implementing IAM permission controls, policies and roles

console/app/instance-initializers/load-extensions.js

@@ -1,6 +1,7 @@
 export function initialize (owner) {
     const universe = owner.lookup('service:universe');
     if (universe) {
+        universe.createRegistry('@fleetbase/console');
         universe.bootEngines(owner);
     }
 }

console/app/models/permission.js

@@ -1,5 +1,6 @@
 import Model, { attr } from '@ember-data/model';
 import { computed } from '@ember/object';
+import { capitalize } from '@ember/string';
 import { pluralize } from 'ember-inflector';
 import { format, formatDistanceToNow } from 'date-fns';
 import humanize from '@fleetbase/ember-core/utils/humanize';
@@ -32,9 +33,25 @@ const lowercase = function (string) {
     return words.join(' ');
 };
 
-const titleize = function (string) {
-    return lowercase(humanize(string));
-};
+const titleize = function (string = '') {
+    if (typeof string !== 'string') {
+        return '';
+    }
+    return humanize(string).split(' ').map((w) => capitalize(w)).join(' ');
+}
+
+const smartTitleize = function (string = '') {
+    if (typeof string !== 'string') {
+        return '';
+    }
+
+    let titleized = titleize(string);
+    if (titleized === 'Iam') {
+        titleized = titleized.toUpperCase();
+    }
+
+    return titleized;
+}
 
 /**
  * Permission model for handling and authorizing actions.
@@ -90,9 +107,9 @@ export default class PermissionModel extends Model {
     @computed('actionName', 'name', 'resourceName', 'extensionName') get description() {
         let actionName = this.actionName;
         let actionPreposition = 'to';
-        let resourceName = pluralize(humanize(this.resourceName));
+        let resourceName = pluralize(smartTitleize(this.resourceName));
         let resourcePreposition = getPermissionAction(this.name) === '*' && resourceName ? 'with' : '';
-        let extensionName = humanize(this.extensionName);
+        let extensionName = smartTitleize(this.extensionName);
         let extensionPreposition = 'on';
         let descriptionParts = ['Permission', actionPreposition, actionName, resourcePreposition, resourceName, extensionPreposition, extensionName];
 

console/app/models/user.js

@@ -1,4 +1,4 @@
-import Model, { attr } from '@ember-data/model';
+import Model, { attr, belongsTo, hasMany } from '@ember-data/model';
 import { computed, get } from '@ember/object';
 import { not } from '@ember/object/computed';
 import { getOwner } from '@ember/application';
@@ -31,6 +31,11 @@ export default class UserModel extends Model {
     @attr('raw') types;
     @attr('raw') meta;
 
+    /** @relationships */
+    @belongsTo('role') role;
+    @hasMany('policy') policies;
+    @hasMany('permission') permissions;
+
     /** @dates */
     @attr('date') last_seen_at;
     @attr('date') phone_verified_at;

console/app/serializers/user.js

@@ -1,6 +1,20 @@
 import ApplicationSerializer from '@fleetbase/ember-core/serializers/application';
+import { EmbeddedRecordsMixin } from '@ember-data/serializer/rest';
+
+export default class UserSerializer extends ApplicationSerializer.extend(EmbeddedRecordsMixin) {
+    /**
+     * Embedded relationship attributes
+     *
+     * @var {Object}
+     */
+    get attrs() {
+        return {
+            role: { serialize: 'ids', deserialize: 'records' },
+            policies: { serialize: 'ids', deserialize: 'records' },
+            permissions: { serialize: 'ids', deserialize: 'records' },
+        };
+    }
 
-export default class UserSerializer extends ApplicationSerializer {
     /**
      * Customize serializer so that the password is never sent to the server via Ember Data
      *

console/app/templates/console.hbs

@@ -16,3 +16,7 @@
 </Layout::Container>
 <ChatContainer />
 <ConsoleWormhole />
+{{!-- template-lint-disable no-potential-path-strings --}}
+<RegistryYield @registry="@fleetbase/console" as |RegistryComponent|>
+    <RegistryComponent @controller={{this}} />
+</RegistryYield>