diff --git a/addons/api/addon/abilities/role.js b/addons/api/addon/abilities/role.js index ef0e1053cf..bc55455a5b 100644 --- a/addons/api/addon/abilities/role.js +++ b/addons/api/addon/abilities/role.js @@ -16,7 +16,7 @@ class InvalidRolePrincipalTypeError extends Error { export default class RoleAbility extends ModelAbility { // =services - @service can; + @service abilities; // =permissions @@ -64,6 +64,6 @@ export default class RoleAbility extends ModelAbility { `Expected a role principal of type 'user', 'group', or 'managed-group'. Got '${type}'.`, ); } - return this.can.can(`read ${type}`, this.model); + return this.abilities.can(`read ${type}`, this.model); } } diff --git a/addons/api/package.json b/addons/api/package.json index 76dcb6904e..cfadd9278e 100644 --- a/addons/api/package.json +++ b/addons/api/package.json @@ -33,7 +33,7 @@ "broccoli-plugin": "^4.0.7", "broccoli-source": "^3.0.1", "ember-auto-import": "^2.10.0", - "ember-can": "^4.2.0", + "ember-can": "^8.0.0", "ember-cli-babel": "^8.2.0", "ember-cli-htmlbars": "^6.3.0", "ember-cli-mirage": "^3.0.3", diff --git a/addons/api/tests/dummy/app/app.js b/addons/api/tests/dummy/app/app.js index cfdb1bad39..751427205a 100644 --- a/addons/api/tests/dummy/app/app.js +++ b/addons/api/tests/dummy/app/app.js @@ -7,11 +7,12 @@ import Application from '@ember/application'; import Resolver from 'ember-resolver'; import loadInitializers from 'ember-load-initializers'; import config from 'dummy/config/environment'; +import { extendResolver } from 'ember-can'; export default class App extends Application { modulePrefix = config.modulePrefix; podModulePrefix = config.podModulePrefix; - Resolver = Resolver; + Resolver = extendResolver(Resolver); } loadInitializers(App, config.modulePrefix); diff --git a/addons/api/tests/unit/abilities/account-test.js b/addons/api/tests/unit/abilities/account-test.js index 812e33a6af..a817dfad13 100644 --- a/addons/api/tests/unit/abilities/account-test.js +++ b/addons/api/tests/unit/abilities/account-test.js @@ -14,11 +14,11 @@ import { module('Unit | Abilities | Account', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -26,9 +26,9 @@ module('Unit | Abilities | Account', function (hooks) { const account = store.createRecord('auth-method', { authorized_actions: ['set-password'], }); - assert.true(canService.can('setPassword account', account)); + assert.true(abilitiesService.can('setPassword account', account)); account.authorized_actions = []; - assert.false(canService.can('setPassword account', account)); + assert.false(abilitiesService.can('setPassword account', account)); }); test('can read known account types when authorized', function (assert) { @@ -36,13 +36,13 @@ module('Unit | Abilities | Account', function (hooks) { authorized_actions: ['read'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('read account', account)); + assert.true(abilitiesService.can('read account', account)); account.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('read account', account)); + assert.true(abilitiesService.can('read account', account)); account.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('read account', account)); + assert.true(abilitiesService.can('read account', account)); account.type = 'no-such-type'; - assert.false(canService.can('read account', account)); + assert.false(abilitiesService.can('read account', account)); }); test('cannot read accounts when unauthorized', function (assert) { @@ -50,13 +50,13 @@ module('Unit | Abilities | Account', function (hooks) { authorized_actions: [], type: TYPE_AUTH_METHOD_OIDC, }); - assert.false(canService.can('read account', account)); + assert.false(abilitiesService.can('read account', account)); account.type = TYPE_AUTH_METHOD_PASSWORD; - assert.false(canService.can('read account', account)); + assert.false(abilitiesService.can('read account', account)); account.type = TYPE_AUTH_METHOD_LDAP; - assert.false(canService.can('read account', account)); + assert.false(abilitiesService.can('read account', account)); account.type = 'no-such-type'; - assert.false(canService.can('read account', account)); + assert.false(abilitiesService.can('read account', account)); }); test('can delete known account types when authorized', function (assert) { @@ -64,13 +64,13 @@ module('Unit | Abilities | Account', function (hooks) { authorized_actions: ['delete'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('delete account', account)); + assert.true(abilitiesService.can('delete account', account)); account.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('delete account', account)); + assert.true(abilitiesService.can('delete account', account)); account.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('delete account', account)); + assert.true(abilitiesService.can('delete account', account)); account.type = 'no-such-type'; - assert.false(canService.can('delete account', account)); + assert.false(abilitiesService.can('delete account', account)); }); test('cannot delete accounts when unauthorized', function (assert) { @@ -78,13 +78,13 @@ module('Unit | Abilities | Account', function (hooks) { authorized_actions: ['delete'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('delete account', account)); + assert.true(abilitiesService.can('delete account', account)); account.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('delete account', account)); + assert.true(abilitiesService.can('delete account', account)); account.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('delete account', account)); + assert.true(abilitiesService.can('delete account', account)); account.type = 'no-such-type'; - assert.false(canService.can('delete account', account)); + assert.false(abilitiesService.can('delete account', account)); }); test('can update known account types when authorized', function (assert) { @@ -92,13 +92,13 @@ module('Unit | Abilities | Account', function (hooks) { authorized_actions: ['update'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('update account', account)); + assert.true(abilitiesService.can('update account', account)); account.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('update account', account)); + assert.true(abilitiesService.can('update account', account)); account.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('update account', account)); + assert.true(abilitiesService.can('update account', account)); account.type = 'no-such-type'; - assert.false(canService.can('update account', account)); + assert.false(abilitiesService.can('update account', account)); }); test('cannot update accounts when unauthorized', function (assert) { @@ -106,12 +106,12 @@ module('Unit | Abilities | Account', function (hooks) { authorized_actions: [], type: TYPE_AUTH_METHOD_OIDC, }); - assert.false(canService.can('update account', account)); + assert.false(abilitiesService.can('update account', account)); account.type = TYPE_AUTH_METHOD_PASSWORD; - assert.false(canService.can('update account', account)); + assert.false(abilitiesService.can('update account', account)); account.type = TYPE_AUTH_METHOD_LDAP; - assert.false(canService.can('update account', account)); + assert.false(abilitiesService.can('update account', account)); account.type = 'no-such-type'; - assert.false(canService.can('update account', account)); + assert.false(abilitiesService.can('update account', account)); }); }); diff --git a/addons/api/tests/unit/abilities/auth-method-test.js b/addons/api/tests/unit/abilities/auth-method-test.js index 5d820e83b7..cad21a4503 100644 --- a/addons/api/tests/unit/abilities/auth-method-test.js +++ b/addons/api/tests/unit/abilities/auth-method-test.js @@ -14,11 +14,11 @@ import { module('Unit | Abilities | Auth Method', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -27,13 +27,13 @@ module('Unit | Abilities | Auth Method', function (hooks) { authorized_actions: ['read'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('read auth-method', authMethod)); + assert.true(abilitiesService.can('read auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('read auth-method', authMethod)); + assert.true(abilitiesService.can('read auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('read auth-method', authMethod)); + assert.true(abilitiesService.can('read auth-method', authMethod)); authMethod.type = 'no-such-type'; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); }); test('cannot read auth methods when unauthorized', function (assert) { @@ -41,13 +41,13 @@ module('Unit | Abilities | Auth Method', function (hooks) { authorized_actions: [], type: TYPE_AUTH_METHOD_OIDC, }); - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_LDAP; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); authMethod.type = 'no-such-type'; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); }); test('can delete known auth method types when authorized', function (assert) { @@ -55,13 +55,13 @@ module('Unit | Abilities | Auth Method', function (hooks) { authorized_actions: ['delete'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('delete auth-method', authMethod)); + assert.true(abilitiesService.can('delete auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('delete auth-method', authMethod)); + assert.true(abilitiesService.can('delete auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('delete auth-method', authMethod)); + assert.true(abilitiesService.can('delete auth-method', authMethod)); authMethod.type = 'no-such-type'; - assert.false(canService.can('delete auth-method', authMethod)); + assert.false(abilitiesService.can('delete auth-method', authMethod)); }); test('cannot delete auth methods when unauthorized', function (assert) { @@ -69,13 +69,13 @@ module('Unit | Abilities | Auth Method', function (hooks) { authorized_actions: ['delete'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('delete auth-method', authMethod)); + assert.true(abilitiesService.can('delete auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('delete auth-method', authMethod)); + assert.true(abilitiesService.can('delete auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('delete auth-method', authMethod)); + assert.true(abilitiesService.can('delete auth-method', authMethod)); authMethod.type = 'no-such-type'; - assert.false(canService.can('delete auth-method', authMethod)); + assert.false(abilitiesService.can('delete auth-method', authMethod)); }); test('can update known auth method types when authorized', function (assert) { @@ -83,13 +83,13 @@ module('Unit | Abilities | Auth Method', function (hooks) { authorized_actions: ['update'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('update auth-method', authMethod)); + assert.true(abilitiesService.can('update auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('update auth-method', authMethod)); + assert.true(abilitiesService.can('update auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_LDAP; - assert.true(canService.can('update auth-method', authMethod)); + assert.true(abilitiesService.can('update auth-method', authMethod)); authMethod.type = 'no-such-type'; - assert.false(canService.can('update auth-method', authMethod)); + assert.false(abilitiesService.can('update auth-method', authMethod)); }); test('cannot update auth methods when unauthorized', function (assert) { @@ -97,12 +97,12 @@ module('Unit | Abilities | Auth Method', function (hooks) { authorized_actions: [], type: TYPE_AUTH_METHOD_OIDC, }); - assert.false(canService.can('update auth-method', authMethod)); + assert.false(abilitiesService.can('update auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.false(canService.can('update auth-method', authMethod)); + assert.false(abilitiesService.can('update auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_LDAP; - assert.false(canService.can('update auth-method', authMethod)); + assert.false(abilitiesService.can('update auth-method', authMethod)); authMethod.type = 'no-such-type'; - assert.false(canService.can('update auth-method', authMethod)); + assert.false(abilitiesService.can('update auth-method', authMethod)); }); }); diff --git a/addons/api/tests/unit/abilities/channel-recording-test.js b/addons/api/tests/unit/abilities/channel-recording-test.js index 13d58ce80d..decf665e45 100644 --- a/addons/api/tests/unit/abilities/channel-recording-test.js +++ b/addons/api/tests/unit/abilities/channel-recording-test.js @@ -11,11 +11,11 @@ import { TYPE_SESSION_RECORDING_SSH } from 'api/models/session-recording'; module('Unit | Ability | channel-recording', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -41,7 +41,10 @@ module('Unit | Ability | channel-recording', function (hooks) { }); assert.true( - canService.can('getAsciicast channel-recording', channelRecordingModel), + abilitiesService.can( + 'getAsciicast channel-recording', + channelRecordingModel, + ), ); }); @@ -62,7 +65,10 @@ module('Unit | Ability | channel-recording', function (hooks) { }); assert.false( - canService.can('getAsciicast channel-recording', channelRecordingModel), + abilitiesService.can( + 'getAsciicast channel-recording', + channelRecordingModel, + ), ); }); }); diff --git a/addons/api/tests/unit/abilities/group-test.js b/addons/api/tests/unit/abilities/group-test.js index 8913f86b24..3683255cbc 100644 --- a/addons/api/tests/unit/abilities/group-test.js +++ b/addons/api/tests/unit/abilities/group-test.js @@ -10,7 +10,7 @@ module('Unit | Abilities | Group', function (hooks) { setupTest(hooks); test('it reflects when a given group resource may add members based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['add-members'], }; @@ -20,7 +20,7 @@ module('Unit | Abilities | Group', function (hooks) { }); test('it reflects when a given group resource may remove members based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['remove-members'], }; diff --git a/addons/api/tests/unit/abilities/host-set-test.js b/addons/api/tests/unit/abilities/host-set-test.js index 108ba62797..bf2a51f4ff 100644 --- a/addons/api/tests/unit/abilities/host-set-test.js +++ b/addons/api/tests/unit/abilities/host-set-test.js @@ -10,7 +10,7 @@ module('Unit | Abilities | Host Set', function (hooks) { setupTest(hooks); test('it reflects when a given host set resource may add hosts based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['add-hosts'], }; @@ -20,7 +20,7 @@ module('Unit | Abilities | Host Set', function (hooks) { }); test('it reflects when a given hostSet resource may remove hosts based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['remove-hosts'], }; diff --git a/addons/api/tests/unit/abilities/model-test.js b/addons/api/tests/unit/abilities/model-test.js index 3930742317..79ff1a4c1a 100644 --- a/addons/api/tests/unit/abilities/model-test.js +++ b/addons/api/tests/unit/abilities/model-test.js @@ -10,7 +10,7 @@ module('Unit | Abilities | Model', function (hooks) { setupTest(hooks); test('it reflects when a given model may be read based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['read'], }; @@ -20,7 +20,7 @@ module('Unit | Abilities | Model', function (hooks) { }); test('it reflects when a given model may be updated based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['update'], }; @@ -30,7 +30,7 @@ module('Unit | Abilities | Model', function (hooks) { }); test('it reflects when a given model may be saved based on isNew and authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); let model = { isNew: false, authorized_actions: ['update'], @@ -58,7 +58,7 @@ module('Unit | Abilities | Model', function (hooks) { }); test('it reflects when a given model may be deleted based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['delete'], }; @@ -70,7 +70,7 @@ module('Unit | Abilities | Model', function (hooks) { // =collections test('it reflects when a resource may be listed based on authorized_collection_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_collection_actions: { foobars: ['list'], @@ -82,7 +82,7 @@ module('Unit | Abilities | Model', function (hooks) { }); test('it reflects when a resource may be created based on authorized_collection_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_collection_actions: { foobars: ['create'], diff --git a/addons/api/tests/unit/abilities/role-test.js b/addons/api/tests/unit/abilities/role-test.js index e601bcc1bc..a85df2afd0 100644 --- a/addons/api/tests/unit/abilities/role-test.js +++ b/addons/api/tests/unit/abilities/role-test.js @@ -10,7 +10,7 @@ module('Unit | Abilities | Role', function (hooks) { setupTest(hooks); test('it reflects when a given role may set grants based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['set-grants'], }; @@ -20,7 +20,7 @@ module('Unit | Abilities | Role', function (hooks) { }); test('it reflects when a given role may add principals based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['add-principals'], }; @@ -30,7 +30,7 @@ module('Unit | Abilities | Role', function (hooks) { }); test('it reflects when a given role may remove principals based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['remove-principals'], }; @@ -40,7 +40,7 @@ module('Unit | Abilities | Role', function (hooks) { }); test('it proxies role principal read ability to the appropriate ability type', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const user = { constructor: { modelName: 'user' }, authorized_actions: [], @@ -65,7 +65,7 @@ module('Unit | Abilities | Role', function (hooks) { }); test('it throws an error for unknown principal types on principal read check', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const account = { constructor: { modelName: 'account' }, authorized_actions: ['read'], @@ -77,7 +77,7 @@ module('Unit | Abilities | Role', function (hooks) { }); test('can set grant scopes based on authorized_actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_actions: ['set-grant-scopes'], }; diff --git a/addons/api/tests/unit/abilities/scope-test.js b/addons/api/tests/unit/abilities/scope-test.js index a9d48614b6..12d9c062f9 100644 --- a/addons/api/tests/unit/abilities/scope-test.js +++ b/addons/api/tests/unit/abilities/scope-test.js @@ -9,10 +9,10 @@ import { setupTest } from 'ember-qunit'; module('Unit | Abilities | Scope', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); }); test('it exists', function (assert) { const ability = this.owner.lookup('ability:scope'); @@ -23,9 +23,9 @@ module('Unit | Abilities | Scope', function (hooks) { const model = { authorized_actions: ['attach-storage-policy'], }; - assert.true(canService.can('attachStoragePolicy scope', model)); + assert.true(abilitiesService.can('attachStoragePolicy scope', model)); model.authorized_actions = []; - assert.false(canService.can('attachStoragePolicy scope', model)); + assert.false(abilitiesService.can('attachStoragePolicy scope', model)); }); test('it reflects when a given scope may remove a policy in org scope', function (assert) { @@ -33,8 +33,8 @@ module('Unit | Abilities | Scope', function (hooks) { authorized_actions: ['detach-storage-policy'], }; - assert.true(canService.can('detachStoragePolicy scope', model)); + assert.true(abilitiesService.can('detachStoragePolicy scope', model)); model.authorized_actions = []; - assert.false(canService.can('detachStoragePolicy scope', model)); + assert.false(abilitiesService.can('detachStoragePolicy scope', model)); }); }); diff --git a/addons/api/tests/unit/abilities/session-recording-test.js b/addons/api/tests/unit/abilities/session-recording-test.js index 816578ea84..e46500f5d7 100644 --- a/addons/api/tests/unit/abilities/session-recording-test.js +++ b/addons/api/tests/unit/abilities/session-recording-test.js @@ -14,11 +14,11 @@ import { module('Unit | Ability | session-recording', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -42,13 +42,13 @@ module('Unit | Ability | session-recording', function (hooks) { ); assert.true( - canService.can( + abilitiesService.can( 'download session-recording', recordingWithAuthorizedAction, ), ); assert.false( - canService.can( + abilitiesService.can( 'download session-recording', recordingWithoutAuthorizedAction, ), @@ -70,10 +70,16 @@ module('Unit | Ability | session-recording', function (hooks) { state: STATE_SESSION_RECORDING_AVAILABLE, }); assert.false( - canService.can('delete session-recording', recordingNotinAvaialableState), + abilitiesService.can( + 'delete session-recording', + recordingNotinAvaialableState, + ), ); assert.true( - canService.can('delete session-recording', recordingInAvailableState), + abilitiesService.can( + 'delete session-recording', + recordingInAvailableState, + ), ); }); @@ -83,7 +89,7 @@ module('Unit | Ability | session-recording', function (hooks) { }); assert.true( - canService.can('reapplyStoragePolicy session-recording', recording), + abilitiesService.can('reapplyStoragePolicy session-recording', recording), ); }); }); diff --git a/addons/api/tests/unit/abilities/session-test.js b/addons/api/tests/unit/abilities/session-test.js index d454c9d83e..a53c0ea629 100644 --- a/addons/api/tests/unit/abilities/session-test.js +++ b/addons/api/tests/unit/abilities/session-test.js @@ -15,11 +15,11 @@ import { module('Unit | Ability | session', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -34,7 +34,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_ACTIVE, }); - assert.true(canService.can('read session', session)); + assert.true(abilitiesService.can('read session', session)); }); test('can read a session that is pending', function (assert) { @@ -43,7 +43,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_PENDING, }); - assert.true(canService.can('read session', session)); + assert.true(abilitiesService.can('read session', session)); }); test('cannot read a session that is not authorized', function (assert) { @@ -64,10 +64,10 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_TERMINATED, }); - assert.false(canService.can('read session', activeSession)); - assert.false(canService.can('read session', pendingSession)); - assert.false(canService.can('read session', cancelingSession)); - assert.false(canService.can('read session', terminatedSession)); + assert.false(abilitiesService.can('read session', activeSession)); + assert.false(abilitiesService.can('read session', pendingSession)); + assert.false(abilitiesService.can('read session', cancelingSession)); + assert.false(abilitiesService.can('read session', terminatedSession)); }); test('cannot read a session that is canceling', function (assert) { @@ -76,7 +76,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_CANCELING, }); - assert.false(canService.can('read session', session)); + assert.false(abilitiesService.can('read session', session)); }); test('cannot read a session that is terminated', function (assert) { @@ -85,7 +85,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_TERMINATED, }); - assert.false(canService.can('read session', session)); + assert.false(abilitiesService.can('read session', session)); }); test('can read a session that has read:self', function (assert) { @@ -94,7 +94,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_ACTIVE, }); - assert.true(canService.can('read session', session)); + assert.true(abilitiesService.can('read session', session)); }); test('can cancel a session that is active', function (assert) { @@ -103,7 +103,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_ACTIVE, }); - assert.true(canService.can('cancel session', session)); + assert.true(abilitiesService.can('cancel session', session)); }); test('can cancel a session that has cancel:self', function (assert) { @@ -112,7 +112,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_ACTIVE, }); - assert.true(canService.can('cancel session', session)); + assert.true(abilitiesService.can('cancel session', session)); }); test('can cancel a session that is pending', function (assert) { @@ -121,7 +121,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_PENDING, }); - assert.true(canService.can('cancel session', session)); + assert.true(abilitiesService.can('cancel session', session)); }); test('cannot cancel a session that is canceling', function (assert) { @@ -130,7 +130,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_CANCELING, }); - assert.false(canService.can('cancel session', session)); + assert.false(abilitiesService.can('cancel session', session)); }); test('cannot cancel a session that is terminated', function (assert) { @@ -139,7 +139,7 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_TERMINATED, }); - assert.false(canService.can('cancel session', session)); + assert.false(abilitiesService.can('cancel session', session)); }); test('cannot cancel a session that is not authorized', function (assert) { @@ -160,9 +160,9 @@ module('Unit | Ability | session', function (hooks) { status: STATUS_SESSION_TERMINATED, }); - assert.false(canService.can('cancel session', activeSession)); - assert.false(canService.can('cancel session', pendingSession)); - assert.false(canService.can('cancel session', cancelingSession)); - assert.false(canService.can('cancel session', terminatedSession)); + assert.false(abilitiesService.can('cancel session', activeSession)); + assert.false(abilitiesService.can('cancel session', pendingSession)); + assert.false(abilitiesService.can('cancel session', cancelingSession)); + assert.false(abilitiesService.can('cancel session', terminatedSession)); }); }); diff --git a/addons/api/tests/unit/abilities/target-test.js b/addons/api/tests/unit/abilities/target-test.js index 1f4386da00..96d9b5f1da 100644 --- a/addons/api/tests/unit/abilities/target-test.js +++ b/addons/api/tests/unit/abilities/target-test.js @@ -9,55 +9,59 @@ import { setupTest } from 'ember-qunit'; module('Unit | Abilities | Target', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); }); test('it reflects when a given target may connect based on authorized_actions', function (assert) { const model = { authorized_actions: ['authorize-session'], }; - assert.true(canService.can('connect target', model)); + assert.true(abilitiesService.can('connect target', model)); model.authorized_actions = []; - assert.false(canService.can('connect target', model)); + assert.false(abilitiesService.can('connect target', model)); }); test('it reflects when a given target may add host sources', function (assert) { const model = { authorized_actions: ['add-host-sources'], }; - assert.true(canService.can('addHostSources target', model)); + assert.true(abilitiesService.can('addHostSources target', model)); model.authorized_actions = []; - assert.false(canService.can('addHostSources target', model)); + assert.false(abilitiesService.can('addHostSources target', model)); }); test('it reflects when a given target may remove host sources', function (assert) { const model = { authorized_actions: ['remove-host-sources'], }; - assert.true(canService.can('removeHostSources target', model)); + assert.true(abilitiesService.can('removeHostSources target', model)); model.authorized_actions = []; - assert.false(canService.can('removeHostSources target', model)); + assert.false(abilitiesService.can('removeHostSources target', model)); }); test('it reflects when a given target may add brokered credential sources', function (assert) { const model = { authorized_actions: ['add-credential-sources'], }; - assert.true(canService.can('addBrokeredCredentialSources target', model)); + assert.true( + abilitiesService.can('addBrokeredCredentialSources target', model), + ); model.authorized_actions = []; - assert.false(canService.can('addBrokeredCredentialSources target', model)); + assert.false( + abilitiesService.can('addBrokeredCredentialSources target', model), + ); }); test('it reflects when a given target may remove credential sources', function (assert) { const model = { authorized_actions: ['remove-credential-sources'], }; - assert.true(canService.can('removeCredentialSources target', model)); + assert.true(abilitiesService.can('removeCredentialSources target', model)); model.authorized_actions = []; - assert.false(canService.can('removeCredentialSources target', model)); + assert.false(abilitiesService.can('removeCredentialSources target', model)); }); test('it reflects when a given ssh target may add injected application credential sources', function (assert) { @@ -74,16 +78,19 @@ module('Unit | Abilities | Target', function (hooks) { }; assert.true( - canService.can('addInjectedApplicationCredentialSources target', model), + abilitiesService.can( + 'addInjectedApplicationCredentialSources target', + model, + ), ); assert.false( - canService.can( + abilitiesService.can( 'addInjectedApplicationCredentialSources target', modelWithoutAuthorizedActions, ), ); assert.false( - canService.can( + abilitiesService.can( 'addInjectedApplicationCredentialSources target', modelWithoutSSHType, ), diff --git a/addons/api/tests/unit/abilities/user-test.js b/addons/api/tests/unit/abilities/user-test.js index 814f368c61..9e6eba83db 100644 --- a/addons/api/tests/unit/abilities/user-test.js +++ b/addons/api/tests/unit/abilities/user-test.js @@ -14,7 +14,7 @@ import { module('Unit | Abilities | User', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; const instances = { @@ -23,7 +23,7 @@ module('Unit | Abilities | User', function (hooks) { }; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); instances.user = store.createRecord('user'); instances.account = store.createRecord('account'); @@ -31,28 +31,28 @@ module('Unit | Abilities | User', function (hooks) { test('can add accounts to user when authorized and given a known account type', function (assert) { instances.user.authorized_actions = ['add-accounts']; - assert.true(canService.can('addAccounts user', instances.user)); + assert.true(abilitiesService.can('addAccounts user', instances.user)); instances.account.type = TYPE_AUTH_METHOD_OIDC; assert.true( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_PASSWORD; assert.true( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.true( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = 'no-such-type'; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); @@ -60,28 +60,28 @@ module('Unit | Abilities | User', function (hooks) { test('cannot add accounts to user when unauthorized', function (assert) { instances.user.authorized_actions = []; - assert.false(canService.can('addAccounts user', instances.user)); + assert.false(abilitiesService.can('addAccounts user', instances.user)); instances.account.type = TYPE_AUTH_METHOD_OIDC; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_PASSWORD; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = 'no-such-type'; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); @@ -89,28 +89,28 @@ module('Unit | Abilities | User', function (hooks) { test('can remove accounts from user when authorized and given a known account type', function (assert) { instances.user.authorized_actions = ['remove-accounts']; - assert.true(canService.can('removeAccounts user', instances.user)); + assert.true(abilitiesService.can('removeAccounts user', instances.user)); instances.account.type = TYPE_AUTH_METHOD_OIDC; assert.true( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_PASSWORD; assert.true( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.true( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); instances.account.type = 'no-such-type'; assert.false( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); @@ -118,28 +118,28 @@ module('Unit | Abilities | User', function (hooks) { test('cannot remove accounts from user when unauthorized', function (assert) { instances.user.authorized_actions = []; - assert.false(canService.can('removeAccounts user', instances.user)); + assert.false(abilitiesService.can('removeAccounts user', instances.user)); instances.account.type = TYPE_AUTH_METHOD_OIDC; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_PASSWORD; assert.false( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.false( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); instances.account.type = 'no-such-type'; assert.false( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); diff --git a/addons/api/tests/unit/abilities/worker-test.js b/addons/api/tests/unit/abilities/worker-test.js index 7a8fe37ed2..52071cd687 100644 --- a/addons/api/tests/unit/abilities/worker-test.js +++ b/addons/api/tests/unit/abilities/worker-test.js @@ -9,7 +9,7 @@ import { setupTest } from 'ember-qunit'; module('Unit | Abilities | Worker', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; const instances = { @@ -17,7 +17,7 @@ module('Unit | Abilities | Worker', function (hooks) { }; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); instances.worker = store.createRecord('worker'); }); @@ -27,7 +27,7 @@ module('Unit | Abilities | Worker', function (hooks) { authorized_collection_actions: { workers: ['create:worker-led'] }, }; assert.true( - canService.can('createWorkerLed worker', model, { + abilitiesService.can('createWorkerLed worker', model, { collection: 'workers', }), ); @@ -38,7 +38,7 @@ module('Unit | Abilities | Worker', function (hooks) { authorized_collection_actions: { workers: [] }, }; assert.true( - canService.cannot('createWorkerLed worker', model, { + abilitiesService.cannot('createWorkerLed worker', model, { collection: 'workers', }), ); @@ -46,11 +46,13 @@ module('Unit | Abilities | Worker', function (hooks) { test('can set worker tags', function (assert) { instances.worker.authorized_actions = ['set-worker-tags']; - assert.true(canService.can('setWorkerTags worker', instances.worker)); + assert.true(abilitiesService.can('setWorkerTags worker', instances.worker)); }); test('cannot set worker tags', function (assert) { instances.worker.authorized_actions = []; - assert.true(canService.cannot('setWorkerTags worker', instances.worker)); + assert.true( + abilitiesService.cannot('setWorkerTags worker', instances.worker), + ); }); }); diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 80067e7616..07e89a6f68 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -77,8 +77,8 @@ importers: specifier: ^2.10.0 version: 2.10.0(@glint/template@1.5.2)(webpack@5.99.8(esbuild@0.25.9)) ember-can: - specifier: ^4.2.0 - version: 4.2.0(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))) + specifier: ^8.0.0 + version: 8.0.0(@babel/core@7.27.1)(@ember/string@4.0.1)(ember-inflector@4.0.3(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))))(ember-resolver@12.0.1(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))))(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))) ember-cli-babel: specifier: ^8.2.0 version: 8.2.0(@babel/core@7.27.1) @@ -4639,9 +4639,13 @@ packages: ember-browser-services@4.0.4: resolution: {integrity: sha512-ZjQPD7wlqMhHIq+uuesW+SWYCN+TsQtyY2Fy7QpluxEQff/j2JHiQAk3K0GUtEwef1gJ8/dRsBqSnaG2/Fxhmg==} - ember-can@4.2.0: - resolution: {integrity: sha512-hiaWZspmI4zWeWmmFWgyw1+yEStSo6edGRHHUXCUPR+vBoqlT/hEfmndlfDGso2GFP8IV59DORMVY0KReMcO+w==} - engines: {node: 12.* || 14.* || >= 16} + ember-can@8.0.0: + resolution: {integrity: sha512-JsS7tJ7sg52p8jPY2ND9uqHdEpAB+RpJLN8+lo7t5j65JgBX5gWXCCJ8seJ28AE278Im2ok0OoQBv5VXWqkvOw==} + peerDependencies: + '@ember/string': '>= 3.0.1' + ember-inflector: '>= 5.0.1' + ember-resolver: '>= 10.0.0' + ember-source: '>= 4.12.0' ember-cli-babel-plugin-helpers@1.1.1: resolution: {integrity: sha512-sKvOiPNHr5F/60NLd7SFzMpYPte/nnGkq/tMIfXejfKHIhaiIkYFqX8Z9UFTKWLLn+V7NOaby6niNPZUdvKCRw==} @@ -13635,13 +13639,16 @@ snapshots: transitivePeerDependencies: - supports-color - ember-can@4.2.0(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))): + ember-can@8.0.0(@babel/core@7.27.1)(@ember/string@4.0.1)(ember-inflector@4.0.3(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))))(ember-resolver@12.0.1(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))))(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))): dependencies: - ember-cli-babel: 7.26.11 - ember-cli-htmlbars: 6.3.0 + '@ember/string': 4.0.1 + '@embroider/addon-shim': 1.10.0 + decorator-transforms: 2.3.0(@babel/core@7.27.1) ember-inflector: 4.0.3(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))) + ember-resolver: 12.0.1(ember-source@5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9))) + ember-source: 5.12.0(@glimmer/component@2.0.0)(@glint/template@1.5.2)(rsvp@4.8.5)(webpack@5.99.8(esbuild@0.25.9)) transitivePeerDependencies: - - ember-source + - '@babel/core' - supports-color ember-cli-babel-plugin-helpers@1.1.1: {} diff --git a/ui/admin/app/app.js b/ui/admin/app/app.js index e9a333fa75..0b2d432718 100644 --- a/ui/admin/app/app.js +++ b/ui/admin/app/app.js @@ -7,11 +7,12 @@ import Application from '@ember/application'; import Resolver from 'ember-resolver'; import loadInitializers from 'ember-load-initializers'; import config from 'admin/config/environment'; +import { extendResolver } from 'ember-can'; export default class App extends Application { modulePrefix = config.modulePrefix; podModulePrefix = config.podModulePrefix; - Resolver = Resolver; + Resolver = extendResolver(Resolver); } loadInitializers(App, config.modulePrefix); diff --git a/ui/admin/app/components/form/user/add-accounts/index.js b/ui/admin/app/components/form/user/add-accounts/index.js index 8ed6da9845..3242ef7c59 100644 --- a/ui/admin/app/components/form/user/add-accounts/index.js +++ b/ui/admin/app/components/form/user/add-accounts/index.js @@ -10,7 +10,7 @@ import { service } from '@ember/service'; export default class FormUserAddAccountsComponent extends Component { // =properties - @service can; + @service abilities; /** * Array of selected account IDs. * @type {EmberArray} @@ -36,7 +36,7 @@ export default class FormUserAddAccountsComponent extends Component { const notAddedAccounts = this.args.accounts.filter( (account) => !alreadyAddedAccountIDs.includes(account.id) && - this.can.can('addAccount user', this.args.model, { account }), + this.abilities.can('addAccount user', this.args.model, { account }), ); return notAddedAccounts; } diff --git a/ui/admin/app/controllers/scopes/scope/aliases/index.js b/ui/admin/app/controllers/scopes/scope/aliases/index.js index 5a1a72640f..1684f08b55 100644 --- a/ui/admin/app/controllers/scopes/scope/aliases/index.js +++ b/ui/admin/app/controllers/scopes/scope/aliases/index.js @@ -14,7 +14,7 @@ import { confirm } from 'core/decorators/confirm'; export default class ScopesScopeAliasesIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -41,10 +41,10 @@ export default class ScopesScopeAliasesIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'aliases', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'aliases', }); const resource = this.intl.t('resources.alias.title_plural'); @@ -84,7 +84,7 @@ export default class ScopesScopeAliasesIndexController extends Controller { ) async save(alias) { await alias.save(); - if (this.can.can('read model', alias)) { + if (this.abilities.can('read model', alias)) { await this.router.transitionTo('scopes.scope.aliases.alias', alias); } else { this.router.transitionTo('scopes.scope.aliases'); diff --git a/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/accounts/index.js b/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/accounts/index.js index fbde5892cf..c2e74d0b5e 100644 --- a/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/accounts/index.js +++ b/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/accounts/index.js @@ -15,7 +15,7 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsIndexController ext // =services - @service can; + @service abilities; @service intl; @service router; @@ -28,10 +28,10 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsIndexController ext * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.authMethod, { + const canList = this.abilities.can('list model', this.authMethod, { collection: 'accounts', }); - const canCreate = this.can.can('create model', this.authMethod, { + const canCreate = this.abilities.can('create model', this.authMethod, { collection: 'accounts', }); const resource = this.intl.t('resources.account.title_plural'); @@ -80,7 +80,7 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsIndexController ext adapterOptions.password = password; } await account.save({ adapterOptions }); - if (this.can.can('read model', account)) { + if (this.abilities.can('read model', account)) { await this.router.transitionTo( 'scopes.scope.auth-methods.auth-method.accounts.account', account, diff --git a/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/managed-groups/index.js b/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/managed-groups/index.js index 3087ad48b5..c60ef18e64 100644 --- a/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/managed-groups/index.js +++ b/ui/admin/app/controllers/scopes/scope/auth-methods/auth-method/managed-groups/index.js @@ -15,7 +15,7 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsIndexControlle // =services - @service can; + @service abilities; @service intl; @service router; @@ -28,10 +28,10 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsIndexControlle * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.authMethod, { + const canList = this.abilities.can('list model', this.authMethod, { collection: 'managed-groups', }); - const canCreate = this.can.can('create model', this.authMethod, { + const canCreate = this.abilities.can('create model', this.authMethod, { collection: 'managed-groups', }); const resource = this.intl.t('resources.managed-group.title_plural'); @@ -75,7 +75,7 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsIndexControlle ) async save(managedGroup) { await managedGroup.save(); - if (this.can.can('read model', managedGroup)) { + if (this.abilities.can('read model', managedGroup)) { await this.router.transitionTo( 'scopes.scope.auth-methods.auth-method.managed-groups.managed-group', managedGroup, diff --git a/ui/admin/app/controllers/scopes/scope/auth-methods/index.js b/ui/admin/app/controllers/scopes/scope/auth-methods/index.js index fb00a0fd71..0eb6d46867 100644 --- a/ui/admin/app/controllers/scopes/scope/auth-methods/index.js +++ b/ui/admin/app/controllers/scopes/scope/auth-methods/index.js @@ -16,7 +16,7 @@ export default class ScopesScopeAuthMethodsIndexController extends Controller { // =services @service router; - @service can; + @service abilities; @service intl; @service store; @@ -82,10 +82,10 @@ export default class ScopesScopeAuthMethodsIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scopeModel, { + const canList = this.abilities.can('list model', this.scopeModel, { collection: 'auth-methods', }); - const canCreate = this.can.can('create model', this.scopeModel, { + const canCreate = this.abilities.can('create model', this.scopeModel, { collection: 'auth-methods', }); const resource = this.intl.t('resources.auth-method.title_plural'); @@ -148,7 +148,7 @@ export default class ScopesScopeAuthMethodsIndexController extends Controller { ) async save(authMethod) { await authMethod.save(); - if (this.can.can('read model', authMethod)) { + if (this.abilities.can('read model', authMethod)) { await this.router.transitionTo( 'scopes.scope.auth-methods.auth-method', authMethod, diff --git a/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credential-libraries/index.js b/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credential-libraries/index.js index 34e554bcbb..37c76c5bd1 100644 --- a/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credential-libraries/index.js +++ b/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credential-libraries/index.js @@ -15,7 +15,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari // =services - @service can; + @service abilities; @service intl; @service router; @@ -28,10 +28,10 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.credentialStore, { + const canList = this.abilities.can('list model', this.credentialStore, { collection: 'credential-libraries', }); - const canCreate = this.can.can('create model', this.credentialStore, { + const canCreate = this.abilities.can('create model', this.credentialStore, { collection: 'credential-libraries', }); const resource = this.intl.t('resources.credential-library.title_plural'); @@ -75,7 +75,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari ) async save(credentialLibrary) { await credentialLibrary.save(); - if (this.can.can('read model', credentialLibrary)) { + if (this.abilities.can('read model', credentialLibrary)) { await this.router.transitionTo( 'scopes.scope.credential-stores.credential-store.credential-libraries.credential-library', credentialLibrary, diff --git a/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credentials/index.js b/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credentials/index.js index dad3d9a101..201644f323 100644 --- a/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credentials/index.js +++ b/ui/admin/app/controllers/scopes/scope/credential-stores/credential-store/credentials/index.js @@ -15,7 +15,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsIndexC // =services - @service can; + @service abilities; @service intl; @service router; @@ -28,10 +28,10 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsIndexC * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.credentialStore, { + const canList = this.abilities.can('list model', this.credentialStore, { collection: 'credentials', }); - const canCreate = this.can.can('create model', this.credentialStore, { + const canCreate = this.abilities.can('create model', this.credentialStore, { collection: 'credentials', }); const resource = this.intl.t('resources.credential.title_plural'); @@ -75,7 +75,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsIndexC ) async save(credential) { await credential.save(); - if (this.can.can('read credential', credential)) { + if (this.abilities.can('read credential', credential)) { await this.router.transitionTo( 'scopes.scope.credential-stores.credential-store.credentials.credential', credential, diff --git a/ui/admin/app/controllers/scopes/scope/credential-stores/index.js b/ui/admin/app/controllers/scopes/scope/credential-stores/index.js index f2ddbe3b3d..1b9c9c362b 100644 --- a/ui/admin/app/controllers/scopes/scope/credential-stores/index.js +++ b/ui/admin/app/controllers/scopes/scope/credential-stores/index.js @@ -15,7 +15,7 @@ import { TYPES_CREDENTIAL_STORE } from 'api/models/credential-store'; export default class ScopesScopeCredentialStoresIndexController extends Controller { // =services - @service can; + @service abilities; @service router; @service intl; @@ -58,10 +58,10 @@ export default class ScopesScopeCredentialStoresIndexController extends Controll * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'credential-stores', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'credential-stores', }); const resource = this.intl.t('resources.credential-store.title_plural'); @@ -88,7 +88,7 @@ export default class ScopesScopeCredentialStoresIndexController extends Controll @notifySuccess('notifications.save-success') async save(credentialStore) { await credentialStore.save(); - if (this.can.can('read model', credentialStore)) { + if (this.abilities.can('read model', credentialStore)) { await this.router.transitionTo( 'scopes.scope.credential-stores.credential-store', credentialStore, diff --git a/ui/admin/app/controllers/scopes/scope/groups/index.js b/ui/admin/app/controllers/scopes/scope/groups/index.js index 110e994a2f..eb76be6994 100644 --- a/ui/admin/app/controllers/scopes/scope/groups/index.js +++ b/ui/admin/app/controllers/scopes/scope/groups/index.js @@ -14,7 +14,7 @@ import { notifySuccess, notifyError } from 'core/decorators/notify'; export default class ScopesScopeGroupsIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -41,10 +41,10 @@ export default class ScopesScopeGroupsIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'groups', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'groups', }); const resource = this.intl.t('resources.group.title_plural'); @@ -84,7 +84,7 @@ export default class ScopesScopeGroupsIndexController extends Controller { ) async save(group) { await group.save(); - if (this.can.can('read model', group)) { + if (this.abilities.can('read model', group)) { await this.router.transitionTo('scopes.scope.groups.group', group); } else { this.router.transitionTo('scopes.scope.groups'); diff --git a/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/host-sets/index.js b/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/host-sets/index.js index 1dca4d144b..68538cfa7b 100644 --- a/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/host-sets/index.js +++ b/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/host-sets/index.js @@ -15,7 +15,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsIndexController e // =services - @service can; + @service abilities; @service intl; @service router; @service store; @@ -29,10 +29,10 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsIndexController e * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.hostCatalog, { + const canList = this.abilities.can('list model', this.hostCatalog, { collection: 'host-sets', }); - const canCreate = this.can.can('create model', this.hostCatalog, { + const canCreate = this.abilities.can('create model', this.hostCatalog, { collection: 'host-sets', }); const resource = this.intl.t('resources.host-set.title_plural'); @@ -79,7 +79,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsIndexController e // Fetch newest host set as updates to host set attributes cause an async db update which // updates the version again and can cause a version mismatch if the host set is updated // again and we haven't fetched the newest version. - if (this.can.can('read host-set', hostSet)) { + if (this.abilities.can('read host-set', hostSet)) { const newestHostSet = await this.store.findRecord( 'host-set', hostSet.id, @@ -93,7 +93,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsIndexController e await hostSet.save(); - if (this.can.can('read host-set', hostSet)) { + if (this.abilities.can('read host-set', hostSet)) { await this.router.transitionTo( 'scopes.scope.host-catalogs.host-catalog.host-sets.host-set', hostSet, diff --git a/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/hosts/index.js b/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/hosts/index.js index 2b78ba840c..547a78e2c7 100644 --- a/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/hosts/index.js +++ b/ui/admin/app/controllers/scopes/scope/host-catalogs/host-catalog/hosts/index.js @@ -15,7 +15,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsIndexController exte // =services - @service can; + @service abilities; @service intl; @service router; @@ -28,10 +28,10 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsIndexController exte * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.hostCatalog, { + const canList = this.abilities.can('list model', this.hostCatalog, { collection: 'hosts', }); - const canCreate = this.can.can('create model', this.hostCatalog, { + const canCreate = this.abilities.can('create model', this.hostCatalog, { collection: 'hosts', }); const resource = this.intl.t('resources.host.title_plural'); @@ -74,7 +74,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsIndexController exte ) async save(host) { await host.save(); - if (this.can.can('read model', host)) { + if (this.abilities.can('read model', host)) { await this.router.transitionTo( 'scopes.scope.host-catalogs.host-catalog.hosts.host', host, diff --git a/ui/admin/app/controllers/scopes/scope/host-catalogs/index.js b/ui/admin/app/controllers/scopes/scope/host-catalogs/index.js index 6ec122c8ea..9920317f49 100644 --- a/ui/admin/app/controllers/scopes/scope/host-catalogs/index.js +++ b/ui/admin/app/controllers/scopes/scope/host-catalogs/index.js @@ -15,7 +15,7 @@ import { TYPE_CREDENTIAL_STATIC } from 'api/models/host-catalog'; export default class ScopesScopeHostCatalogsIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -42,10 +42,10 @@ export default class ScopesScopeHostCatalogsIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'host-catalogs', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'host-catalogs', }); const resource = this.intl.t('resources.host-catalog.title_plural'); @@ -101,7 +101,7 @@ export default class ScopesScopeHostCatalogsIndexController extends Controller { hostCatalog.credentialType = TYPE_CREDENTIAL_STATIC; } await hostCatalog.save(); - if (this.can.can('read host-catalog', hostCatalog)) { + if (this.abilities.can('read host-catalog', hostCatalog)) { await this.router.transitionTo( 'scopes.scope.host-catalogs.host-catalog', hostCatalog, diff --git a/ui/admin/app/controllers/scopes/scope/policies/index.js b/ui/admin/app/controllers/scopes/scope/policies/index.js index bfac3659f4..e75e5d1ac4 100644 --- a/ui/admin/app/controllers/scopes/scope/policies/index.js +++ b/ui/admin/app/controllers/scopes/scope/policies/index.js @@ -13,7 +13,7 @@ import { notifySuccess, notifyError } from 'core/decorators/notify'; export default class ScopesScopePoliciesIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -26,10 +26,10 @@ export default class ScopesScopePoliciesIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'policies', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'policies', }); const resource = this.intl.t('resources.policy.title_plural'); @@ -67,7 +67,7 @@ export default class ScopesScopePoliciesIndexController extends Controller { @notifySuccess('notifications.save-success') async save(policy) { await policy.save(); - if (this.can.can('read model', policy)) { + if (this.abilities.can('read model', policy)) { await this.router.transitionTo('scopes.scope.policies.policy', policy); } else { await this.router.transitionTo('scopes.scope.policies'); diff --git a/ui/admin/app/controllers/scopes/scope/roles/index.js b/ui/admin/app/controllers/scopes/scope/roles/index.js index 8a621c14f6..bf1da4c4a3 100644 --- a/ui/admin/app/controllers/scopes/scope/roles/index.js +++ b/ui/admin/app/controllers/scopes/scope/roles/index.js @@ -15,7 +15,7 @@ import { GRANT_SCOPE_THIS } from 'api/models/role'; export default class ScopesScopeRolesIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -44,10 +44,10 @@ export default class ScopesScopeRolesIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'roles', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'roles', }); const resource = this.intl.t('resources.role.title_plural'); @@ -98,7 +98,7 @@ export default class ScopesScopeRolesIndexController extends Controller { ) async save(role) { await role.save(); - if (this.can.can('read model', role)) { + if (this.abilities.can('read model', role)) { await this.router.transitionTo('scopes.scope.roles.role', role); } else { this.router.transitionTo('scopes.scope.roles'); diff --git a/ui/admin/app/controllers/scopes/scope/storage-buckets/index.js b/ui/admin/app/controllers/scopes/scope/storage-buckets/index.js index 1566e63805..7c13dd960c 100644 --- a/ui/admin/app/controllers/scopes/scope/storage-buckets/index.js +++ b/ui/admin/app/controllers/scopes/scope/storage-buckets/index.js @@ -14,7 +14,7 @@ import { TYPE_CREDENTIAL_STATIC } from 'api/models/storage-bucket'; export default class ScopesScopeStorageBucketsIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -27,10 +27,10 @@ export default class ScopesScopeStorageBucketsIndexController extends Controller * @type {string} */ get messageDescription() { - const canList = this.can.can('list scope', this.scope, { + const canList = this.abilities.can('list scope', this.scope, { collection: 'storage-buckets', }); - const canCreate = this.can.can('create scope', this.scope, { + const canCreate = this.abilities.can('create scope', this.scope, { collection: 'storage-buckets', }); const resource = this.intl.t('resources.storage-bucket.title_plural'); diff --git a/ui/admin/app/controllers/scopes/scope/targets/index.js b/ui/admin/app/controllers/scopes/scope/targets/index.js index 1ef0d70e4a..7ec3d299f2 100644 --- a/ui/admin/app/controllers/scopes/scope/targets/index.js +++ b/ui/admin/app/controllers/scopes/scope/targets/index.js @@ -20,7 +20,7 @@ export default class ScopesScopeTargetsIndexController extends Controller { // =services @service intl; - @service can; + @service abilities; @service router; @service confirm; @service features; @@ -80,10 +80,10 @@ export default class ScopesScopeTargetsIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'targets', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'targets', }); const resource = this.intl.t('resources.target.title_plural'); @@ -187,7 +187,7 @@ export default class ScopesScopeTargetsIndexController extends Controller { ) async save(target) { await target.save(); - if (this.can.can('read model', target)) { + if (this.abilities.can('read model', target)) { await this.router.transitionTo('scopes.scope.targets.target', target); } else { this.router.transitionTo('scopes.scope.targets'); diff --git a/ui/admin/app/controllers/scopes/scope/targets/target/index.js b/ui/admin/app/controllers/scopes/scope/targets/target/index.js index a43cc396d0..7697755fe4 100644 --- a/ui/admin/app/controllers/scopes/scope/targets/target/index.js +++ b/ui/admin/app/controllers/scopes/scope/targets/target/index.js @@ -13,7 +13,7 @@ export default class ScopesScopeTargetsTargetIndexController extends Controller // =services - @service can; + @service abilities; @service router; // =attributes diff --git a/ui/admin/app/controllers/scopes/scope/users/index.js b/ui/admin/app/controllers/scopes/scope/users/index.js index 32d72f34a2..9283158eab 100644 --- a/ui/admin/app/controllers/scopes/scope/users/index.js +++ b/ui/admin/app/controllers/scopes/scope/users/index.js @@ -14,7 +14,7 @@ import { notifySuccess, notifyError } from 'core/decorators/notify'; export default class ScopesScopeUsersIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @tracked sortAttribute; @@ -41,10 +41,10 @@ export default class ScopesScopeUsersIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list model', this.scope, { + const canList = this.abilities.can('list model', this.scope, { collection: 'users', }); - const canCreate = this.can.can('create model', this.scope, { + const canCreate = this.abilities.can('create model', this.scope, { collection: 'users', }); const resource = this.intl.t('resources.user.title_plural'); @@ -98,7 +98,7 @@ export default class ScopesScopeUsersIndexController extends Controller { ) async save(user) { await user.save(); - if (this.can.can('read model', user)) { + if (this.abilities.can('read model', user)) { await this.router.transitionTo('scopes.scope.users.user', user); } else { this.router.transitionTo('scopes.scope.users'); diff --git a/ui/admin/app/controllers/scopes/scope/workers/index.js b/ui/admin/app/controllers/scopes/scope/workers/index.js index b72442ba75..3ef925965d 100644 --- a/ui/admin/app/controllers/scopes/scope/workers/index.js +++ b/ui/admin/app/controllers/scopes/scope/workers/index.js @@ -14,7 +14,7 @@ import { notifySuccess, notifyError } from 'core/decorators/notify'; export default class ScopesScopeWorkersIndexController extends Controller { // =services - @service can; + @service abilities; @service intl; @service router; @@ -79,12 +79,16 @@ export default class ScopesScopeWorkersIndexController extends Controller { * @type {string} */ get messageDescription() { - const canList = this.can.can('list worker', this.scope, { - collection: 'workers', - }); - const canCreate = this.can.can('create worker led worker', this.scope, { + const canList = this.abilities.can('list worker', this.scope, { collection: 'workers', }); + const canCreate = this.abilities.can( + 'create worker led worker', + this.scope, + { + collection: 'workers', + }, + ); const resource = this.intl.t('titles.workers'); let description = 'descriptions.neither-list-nor-create'; @@ -159,7 +163,7 @@ export default class ScopesScopeWorkersIndexController extends Controller { ) async save(worker) { await worker.save(); - if (this.can.can('read model', worker)) { + if (this.abilities.can('read model', worker)) { await this.router.transitionTo('scopes.scope.workers.worker', worker); } else { this.router.transitionTo('scopes.scope.workers'); diff --git a/ui/admin/app/routes/scopes/scope/aliases/index.js b/ui/admin/app/routes/scopes/scope/aliases/index.js index d4231eaa65..ed6caa7104 100644 --- a/ui/admin/app/routes/scopes/scope/aliases/index.js +++ b/ui/admin/app/routes/scopes/scope/aliases/index.js @@ -11,7 +11,7 @@ export default class ScopesScopeAliasesIndexRoute extends Route { // =services @service store; - @service can; + @service abilities; // =attributes @@ -69,7 +69,7 @@ export default class ScopesScopeAliasesIndexRoute extends Route { let totalItems = 0; if ( - this.can.can('list model', scope, { + this.abilities.can('list model', scope, { collection: 'aliases', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/aliases/new.js b/ui/admin/app/routes/scopes/scope/aliases/new.js index af8925b4de..eb4867e3c5 100644 --- a/ui/admin/app/routes/scopes/scope/aliases/new.js +++ b/ui/admin/app/routes/scopes/scope/aliases/new.js @@ -11,7 +11,7 @@ export default class ScopesScopeAliasesNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -22,7 +22,9 @@ export default class ScopesScopeAliasesNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create model', scopeModel, { collection: 'aliases' }) + this.abilities.cannot('create model', scopeModel, { + collection: 'aliases', + }) ) { this.router.replaceWith('scopes.scope.aliases'); } diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method.js b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method.js index 68d3eb6345..e22ee7f25e 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method.js @@ -11,7 +11,7 @@ export default class ScopesScopeAuthMethodsAuthMethodRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts.js b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts.js index 70f4b89169..dd8b011c3f 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts.js @@ -10,7 +10,7 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsRoute extends Route // =services @service store; - @service can; + @service abilities; // =methods @@ -24,7 +24,7 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsRoute extends Route let accounts; if ( - this.can.can('list model', authMethod, { + this.abilities.can('list model', authMethod, { collection: 'accounts', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/account.js b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/account.js index da60edc07f..6280a615ee 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/account.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/account.js @@ -10,7 +10,7 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsAccountRoute extend // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/new.js b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/new.js index df0ddadadb..d22ee658f4 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/new.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/accounts/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsNewRoute extends Ro // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -21,7 +21,9 @@ export default class ScopesScopeAuthMethodsAuthMethodAccountsNewRoute extends Ro beforeModel() { const authMethod = this.modelFor('scopes.scope.auth-methods.auth-method'); if ( - this.can.cannot('create model', authMethod, { collection: 'accounts' }) + this.abilities.cannot('create model', authMethod, { + collection: 'accounts', + }) ) { this.router.replaceWith('scopes.scope.auth-methods.auth-method.accounts'); } diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups.js b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups.js index 34999d3425..146da87339 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups.js @@ -10,7 +10,7 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsRoute extends // =services @service store; - @service can; + @service abilities; //=methods @@ -21,7 +21,7 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsRoute extends async model() { const authMethod = this.modelFor('scopes.scope.auth-methods.auth-method'); const { id: auth_method_id } = authMethod; - const canListManagedGroups = this.can.can('list model', authMethod, { + const canListManagedGroups = this.abilities.can('list model', authMethod, { collection: 'managed-groups', }); let managedGroups; diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups/new.js b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups/new.js index 2d810f3789..44119b1cef 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups/new.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/auth-method/managed-groups/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsNewRoute exten // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -21,7 +21,7 @@ export default class ScopesScopeAuthMethodsAuthMethodManagedGroupsNewRoute exten beforeModel() { const authMethod = this.modelFor('scopes.scope.auth-methods.auth-method'); if ( - this.can.cannot('create model', authMethod, { + this.abilities.cannot('create model', authMethod, { collection: 'managed-groups', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/index.js b/ui/admin/app/routes/scopes/scope/auth-methods/index.js index dd52715ee7..9a85ad07be 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/index.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/index.js @@ -11,7 +11,7 @@ export default class ScopesScopeAuthMethodsIndexRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =attributes @@ -101,7 +101,9 @@ export default class ScopesScopeAuthMethodsIndexRoute extends Route { let authMethods; let totalItems = 0; let doAuthMethodsExist = false; - if (this.can.can('list model', scope, { collection: 'auth-methods' })) { + if ( + this.abilities.can('list model', scope, { collection: 'auth-methods' }) + ) { // TODO: Remove storeToken option as this is a temporary fix for auth-methods. const options = { storeToken: false }; authMethods = await this.store.query( diff --git a/ui/admin/app/routes/scopes/scope/auth-methods/new.js b/ui/admin/app/routes/scopes/scope/auth-methods/new.js index d29b43ddae..d8e6f23426 100644 --- a/ui/admin/app/routes/scopes/scope/auth-methods/new.js +++ b/ui/admin/app/routes/scopes/scope/auth-methods/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeAuthMethodsNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =attributes @@ -29,7 +29,7 @@ export default class ScopesScopeAuthMethodsNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create model', scopeModel, { + this.abilities.cannot('create model', scopeModel, { collection: 'auth-methods', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store.js b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store.js index 97d06f026b..0011e7f0f0 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store.js @@ -11,7 +11,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreRoute extends Rou // =services @service store; - @service can; + @service abilities; @service router; /** diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries.js b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries.js index 3aa356fac3..570147686c 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries.js @@ -10,7 +10,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari // =services @service store; - @service can; + @service abilities; // =methods @@ -24,7 +24,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari ); const { id: credential_store_id } = credentialStore; if ( - this.can.can('list model', credentialStore, { + this.abilities.can('list model', credentialStore, { collection: 'credential-libraries', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries/new.js b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries/new.js index fe59b0e313..030e9e7436 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries/new.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credential-libraries/new.js @@ -16,7 +16,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari @service store; @service router; @service features; - @service can; + @service abilities; // =attributes @@ -36,7 +36,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialLibrari 'scopes.scope.credential-stores.credential-store', ); if ( - this.can.cannot('create model', credentialStore, { + this.abilities.cannot('create model', credentialStore, { collection: 'credential-libraries', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials.js b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials.js index efbeec581b..5eafbcc127 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials.js @@ -10,7 +10,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsRoute // =services @service store; - @service can; + @service abilities; // =methods @@ -24,7 +24,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsRoute ); const { id: credential_store_id } = credentialStore; if ( - this.can.can('list model', credentialStore, { + this.abilities.can('list model', credentialStore, { collection: 'credentials', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/credential.js b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/credential.js index 4afe795885..d26ba83c3e 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/credential.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/credential.js @@ -10,7 +10,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsCreden // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/new.js b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/new.js index 21a4a971a7..45cdc4127d 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/new.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/credential-store/credentials/new.js @@ -11,7 +11,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsNewRou @service store; @service router; - @service can; + @service abilities; // =attributes @@ -31,7 +31,7 @@ export default class ScopesScopeCredentialStoresCredentialStoreCredentialsNewRou 'scopes.scope.credential-stores.credential-store', ); if ( - this.can.cannot('create model', credentialStore, { + this.abilities.cannot('create model', credentialStore, { collection: 'credentials', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/index.js b/ui/admin/app/routes/scopes/scope/credential-stores/index.js index 65607b6740..6143947dbc 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/index.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/index.js @@ -11,7 +11,7 @@ export default class ScopesScopeCredentialStoresIndexRoute extends Route { // =services @service store; - @service can; + @service abilities; // =attributes @@ -90,7 +90,7 @@ export default class ScopesScopeCredentialStoresIndexRoute extends Route { let totalItems = 0; let doCredentialStoresExist = false; if ( - this.can.can('list model', scope, { + this.abilities.can('list model', scope, { collection: 'credential-stores', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/credential-stores/new.js b/ui/admin/app/routes/scopes/scope/credential-stores/new.js index 7e29c1681f..ca54c7bce2 100644 --- a/ui/admin/app/routes/scopes/scope/credential-stores/new.js +++ b/ui/admin/app/routes/scopes/scope/credential-stores/new.js @@ -12,7 +12,7 @@ export default class ScopesScopeCredentialStoresNewRoute extends Route { @service store; @service router; @service features; - @service can; + @service abilities; // =attributes @@ -30,7 +30,7 @@ export default class ScopesScopeCredentialStoresNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create model', scopeModel, { + this.abilities.cannot('create model', scopeModel, { collection: 'credential-stores', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/groups/group.js b/ui/admin/app/routes/scopes/scope/groups/group.js index bf5ee37066..a6efe22672 100644 --- a/ui/admin/app/routes/scopes/scope/groups/group.js +++ b/ui/admin/app/routes/scopes/scope/groups/group.js @@ -10,7 +10,7 @@ export default class ScopesScopeGroupsGroupRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/groups/index.js b/ui/admin/app/routes/scopes/scope/groups/index.js index b120e8a0e2..0137abfcc0 100644 --- a/ui/admin/app/routes/scopes/scope/groups/index.js +++ b/ui/admin/app/routes/scopes/scope/groups/index.js @@ -11,7 +11,7 @@ export default class ScopesScopeGroupsIndexRoute extends Route { // =services @service store; - @service can; + @service abilities; // =attributes @@ -77,7 +77,7 @@ export default class ScopesScopeGroupsIndexRoute extends Route { let groups = []; let totalItems = 0; let doGroupsExist = false; - if (this.can.can('list model', scope, { collection: 'groups' })) { + if (this.abilities.can('list model', scope, { collection: 'groups' })) { groups = await this.store.query('group', { scope_id, query: { filters, search, sort }, diff --git a/ui/admin/app/routes/scopes/scope/groups/new.js b/ui/admin/app/routes/scopes/scope/groups/new.js index d635845200..04ab4fc3a6 100644 --- a/ui/admin/app/routes/scopes/scope/groups/new.js +++ b/ui/admin/app/routes/scopes/scope/groups/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeGroupsNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -20,7 +20,11 @@ export default class ScopesScopeGroupsNewRoute extends Route { */ beforeModel() { const scopeModel = this.modelFor('scopes.scope'); - if (this.can.cannot('create model', scopeModel, { collection: 'groups' })) { + if ( + this.abilities.cannot('create model', scopeModel, { + collection: 'groups', + }) + ) { this.router.replaceWith('scopes.scope.groups'); } } diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog.js index 89d6d2f877..d92d7f5e6c 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog.js @@ -11,7 +11,7 @@ export default class ScopesScopeHostCatalogsHostCatalogRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets.js index 82a2e00a34..4829715854 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets.js @@ -10,7 +10,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsRoute extends Rou // =services @service store; - @service can; + @service abilities; // =methods @@ -26,7 +26,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsRoute extends Rou let hostSets; if ( - this.can.can('list model', hostCatalog, { + this.abilities.can('list model', hostCatalog, { collection: 'host-sets', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set.js index 2b432cb4db..1131c9ecb7 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set.js @@ -11,7 +11,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsHostSetRoute exte // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/create-and-add-host.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/create-and-add-host.js index cdc7ecc289..d010bf4b7e 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/create-and-add-host.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/create-and-add-host.js @@ -11,7 +11,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsHostSetCreateAndA @service store; @service router; - @service can; + @service abilities; // =methods @@ -22,7 +22,11 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsHostSetCreateAndA const hostCatalog = this.modelFor( 'scopes.scope.host-catalogs.host-catalog', ); - if (this.can.cannot('create model', hostCatalog, { collection: 'hosts' })) { + if ( + this.abilities.cannot('create model', hostCatalog, { + collection: 'hosts', + }) + ) { this.router.replaceWith( 'scopes.scope.host-catalogs.host-catalog.host-sets.host-set.hosts', ); diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/hosts/host.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/hosts/host.js index 3f33524ce5..9dca689aec 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/hosts/host.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/host-set/hosts/host.js @@ -10,7 +10,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsHostSetHostsHostR // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/new.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/new.js index e841be0088..4c2ff6dad1 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/new.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/host-sets/new.js @@ -11,7 +11,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsNewRoute extends @service store; @service router; - @service can; + @service abilities; // =methods @@ -23,7 +23,9 @@ export default class ScopesScopeHostCatalogsHostCatalogHostSetsNewRoute extends 'scopes.scope.host-catalogs.host-catalog', ); if ( - this.can.cannot('create model', hostCatalog, { collection: 'host-sets' }) + this.abilities.cannot('create model', hostCatalog, { + collection: 'host-sets', + }) ) { this.router.replaceWith( 'scopes.scope.host-catalogs.host-catalog.host-sets', diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts.js index 87add73439..adf93e2789 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts.js @@ -10,7 +10,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsRoute extends Route // =services @service store; - @service can; + @service abilities; // =methods @@ -26,7 +26,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsRoute extends Route let hosts; if ( - this.can.can('list model', hostCatalog, { + this.abilities.can('list model', hostCatalog, { collection: 'hosts', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/host.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/host.js index 67b71f521f..eb25645b41 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/host.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/host.js @@ -10,7 +10,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsHostRoute extends Ro // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/new.js b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/new.js index 87c0ac7d94..b648735b8e 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/new.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/host-catalog/hosts/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsNewRoute extends Rou // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -22,7 +22,11 @@ export default class ScopesScopeHostCatalogsHostCatalogHostsNewRoute extends Rou const hostCatalog = this.modelFor( 'scopes.scope.host-catalogs.host-catalog', ); - if (this.can.cannot('create model', hostCatalog, { collection: 'hosts' })) { + if ( + this.abilities.cannot('create model', hostCatalog, { + collection: 'hosts', + }) + ) { this.router.replaceWith('scopes.scope.host-catalogs.host-catalog.hosts'); } } diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/index.js b/ui/admin/app/routes/scopes/scope/host-catalogs/index.js index e666bcd8ae..28f2d1e350 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/index.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/index.js @@ -11,7 +11,7 @@ export default class ScopesScopeHostCatalogsIndexRoute extends Route { // =services @service store; - @service can; + @service abilities; // =attributes @@ -82,7 +82,9 @@ export default class ScopesScopeHostCatalogsIndexRoute extends Route { let hostCatalogs; let totalItems = 0; let doHostCatalogsExist = false; - if (this.can.can('list model', scope, { collection: 'host-catalogs' })) { + if ( + this.abilities.can('list model', scope, { collection: 'host-catalogs' }) + ) { hostCatalogs = await this.store.query('host-catalog', { scope_id, query: { search, filters, sort }, diff --git a/ui/admin/app/routes/scopes/scope/host-catalogs/new.js b/ui/admin/app/routes/scopes/scope/host-catalogs/new.js index 0c8b21d979..bac62638cb 100644 --- a/ui/admin/app/routes/scopes/scope/host-catalogs/new.js +++ b/ui/admin/app/routes/scopes/scope/host-catalogs/new.js @@ -11,7 +11,7 @@ export default class ScopesScopeHostCatalogsNewRoute extends Route { @service store; @service router; - @service can; + @service abilities; // =attributes @@ -29,7 +29,7 @@ export default class ScopesScopeHostCatalogsNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create model', scopeModel, { + this.abilities.cannot('create model', scopeModel, { collection: 'host-catalogs', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/policies.js b/ui/admin/app/routes/scopes/scope/policies.js index 58adb8b4d8..37ea12e4b3 100644 --- a/ui/admin/app/routes/scopes/scope/policies.js +++ b/ui/admin/app/routes/scopes/scope/policies.js @@ -11,7 +11,7 @@ export default class ScopesScopePoliciesRoute extends Route { @service store; @service session; - @service can; + @service abilities; @service router; // =methods @@ -32,7 +32,7 @@ export default class ScopesScopePoliciesRoute extends Route { const { id: scope_id } = scope; if ( - this.can.can('list model', scope, { + this.abilities.can('list model', scope, { collection: 'policies', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/policies/new.js b/ui/admin/app/routes/scopes/scope/policies/new.js index 75e3e3f216..8668310306 100644 --- a/ui/admin/app/routes/scopes/scope/policies/new.js +++ b/ui/admin/app/routes/scopes/scope/policies/new.js @@ -10,7 +10,7 @@ export default class ScopesScopePoliciesNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -21,7 +21,9 @@ export default class ScopesScopePoliciesNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create model', scopeModel, { collection: 'policies' }) + this.abilities.cannot('create model', scopeModel, { + collection: 'policies', + }) ) { this.router.replaceWith('scopes.scope.policies'); } diff --git a/ui/admin/app/routes/scopes/scope/policies/policy.js b/ui/admin/app/routes/scopes/scope/policies/policy.js index 5a18b265ac..f1fc074b7f 100644 --- a/ui/admin/app/routes/scopes/scope/policies/policy.js +++ b/ui/admin/app/routes/scopes/scope/policies/policy.js @@ -8,7 +8,7 @@ import { service } from '@ember/service'; export default class ScopesScopePoliciesPolicyRoute extends Route { @service store; - @service can; + @service abilities; // =methods diff --git a/ui/admin/app/routes/scopes/scope/roles/index.js b/ui/admin/app/routes/scopes/scope/roles/index.js index c08c5dcf50..ebf2b39587 100644 --- a/ui/admin/app/routes/scopes/scope/roles/index.js +++ b/ui/admin/app/routes/scopes/scope/roles/index.js @@ -33,7 +33,7 @@ export default class ScopesScopeRolesIndexRoute extends Route { // =services - @service can; + @service abilities; @service store; // =methods @@ -79,7 +79,7 @@ export default class ScopesScopeRolesIndexRoute extends Route { let roles; let totalItems = 0; let doRolesExist = false; - if (this.can.can('list model', scope, { collection: 'roles' })) { + if (this.abilities.can('list model', scope, { collection: 'roles' })) { roles = await this.store.query('role', { scope_id, query: { search, filters, sort }, diff --git a/ui/admin/app/routes/scopes/scope/roles/new.js b/ui/admin/app/routes/scopes/scope/roles/new.js index e3ff8f9ed6..6026514172 100644 --- a/ui/admin/app/routes/scopes/scope/roles/new.js +++ b/ui/admin/app/routes/scopes/scope/roles/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeRolesNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -20,7 +20,9 @@ export default class ScopesScopeRolesNewRoute extends Route { */ beforeModel() { const scopeModel = this.modelFor('scopes.scope'); - if (this.can.cannot('create model', scopeModel, { collection: 'roles' })) { + if ( + this.abilities.cannot('create model', scopeModel, { collection: 'roles' }) + ) { this.router.replaceWith('scopes.scope.roles'); } } diff --git a/ui/admin/app/routes/scopes/scope/roles/role.js b/ui/admin/app/routes/scopes/scope/roles/role.js index bc772c8576..22b36f5caa 100644 --- a/ui/admin/app/routes/scopes/scope/roles/role.js +++ b/ui/admin/app/routes/scopes/scope/roles/role.js @@ -11,7 +11,7 @@ export default class ScopesScopeRolesRoleRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/scopes/index.js b/ui/admin/app/routes/scopes/scope/scopes/index.js index bcbcc5b2ff..af98308213 100644 --- a/ui/admin/app/routes/scopes/scope/scopes/index.js +++ b/ui/admin/app/routes/scopes/scope/scopes/index.js @@ -33,7 +33,7 @@ export default class ScopesScopeScopesIndexRoute extends Route { // =services - @service can; + @service abilities; @service store; // =methods diff --git a/ui/admin/app/routes/scopes/scope/session-recordings/index.js b/ui/admin/app/routes/scopes/scope/session-recordings/index.js index 74ae99c0da..990744027c 100644 --- a/ui/admin/app/routes/scopes/scope/session-recordings/index.js +++ b/ui/admin/app/routes/scopes/scope/session-recordings/index.js @@ -16,7 +16,7 @@ export default class ScopesScopeSessionRecordingsIndexRoute extends Route { // =services @service store; @service router; - @service can; + @service abilities; @service intl; // =attributes @@ -124,7 +124,7 @@ export default class ScopesScopeSessionRecordingsIndexRoute extends Route { : { attributes: [sortAttribute], direction: sortDirection }; if ( - this.can.can('list scope', scope, { + this.abilities.can('list scope', scope, { collection: 'session-recordings', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/session-recordings/session-recording.js b/ui/admin/app/routes/scopes/scope/session-recordings/session-recording.js index d6db610424..63659e54b4 100644 --- a/ui/admin/app/routes/scopes/scope/session-recordings/session-recording.js +++ b/ui/admin/app/routes/scopes/scope/session-recordings/session-recording.js @@ -12,7 +12,7 @@ export default class ScopesScopeSessionRecordingsSessionRecordingRoute extends R @service store; @service session; @service router; - @service can; + @service abilities; // =methods diff --git a/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel.js b/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel.js index 1f21cd03f1..356808ed5f 100644 --- a/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel.js +++ b/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel.js @@ -9,7 +9,7 @@ import { service } from '@ember/service'; export default class ScopesScopeSessionRecordingsSessionRecordingChannelsByConnectionChannelRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; @service flashMessages; @service intl; diff --git a/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel/index.js b/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel/index.js index e0e6d7297a..dd2e7e1857 100644 --- a/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel/index.js +++ b/ui/admin/app/routes/scopes/scope/session-recordings/session-recording/channels-by-connection/channel/index.js @@ -8,7 +8,7 @@ import { service } from '@ember/service'; export default class ScopesScopeSessionRecordingsSessionRecordingChannelsByConnectionChannelIndexRoute extends Route { // =services - @service can; + @service abilities; @service flashMessages; @service intl; @@ -22,7 +22,9 @@ export default class ScopesScopeSessionRecordingsSessionRecordingChannelsByConne 'scopes.scope.session-recordings.session-recording.channels-by-connection.channel', ); - if (this.can.can('getAsciicast channel-recording', channelRecording)) { + if ( + this.abilities.can('getAsciicast channel-recording', channelRecording) + ) { try { asciicast = await channelRecording.getAsciicast(); } catch (e) { diff --git a/ui/admin/app/routes/scopes/scope/sessions/index.js b/ui/admin/app/routes/scopes/scope/sessions/index.js index 159bce03ac..0e24b402f7 100644 --- a/ui/admin/app/routes/scopes/scope/sessions/index.js +++ b/ui/admin/app/routes/scopes/scope/sessions/index.js @@ -10,7 +10,7 @@ import { restartableTask, timeout } from 'ember-concurrency'; export default class ScopesScopeSessionsIndexRoute extends Route { // =services - @service can; + @service abilities; @service store; // =attributes @@ -134,7 +134,7 @@ export default class ScopesScopeSessionsIndexRoute extends Route { // Preload the associated targets and users into the cache let refreshUsersPromise, refreshTargetsPromise; - const canListTargets = this.can.can('list model', scope, { + const canListTargets = this.abilities.can('list model', scope, { collection: 'targets', }); if (canListTargets) { @@ -152,8 +152,10 @@ export default class ScopesScopeSessionsIndexRoute extends Route { const orgScope = await this.store.findRecord('scope', scope.scope.id); const globalScope = await this.store.findRecord('scope', 'global'); const canListUsers = - this.can.can('list model', globalScope, { collection: 'users' }) || - this.can.can('list model', orgScope, { collection: 'users' }); + this.abilities.can('list model', globalScope, { + collection: 'users', + }) || + this.abilities.can('list model', orgScope, { collection: 'users' }); if (canListUsers) { refreshUsersPromise = this.store.query( diff --git a/ui/admin/app/routes/scopes/scope/storage-buckets.js b/ui/admin/app/routes/scopes/scope/storage-buckets.js index a0246b369c..139eec25d5 100644 --- a/ui/admin/app/routes/scopes/scope/storage-buckets.js +++ b/ui/admin/app/routes/scopes/scope/storage-buckets.js @@ -11,7 +11,7 @@ export default class ScopesScopeStorageBucketsRoute extends Route { @service store; @service session; - @service can; + @service abilities; @service router; // =methods @@ -31,7 +31,7 @@ export default class ScopesScopeStorageBucketsRoute extends Route { const scope = this.modelFor('scopes.scope'); const { id: scope_id } = scope; if ( - this.can.can('list scope', scope, { + this.abilities.can('list scope', scope, { collection: 'storage-buckets', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/storage-buckets/new.js b/ui/admin/app/routes/scopes/scope/storage-buckets/new.js index 272fb1faef..1ac768bcbf 100644 --- a/ui/admin/app/routes/scopes/scope/storage-buckets/new.js +++ b/ui/admin/app/routes/scopes/scope/storage-buckets/new.js @@ -14,7 +14,7 @@ export default class ScopesScopeStorageBucketsNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =attributes @@ -32,7 +32,7 @@ export default class ScopesScopeStorageBucketsNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create scope', scopeModel, { + this.abilities.cannot('create scope', scopeModel, { collection: 'storage-buckets', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/storage-buckets/storage-bucket.js b/ui/admin/app/routes/scopes/scope/storage-buckets/storage-bucket.js index 07735b0009..a0878817f8 100644 --- a/ui/admin/app/routes/scopes/scope/storage-buckets/storage-bucket.js +++ b/ui/admin/app/routes/scopes/scope/storage-buckets/storage-bucket.js @@ -10,7 +10,7 @@ export default class ScopesScopeStorageBucketsStorageBucketRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/targets/index.js b/ui/admin/app/routes/scopes/scope/targets/index.js index 2139df29a2..41f97edec2 100644 --- a/ui/admin/app/routes/scopes/scope/targets/index.js +++ b/ui/admin/app/routes/scopes/scope/targets/index.js @@ -17,7 +17,7 @@ import { TYPE_TARGET_SSH, TYPE_TARGET_TCP } from 'api/models/target'; export default class ScopesScopeTargetsIndexRoute extends Route { // =services - @service can; + @service abilities; @service store; @service session; @service intl; @@ -93,7 +93,7 @@ export default class ScopesScopeTargetsIndexRoute extends Route { filters.type.push({ equals: type }); }); - if (this.can.can('list model', scope, { collection: 'sessions' })) { + if (this.abilities.can('list model', scope, { collection: 'sessions' })) { await this.store.query( 'session', { @@ -133,7 +133,7 @@ export default class ScopesScopeTargetsIndexRoute extends Route { let targets; let totalItems = 0; let doTargetsExist = false; - if (this.can.can('list model', scope, { collection: 'targets' })) { + if (this.abilities.can('list model', scope, { collection: 'targets' })) { targets = await this.store.query('target', { scope_id, query: { search, filters, sort }, diff --git a/ui/admin/app/routes/scopes/scope/targets/new.js b/ui/admin/app/routes/scopes/scope/targets/new.js index 4cce182161..63661de5e3 100644 --- a/ui/admin/app/routes/scopes/scope/targets/new.js +++ b/ui/admin/app/routes/scopes/scope/targets/new.js @@ -13,7 +13,7 @@ export default class ScopesScopeTargetsNewRoute extends Route { @service store; @service router; @service features; - @service can; + @service abilities; // =attributes queryParams = { @@ -30,7 +30,9 @@ export default class ScopesScopeTargetsNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create model', scopeModel, { collection: 'targets' }) + this.abilities.cannot('create model', scopeModel, { + collection: 'targets', + }) ) { this.router.replaceWith('scopes.scope.targets'); } diff --git a/ui/admin/app/routes/scopes/scope/targets/target.js b/ui/admin/app/routes/scopes/scope/targets/target.js index f27afac519..5fcb83acbb 100644 --- a/ui/admin/app/routes/scopes/scope/targets/target.js +++ b/ui/admin/app/routes/scopes/scope/targets/target.js @@ -10,7 +10,7 @@ export default class ScopesScopeTargetsTargetRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/users/index.js b/ui/admin/app/routes/scopes/scope/users/index.js index 95d70a3b92..17ac75c9d8 100644 --- a/ui/admin/app/routes/scopes/scope/users/index.js +++ b/ui/admin/app/routes/scopes/scope/users/index.js @@ -34,7 +34,7 @@ export default class ScopesScopeUsersIndexRoute extends Route { // =services @service store; - @service can; + @service abilities; // =methods @@ -80,7 +80,7 @@ export default class ScopesScopeUsersIndexRoute extends Route { let users; let totalItems = 0; let doUsersExist = false; - if (this.can.can('list model', scope, { collection: 'users' })) { + if (this.abilities.can('list model', scope, { collection: 'users' })) { users = await this.store.query('user', { scope_id, query: { search, filters, sort }, diff --git a/ui/admin/app/routes/scopes/scope/users/new.js b/ui/admin/app/routes/scopes/scope/users/new.js index 53dc1a3245..67878aaa5d 100644 --- a/ui/admin/app/routes/scopes/scope/users/new.js +++ b/ui/admin/app/routes/scopes/scope/users/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeUsersNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -20,7 +20,9 @@ export default class ScopesScopeUsersNewRoute extends Route { */ beforeModel() { const scopeModel = this.modelFor('scopes.scope'); - if (this.can.cannot('create model', scopeModel, { collection: 'users' })) { + if ( + this.abilities.cannot('create model', scopeModel, { collection: 'users' }) + ) { this.router.replaceWith('scopes.scope.users'); } } diff --git a/ui/admin/app/routes/scopes/scope/users/user.js b/ui/admin/app/routes/scopes/scope/users/user.js index 36465052bf..932c402ebe 100644 --- a/ui/admin/app/routes/scopes/scope/users/user.js +++ b/ui/admin/app/routes/scopes/scope/users/user.js @@ -10,7 +10,7 @@ export default class ScopesScopeUsersUserRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/app/routes/scopes/scope/workers.js b/ui/admin/app/routes/scopes/scope/workers.js index 1a5ac72859..9df43f7ac9 100644 --- a/ui/admin/app/routes/scopes/scope/workers.js +++ b/ui/admin/app/routes/scopes/scope/workers.js @@ -10,7 +10,7 @@ export default class ScopesScopeWorkersRoute extends Route { // =services @service store; - @service can; + @service abilities; @service session; @service router; @@ -30,7 +30,7 @@ export default class ScopesScopeWorkersRoute extends Route { model() { const scope = this.modelFor('scopes.scope'); const { id: scope_id } = scope; - if (this.can.can('list worker', scope, { collection: 'workers' })) { + if (this.abilities.can('list worker', scope, { collection: 'workers' })) { return this.store.query('worker', { scope_id }); } } diff --git a/ui/admin/app/routes/scopes/scope/workers/new.js b/ui/admin/app/routes/scopes/scope/workers/new.js index 611a559f2a..11eaebe035 100644 --- a/ui/admin/app/routes/scopes/scope/workers/new.js +++ b/ui/admin/app/routes/scopes/scope/workers/new.js @@ -10,7 +10,7 @@ export default class ScopesScopeWorkersNewRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods @@ -21,7 +21,7 @@ export default class ScopesScopeWorkersNewRoute extends Route { beforeModel() { const scopeModel = this.modelFor('scopes.scope'); if ( - this.can.cannot('create worker led worker', scopeModel, { + this.abilities.cannot('create worker led worker', scopeModel, { collection: 'workers', }) ) { diff --git a/ui/admin/app/routes/scopes/scope/workers/worker.js b/ui/admin/app/routes/scopes/scope/workers/worker.js index 529a4b6577..3ec15d1d9e 100644 --- a/ui/admin/app/routes/scopes/scope/workers/worker.js +++ b/ui/admin/app/routes/scopes/scope/workers/worker.js @@ -10,7 +10,7 @@ export default class ScopesScopeWorkersWorkerRoute extends Route { // =services @service store; - @service can; + @service abilities; @service router; // =methods diff --git a/ui/admin/tests/unit/abilities/auth-method-test.js b/ui/admin/tests/unit/abilities/auth-method-test.js index 66f878222e..f9f0e5f383 100644 --- a/ui/admin/tests/unit/abilities/auth-method-test.js +++ b/ui/admin/tests/unit/abilities/auth-method-test.js @@ -14,12 +14,12 @@ import { module('Unit | Abilities | auth-method', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; let features; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); features = this.owner.lookup('service:features'); }); @@ -30,9 +30,9 @@ module('Unit | Abilities | auth-method', function (hooks) { authorized_actions: ['read'], type: TYPE_AUTH_METHOD_LDAP, }); - assert.true(canService.can('read auth-method', authMethod)); + assert.true(abilitiesService.can('read auth-method', authMethod)); authMethod.authorized_actions = []; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); }); test('cannot read LDAP auth-method when authorized and feature flag disabled', function (assert) { @@ -40,9 +40,9 @@ module('Unit | Abilities | auth-method', function (hooks) { authorized_actions: ['read'], type: TYPE_AUTH_METHOD_LDAP, }); - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); authMethod.authorized_actions = []; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); }); test('can read non-LDAP auth-method when authorized', function (assert) { @@ -50,9 +50,9 @@ module('Unit | Abilities | auth-method', function (hooks) { authorized_actions: ['read'], type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('read auth-method', authMethod)); + assert.true(abilitiesService.can('read auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('read auth-method', authMethod)); + assert.true(abilitiesService.can('read auth-method', authMethod)); }); test('cannot read non-LDAP auth-method when unauthorized', function (assert) { @@ -60,16 +60,16 @@ module('Unit | Abilities | auth-method', function (hooks) { authorized_actions: [], type: TYPE_AUTH_METHOD_OIDC, }); - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.false(canService.can('read auth-method', authMethod)); + assert.false(abilitiesService.can('read auth-method', authMethod)); }); test('cannot make LDAP auth-method primary when feature flag disabled', function (assert) { const authMethod = store.createRecord('auth-method', { type: TYPE_AUTH_METHOD_LDAP, }); - assert.false(canService.can('makePrimary auth-method', authMethod)); + assert.false(abilitiesService.can('makePrimary auth-method', authMethod)); }); test('can make LDAP auth-method primary when feature flag enabled', function (assert) { @@ -77,15 +77,15 @@ module('Unit | Abilities | auth-method', function (hooks) { const authMethod = store.createRecord('auth-method', { type: TYPE_AUTH_METHOD_LDAP, }); - assert.true(canService.can('makePrimary auth-method', authMethod)); + assert.true(abilitiesService.can('makePrimary auth-method', authMethod)); }); test('can make non-LDAP auth-method primary', function (assert) { const authMethod = store.createRecord('auth-method', { type: TYPE_AUTH_METHOD_OIDC, }); - assert.true(canService.can('makePrimary auth-method', authMethod)); + assert.true(abilitiesService.can('makePrimary auth-method', authMethod)); authMethod.type = TYPE_AUTH_METHOD_PASSWORD; - assert.true(canService.can('makePrimary auth-method', authMethod)); + assert.true(abilitiesService.can('makePrimary auth-method', authMethod)); }); }); diff --git a/ui/admin/tests/unit/abilities/channel-recording-test.js b/ui/admin/tests/unit/abilities/channel-recording-test.js index f92a38fd9c..411f9d45b2 100644 --- a/ui/admin/tests/unit/abilities/channel-recording-test.js +++ b/ui/admin/tests/unit/abilities/channel-recording-test.js @@ -11,7 +11,7 @@ import { MIME_TYPE_ASCIICAST } from 'api/models/channel-recording'; module('Unit | Abilities | channel-recording', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; let sessionRecording; let connectionRecording; @@ -19,7 +19,7 @@ module('Unit | Abilities | channel-recording', function (hooks) { let noneAsciicastChannel; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); sessionRecording = store.createRecord('session-recording', { @@ -39,18 +39,20 @@ module('Unit | Abilities | channel-recording', function (hooks) { }); test('returns true if session recording complete and channel mime type is asciicast', function (assert) { - assert.true(canService.can('play channel-recording', asciicastChannel)); + assert.true( + abilitiesService.can('play channel-recording', asciicastChannel), + ); assert.false( - canService.can('play channel-recording', noneAsciicastChannel), + abilitiesService.can('play channel-recording', noneAsciicastChannel), ); }); test('returns false if session recording complete and channel mime type is not asciicast', function (assert) { assert.true( - canService.can('viewOnly channel-recording', noneAsciicastChannel), + abilitiesService.can('viewOnly channel-recording', noneAsciicastChannel), ); assert.false( - canService.can('viewOnly channel-recording', asciicastChannel), + abilitiesService.can('viewOnly channel-recording', asciicastChannel), ); }); }); diff --git a/ui/admin/tests/unit/abilities/collection-test.js b/ui/admin/tests/unit/abilities/collection-test.js index c3daff34e4..aa26ccd7b4 100644 --- a/ui/admin/tests/unit/abilities/collection-test.js +++ b/ui/admin/tests/unit/abilities/collection-test.js @@ -10,7 +10,7 @@ module('Unit | Abilities | model', function (hooks) { setupTest(hooks); test('it reflects when a resource may be navigated to based on list and create actions', function (assert) { - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_collection_actions: { foobars: [] }, }; diff --git a/ui/admin/tests/unit/abilities/credential-library-test.js b/ui/admin/tests/unit/abilities/credential-library-test.js index da5177ea58..f957b4f6d1 100644 --- a/ui/admin/tests/unit/abilities/credential-library-test.js +++ b/ui/admin/tests/unit/abilities/credential-library-test.js @@ -21,32 +21,40 @@ module('Unit | Abilities | credential-library', function (hooks) { test('can read credential library type when authorized and feature is enabled', function (assert) { features.enable('ssh-target'); - const canService = this.owner.lookup('service:can'); + const abilitiesService = this.owner.lookup('service:abilities'); const store = this.owner.lookup('service:store'); const credentialLibrary = store.createRecord('credential-library', { authorized_actions: ['read'], type: TYPE_CREDENTIAL_LIBRARY_VAULT_SSH_CERTIFICATE, }); - assert.true(canService.can('read credential-library', credentialLibrary)); + assert.true( + abilitiesService.can('read credential-library', credentialLibrary), + ); credentialLibrary.type = TYPE_CREDENTIAL_LIBRARY_VAULT_GENERIC; - assert.true(canService.can('read credential-library', credentialLibrary)); + assert.true( + abilitiesService.can('read credential-library', credentialLibrary), + ); }); test('cannot read credential library type when unauthorized and feature is enabled', function (assert) { features.enable('ssh-target'); - const canService = this.owner.lookup('service:can'); + const abilitiesService = this.owner.lookup('service:abilities'); const store = this.owner.lookup('service:store'); const credentialLibrary = store.createRecord('credential-library', { authorized_actions: [], type: TYPE_CREDENTIAL_LIBRARY_VAULT_SSH_CERTIFICATE, }); - assert.false(canService.can('read credential-library', credentialLibrary)); + assert.false( + abilitiesService.can('read credential-library', credentialLibrary), + ); credentialLibrary.type = TYPE_CREDENTIAL_LIBRARY_VAULT_GENERIC; - assert.false(canService.can('read credential-library', credentialLibrary)); + assert.false( + abilitiesService.can('read credential-library', credentialLibrary), + ); }); test('cannot read credential library type when unauthorized and feature is disabled', function (assert) { - const canService = this.owner.lookup('service:can'); + const abilitiesService = this.owner.lookup('service:abilities'); const store = this.owner.lookup('service:store'); const featuresService = this.owner.lookup('service:features'); const credentialLibrary = store.createRecord('credential-library', { @@ -54,13 +62,17 @@ module('Unit | Abilities | credential-library', function (hooks) { type: TYPE_CREDENTIAL_LIBRARY_VAULT_SSH_CERTIFICATE, }); assert.false(featuresService.isEnabled('ssh-target')); - assert.false(canService.can('read credential-library', credentialLibrary)); + assert.false( + abilitiesService.can('read credential-library', credentialLibrary), + ); credentialLibrary.type = TYPE_CREDENTIAL_LIBRARY_VAULT_GENERIC; - assert.false(canService.can('read credential-library', credentialLibrary)); + assert.false( + abilitiesService.can('read credential-library', credentialLibrary), + ); }); test('can read vault-generic but not vault-ssh-certificate when authorized and feature is disabled', function (assert) { - const canService = this.owner.lookup('service:can'); + const abilitiesService = this.owner.lookup('service:abilities'); const store = this.owner.lookup('service:store'); const featuresService = this.owner.lookup('service:features'); const credentialLibrary = store.createRecord('credential-library', { @@ -68,8 +80,12 @@ module('Unit | Abilities | credential-library', function (hooks) { type: TYPE_CREDENTIAL_LIBRARY_VAULT_SSH_CERTIFICATE, }); assert.false(featuresService.isEnabled('ssh-target')); - assert.false(canService.can('read credential-library', credentialLibrary)); + assert.false( + abilitiesService.can('read credential-library', credentialLibrary), + ); credentialLibrary.type = TYPE_CREDENTIAL_LIBRARY_VAULT_GENERIC; - assert.true(canService.can('read credential-library', credentialLibrary)); + assert.true( + abilitiesService.can('read credential-library', credentialLibrary), + ); }); }); diff --git a/ui/admin/tests/unit/abilities/role-test.js b/ui/admin/tests/unit/abilities/role-test.js index 4c803f4740..a9fadd7aef 100644 --- a/ui/admin/tests/unit/abilities/role-test.js +++ b/ui/admin/tests/unit/abilities/role-test.js @@ -9,11 +9,11 @@ import { setupTest } from 'ember-qunit'; module('Unit | Abilities | role', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -23,9 +23,9 @@ module('Unit | Abilities | role', function (hooks) { authorized_actions: ['set-grant-scopes'], scope: globalScope, }); - assert.true(canService.can('setGrantScopes role', role)); + assert.true(abilitiesService.can('setGrantScopes role', role)); role.authorized_actions = []; - assert.false(canService.can('setGrantScopes role', role)); + assert.false(abilitiesService.can('setGrantScopes role', role)); }); test('can setGrantScopes on role when authorized and scope is org type', function (assert) { @@ -38,9 +38,9 @@ module('Unit | Abilities | role', function (hooks) { authorized_actions: ['set-grant-scopes'], scope: orgScope, }); - assert.true(canService.can('setGrantScopes role', role)); + assert.true(abilitiesService.can('setGrantScopes role', role)); role.authorized_actions = []; - assert.false(canService.can('setGrantScopes role', role)); + assert.false(abilitiesService.can('setGrantScopes role', role)); }); test('cannot setGrantScopes on role when authorized and scope is project type', function (assert) { @@ -57,8 +57,8 @@ module('Unit | Abilities | role', function (hooks) { authorized_actions: ['set-grant-scopes'], scope: projectScope, }); - assert.false(canService.can('setGrantScopes role', role)); + assert.false(abilitiesService.can('setGrantScopes role', role)); role.authorized_actions = []; - assert.false(canService.can('setGrantScopes role', role)); + assert.false(abilitiesService.can('setGrantScopes role', role)); }); }); diff --git a/ui/admin/tests/unit/abilities/scope-test.js b/ui/admin/tests/unit/abilities/scope-test.js index b3d022e287..2235f3fd57 100644 --- a/ui/admin/tests/unit/abilities/scope-test.js +++ b/ui/admin/tests/unit/abilities/scope-test.js @@ -10,12 +10,12 @@ module('Unit | Abilities | Scope', function (hooks) { setupTest(hooks); let features; - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { store = this.owner.lookup('service:store'); - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); features = this.owner.lookup('service:features'); }); @@ -25,7 +25,7 @@ module('Unit | Abilities | Scope', function (hooks) { const scopeModel = store.createRecord('scope', { authorized_actions: ['attach-storage-policy'], }); - assert.true(canService.can('attachStoragePolicy scope', scopeModel)); + assert.true(abilitiesService.can('attachStoragePolicy scope', scopeModel)); }); test('cannot attach storage policy when unauthorized', function (assert) { @@ -35,7 +35,7 @@ module('Unit | Abilities | Scope', function (hooks) { authorized_actions: [], }); - assert.false(canService.can('attachStoragePolicy scope', scopeModel)); + assert.false(abilitiesService.can('attachStoragePolicy scope', scopeModel)); }); test('can detach storage policy when authorized', function (assert) { @@ -44,6 +44,6 @@ module('Unit | Abilities | Scope', function (hooks) { const scopeModel = store.createRecord('scope', { authorized_actions: ['detach-storage-policy'], }); - assert.true(canService.can('detachStoragePolicy scope', scopeModel)); + assert.true(abilitiesService.can('detachStoragePolicy scope', scopeModel)); }); }); diff --git a/ui/admin/tests/unit/abilities/session-recording-test.js b/ui/admin/tests/unit/abilities/session-recording-test.js index ab1bc819f8..eb848bd272 100644 --- a/ui/admin/tests/unit/abilities/session-recording-test.js +++ b/ui/admin/tests/unit/abilities/session-recording-test.js @@ -15,12 +15,12 @@ module('Unit | Abilities | session-recording', function (hooks) { setupTest(hooks); let features; - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { features = this.owner.lookup('service:features'); - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); }); @@ -43,10 +43,13 @@ module('Unit | Abilities | session-recording', function (hooks) { ); assert.true( - canService.can('read session-recording', recordingWithAuthorizedAction), + abilitiesService.can( + 'read session-recording', + recordingWithAuthorizedAction, + ), ); assert.false( - canService.can( + abilitiesService.can( 'read session-recording', recordingWithoutAuthorizedAction, ), @@ -70,10 +73,13 @@ module('Unit | Abilities | session-recording', function (hooks) { ); assert.false( - canService.can('read session-recording', recordingWithAuthorizedAction), + abilitiesService.can( + 'read session-recording', + recordingWithAuthorizedAction, + ), ); assert.false( - canService.can( + abilitiesService.can( 'read session-recording', recordingWithoutAuthorizedAction, ), @@ -95,12 +101,12 @@ module('Unit | Abilities | session-recording', function (hooks) { }); assert.true( - canService.can('list scope', scopeModelWithAuthorizedAction, { + abilitiesService.can('list scope', scopeModelWithAuthorizedAction, { collection: 'session-recordings', }), ); assert.false( - canService.can('list scope', scopeModelWithoutAuthorizedAction, { + abilitiesService.can('list scope', scopeModelWithoutAuthorizedAction, { collection: 'session-recordings', }), ); @@ -121,12 +127,12 @@ module('Unit | Abilities | session-recording', function (hooks) { }); assert.true( - canService.can('list scope', scopeModelWithAuthorizedAction, { + abilitiesService.can('list scope', scopeModelWithAuthorizedAction, { collection: 'session-recordings', }), ); assert.false( - canService.can('list scope', scopeModelWithoutAuthorizedAction, { + abilitiesService.can('list scope', scopeModelWithoutAuthorizedAction, { collection: 'session-recordings', }), ); @@ -147,14 +153,18 @@ module('Unit | Abilities | session-recording', function (hooks) { }); assert.true( - canService.can('navigate scope', scopeModelWithAuthorizedAction, { + abilitiesService.can('navigate scope', scopeModelWithAuthorizedAction, { collection: 'session-recordings', }), ); assert.false( - canService.can('navigate scope', scopeModelWithoutAuthorizedAction, { - collection: 'session-recordings', - }), + abilitiesService.can( + 'navigate scope', + scopeModelWithoutAuthorizedAction, + { + collection: 'session-recordings', + }, + ), ); }); @@ -171,14 +181,18 @@ module('Unit | Abilities | session-recording', function (hooks) { }); assert.false( - canService.can('navigate scope', scopeModelWithAuthorizedAction, { + abilitiesService.can('navigate scope', scopeModelWithAuthorizedAction, { collection: 'session-recordings', }), ); assert.false( - canService.can('navigate scope', scopeModelWithoutAuthorizedAction, { - collection: 'session-recordings', - }), + abilitiesService.can( + 'navigate scope', + scopeModelWithoutAuthorizedAction, + { + collection: 'session-recordings', + }, + ), ); }); @@ -204,10 +218,13 @@ module('Unit | Abilities | session-recording', function (hooks) { ); assert.true( - canService.can('delete session-recording', recordingWithAuthorizedAction), + abilitiesService.can( + 'delete session-recording', + recordingWithAuthorizedAction, + ), ); assert.false( - canService.can( + abilitiesService.can( 'delete session-recording', recordingWithoutAuthorizedAction, ), @@ -236,10 +253,13 @@ module('Unit | Abilities | session-recording', function (hooks) { ); assert.false( - canService.can('delete session-recording', recordingWithAuthorizedAction), + abilitiesService.can( + 'delete session-recording', + recordingWithAuthorizedAction, + ), ); assert.false( - canService.can( + abilitiesService.can( 'delete session-recording', recordingWithoutAuthorizedAction, ), diff --git a/ui/admin/tests/unit/abilities/storage-bucket-test.js b/ui/admin/tests/unit/abilities/storage-bucket-test.js index 141b0d2d39..1a9b4bf88d 100644 --- a/ui/admin/tests/unit/abilities/storage-bucket-test.js +++ b/ui/admin/tests/unit/abilities/storage-bucket-test.js @@ -14,12 +14,12 @@ module('Unit | Abilities | storage-bucket', function (hooks) { setupTest(hooks); let features; - let canService; + let abilitiesService; let store; hooks.beforeEach(function () { store = this.owner.lookup('service:store'); - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); features = this.owner.lookup('service:features'); }); @@ -32,7 +32,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { compositeType: TYPE_STORAGE_BUCKET_PLUGIN_AWS_S3, }); - assert.true(canService.can('read storage-bucket', storageBucket)); + assert.true(abilitiesService.can('read storage-bucket', storageBucket)); }); test('cannot read storage bucket when unauthorized and feature is enabled', function (assert) { @@ -44,7 +44,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { compositeType: TYPE_STORAGE_BUCKET_PLUGIN_AWS_S3, }); - assert.false(canService.can('read storage-bucket', storageBucket)); + assert.false(abilitiesService.can('read storage-bucket', storageBucket)); }); test('cannot read storage bucket when authorized and feature is disabled', function (assert) { @@ -54,7 +54,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { compositeType: TYPE_STORAGE_BUCKET_PLUGIN_AWS_S3, }); - assert.false(canService.can('read storage-bucket', storageBucket)); + assert.false(abilitiesService.can('read storage-bucket', storageBucket)); }); test('cannot read storage bucket when unauthorized and feature is disabled', function (assert) { @@ -64,7 +64,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { compositeType: TYPE_STORAGE_BUCKET_PLUGIN_AWS_S3, }); - assert.false(canService.can('read storage-bucket', storageBucket)); + assert.false(abilitiesService.can('read storage-bucket', storageBucket)); }); test('can list storage bucket when authorized and in global scope', function (assert) { @@ -77,7 +77,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.true( - canService.can('list scope', scopeModel, { + abilitiesService.can('list scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -93,7 +93,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.false( - canService.can('list scope', scopeModel, { + abilitiesService.can('list scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -109,7 +109,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.true( - canService.can('list scope', scopeModel, { + abilitiesService.can('list scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -125,7 +125,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.true( - canService.can('create scope', scopeModel, { + abilitiesService.can('create scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -141,7 +141,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.true( - canService.can('create scope', scopeModel, { + abilitiesService.can('create scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -157,7 +157,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.true( - canService.can('create scope', scopeModel, { + abilitiesService.can('create scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -173,7 +173,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.false( - canService.can('create scope', scopeModel, { + abilitiesService.can('create scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -189,7 +189,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.true( - canService.can('navigate scope', scopeModel, { + abilitiesService.can('navigate scope', scopeModel, { collection: 'storage-buckets', }), ); @@ -203,7 +203,7 @@ module('Unit | Abilities | storage-bucket', function (hooks) { }); assert.false( - canService.can('navigate scope', scopeModel, { + abilitiesService.can('navigate scope', scopeModel, { collection: 'storage-buckets', }), ); diff --git a/ui/admin/tests/unit/abilities/user-test.js b/ui/admin/tests/unit/abilities/user-test.js index db1cbb57fd..70c0feaa01 100644 --- a/ui/admin/tests/unit/abilities/user-test.js +++ b/ui/admin/tests/unit/abilities/user-test.js @@ -14,7 +14,7 @@ import { module('Unit | Abilities | user', function (hooks) { setupTest(hooks); - let canService; + let abilitiesService; let store; let features; @@ -24,7 +24,7 @@ module('Unit | Abilities | user', function (hooks) { }; hooks.beforeEach(function () { - canService = this.owner.lookup('service:can'); + abilitiesService = this.owner.lookup('service:abilities'); store = this.owner.lookup('service:store'); features = this.owner.lookup('service:features'); instances.user = store.createRecord('user', { @@ -37,7 +37,7 @@ module('Unit | Abilities | user', function (hooks) { features.enable('ldap-auth-methods'); instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.true( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); @@ -46,13 +46,13 @@ module('Unit | Abilities | user', function (hooks) { test('can add non-ldap account to user', function (assert) { instances.account.type = TYPE_AUTH_METHOD_OIDC; assert.true( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_PASSWORD; assert.true( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); @@ -61,7 +61,7 @@ module('Unit | Abilities | user', function (hooks) { test('cannot add ldap account to user when feature flag disabled', function (assert) { instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.false( - canService.can('addAccount user', instances.user, { + abilitiesService.can('addAccount user', instances.user, { account: instances.account, }), ); @@ -71,7 +71,7 @@ module('Unit | Abilities | user', function (hooks) { features.enable('ldap-auth-methods'); instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.true( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); @@ -80,7 +80,7 @@ module('Unit | Abilities | user', function (hooks) { test('cannot remove ldap account from user when feature flag disabled', function (assert) { instances.account.type = TYPE_AUTH_METHOD_LDAP; assert.false( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); @@ -89,13 +89,13 @@ module('Unit | Abilities | user', function (hooks) { test('can remove non-ldap account from user', function (assert) { instances.account.type = TYPE_AUTH_METHOD_OIDC; assert.true( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); instances.account.type = TYPE_AUTH_METHOD_PASSWORD; assert.true( - canService.can('removeAccount user', instances.user, { + abilitiesService.can('removeAccount user', instances.user, { account: instances.account, }), ); diff --git a/ui/desktop/app/app.js b/ui/desktop/app/app.js index 43db29bdd3..1d379cc9e6 100644 --- a/ui/desktop/app/app.js +++ b/ui/desktop/app/app.js @@ -7,11 +7,12 @@ import Application from '@ember/application'; import Resolver from 'ember-resolver'; import loadInitializers from 'ember-load-initializers'; import config from './config/environment'; +import { extendResolver } from 'ember-can'; export default class App extends Application { modulePrefix = config.modulePrefix; podModulePrefix = config.podModulePrefix; - Resolver = Resolver; + Resolver = extendResolver(Resolver); } loadInitializers(App, config.modulePrefix); diff --git a/ui/desktop/app/controllers/scopes/scope/projects/sessions/index.js b/ui/desktop/app/controllers/scopes/scope/projects/sessions/index.js index ea5d4a1b45..dba80af2bd 100644 --- a/ui/desktop/app/controllers/scopes/scope/projects/sessions/index.js +++ b/ui/desktop/app/controllers/scopes/scope/projects/sessions/index.js @@ -25,7 +25,7 @@ export default class ScopesScopeProjectsSessionsIndexController extends Controll @service ipc; @service session; @service router; - @service can; + @service abilities; // =attributes @@ -129,7 +129,7 @@ export default class ScopesScopeProjectsSessionsIndexController extends Controll async cancelSession(session) { let updatedSession = session; // fetch session from API to verify we have most up to date record - if (this.can.can('read session', session)) { + if (this.abilities.can('read session', session)) { updatedSession = await this.store.findRecord('session', session.id, { reload: true, }); diff --git a/ui/desktop/app/controllers/scopes/scope/projects/targets/index.js b/ui/desktop/app/controllers/scopes/scope/projects/targets/index.js index 7634255882..5b9be15261 100644 --- a/ui/desktop/app/controllers/scopes/scope/projects/targets/index.js +++ b/ui/desktop/app/controllers/scopes/scope/projects/targets/index.js @@ -24,7 +24,7 @@ export default class ScopesScopeProjectsTargetsIndexController extends Controlle @service router; @service session; @service store; - @service can; + @service abilities; @service intl; @service rdp; @@ -296,7 +296,7 @@ export default class ScopesScopeProjectsTargetsIndexController extends Controlle async cancelSession(session) { let updatedSession = session; // fetch session from API to verify we have most up to date record - if (this.can.can('read session', session)) { + if (this.abilities.can('read session', session)) { updatedSession = await this.store.findRecord('session', session.id, { reload: true, }); diff --git a/ui/desktop/app/routes/scopes/scope/projects/targets/index.js b/ui/desktop/app/routes/scopes/scope/projects/targets/index.js index 072f415989..29bb66853c 100644 --- a/ui/desktop/app/routes/scopes/scope/projects/targets/index.js +++ b/ui/desktop/app/routes/scopes/scope/projects/targets/index.js @@ -17,7 +17,7 @@ const { __electronLog } = globalThis; export default class ScopesScopeProjectsTargetsIndexRoute extends Route { // =services - @service can; + @service abilities; @service clusterUrl; @service resourceFilterStore; @service router; @@ -138,7 +138,7 @@ export default class ScopesScopeProjectsTargetsIndexRoute extends Route { const { totalItems, isLoadIncomplete, isCacheRefreshing } = targets.meta; // Filter out targets to which users do not have the connect ability targets = targets.filter((target) => - this.can.can('connect target', target), + this.abilities.can('connect target', target), ); const aliasPromise = this.store.query('alias', { diff --git a/ui/desktop/tests/unit/abilities/collection-test.js b/ui/desktop/tests/unit/abilities/collection-test.js index f2fddd8df6..a3ffee54ab 100644 --- a/ui/desktop/tests/unit/abilities/collection-test.js +++ b/ui/desktop/tests/unit/abilities/collection-test.js @@ -11,7 +11,7 @@ module('Unit | Abilities | model', function (hooks) { test('it reflects when a resource may be navigated to based on list and create actions', function (assert) { assert.expect(4); - const service = this.owner.lookup('service:can'); + const service = this.owner.lookup('service:abilities'); const model = { authorized_collection_actions: { foobars: [] }, };