AMBARI-6849 Admin: remove "roles" prop from users. (Buzhor Denys via ababiichuk)

ambari-web/app/assets/data/users/privileges.json

@@ -0,0 +1,14 @@
+{
+  "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges?PrivilegeInfo/principal_name=admin&fields=PrivilegeInfo/*",
+  "items" : [
+    {
+      "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges/1",
+      "PrivilegeInfo" : {
+        "permission_name" : "AMBARI.ADMIN",
+        "principal_name" : "admin",
+        "principal_type" : "USER",
+        "privilege_id" : 1
+      }
+    }
+  ]
+}

ambari-web/app/assets/data/users/privileges_admin.json

@@ -0,0 +1,14 @@
+{
+  "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges?PrivilegeInfo/principal_name=admin&fields=PrivilegeInfo/*",
+  "items" : [
+    {
+      "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges/1",
+      "PrivilegeInfo" : {
+        "permission_name" : "AMBARI.ADMIN",
+        "principal_name" : "admin",
+        "principal_type" : "USER",
+        "privilege_id" : 1
+      }
+    }
+  ]
+}

ambari-web/app/controllers/global/cluster_controller.js

@@ -259,7 +259,6 @@ App.ClusterController = Em.Controller.extend({
       return;
     }
     var clusterUrl = this.getUrl('/data/clusters/cluster.json', '?fields=Clusters');
-    var usersUrl = App.get('testMode') ? '/data/users/users.json' : App.get('apiPrefix') + '/users/?fields=*';
     var racksUrl = "/data/racks/racks.json";
 
 
@@ -292,13 +291,7 @@ App.ClusterController = Em.Controller.extend({
       });
     }
 
-    App.HttpClient.get(usersUrl, App.usersMapper, {
-      complete: function (jqXHR, textStatus) {
-        self.updateLoadStatus('users');
-      }
-    }, function (jqXHR, textStatus) {
-      self.updateLoadStatus('users');
-    });
+    this.loadUsersInfo();
 
     /**
      * Order of loading:
@@ -433,6 +426,45 @@ App.ClusterController = Em.Controller.extend({
     console.warn('can\'t get ambari properties');
   },
 
+  /**
+   * Load info about users.
+   **/
+  loadUsersInfo: function() {
+    return App.ajax.send({
+      name: 'users.all',
+      sender: this,
+      success: 'loadUsersSuccess',
+      error: 'loadUsersError'
+    });
+  },
+
+  loadUsersSuccess: function(data) {
+    App.ajax.send({
+      name: 'users.privileges',
+      sender: this,
+      data: {
+        users: data
+      },
+      success: 'loadUsersPrivilegesSuccess'
+    });
+  },
+
+  loadUsersError: function() {
+    this.updateLoadStatus('users');
+  },
+  /**
+   * Load privileges, check relations between user and privilege,
+   * map users using <code>App.usersMappper</code>.
+   **/
+  loadUsersPrivilegesSuccess: function(data, opt, params) {
+    params.users.items.forEach(function(user) {
+      user.privileges = {};
+      user.privileges.items = data.items.filterProperty('PrivilegeInfo.principal_name', user.Users.user_name);
+    });
+    App.usersMapper.map(params.users);
+    this.updateLoadStatus('users');
+  },
+
   updateClusterData: function () {
     var testUrl = App.get('isHadoop2Stack') ? '/data/clusters/HDP2/cluster.json' : '/data/clusters/cluster.json';
     var clusterUrl = this.getUrl(testUrl, '?fields=Clusters');

ambari-web/app/mappers/users_mapper.js

@@ -23,22 +23,32 @@ App.usersMapper = App.QuickDataMapper.create({
   config : {
     id : 'Users.user_name',
     user_name : 'Users.user_name',
-    roles : 'Users.roles',
     is_ldap: 'Users.ldap_user',
-    admin: 'Users.admin'
+    admin: 'Users.admin',
+    permissions: 'permissions'
   },
   map: function (json) {
     var self = this;
     json.items.forEach(function (item) {
       var result= [];
       if(!App.User.find().someProperty("userName", item.Users.user_name)) {
-        item.Users.admin = self.isAdmin(item.Users.roles);
+        item.permissions = [];
+        if (!!Em.get(item.privileges, 'items.length')) {
+          item.permissions = item.privileges.items.mapProperty('PrivilegeInfo.permission_name');
+        }
+        item.Users.admin = self.isAdmin(item.permissions);
         result.push(self.parseIt(item, self.config));
         App.store.loadMany(self.get('model'), result);
       }
     });
   },
-  isAdmin: function(roles) {
-    return (roles.indexOf("admin") >= 0);
+
+  /**
+   * Check if user is admin.
+   * @param {Array} permissionList
+   * @return {Boolean}
+   **/
+  isAdmin: function(permissionList) {
+    return permissionList.indexOf('AMBARI.ADMIN') > -1 || permissionList.indexOf('CLUSTER.OPERATOR') > -1;
   }
 });

ambari-web/app/models/user.js

@@ -24,7 +24,6 @@ App.User = DS.Model.extend({
   id:function(){
     return this.get('userName');
   }.property('userName'),
-  roles:DS.attr('string'),
   isLdap:DS.attr('boolean'),
   type: function(){
     if(this.get('isLdap')){
@@ -33,7 +32,17 @@ App.User = DS.Model.extend({
     return 'Local';
   }.property('isLdap'),
   auditItems:DS.hasMany('App.ServiceAudit'),
-  admin: DS.attr('boolean')
+  admin: DS.attr('boolean'),
+  /**
+   * List of permissions assigned to user
+   *  Available permissions:
+   *    AMBARI.ADMIN
+   *    CLUSTER.READ
+   *    CLUSTER.OPERATE
+   *    VIEW.USE
+   * @property {Array} permissions
+   **/
+  permissions: DS.attr('array')
 });
 
 App.EditUserForm = App.Form.extend({
@@ -48,7 +57,6 @@ App.EditUserForm = App.Form.extend({
     { name:"new_password", displayName:"New Password", displayType:"password",  isRequired: false },
     { name:"new_passwordRetype", displayName:"Retype New Password", displayType:"password", isRequired: false },
     { name:"admin", displayName:"Admin", displayType:"checkbox", isRequired:false },
-    { name:"roles", displayName:"Role", isRequired:false, isHidden:true },
     { name:"isLdap", displayName:"Type", isRequired:false, isHidden:true }
   ],
   fields:[],
@@ -116,8 +124,7 @@ App.CreateUserForm = App.Form.extend({
     { name:"userName", displayName:"Username", toLowerCase: function(){var v = this.get('value'); this.set('value', v.toLowerCase())}.observes('value') },
     { name:"password", displayName:"Password", displayType:"password", isRequired: true },
     { name:"passwordRetype", displayName:"Retype Password", displayType:"password", validator:"passwordRetype", isRequired: true },
-    { name:"admin", displayName:"Admin", displayType:"checkbox", isRequired:false, defaultValue: true},
-    { name:"roles", displayName:"Role", isRequired:false, isHidden:true }
+    { name:"admin", displayName:"Admin", displayType:"checkbox", isRequired:false, defaultValue: true}
   ],
   fields:[],
 

ambari-web/app/router.js

@@ -155,6 +155,37 @@ App.Router = Em.Router.extend({
     return App.db.getUser();
   },
 
+  /**
+   * Get user privileges.
+   *
+   * @param {String} userName
+   * @returns {$.Deferred}
+   **/
+  getUserPrivileges: function(userName) {
+    return App.ajax.send({
+      name: 'router.user.privileges',
+      sender: this,
+      data: {
+        userName: userName
+      },
+      success: 'getUserPrivilegesSuccess'
+    });
+  },
+
+  getUserPrivilegesSuccess: function() {},
+
+  setUserLoggedIn: function(userName) {
+    var controller = this.get('loginController'),
+        self = this;
+    this.setAuthenticated(true);
+    this.setLoginName(userName);
+    this.setUser(App.User.find().findProperty('id', userName));
+    this.getSection(function(route){
+      self.transitionTo(route);
+      controller.postLogin(true,true);
+    });
+  },
+
   login: function () {
     var controller = this.get('loginController');
     var loginName = controller.get('loginName').toLowerCase();
@@ -191,33 +222,30 @@ App.Router = Em.Router.extend({
 
   loginSuccessCallback: function(data, opt, params) {
     console.log('login success');
-    var d = data;
-    var isAdmin = data.Users.roles.indexOf('admin') >= 0;
+    var isAdmin = false;
     var self = this;
-    if (isAdmin) {
-      App.set('isAdmin', true);
-      var controller = this.get('loginController');
-      this.setAuthenticated(true);
-      this.setLoginName(params.loginName);
+    this.getUserPrivileges(data.Users.user_name).done(function(privileges) {
+      data.privileges = privileges;
       App.usersMapper.map({"items": [data]});
-      this.setUser(App.User.find().findProperty('id', params.loginName));
-      this.getSection(function(route){
-        self.transitionTo(route);
-        controller.postLogin(true,true);
-      });
-    }
-    else {
-      App.ajax.send({
-        name: 'router.login2',
-        sender: this,
-        data: {
-          loginName: params.loginName,
-          loginData: data
-        },
-        success: 'login2SuccessCallback',
-        error: 'login2ErrorCallback'
-      });
-    }
+      isAdmin = App.usersMapper.isAdmin(privileges.items.mapProperty('PrivilegeInfo.permission_name'));
+      if (isAdmin) {
+        App.set('isAdmin', true);
+        self.setUserLoggedIn(params.loginName);
+        return true;
+      }
+      else {
+        return App.ajax.send({
+          name: 'router.login2',
+          sender: self,
+          data: {
+            loginName: params.loginName,
+            loginData: data
+          },
+          success: 'login2SuccessCallback',
+          error: 'login2ErrorCallback'
+        });
+      }
+    });
   },
 
   loginErrorCallback: function(request, ajaxOptions, error, opt) {
@@ -234,16 +262,9 @@ App.Router = Em.Router.extend({
 
   login2SuccessCallback: function (clusterResp, opt, params) {
     var controller = this.get('loginController');
-    var self = this;
     if (clusterResp.items.length) {
-      this.setAuthenticated(true);
-      this.setLoginName(params.loginName);
       App.usersMapper.map({"items": [params.loginData]});
-      this.setUser(App.User.find().findProperty('id', params.loginName));
-      this.getSection(function(route){
-        self.transitionTo(route);
-        controller.postLogin(true,true);
-      });
+      this.setUserLoggedIn(params.loginName);
     }
     else {
       controller.set('errorMessage', Em.I18n.t('router.hadoopClusterNotSetUp'));

ambari-web/app/utils/ajax/ajax.js

@@ -1332,6 +1332,18 @@ var urls = {
       };
     }
   },
+  'users.all': {
+    real: '/users/?fields=*',
+    mock: '/data/users/users.json'
+  },
+  'users.privileges': {
+    real: '/privileges?fields=*',
+    mock: '/data/users/privileges.json'
+  },
+  'router.user.privileges': {
+    real: '/privileges?PrivilegeInfo/principal_name={userName}&fields=*',
+    mock: '/data/users/privileges_{userName}.json'
+  },
   'router.login2': {
     'real': '/clusters',
     'mock': '/data/clusters/info.json'

ambari-web/app/views/main/admin/user/create.js

@@ -46,8 +46,6 @@ App.MainAdminUserCreateView = Em.View.extend({
     var form = this.get("userForm");
     if (!form.isValid())  return false;
 
-    this.identifyRoles(form);
-
     return !!App.ajax.send({
       name: 'admin.user.create',
       sender: this,
@@ -56,8 +54,7 @@ App.MainAdminUserCreateView = Em.View.extend({
         form: form,
         data: {
           Users: {
-            password: form.getField("password").get('value'),
-            roles: form.getField("roles").get('value')
+            password: form.getField("password").get('value')
           }
         }
       },
@@ -66,16 +63,6 @@ App.MainAdminUserCreateView = Em.View.extend({
     });
   },
 
-  /**
-   * identify roles of user by admin checkbox
-   * @param form
-   */
-  identifyRoles: function (form) {
-    var roles = (form.getField("admin").get('value') === true) ? 'admin,user' : 'user';
-    form.getField("roles").set("value", roles);
-    return roles;
-  },
-
   /**
    * Success-callback for create user request
    * @param {object} data

ambari-web/app/views/main/admin/user/edit.js

@@ -42,9 +42,7 @@ App.MainAdminUserEditView = Em.View.extend({
     var form = this.get("userForm");
     if (!form.isValid()) return false;
 
-    var Users = {
-      roles: this.identifyRoles(form)
-    };
+    var Users = {};
 
     this.setPassword(Users, form);
 
@@ -78,17 +76,6 @@ App.MainAdminUserEditView = Em.View.extend({
     return false;
   },
 
-  /**
-   * identify roles of user by admin checkbox
-   * @param form
-   * @return {String}
-   */
-  identifyRoles: function (form) {
-    var roles = (form.getField("admin").get('value') === true) ? 'admin,user' : 'user';
-    form.getField("roles").set("value", roles);
-    return roles;
-  },
-
   /**
    * Success callback for edit user request
    * @param {object} data

ambari-web/test/mappers/users_mapper_test.js

@@ -26,9 +26,10 @@ describe('App.usersMapper', function () {
 
   describe('#isAdmin', function() {
     var tests = [
-      {i:'user,admin',e:true,m:'has admin role'},
-      {i:'admin,user',e:true,m:'has admin role'},
-      {i:'user',e:false,m:'doesn\'t have admin role'}
+      {i:["AMBARI.ADMIN"],e:true,m:'has admin role'},
+      {i:["CLUSTER.READ", "AMBARI.ADMIN"],e:true,m:'has admin role'},
+      {i:["VIEW.USE"],e:false,m:'doesn\'t have admin role'},
+      {i:["CLUSTER.OPERATOR"],e:true,m:'has admin role'}
     ];
     tests.forEach(function(test) {
       it(test.m, function() {

ambari-web/test/views/main/admin/user/create_test.js

@@ -44,40 +44,15 @@ describe('App.MainAdminUserCreateView', function () {
     });
     it('form is valid', function () {
       view.set('userForm.mockIsValid', true);
-      sinon.stub(view, 'identifyRoles', Em.K);
       sinon.stub(App.ajax, 'send', Em.K);
 
       expect(view.create()).to.be.true;
-      expect(view.identifyRoles.calledOnce).to.be.true;
       expect(App.ajax.send.calledOnce).to.be.true;
 
-      view.identifyRoles.restore();
       App.ajax.send.restore();
     });
   });
 
-  describe('#identifyRoles()', function () {
-    var mock = Em.Object.create();
-    var form = Em.Object.create({
-      getField: function () {
-        return mock;
-      }
-    });
-
-    it('admin is false', function () {
-      mock.set('value', false);
-
-      expect(view.identifyRoles(form)).to.equal('user');
-      expect(mock.get('value')).to.equal('user');
-    });
-    it('admin is true', function () {
-      mock.set('value', true);
-
-      expect(view.identifyRoles(form)).to.equal('admin,user');
-      expect(mock.get('value')).to.equal('admin,user');
-    });
-  });
-
   describe('#createUserSuccessCallback()', function () {
 
     it('', function () {

ambari-web/test/views/main/admin/user/edit_test.js

@@ -55,16 +55,13 @@ describe('App.MainAdminUserEditView', function () {
       sinon.stub(view.get('userForm'), 'isValid', function () {
         return true;
       });
-      sinon.stub(view, 'identifyRoles', Em.K);
       sinon.stub(view, 'setPassword', Em.K);
 
 
       expect(view.edit()).to.be.true;
       expect(App.ajax.send.calledOnce).to.be.true;
-      expect(view.identifyRoles.calledOnce).to.be.true;
       expect(view.setPassword.calledOnce).to.be.true;
 
-      view.identifyRoles.restore();
       view.setPassword.restore();
     });
   });
@@ -109,28 +106,6 @@ describe('App.MainAdminUserEditView', function () {
     });
   });
 
-  describe('#identifyRoles()', function () {
-    var mock = Em.Object.create();
-    var form = Em.Object.create({
-      getField: function () {
-        return mock;
-      }
-    });
-
-    it('admin is false', function () {
-      mock.set('value', false);
-
-      expect(view.identifyRoles(form)).to.equal('user');
-      expect(mock.get('value')).to.equal('user');
-    });
-    it('admin is true', function () {
-      mock.set('value', true);
-
-      expect(view.identifyRoles(form)).to.equal('admin,user');
-      expect(mock.get('value')).to.equal('admin,user');
-    });
-  });
-
   describe('#editUserSuccessCallback()', function () {
     it('', function () {
       var params = {