelection( oldVals: string[], diff --git a/ui/src/admin/containers/influxdb/util/computeUsersEffectiveDBPermissions.ts b/ui/src/admin/containers/influxdb/util/computeUsersEffectiveDBPermissions.ts index 13a12f0a8..d18f6b20f 100644 --- a/ui/src/admin/containers/influxdb/util/computeUsersEffectiveDBPermissions.ts +++ b/ui/src/admin/containers/influxdb/util/computeUsersEffectiveDBPermissions.ts @@ -1,9 +1,9 @@ import {User} from 'src/types/influxAdmin' -type UserDBPermissions = Array>> +/** Array of users, with Arrays of databases containing permission records (or record changes) */ +type UsersDBPermissions = Array>> /** - * Creates aeffective permissions in array for every supplied user - * contains an array for every supplied database with a record + * Creates effective user permissions as a record * that contains permission names as keys and `true` values * for every assigned permission. * @@ -14,7 +14,7 @@ type UserDBPermissions = Array>> export default function computeUsersEffectiveDBPermissions( users: User[], dbNames: string[] -): UserDBPermissions { +): UsersDBPermissions { return users.map(u => { const permRecord = u.permissions.reduce((acc, userPerm) => { if (userPerm.scope === 'all') { diff --git a/ui/src/admin/containers/influxdb/util/userPermissions.ts b/ui/src/admin/containers/influxdb/util/userPermissions.ts index eb4a867de..f74ae3b5c 100644 --- a/ui/src/admin/containers/influxdb/util/userPermissions.ts +++ b/ui/src/admin/containers/influxdb/util/userPermissions.ts @@ -1,15 +1,18 @@ import {User, UserPermission} from 'src/types/influxAdmin' +/** Record with database keys and values being a record of granted permissions or permission changes */ +export type UserDBPermissions = Record> + /** - * Create a record of user's database permissions, separated by every database that - * has some granted permissions. Enteprises + * Create a record of user's database permissions, organized by every database that + * has some granted permissions. * @param user infludb user - * @param isEnterprise signalize enteprise InfluxDB, where databases is mapped to an extra `''` database. + * @param isEnterprise enteprise InfluxDB flag means that -scoped permissions are mapped to an extra `''` database. */ export function computeUserPermissions( user: User, isEnterprise: boolean -): Record> { +): UserDBPermissions { return user.permissions.reduce((acc, perm) => { if (!isEnterprise && perm.scope !== 'database') { return acc // do not include all permissions in OSS, they have separate administration @@ -28,9 +31,9 @@ export function computeUserPermissions( export function computeUserPermissionsChange( db: string, perm: string, - userPermissions: Record>, - changedPermissions: Record> -): Record> | undefined { + userPermissions: UserDBPermissions, + changedPermissions: UserDBPermissions +): UserDBPermissions { const origState = userPermissions[db]?.[perm] const {[db]: changedDB, ...otherDBs} = changedPermissions if (changedDB === undefined) { @@ -57,11 +60,13 @@ export function computeUserPermissionsChange( return otherDBs } +/** + * Creates server's user permissions out of existing and changed user permissions. + */ export function toUserPermissions( - user: User, - userPermissions: Record>, - changedPermissions: Record>, - isEnterprise: boolean + userPermissions: UserDBPermissions, + changedPermissions: UserDBPermissions, + appendAfter: UserPermission[] = [] ): UserPermission[] { const newUserPermisssions = {...userPermissions} Object.entries(changedPermissions).forEach(([db, perms]) => { @@ -74,28 +79,23 @@ export function toUserPermissions( newUserPermisssions[db] = {...perms} } }) - return Object.entries(newUserPermisssions).reduce( - (acc, [db, permRecord]) => { - const allowed = Object.entries(permRecord).reduce( - (allowedAcc, [perm, use]) => { - if (use) { - allowedAcc.push(perm) - } - return allowedAcc - }, - [] - ) - if (allowed.length) { - acc.push({ - scope: db ? 'database' : 'all', - name: db || undefined, - allowed, - }) - } - return acc - }, - isEnterprise - ? [] - : (user.permissions || []).filter(x => x.scope !== 'database') - ) + return Object.entries(newUserPermisssions).reduce((acc, [db, permRecord]) => { + const allowed = Object.entries(permRecord).reduce( + (allowedAcc, [perm, use]) => { + if (use) { + allowedAcc.push(perm) + } + return allowedAcc + }, + [] + ) + if (allowed.length) { + acc.push({ + scope: db ? 'database' : 'all', + name: db || undefined, + allowed, + }) + } + return acc + }, appendAfter) } diff --git a/ui/test/admin/containers/influxdb/util/allOrParticularSelection.test.ts b/ui/test/admin/containers/influxdb/util/allOrParticularSelection.test.ts index bbb94a187..da745fcab 100644 --- a/ui/test/admin/containers/influxdb/util/allOrParticularSelection.test.ts +++ b/ui/test/admin/containers/influxdb/util/allOrParticularSelection.test.ts @@ -1,5 +1,5 @@ import subject from 'src/admin/containers/influxdb/util/allOrParticularSelection' -describe('admin/containers/influxdb/util/computeUserDBPermissions', () => { +describe('admin/containers/influxdb/util/allOrParticularSelection', () => { it('keeps simple changes as-is', () => { expect(subject([], [])).toEqual([]) expect(subject([], ['*'])).toEqual(['*']) diff --git a/ui/test/admin/containers/influxdb/util/userPermissions.test.ts b/ui/test/admin/containers/influxdb/util/userPermissions.test.ts index 2ae622934..b05ad51a7 100644 --- a/ui/test/admin/containers/influxdb/util/userPermissions.test.ts +++ b/ui/test/admin/containers/influxdb/util/userPermissions.test.ts @@ -3,7 +3,7 @@ import { computeUserPermissionsChange, toUserPermissions, } from 'src/admin/containers/influxdb/util/userPermissions' -import {User, UserPermission} from 'src/types/influxAdmin' +import {UserPermission} from 'src/types/influxAdmin' describe('admin/containers/influxdb/util/userPermissions', () => { describe('computeUserDBPermissions', () => { it('computes no permissions', () => { @@ -140,23 +140,12 @@ describe('admin/containers/influxdb/util/userPermissions', () => { scope, allowed: (allowed || []).sort(), })) - const user: User = { - name: 'tod', - roles: [], - permissions: [ - {scope: 'database', name: 'db1', allowed: ['READ']}, - {scope: 'all', allowed: ['ALL']}, - ], - } it('changes permissions in OSS', () => { expect( sorted( - toUserPermissions( - user, - {db1: {READ: true}}, - {db2: {WRITE: true}}, - false - ) + toUserPermissions({db1: {READ: true}}, {db2: {WRITE: true}}, [ + {scope: 'all', allowed: ['ALL']}, + ]) ) ).toEqual([ {scope: 'all', allowed: ['ALL']}, @@ -168,10 +157,9 @@ describe('admin/containers/influxdb/util/userPermissions', () => { expect( sorted( toUserPermissions( - user, {db1: {READ: true}}, {db1: {READ: false}, db2: {READ: true}}, - false + [{scope: 'all', allowed: ['ALL']}] ) ) ).toEqual([ @@ -183,10 +171,8 @@ describe('admin/containers/influxdb/util/userPermissions', () => { expect( sorted( toUserPermissions( - user, {db1: {READ: true}}, - {db2: {WRITE: true}, '': {Other: true}}, - true + {db2: {WRITE: true}, '': {Other: true}} ) ) ).toEqual([ @@ -199,10 +185,8 @@ describe('admin/containers/influxdb/util/userPermissions', () => { expect( sorted( toUserPermissions( - user, {db1: {READ: true, WRITE: true}, '': {Other: true}}, - {db1: {WRITE: false}, '': {Other: false}, db3: {Other: true}}, - true + {db1: {WRITE: false}, '': {Other: false}, db3: {Other: true}} ) ) ).toEqual([