Auth error handling

Web client now can tell difference between 401 Unauthorized and 403 Forbidden status codes. When 403 is returned the client shows a modal saying that superuser permissions are required. Change-Id: I3252c331de67eee8fe0bbc2b661899224579226d
2014-06-23 12:49:14 +04:00
parent ad7104f3b2
commit 9e31abbfa0
3 changed files with 94 additions and 17 deletions
--- a/src/app/auth/auth_error_handling.js
+++ b/src/app/auth/auth_error_handling.js
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2014 Mirantis Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ * 	http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+angular.module('sb.auth').run(
+    function($log, $modal, Notification, RefreshManager, Session) {
+        'use strict';
+
+        function handle_401() {
+            RefreshManager.tryRefresh().then(function () {
+                $log.info('Token refreshed on 401');
+            }, function () {
+                $log.info('Could not refresh token. Destroying session');
+                Session.destroySession();
+            });
+        }
+
+        function handle_403() {
+            var modalInstance = $modal.open({
+                templateUrl: 'app/templates/auth/modal/superuser_required.html',
+                controller: function($modalInstance, $scope) {
+                    $scope.close = function () {
+                        $modalInstance.dismiss('cancel');
+                    };
+                }
+            });
+            return modalInstance.result;
+        }
+
+
+        // We're using -1 as the priority, to ensure that this is
+        // intercepted before anything else happens.
+        Notification.intercept(function (message) {
+            if (message.type === 'http') {
+                if (message.message === 401) {
+                    // An unauthorized error. Refreshing the access token
+                    // might help.
+                    handle_401();
+                }
+
+                if (message.message === 403) {
+                    // Forbidden error. A user should be warned tha he is
+                    // doing something wrong.
+                    handle_403();
+                }
+
+                return true; // Stop processing this notifications.
+            }
+        }, -1);
+
+    }
+);
--- a/src/app/auth/service/session.js
+++ b/src/app/auth/service/session.js
@@ -20,7 +20,7 @@
 */
 angular.module('sb.auth').factory('Session',
    function (SessionState, AccessToken, $rootScope, $log, $q, $state, User,
-              RefreshManager, Notification) {
+              RefreshManager) {
        'use strict';

        /**
@@ -109,22 +109,6 @@ angular.module('sb.auth').factory('Session',
         */
        initializeSession();

-        // We're using -1 as the priority, to ensure that this is intercepted
-        // before anything else happens.
-        Notification.intercept(function (message) {
-            if (message.type === 'http' && message.message === 401) {
-                RefreshManager.tryRefresh().then(
-                    function () {
-                        $log.info('Token refreshed on 401');
-                    }, function () {
-                        $log.info('Could not refresh token. ' +
-                            'Destroying session');
-                        destroySession();
-                    });
-                return true; // Stop processing this notification.
-            }
-        }, -1);
-
        // Expose the methods for this service.
        return {
            /**
--- a/src/app/templates/auth/modal/superuser_required.html
+++ b/src/app/templates/auth/modal/superuser_required.html
@@ -0,0 +1,29 @@
+<!--
+  ~ Copyright (c) 2014 Mirantis Inc.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License"); you may
+  ~ not use this file except in compliance with the License. You may obtain
+  ~ a copy of the License at
+  ~
+  ~         http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  ~ WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  ~ License for the specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<div class="panel panel-default">
+    <div class="panel-heading">
+        <button type="button" class="close" aria-hidden="true"
+                ng-click="close()">&times;</button>
+        <h3 class="panel-title">Permission denied.</h3>
+    </div>
+    <div class="panel-body">
+        <div class="row">
+            <div class="col-xs-12 text-center">
+                This action requires superuser permissions.
+            </div>
+        </div>
+    </div>
+</div>