205 Access Control Changes

src/app/model/account/account.model.js

@@ -123,12 +123,7 @@
       if (this.adminOverride) {
         return false;
       }
-      var ADMIN_SCOPES = [
-        'cloud_controller.admin',
-        'ucp.admin'
-      ];
-      return angular.isDefined(this.data.scope) &&
-        _.intersection(this.data.scope, ADMIN_SCOPES).length > 0;
+      return this.data.isAdmin;
     },
 
     /**
@@ -144,7 +139,7 @@
       var loginRes = response.data;
       this.data = {
         username: loginRes.account,
-        scope: loginRes.scope ? loginRes.scope.split(' ') : []
+        isAdmin: loginRes.admin
       };
     },
 

src/plugins/cloud-foundry/model/auth/checkers/base-access.js

@@ -22,15 +22,15 @@
   function BaseAccess(principal) {
     return {
       create: function () {
-        return principal.isAdmin();
+        return principal.isAdmin;
       },
 
       update: function () {
-        return principal.isAdmin();
+        return principal.isAdmin;
       },
 
       delete: function () {
-        return principal.isAdmin();
+        return principal.isAdmin;
       },
 
       _doesContainGuid: function (array, guid) {

src/plugins/cloud-foundry/model/auth/checkers/organization-access.js

@@ -45,11 +45,12 @@
       /**
        * @name create
        * @description Does user have create organization permission in the space
-       * @param {Object} space - Domain space
        * @returns {boolean}
        */
-      create: function (space) {
-        return this.principal.isAdmin(space);
+      create: function () {
+        // Formerly, this had a param: @param {Object} space - Domain space
+        // Not sure if we need that or not.
+        return this.principal.isAdmin;
       },
 
       /**
@@ -58,7 +59,7 @@
        * @returns {boolean}
        */
       delete: function () {
-        return this.principal.isAdmin();
+        return this.principal.isAdmin;
       },
 
       /**

src/plugins/cloud-foundry/model/auth/principal.factory.js

@@ -33,11 +33,9 @@
 
         var Principal = modelManager.retrieve('cloud-foundry.model.auth.principal');
         return new Principal(authInfo.username,
-          authInfo.access_token || authInfo.authToken,
-          authInfo.refresh_token || authInfo.refreshToken,
           authInfo.expires_in || authInfo.expiresIn,
-          authInfo.token_type || authInfo.tokenType,
-          authInfo.scope, authInfo.userInfo);
+          authInfo.isAdmin,
+          authInfo.userInfo);
       }
     };
   }

src/plugins/cloud-foundry/model/auth/principal.js

@@ -32,21 +32,18 @@
      * @name Principal
      * @description initialise a Principal object
      * @param {String} username - username
-     * @param {String} authToken - OAuth access token
-     * @param {String} refreshToken - OAuth refresh token
      * @param {String} expiresIn - expires in
-     * @param {String} tokenType - token type
-     * @param {Object} scope - scope
+     * @param {Boolean} isAdmin - is this user and admin
      * @param {Object} userInfo - user info
      * @constructor
      */
-    function Principal(username, authToken, refreshToken, expiresIn, tokenType, scope, userInfo) {
+    function Principal(username, expiresIn, isAdmin, userInfo) {
       this.username = username;
-      this.authToken = authToken;
-      this.refreshToken = refreshToken;
+      // this.authToken = authToken;
+      // this.refreshToken = refreshToken;
       this.expiresIn = expiresIn;
-      this.tokenType = tokenType;
-      this.scope = scope;
+      // this.tokenType = tokenType;
+      this.isAdmin = isAdmin;
       this.userInfo = userInfo;
     }
 
@@ -63,15 +60,6 @@
         return this.isAdmin() || flags[operation];
       },
 
-      /**
-       * @name isAdmin
-       * @description Is user an admin
-       * @returns {boolean}
-       */
-      isAdmin: function () {
-        return _.includes(this.scope, 'cloud_controller.admin');
-      },
-
       /**
        * @name isAllowed
        * @description Is user permitted to do the action