github.com/hernad/nomad@v1.6.112/ui/app/abilities/job.js

github.com/hernad/nomad@v1.6.112/ui/app/abilities/job.js (about)

     1  /**
     2   * Copyright (c) HashiCorp, Inc.
     3   * SPDX-License-Identifier: MPL-2.0
     4   */
     5  
     6  import AbstractAbility from './abstract';
     7  import { computed, get } from '@ember/object';
     8  import { or } from '@ember/object/computed';
     9  
    10  export default class Job extends AbstractAbility {
    11    @or('bypassAuthorization', 'selfTokenIsManagement', 'policiesSupportRunning')
    12    canRun;
    13  
    14    @or(
    15      'bypassAuthorization',
    16      'selfTokenIsManagement',
    17      'specificNamespaceSupportsRunning',
    18      'policiesSupportScaling'
    19    )
    20    canScale;
    21  
    22    // TODO: A person can also see all jobs if their token grants read access to all namespaces,
    23    // but given the complexity of namespaces and policy precedence, there isn't a good quick way
    24    // to confirm this.
    25    @or('bypassAuthorization', 'selfTokenIsManagement')
    26    canListAll;
    27  
    28    @or(
    29      'bypassAuthorization',
    30      'selfTokenIsManagement',
    31      'policiesSupportDispatching'
    32    )
    33    canDispatch;
    34  
    35    policyNamespacesIncludePermissions(policies = [], permissions = []) {
    36      // For each policy record, extract all policies of all namespaces
    37      const allNamespacePolicies = policies
    38        .toArray()
    39        .filter((policy) => get(policy, 'rulesJSON.Namespaces'))
    40        .map((policy) => get(policy, 'rulesJSON.Namespaces'))
    41        .flat()
    42        .map((namespace = {}) => {
    43          return namespace.Capabilities;
    44        })
    45        .flat()
    46        .compact();
    47  
    48      // Check for requested permissions
    49      return allNamespacePolicies.some((policy) => {
    50        return permissions.includes(policy);
    51      });
    52    }
    53  
    54    @computed('token.selfTokenPolicies.[]')
    55    get policiesSupportRunning() {
    56      return this.policyNamespacesIncludePermissions(
    57        this.token.selfTokenPolicies,
    58        ['submit-job']
    59      );
    60    }
    61  
    62    @computed('rulesForNamespace.@each.capabilities')
    63    get specificNamespaceSupportsRunning() {
    64      return this.namespaceIncludesCapability('submit-job');
    65    }
    66  
    67    @computed('rulesForNamespace.@each.capabilities')
    68    get policiesSupportScaling() {
    69      return this.namespaceIncludesCapability('scale-job');
    70    }
    71  
    72    @computed('rulesForNamespace.@each.capabilities')
    73    get policiesSupportDispatching() {
    74      return this.namespaceIncludesCapability('dispatch-job');
    75    }
    76  }