UI: fix create vpc private gateway for regular user (#6400)

* UI: display 'egress/ipv6/publicip' tabs only for domain/root admin and the owner please note (1) isolated networks only . (2) networks in project are not impacted. the tabs are always visible. (3) 'network permission' tab is also only visible for domain/root admin and the owner. but not visible in project view. * UI: fix create vpc private gateway for regular user
2022-05-23 12:58:51 +02:00 · 2022-05-23 12:58:51 +02:00 · 40dabb6ee7
parent a29d5d324f
commit 40dabb6ee7
2 changed files with 18 additions and 9 deletions
--- a/ui/src/config/section/network.js
+++ b/ui/src/config/section/network.js
@ -58,15 +58,15 @@ export default {
      }, {
        name: 'egress.rules',
        component: shallowRef(defineAsyncComponent(() => import('@/views/network/EgressRulesTab.vue'))),
-        show: (record) => { return record.type === 'Isolated' && !('vpcid' in record) && 'listEgressFirewallRules' in store.getters.apis }
+        show: (record, route, user) => { return record.type === 'Isolated' && !('vpcid' in record) && 'listEgressFirewallRules' in store.getters.apis && (['Admin', 'DomainAdmin'].includes(user.roletype) || record.account === user.account || record.projectid) }
      }, {
        name: 'ip.v6.firewall',
        component: shallowRef(defineAsyncComponent(() => import('@/views/network/Ipv6FirewallRulesTab.vue'))),
-        show: (record) => { return record.type === 'Isolated' && ['IPv6', 'DualStack'].includes(record.internetprotocol) && !('vpcid' in record) && 'listIpv6FirewallRules' in store.getters.apis }
+        show: (record, route, user) => { return record.type === 'Isolated' && ['IPv6', 'DualStack'].includes(record.internetprotocol) && !('vpcid' in record) && 'listIpv6FirewallRules' in store.getters.apis && (['Admin', 'DomainAdmin'].includes(user.roletype) || record.account === user.account || record.projectid) }
      }, {
        name: 'public.ip.addresses',
        component: shallowRef(defineAsyncComponent(() => import('@/views/network/IpAddressesTab.vue'))),
-        show: (record) => { return (record.type === 'Isolated' || record.type === 'Shared') && !('vpcid' in record) && 'listPublicIpAddresses' in store.getters.apis }
+        show: (record, route, user) => { return 'listPublicIpAddresses' in store.getters.apis && (record.type === 'Shared' || (record.type === 'Isolated' && !('vpcid' in record) && (['Admin', 'DomainAdmin'].includes(user.roletype) || record.account === user.account || record.projectid))) }
      }, {
        name: 'virtual.routers',
        component: shallowRef(defineAsyncComponent(() => import('@/views/network/RoutersTab.vue'))),
@ -78,7 +78,7 @@ export default {
      }, {
        name: 'network.permissions',
        component: shallowRef(defineAsyncComponent(() => import('@/views/network/NetworkPermissions.vue'))),
-        show: (record, route, user) => { return 'listNetworkPermissions' in store.getters.apis && record.acltype === 'Account' && !('vpcid' in record) && (['Admin', 'DomainAdmin'].includes(user.roletype) || record.account === user.account) }
+        show: (record, route, user) => { return 'listNetworkPermissions' in store.getters.apis && record.acltype === 'Account' && !('vpcid' in record) && (['Admin', 'DomainAdmin'].includes(user.roletype) || record.account === user.account) && !record.projectid }
      },
      {
        name: 'events',
--- a/ui/src/views/network/VpcTab.vue
+++ b/ui/src/views/network/VpcTab.vue
@ -156,7 +156,7 @@
              :model="form"
              :rules="rules"
             >
-              <a-form-item :label="$t('label.physicalnetworkid')" ref="physicalnetwork" name="physicalnetwork">
+              <a-form-item :label="$t('label.physicalnetworkid')" ref="physicalnetwork" name="physicalnetwork" v-if="this.isAdmin()">
                <a-select
                  v-model:value="form.physicalnetwork"
                  v-focus="true"
@ -684,10 +684,19 @@ export default {

      switch (e) {
        case 'privateGateways':
-          this.rules = {
-            ipaddress: [{ required: true, message: this.$t('label.required') }],
-            gateway: [{ required: true, message: this.$t('label.required') }],
-            netmask: [{ required: true, message: this.$t('label.required') }]
+          if (this.isAdmin()) {
+            this.rules = {
+              ipaddress: [{ required: true, message: this.$t('label.required') }],
+              gateway: [{ required: true, message: this.$t('label.required') }],
+              netmask: [{ required: true, message: this.$t('label.required') }]
+            }
+          } else {
+            this.rules = {
+              ipaddress: [{ required: true, message: this.$t('label.required') }],
+              gateway: [{ required: true, message: this.$t('label.required') }],
+              netmask: [{ required: true, message: this.$t('label.required') }],
+              associatednetworkid: [{ required: true, message: this.$t('label.required') }]
+            }
          }
          this.modals.gateway = true
          this.fetchAclList()