From 18dcb70cefe43db1fbd6e128f7f0f8347f114cf3 Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Tue, 16 Aug 2022 16:13:36 -0400
Subject: [PATCH] ui: fix ability checking when anon policy is missing
 namespace (#14144)

ACL Policies aren't required to have any `namespace` blocks, and this is
particularly common with the anonymous policy. If a user visits the web UI
without a token already in their local storage and the anonymous policy has no
`namespace` blocks, the UI will hit unhandled exceptions when rendering the
sidebar or jobs page.

Filter for the case where there's no `namespace` block.
---
 ui/app/abilities/job.js      | 1 +
 ui/app/abilities/variable.js | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ui/app/abilities/job.js b/ui/app/abilities/job.js
index 892837658..3dca4dff7 100644
--- a/ui/app/abilities/job.js
+++ b/ui/app/abilities/job.js
@@ -31,6 +31,7 @@ export default class Job extends AbstractAbility {
     // For each policy record, extract all policies of all namespaces
     const allNamespacePolicies = policies
       .toArray()
+      .filter((policy) => get(policy, 'rulesJSON.Namespaces'))
       .map((policy) => get(policy, 'rulesJSON.Namespaces'))
       .flat()
       .map((namespace = {}) => {
diff --git a/ui/app/abilities/variable.js b/ui/app/abilities/variable.js
index 71ab52bed..6d392edb9 100644
--- a/ui/app/abilities/variable.js
+++ b/ui/app/abilities/variable.js
@@ -81,6 +81,7 @@ export default class Variable extends AbstractAbility {
   ) {
     const namespacesWithSecureVariableCapabilities = policies
       .toArray()
+      .filter((policy) => get(policy, 'rulesJSON.Namespaces'))
       .map((policy) => get(policy, 'rulesJSON.Namespaces'))
       .flat()
       .map((namespace = {}) => {