From 6f00c81ca897febda1e528af166c770fc6edb249 Mon Sep 17 00:00:00 2001
From: John Cowen <jcowen@hashicorp.com>
Date: Tue, 13 Jul 2021 17:32:30 +0100
Subject: [PATCH 1/3] ui: Ensure we use the ns query param name when requesting
 permissions

---
 ui/packages/consul-ui/app/adapters/permission.js            | 2 +-
 ui/packages/consul-ui/app/services/repository/permission.js | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ui/packages/consul-ui/app/adapters/permission.js b/ui/packages/consul-ui/app/adapters/permission.js
index dcd357ae29d1..ee3a2110d4c9 100644
--- a/ui/packages/consul-ui/app/adapters/permission.js
+++ b/ui/packages/consul-ui/app/adapters/permission.js
@@ -7,7 +7,7 @@ export default class PermissionAdapter extends Adapter {
   requestForAuthorize(request, { dc, ns, resources = [], index }) {
     // the authorize endpoint is slightly different to all others in that it
     // ignores an ns parameter, but accepts a Namespace property on each
-    // resource. Here we hide this different from the rest of the app as
+    // resource. Here we hide this difference from the rest of the app as
     // currently we never need to ask for permissions/resources for multiple
     // different namespaces in one call so here we use the ns param and add
     // this to the resources instead of passing through on the queryParameter
diff --git a/ui/packages/consul-ui/app/services/repository/permission.js b/ui/packages/consul-ui/app/services/repository/permission.js
index ff0ac57fa85c..ef78aa9f73a2 100644
--- a/ui/packages/consul-ui/app/services/repository/permission.js
+++ b/ui/packages/consul-ui/app/services/repository/permission.js
@@ -112,6 +112,11 @@ export default class PermissionService extends RepositoryService {
     } else {
       let resources = [];
       try {
+        const { nspace, ...rest } = params;
+        params = {
+          ...rest,
+          ns: nspace,
+        };
         resources = await this.store.authorize('permission', params);
       } catch (e) {
         runInDebug(() => console.error(e));

From 5c868272faff4724c1fe7b6866341b02076c2cb7 Mon Sep 17 00:00:00 2001
From: John Cowen <jcowen@hashicorp.com>
Date: Wed, 14 Jul 2021 12:33:20 +0100
Subject: [PATCH 2/3] ui: Move ns name change up a layer so its consistent rest
 of interface

---
 ui/packages/consul-ui/app/routes/dc.js                      | 2 +-
 ui/packages/consul-ui/app/routes/settings.js                | 2 +-
 ui/packages/consul-ui/app/services/repository/permission.js | 5 -----
 3 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/ui/packages/consul-ui/app/routes/dc.js b/ui/packages/consul-ui/app/routes/dc.js
index 588fd296ccb7..e915478b74f9 100644
--- a/ui/packages/consul-ui/app/routes/dc.js
+++ b/ui/packages/consul-ui/app/routes/dc.js
@@ -21,7 +21,7 @@ export default class DcRoute extends Route {
     // When disabled nspaces is [], so nspace is undefined
     const permissions = await this.permissionsRepo.findAll({
       dc: params.dc,
-      nspace: get(nspace || {}, 'Name'),
+      ns: get(nspace || {}, 'Name'),
     });
     // the model here is actually required for the entire application
     // but we need to wait until we are in this route so we know what the dc
diff --git a/ui/packages/consul-ui/app/routes/settings.js b/ui/packages/consul-ui/app/routes/settings.js
index 2b7f32f10dc5..d4cf8372c9a3 100644
--- a/ui/packages/consul-ui/app/routes/settings.js
+++ b/ui/packages/consul-ui/app/routes/settings.js
@@ -28,7 +28,7 @@ export default class SettingsRoute extends Route {
       typeof app.permissions === 'undefined'
         ? await this.permissionsRepo.findAll({
             dc: dc.Name,
-            nspace: nspace.Name,
+            ns: nspace.Name,
           })
         : app.permissions;
 
diff --git a/ui/packages/consul-ui/app/services/repository/permission.js b/ui/packages/consul-ui/app/services/repository/permission.js
index ef78aa9f73a2..ff0ac57fa85c 100644
--- a/ui/packages/consul-ui/app/services/repository/permission.js
+++ b/ui/packages/consul-ui/app/services/repository/permission.js
@@ -112,11 +112,6 @@ export default class PermissionService extends RepositoryService {
     } else {
       let resources = [];
       try {
-        const { nspace, ...rest } = params;
-        params = {
-          ...rest,
-          ns: nspace,
-        };
         resources = await this.store.authorize('permission', params);
       } catch (e) {
         runInDebug(() => console.error(e));

From f4eaa73041ab68fd08bd046cbc01e5af954f9797 Mon Sep 17 00:00:00 2001
From: John Cowen <jcowen@hashicorp.com>
Date: Wed, 14 Jul 2021 12:54:03 +0100
Subject: [PATCH 3/3] Changelog

---
 .changelog/10608.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/10608.txt

diff --git a/.changelog/10608.txt b/.changelog/10608.txt
new file mode 100644
index 000000000000..4e189257a4ac
--- /dev/null
+++ b/.changelog/10608.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: **(Enterprise only)** Ensure permissions are checked based on the actively selected namespace
+```