github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/ui/app/abilities/job.js (about)

     1  import AbstractAbility from './abstract';
     2  import { computed, get } from '@ember/object';
     3  import { or } from '@ember/object/computed';
     4  
     5  export default class Job extends AbstractAbility {
     6    @or('bypassAuthorization', 'selfTokenIsManagement', 'policiesSupportRunning')
     7    canRun;
     8  
     9    @or(
    10      'bypassAuthorization',
    11      'selfTokenIsManagement',
    12      'specificNamespaceSupportsRunning',
    13      'policiesSupportScaling'
    14    )
    15    canScale;
    16  
    17    // TODO: A person can also see all jobs if their token grants read access to all namespaces,
    18    // but given the complexity of namespaces and policy precedence, there isn't a good quick way
    19    // to confirm this.
    20    @or('bypassAuthorization', 'selfTokenIsManagement')
    21    canListAll;
    22  
    23    @or(
    24      'bypassAuthorization',
    25      'selfTokenIsManagement',
    26      'policiesSupportDispatching'
    27    )
    28    canDispatch;
    29  
    30    policyNamespacesIncludePermissions(policies = [], permissions = []) {
    31      // For each policy record, extract all policies of all namespaces
    32      const allNamespacePolicies = policies
    33        .toArray()
    34        .filter((policy) => get(policy, 'rulesJSON.Namespaces'))
    35        .map((policy) => get(policy, 'rulesJSON.Namespaces'))
    36        .flat()
    37        .map((namespace = {}) => {
    38          return namespace.Capabilities;
    39        })
    40        .flat()
    41        .compact();
    42  
    43      // Check for requested permissions
    44      return allNamespacePolicies.some((policy) => {
    45        return permissions.includes(policy);
    46      });
    47    }
    48  
    49    @computed('token.selfTokenPolicies.[]')
    50    get policiesSupportRunning() {
    51      return this.policyNamespacesIncludePermissions(
    52        this.token.selfTokenPolicies,
    53        ['submit-job']
    54      );
    55    }
    56  
    57    @computed('rulesForNamespace.@each.capabilities')
    58    get specificNamespaceSupportsRunning() {
    59      return this.namespaceIncludesCapability('submit-job');
    60    }
    61  
    62    @computed('rulesForNamespace.@each.capabilities')
    63    get policiesSupportScaling() {
    64      return this.namespaceIncludesCapability('scale-job');
    65    }
    66  
    67    @computed('rulesForNamespace.@each.capabilities')
    68    get policiesSupportDispatching() {
    69      return this.namespaceIncludesCapability('dispatch-job');
    70    }
    71  }