From 23cad6fea914a13cc4261b8d3698ebffa947f62c Mon Sep 17 00:00:00 2001 From: Zachary Prebosnyak <91638307+zprebosnyak-lm@users.noreply.github.com> Date: Thu, 25 Jul 2024 15:55:37 -0600 Subject: [PATCH] Permission deconstruction (#1) * fix: intial push for CI jobs * fix: adding Node Full from pipeline catalog * fix: disabling jobs * fix: trying pipeline tepmplate * fix: fix syntax error * fix: enable node_ci job * added artifacts for node-build * fix spacing issue * fix: addded curl request to add jq * fix: replace cat with cmd * fix: add \ and && * test: test directives permission logic * test: different permission for directive * test: revert old permissions test, test case with new permissions * fix: copy pasta'd myself * test: progress push * test: temp * test: ci updates * feat: update UI for permissions * fix: var name * fix: revert to original values --------- Co-authored-by: johnny mayer Co-authored-by: Mensah, Ephraim E Co-authored-by: Cortes, Noel --- src/containers/DefaultContainer.vue | 24 +- src/mixins/permissionsMixin.js | 56 ++- src/router/index.js | 387 +++++++++++++++--- src/shared/permissions.js | 38 +- src/views/Dashboard.vue | 3 +- src/views/administration/AdminMenu.vue | 22 +- src/views/administration/Administration.vue | 8 +- src/views/policy/LicenseGroupList.vue | 13 +- src/views/policy/PolicyCondition.vue | 1 + src/views/policy/PolicyList.vue | 12 +- src/views/policy/PolicyManagement.vue | 2 +- src/views/policy/VulnerabilityPolicyList.vue | 4 +- src/views/portfolio/licenses/License.vue | 2 +- src/views/portfolio/licenses/LicenseList.vue | 2 +- .../portfolio/projects/ComponentDashboard.vue | 2 +- .../projects/ComponentDetailsModal.vue | 48 +-- src/views/portfolio/projects/FindingAudit.vue | 10 +- .../projects/ProjectAddComponentModal.vue | 2 +- .../portfolio/projects/ProjectComponents.vue | 9 +- .../portfolio/projects/ProjectDashboard.vue | 2 +- .../projects/ProjectDetailsModal.vue | 28 +- .../portfolio/projects/ProjectFindings.vue | 4 +- src/views/portfolio/projects/ProjectList.vue | 2 +- .../projects/ProjectPropertiesModal.vue | 2 +- .../portfolio/projects/ServiceDashboard.vue | 2 +- .../projects/ServiceDetailsModal.vue | 12 +- .../VulnerabilityDetailsModal.vue | 10 +- .../vulnerabilities/VulnerabilityList.vue | 2 +- 28 files changed, 548 insertions(+), 161 deletions(-) diff --git a/src/containers/DefaultContainer.vue b/src/containers/DefaultContainer.vue index acee1809..6e422704 100644 --- a/src/containers/DefaultContainer.vue +++ b/src/containers/DefaultContainer.vue @@ -126,19 +126,37 @@ export default { element: '', attributes: {}, }, - permission: permissions.SYSTEM_CONFIGURATION, + permission: [ + permissions.SYSTEM_CONFIGURATION, + permissions.SYSTEM_CONFIGURATION_CREATE, + permissions.SYSTEM_CONFIGURATION_READ, + permissions.SYSTEM_CONFIGURATION_UPDATE, + permissions.SYSTEM_CONFIGURATION_DELETE + ], }, { name: this.$t('message.policy_management'), url: '/policy', icon: 'fa fa-list-alt', - permission: permissions.POLICY_MANAGEMENT, + permission: [ + permissions.POLICY_MANAGEMENT, + permissions.POLICY_MANAGEMENT_CREATE, + permissions.POLICY_MANAGEMENT_READ, + permissions.POLICY_MANAGEMENT_UPDATE, + permissions.POLICY_MANAGEMENT_DELETE + ], }, { name: this.$t('message.administration'), url: '/admin', icon: 'fa fa-cogs', - permission: permissions.SYSTEM_CONFIGURATION, + permission: [ + permissions.SYSTEM_CONFIGURATION, + permissions.SYSTEM_CONFIGURATION_CREATE, + permissions.SYSTEM_CONFIGURATION_READ, + permissions.SYSTEM_CONFIGURATION_UPDATE, + permissions.SYSTEM_CONFIGURATION_DELETE + ], }, ], }; diff --git a/src/mixins/permissionsMixin.js b/src/mixins/permissionsMixin.js index 41500353..4bf3256f 100644 --- a/src/mixins/permissionsMixin.js +++ b/src/mixins/permissionsMixin.js @@ -1,3 +1,4 @@ +/* eslint-disable prettier/prettier */ import * as permissions from '../shared/permissions'; export default { @@ -7,14 +8,38 @@ export default { BOM_UPLOAD: permissions.BOM_UPLOAD, VIEW_PORTFOLIO: permissions.VIEW_PORTFOLIO, PORTFOLIO_MANAGEMENT: permissions.PORTFOLIO_MANAGEMENT, - ACCESS_MANAGEMENT: permissions.ACCESS_MANAGEMENT, + PORTFOLIO_MANAGEMENT_CREATE: permissions.PORTFOLIO_MANAGEMENT_CREATE, + PORTFOLIO_MANAGEMENT_READ: permissions.PORTFOLIO_MANAGEMENT_READ, + PORTFOLIO_MANAGEMENT_UPDATE: permissions.PORTFOLIO_MANAGEMENT_UPDATE, + PORTFOLIO_MANAGEMENT_DELETE: permissions.PORTFOLIO_MANAGEMENT_DELETE, VIEW_VULNERABILITY: permissions.VIEW_VULNERABILITY, VULNERABILITY_ANALYSIS: permissions.VULNERABILITY_ANALYSIS, + VULNERABILITY_ANALYSIS_CREATE: permissions.VULNERABILITY_ANALYSIS_CREATE, + VULNERABILITY_ANALYSIS_READ: permissions.VULNERABILITY_ANALYSIS_READ, + VULNERABILITY_ANALYSIS_UPDATE: permissions.VULNERABILITY_ANALYSIS_UPDATE, VIEW_POLICY_VIOLATION: permissions.VIEW_POLICY_VIOLATION, VULNERABILITY_MANAGEMENT: permissions.VULNERABILITY_MANAGEMENT, + VULNERABILITY_MANAGEMENT_CREATE: permissions.VULNERABILITY_MANAGEMENT_CREATE, + VULNERABILITY_MANAGEMENT_READ: permissions.VULNERABILITY_MANAGEMENT_READ, + VULNERABILITY_MANAGEMENT_UPDATE: permissions.VULNERABILITY_MANAGEMENT_UPDATE, + VULNERABILITY_MANAGEMENT_DELETE: permissions.VULNERABILITY_MANAGEMENT_DELETE, POLICY_VIOLATION_ANALYSIS: permissions.POLICY_VIOLATION_ANALYSIS, + ACCESS_MANAGEMENT: permissions.ACCESS_MANAGEMENT, + ACCESS_MANAGEMENT_CREATE: permissions.ACCESS_MANAGEMENT_CREATE, + ACCESS_MANAGEMENT_READ: permissions.ACCESS_MANAGEMENT_READ, + ACCESS_MANAGEMENT_UPDATE: permissions.ACCESS_MANAGEMENT_UPDATE, + ACCESS_MANAGEMENT_DELETE: permissions.ACCESS_MANAGEMENT_DELETE, SYSTEM_CONFIGURATION: permissions.SYSTEM_CONFIGURATION, + SYSTEM_CONFIGURATION_CREATE: permissions.SYSTEM_CONFIGURATION_CREATE, + SYSTEM_CONFIGURATION_READ: permissions.SYSTEM_CONFIGURATION_READ, + SYSTEM_CONFIGURATION_UPDATE: permissions.SYSTEM_CONFIGURATION_UPDATE, + SYSTEM_CONFIGURATION_DELETE: permissions.SYSTEM_CONFIGURATION_DELETE, + PROJECT_CREATION_UPLOAD: permissions.PROJECT_CREATION_UPLOAD, POLICY_MANAGEMENT: permissions.POLICY_MANAGEMENT, + POLICY_MANAGEMENT_CREATE: permissions.POLICY_MANAGEMENT_CREATE, + POLICY_MANAGEMENT_READ: permissions.POLICY_MANAGEMENT_READ, + POLICY_MANAGEMENT_UPDATE: permissions.POLICY_MANAGEMENT_UPDATE, + POLICY_MANAGEMENT_DELETE: permissions.POLICY_MANAGEMENT_DELETE, }, }; }, @@ -25,10 +50,35 @@ export default { }, methods: { isPermitted(permission) { - return permissions.hasPermission(permission, this.decodedToken); + // return permissions.hasPermission(permission, this.decodedToken); + if (typeof permission == 'string') { + return permissions.hasPermission(permission, this.decodedToken); + } + else if (Array.isArray(permission)) { + for (let perm of permission) { + if (permissions.hasPermission(perm, this.decodedToken)) { + return true; + } + } + return false; + } else { + throw new Error("permission must be of type string or array") + } }, isNotPermitted(permission) { - return !permissions.hasPermission(permission, this.decodedToken); + if (typeof permission == 'string') { + return !permissions.hasPermission(permission, this.decodedToken); + } + else if (Array.isArray(permission)) { + for (let perm of permission) { + if (permissions.hasPermission(perm, this.decodedToken)) { + return false; + } + } + return true; + } else { + throw new Error("permission must be of type string or array") + } }, }, }; diff --git a/src/router/index.js b/src/router/index.js index 51711d69..1e2c2861 100644 --- a/src/router/index.js +++ b/src/router/index.js @@ -123,7 +123,7 @@ function configRoutes() { title: i18n.t('message.dashboard'), i18n: 'message.dashboard', sectionPath: '/dashboard', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -134,7 +134,7 @@ function configRoutes() { title: i18n.t('message.projects'), i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -154,7 +154,7 @@ function configRoutes() { meta: { i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -168,7 +168,7 @@ function configRoutes() { meta: { i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -182,7 +182,7 @@ function configRoutes() { meta: { i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -197,7 +197,7 @@ function configRoutes() { meta: { i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -208,7 +208,7 @@ function configRoutes() { title: i18n.t('message.component_search'), i18n: 'message.component_search', sectionPath: '/components', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -223,7 +223,7 @@ function configRoutes() { meta: { i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -234,7 +234,7 @@ function configRoutes() { meta: { i18n: 'message.projects', sectionPath: '/projects', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -245,7 +245,7 @@ function configRoutes() { title: i18n.t('message.vulnerabilities'), i18n: 'message.vulnerabilities', sectionPath: '/vulnerabilities', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -263,7 +263,7 @@ function configRoutes() { meta: { i18n: 'message.vulnerabilities', sectionPath: '/vulnerabilities', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -274,7 +274,7 @@ function configRoutes() { title: i18n.t('message.licenses'), i18n: 'message.licenses', sectionPath: '/licenses', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -291,7 +291,7 @@ function configRoutes() { meta: { i18n: 'message.licenses', sectionPath: '/licenses', - permission: 'VIEW_PORTFOLIO', + permissions: ['VIEW_PORTFOLIO'], }, }, { @@ -307,7 +307,13 @@ function configRoutes() { title: i18n.t('message.policy_management'), i18n: 'message.policy_management', sectionPath: '/policy', - permission: 'POLICY_MANAGEMENT', + permissions: [ + 'POLICY_MANAGEMENT', + 'POLICY_MANAGEMENT_CREATE', + 'POLICY_MANAGEMENT_READ', + 'POLICY_MANAGEMENT_UPDATE', + 'POLICY_MANAGEMENT_DELETE' + ], }, }, { @@ -317,7 +323,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, children: [ { @@ -329,7 +341,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -339,7 +357,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -349,7 +373,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -359,7 +389,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -369,7 +405,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -379,7 +421,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -389,7 +437,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -399,7 +453,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -409,7 +469,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -420,7 +486,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -430,7 +502,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -440,7 +518,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -450,7 +534,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -460,7 +550,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -471,7 +567,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -481,7 +583,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -491,7 +599,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -502,7 +616,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -512,7 +632,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -522,7 +648,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -532,7 +664,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -542,7 +680,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -552,7 +696,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -562,7 +712,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -572,7 +728,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -582,7 +744,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -592,7 +760,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -602,7 +776,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -612,7 +792,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -622,7 +808,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -633,7 +825,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -643,7 +841,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -654,7 +858,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -664,7 +874,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -674,7 +890,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'SYSTEM_CONFIGURATION', + permissions: [ + 'SYSTEM_CONFIGURATION', + 'SYSTEM_CONFIGURATION_CREATE', + 'SYSTEM_CONFIGURATION_READ', + 'SYSTEM_CONFIGURATION_UPDATE', + 'SYSTEM_CONFIGURATION_DELETE' + ], }, }, { @@ -685,7 +907,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, { @@ -695,7 +923,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, { @@ -705,7 +939,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, { @@ -715,7 +955,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, { @@ -725,7 +971,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, { @@ -735,7 +987,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, { @@ -745,7 +1003,13 @@ function configRoutes() { title: i18n.t('message.administration'), i18n: 'message.administration', sectionPath: '/admin', - permission: 'ACCESS_MANAGEMENT', + permissions: [ + 'ACCESS_MANAGEMENT', + 'ACCESS_MANAGEMENT_CREATE', + 'ACCESS_MANAGEMENT_READ', + 'ACCESS_MANAGEMENT_UPDATE', + 'ACCESS_MANAGEMENT_DELETE', + ], }, }, ], @@ -762,7 +1026,7 @@ function configRoutes() { title: i18n.t('message.vulnerability_audit'), i18n: 'message.vulnerability_audit', sectionPath: '/globalAudit', - permission: 'VIEW_VULNERABILITY', + permissions: ['VIEW_VULNERABILITY'], }, }, // The following route redirects URLs from legacy Dependency-Track UI to new URL format. @@ -865,11 +1129,14 @@ router.beforeEach((to, from, next) => { next({ name: 'Login', query: { redirect: to.fullPath }, replace: true }); }; - if (to.meta.permission) { + if (to.meta.permissions) { // non-public route, check permissions const jwt = getToken(); if (jwt) { - if (hasPermission(to.meta.permission)) { + const isAllowed = to.meta.permissions.some((permission) => + hasPermission(permission), + ); + if (isAllowed) { // let backend verify the token router.app.axios .get(`${router.app.$api.BASE_URL}/${router.app.$api.URL_USER_SELF}`, { diff --git a/src/shared/permissions.js b/src/shared/permissions.js index 14016e65..22136541 100644 --- a/src/shared/permissions.js +++ b/src/shared/permissions.js @@ -1,15 +1,40 @@ +/* eslint-disable prettier/prettier */ // API Permissions export const BOM_UPLOAD = 'BOM_UPLOAD'; export const VIEW_PORTFOLIO = 'VIEW_PORTFOLIO'; export const PORTFOLIO_MANAGEMENT = 'PORTFOLIO_MANAGEMENT'; -export const ACCESS_MANAGEMENT = 'ACCESS_MANAGEMENT'; +export const PORTFOLIO_MANAGEMENT_CREATE = 'PORTFOLIO_MANAGEMENT_CREATE'; +export const PORTFOLIO_MANAGEMENT_READ = 'PORTFOLIO_MANAGEMENT_READ'; +export const PORTFOLIO_MANAGEMENT_UPDATE = 'PORTFOLIO_MANAGEMENT_UPDATE'; +export const PORTFOLIO_MANAGEMENT_DELETE = 'PORTFOLIO_MANAGEMENT_DELETE'; export const VIEW_VULNERABILITY = 'VIEW_VULNERABILITY'; export const VULNERABILITY_ANALYSIS = 'VULNERABILITY_ANALYSIS'; +export const VULNERABILITY_ANALYSIS_CREATE = 'VULNERABILITY_ANALYSIS_CREATE'; +export const VULNERABILITY_ANALYSIS_READ = 'VULNERABILITY_ANALYSIS_READ'; +export const VULNERABILITY_ANALYSIS_UPDATE = 'VULNERABILITY_ANALYSIS_UPDATE'; export const VIEW_POLICY_VIOLATION = 'VIEW_POLICY_VIOLATION'; export const VULNERABILITY_MANAGEMENT = 'VULNERABILITY_MANAGEMENT'; +export const VULNERABILITY_MANAGEMENT_CREATE = 'VULNERABILITY_MANAGEMENT_CREATE'; +export const VULNERABILITY_MANAGEMENT_READ = 'VULNERABILITY_MANAGEMENT_READ'; +export const VULNERABILITY_MANAGEMENT_UPDATE = 'VULNERABILITY_MANAGEMENT_UPDATE'; +export const VULNERABILITY_MANAGEMENT_DELETE = 'VULNERABILITY_MANAGEMENT_DELETE'; export const POLICY_VIOLATION_ANALYSIS = 'POLICY_VIOLATION_ANALYSIS'; +export const ACCESS_MANAGEMENT = 'ACCESS_MANAGEMENT'; +export const ACCESS_MANAGEMENT_CREATE = 'ACCESS_MANAGEMENT_CREATE'; +export const ACCESS_MANAGEMENT_READ = 'ACCESS_MANAGEMENT_READ'; +export const ACCESS_MANAGEMENT_UPDATE = 'ACCESS_MANAGEMENT_UPDATE'; +export const ACCESS_MANAGEMENT_DELETE = 'ACCESS_MANAGEMENT_DELETE'; export const SYSTEM_CONFIGURATION = 'SYSTEM_CONFIGURATION'; +export const SYSTEM_CONFIGURATION_CREATE = 'SYSTEM_CONFIGURATION_CREATE'; +export const SYSTEM_CONFIGURATION_READ = 'SYSTEM_CONFIGURATION_READ'; +export const SYSTEM_CONFIGURATION_UPDATE = 'SYSTEM_CONFIGURATION_UPDATE'; +export const SYSTEM_CONFIGURATION_DELETE = 'SYSTEM_CONFIGURATION_DELETE'; +export const PROJECT_CREATION_UPLOAD = 'PROJECT_CREATION_UPLOAD'; export const POLICY_MANAGEMENT = 'POLICY_MANAGEMENT'; +export const POLICY_MANAGEMENT_CREATE = 'POLICY_MANAGEMENT_CREATE'; +export const POLICY_MANAGEMENT_READ = 'POLICY_MANAGEMENT_READ'; +export const POLICY_MANAGEMENT_UPDATE = 'POLICY_MANAGEMENT_UPDATE'; +export const POLICY_MANAGEMENT_DELETE = 'POLICY_MANAGEMENT_DELETE'; /** * Determines if the current logged in user has a specific permission. @@ -19,7 +44,16 @@ export const POLICY_MANAGEMENT = 'POLICY_MANAGEMENT'; export const hasPermission = function hasPermission(permission, decodedToken) { const token = decodedToken || decodeToken(getToken()); const permissions = token?.permissions?.split(',') || []; - return permissions.includes(permission); + if (typeof permission == 'string') { + return permissions.includes(permission); + } else if (Array.isArray(permission)) { + for (let perm of permission) { + if (permissions.includes(perm)) { + return true; + } + } + return false; + } }; /** diff --git a/src/views/Dashboard.vue b/src/views/Dashboard.vue index c0f3bedc..97aab83c 100644 --- a/src/views/Dashboard.vue +++ b/src/views/Dashboard.vue @@ -8,9 +8,10 @@ {{ $t('message.portfolio_vulnerabilities') }}
+ {{ $t('message.last_measurement') }}: {{ lastMeasurement }} -
+
diff --git a/src/views/policy/LicenseGroupList.vue b/src/views/policy/LicenseGroupList.vue index 2a26ca2c..167007e7 100644 --- a/src/views/policy/LicenseGroupList.vue +++ b/src/views/policy/LicenseGroupList.vue @@ -1,11 +1,14 @@ @@ -1685,7 +1685,7 @@ export default { }, isReadonly() { return ( - this.isNotPermitted(this.PERMISSIONS.VULNERABILITY_MANAGEMENT) || + this.isNotPermitted([this.PERMISSIONS.VULNERABILITY_MANAGEMENT, this.PERMISSIONS.VULNERABILITY_MANAGEMENT_UPDATE]) || this.vulnerability.source !== 'INTERNAL' ); }, diff --git a/src/views/portfolio/vulnerabilities/VulnerabilityList.vue b/src/views/portfolio/vulnerabilities/VulnerabilityList.vue index b087dd08..fefa5647 100644 --- a/src/views/portfolio/vulnerabilities/VulnerabilityList.vue +++ b/src/views/portfolio/vulnerabilities/VulnerabilityList.vue @@ -6,7 +6,7 @@ size="md" variant="outline-primary" v-b-modal.vulnerabilityCreateVulnerabilityModal - v-permission="PERMISSIONS.VULNERABILITY_MANAGEMENT" + v-permission:or="[PERMISSIONS.VULNERABILITY_MANAGEMENT, PERMISSIONS.VULNERABILITY_MANAGEMENT_CREATE]" > {{ $t('message.create_vulnerability') }}