Added HBAC Test page.

This is the initial implementation of HBAC Test page. Currently it can select user, source/target group, service, rules, and execute the test. Other functionalities to be implemented include the search filter, external users/hosts, back/next buttons, validation, styling, and internalization. Ticket #388
2024-12-23 07:33:27 -06:00 · 2011-11-16 21:07:20 -06:00 · 2011-11-16 21:07:20 -06:00 · 2203bb650c
commit 2203bb650c
parent caa9d52666
13 changed files with 710 additions and 57 deletions
--- a/install/ui/Makefile.am
+++ b/install/ui/Makefile.am
@ -25,6 +25,7 @@ app_DATA =				\
 	field.js			\
 	group.js 			\
 	hbac.js 			\
+	hbactest.js 			\
 	host.js 			\
 	hostgroup.js 			\
 	index.html 			\
--- a/install/ui/facet.js
+++ b/install/ui/facet.js
@ -110,6 +110,9 @@ IPA.facet = function(spec) {
        that.header.load(data.result.result);
    };

+    that.refresh = function() {
+    };
+
    that.clear = function() {
    };

@ -320,7 +323,7 @@ IPA.facet_header = function(spec) {
        }).appendTo(container);

        var span = $('<h3/>', {
-            text: that.facet.entity.metadata.label
+            text: that.facet.entity.label
        }).appendTo(that.title_container);

        if (!that.facet.disable_facet_tabs) {
@ -341,9 +344,6 @@ IPA.facet_header = function(spec) {
    that.load = function(data) {
        if (!that.facet.disable_facet_tabs) {
            var pkey = that.facet.pkey;
-            if(!pkey || !data) {
-                pkey = '';
-            }

            var facet_groups = that.facet.entity.facet_groups.values;
            for (var i=0; i<facet_groups.length; i++) {
@ -353,13 +353,15 @@ IPA.facet_header = function(spec) {
                if (!span.length) continue;

                var label = facet_group.label;
-                if (label) {
+                if (pkey && label) {
                    label = label.replace('${primary_key}', pkey);
-
-                    var label_container = $('.facet-group-label', span);
-                    label_container.text(label);
+                } else {
+                    label = '';
                }

+                var label_container = $('.facet-group-label', span);
+                label_container.text(label);
+
                var facets = facet_group.facets.values;
                for (var j=0; j<facets.length; j++) {
                    var facet = facets[j];
@ -461,15 +463,13 @@ IPA.table_facet = function(spec) {

    that.load_all = function(data) {

-        that.table.empty();
-
        var result = data.result.result;
+        var records = [];
        for (var i=0; i<result.length; i++) {
            var record = that.table.get_record(result[i], 0);
-            that.table.add_record(record);
+            records.push(record);
        }
-
-        that.table.unselect_all();
+        that.load_records(records);

        if (data.result.truncated) {
            var message = IPA.messages.search.truncated;
@ -480,7 +480,7 @@ IPA.table_facet = function(spec) {
        }
    };

-    that.get_pkeys = function(data){
+    that.get_pkeys = function(data) {
        return [];
    };

@ -511,9 +511,8 @@ IPA.table_facet = function(spec) {
        that.table.current_page = page;

        if (!that.pkeys || !that.pkeys.length) {
-            that.table.empty();
+            that.load_records([]);
            that.table.summary.text(IPA.messages.association.no_entries);
-            that.table.unselect_all();
            return;
        }

@ -535,13 +534,13 @@ IPA.table_facet = function(spec) {
        var columns = that.table.columns.values;
        if (columns.length == 1) { // show pkey only
            var name = columns[0].name;
-            that.table.empty();
+            var records = [];
            for (var i=0; i<that.values.length; i++) {
                var record = {};
                record[name] = that.values[i];
-                that.table.add_record(record);
+                records.push(record);
            }
-            that.table.unselect_all();
+            that.load_records(records);
            return;
        }

@ -549,23 +548,31 @@ IPA.table_facet = function(spec) {
        that.get_records(
            function(data, text_status, xhr) {
                var results = data.result.results;
-                that.table.empty();
+                var records = [];
                for (var i=0; i<results.length; i++) {
                    var record = results[i].result;
-                    that.table.add_record(record);
+                    records.push(record);
                }
-                that.table.unselect_all();
+                that.load_records(records);
            },
            function(xhr, text_status, error_thrown) {
-                that.table.empty();
+                that.load_records([]);
                var summary = that.table.summary.empty();
                summary.append(error_thrown.name+': '+error_thrown.message);
            }
        );
    };

+    that.load_records = function(records) {
+        that.table.empty();
+        for (var i=0; i<records.length; i++) {
+            that.table.add_record(records[i]);
+        }
+        that.table.set_values(that.selected_values);
+    };
+
    that.get_records_command_name = function() {
-        return that.entity.name+'_get_records';
+        return that.managed_entity_name+'_get_records';
    };

    that.get_records = function(on_success, on_error) {
@ -597,10 +604,10 @@ IPA.table_facet = function(spec) {

    that.select_changed = function() {

-        var values = that.table.get_selected_values();
+        that.selected_values = that.table.get_selected_values();

        if (that.remove_button) {
-            if (values.length === 0) {
+            if (that.selected_values.length === 0) {
                that.remove_button.addClass('action-button-disabled');
            } else {
                that.remove_button.removeClass('action-button-disabled');
--- a/install/ui/hbactest.js
+++ b/install/ui/hbactest.js
@ -0,0 +1,510 @@
+/*jsl:import ipa.js */
+
+/*  Authors:
+ *    Endi Sukma Dewata <edewata@redhat.com>
+ *
+ * Copyright (C) 2010 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* REQUIRES: ipa.js, details.js, search.js, add.js, facet.js, entity.js,hbac.js */
+
+IPA.hbac.test_entity = function(spec) {
+
+    var that = IPA.entity(spec);
+
+    that.get_default_metadata = function() {
+        return IPA.metadata.commands[that.name];
+    };
+
+    that.init = function() {
+        that.entity_init();
+
+        that.label = IPA.messages.objects.hbactest.label;
+
+        that.builder.facet_groups([ 'default' ]).
+        facet({
+            factory: IPA.hbac.test_facet,
+            name: 'user',
+            label: 'Who',
+            managed_entity_name: 'user',
+            disable_breadcrumb: true,
+            facet_group: 'default',
+            columns: [
+                'uid',
+                'givenname',
+                'sn'
+            ]
+        }).
+        facet({
+            factory: IPA.hbac.test_facet,
+            name: 'targethost',
+            label: 'Accessing',
+            managed_entity_name: 'host',
+            disable_breadcrumb: true,
+            facet_group: 'default',
+            columns: [
+                'fqdn',
+                'description',
+                {
+                    name: 'has_keytab',
+                    label: IPA.messages.objects.host.enrolled
+                }
+            ]
+        }).
+        facet({
+            factory: IPA.hbac.test_facet,
+            name: 'service',
+            label: 'Via Service',
+            managed_entity_name: 'hbacsvc',
+            disable_breadcrumb: true,
+            facet_group: 'default',
+            columns: [
+                'cn',
+                'description'
+            ]
+        }).
+        facet({
+            factory: IPA.hbac.test_facet,
+            name: 'sourcehost',
+            label: 'From Host',
+            managed_entity_name: 'host',
+            disable_breadcrumb: true,
+            facet_group: 'default',
+            columns: [
+                'fqdn',
+                'description',
+                {
+                    name: 'has_keytab',
+                    label: IPA.messages.objects.host.enrolled
+                }
+            ]
+        }).
+        facet({
+            factory: IPA.hbac.test_rules_facet,
+            name: 'rules',
+            label: 'On Rules',
+            managed_entity_name: 'hbacrule',
+            disable_breadcrumb: true,
+            facet_group: 'default',
+            multivalued: true,
+            columns: [
+                'cn',
+                'ipaenabledflag',
+                'description'
+            ]
+        }).
+        facet({
+            factory: IPA.hbac.test_run_facet,
+            name: 'run',
+            label: 'Run Test',
+            managed_entity_name: 'hbacrule',
+            disable_breadcrumb: true,
+            pagination: true,
+            facet_group: 'default',
+            columns: [
+                'cn',
+                {
+                    name: 'matched',
+                    label: 'Matched'
+                },
+                'ipaenabledflag',
+                'description'
+            ]
+        });
+    };
+
+    return that;
+};
+
+IPA.hbac.test_facet = function(spec) {
+
+    spec = spec || {};
+
+    var that = IPA.table_facet(spec);
+    that.multivalued = spec.multivalued;
+
+    var init = function() {
+
+        that.managed_entity = IPA.get_entity(that.managed_entity_name);
+
+        var columns = that.columns.values;
+        for (var i=0; i<columns.length; i++) {
+            var column = columns[i];
+
+            var metadata = IPA.get_entity_param(that.managed_entity_name, column.name);
+            column.primary_key = metadata && metadata.primary_key;
+            column.link = column.primary_key;
+        }
+
+        that.init_table(that.managed_entity);
+        that.table.multivalued = that.multivalued ? true : false;
+    };
+
+    that.create_content = function(container) {
+
+        var header = $('<h3/>', {
+            text: that.label
+        }).appendTo(container);
+
+        var filter_container = $('<div/>', {
+            'class': 'search-filter'
+        }).appendTo(header);
+
+        that.filter = $('<input/>', {
+            type: 'text',
+            name: 'filter'
+        }).appendTo(filter_container);
+
+        that.filter.keypress(function(e) {
+            /* if the key pressed is the enter key */
+            if (e.which == 13) {
+                that.find();
+            }
+        });
+
+        that.find_button = IPA.action_button({
+            name: 'find',
+            icon: 'search-icon',
+            click: function() {
+                that.find();
+                return false;
+            }
+        }).appendTo(filter_container);
+
+        header.append(IPA.create_network_spinner());
+
+        var div = $('<div/>', {
+            style: 'position: relative; height: 200px'
+        }).appendTo(container);
+
+        that.table.create(div);
+
+        container.append('<br/>');
+
+        that.create_buttons(container);
+    };
+
+    that.create_buttons = function(container) {
+
+        var buttons = $('<div/>', {
+            style: 'float: right'
+        }).appendTo(container);
+
+        that.back_button = IPA.button({
+            name: 'back',
+            label: 'Back',
+            click: function() {
+                if (!that.back_button.hasClass('action-button-disabled')) {
+                    that.back();
+                }
+                return false;
+            }
+        }).appendTo(buttons);
+
+        that.next_button = IPA.button({
+            name: 'next',
+            label: 'Next',
+            click: function() {
+                if (!that.add_button.hasClass('action-button-disabled')) {
+                    that.next();
+                }
+                return false;
+            }
+        }).appendTo(buttons);
+    };
+
+    that.get_pkeys = function(data) {
+        var result = data.result.result;
+        var pkey_name = that.managed_entity.metadata.primary_key;
+        var pkeys = [];
+        for (var i=0; i<result.length; i++) {
+            var record = result[i];
+            var values = record[pkey_name];
+            pkeys.push(values[0]);
+        }
+        return pkeys;
+    };
+
+    that.get_search_command_name = function() {
+        return that.managed_entity.name + '_find' + (that.pagination ? "_pkeys" : "");
+    };
+
+    that.refresh = function() {
+
+        var filter = IPA.nav.get_state(that.managed_entity.name+'-filter');
+
+        var command = IPA.command({
+            name: that.get_search_command_name(),
+            entity: that.managed_entity.name,
+            method: 'find',
+            args: [filter]
+        });
+
+        if (that.pagination) {
+            command.set_option('pkey_only', true);
+            command.set_option('sizelimit', 0);
+        }
+
+        command.on_success = function(data, text_status, xhr) {
+            if (that.filter) that.filter.focus();
+            that.load(data); // table_facet.load()
+        };
+
+        command.on_error = function(xhr, text_status, error_thrown) {
+            that.report_error(error_thrown);
+        };
+
+        command.execute();
+    };
+
+    that.save = function(record) {
+        if (that.selected_values && that.selected_values.length) {
+            record[that.name] = that.selected_values[0];
+        }
+    };
+
+    init();
+
+    return that;
+};
+
+IPA.hbac.test_rules_facet = function(spec) {
+
+    spec = spec || {};
+
+    var that = IPA.hbac.test_facet(spec);
+
+    var init = function() {
+    };
+
+    that.create_content = function(container) {
+
+        var header = $('<p/>', {
+        }).appendTo(container);
+
+        $('<h3/>', {
+            text: that.label,
+            style: 'display: inline-block'
+        }).appendTo(header);
+
+        header.append(' ');
+
+        that.enabled = $('<input/>', {
+            id: 'hbactest-rules-include-enabled',
+            type: 'checkbox',
+            name: 'enabled'
+        }).appendTo(header);
+
+        $('<label/>', {
+            'for': 'hbactest-rules-include-enabled',
+            text: 'Include enabled'
+        }).appendTo(header);
+
+        that.disabled = $('<input/>', {
+            id: 'hbactest-rules-include-disabled',
+            type: 'checkbox',
+            name: 'disabled'
+        }).appendTo(header);
+
+        $('<label/>', {
+            'for': 'hbactest-rules-include-disabled',
+            text: 'Include disabled'
+        }).appendTo(header);
+
+        var div = $('<div/>', {
+            style: 'position: relative; height: 200px'
+        }).appendTo(container);
+
+        that.table.create(div);
+
+        container.append('<br/>');
+
+        that.create_buttons(container);
+    };
+
+
+    that.save = function(record) {
+        if (that.selected_values && that.selected_values.length) {
+            record[that.name] = that.selected_values;
+        }
+        if (that.enabled && that.enabled.is(':checked')) {
+            record['enabled'] = true;
+        }
+        if (that.disabled && that.disabled.is(':checked')) {
+            record['disabled'] = true;
+        }
+    };
+    init();
+
+    return that;
+};
+
+IPA.hbac.test_run_facet = function(spec) {
+
+    spec = spec || {};
+
+    var that = IPA.hbac.test_facet(spec);
+
+    var init = function() {
+        that.table.selectable = false;
+    };
+
+    that.create_content = function(container) {
+
+        var action_panel = $('<div/>', {
+            style: 'border: 1px solid #C9C3BA; padding: 10px'
+        }).appendTo(container);
+
+        var action_button = $('<div/>', {
+            style: 'width: 100px; display: inline-block'
+        }).appendTo(action_panel);
+
+        that.run_button = IPA.button({
+            name: 'run',
+            label: 'Run Test',
+            click: function() {
+                if (!that.run_button.hasClass('action-button-disabled')) {
+                    that.run();
+                }
+                return false;
+            }
+        }).appendTo(action_button);
+
+        var action_result = $('<div/>', {
+            style: 'display: inline-block'
+        }).appendTo(action_panel);
+
+        that.test_result = $('<p/>').appendTo(action_result);
+
+        var header = $('<h3/>', {
+            text: 'Rules'
+        }).appendTo(container);
+
+        var div = $('<div/>', {
+            style: 'position: relative; height: 200px'
+        }).appendTo(container);
+
+        that.table.create(div);
+
+        container.append('<br/>');
+
+        var buttons = $('<div/>', {
+            style: 'float: right'
+        }).appendTo(container);
+
+        that.back_button = IPA.button({
+            name: 'back',
+            label: 'Back',
+            click: function() {
+                if (!that.back_button.hasClass('action-button-disabled')) {
+                    that.back();
+                }
+                return false;
+            }
+        }).appendTo(buttons);
+
+        that.new_test_button = IPA.button({
+            name: 'new_test',
+            label: 'New Test',
+            click: function() {
+                if (!that.new_test_button.hasClass('action-button-disabled')) {
+                    that.new_test();
+                }
+                return false;
+            }
+        }).appendTo(buttons);
+    };
+
+    that.refresh = function() {
+    };
+
+    that.run = function() {
+
+        var command = IPA.command({ method: 'hbactest' });
+
+        var options = {};
+
+        var facet = that.entity.get_facet('user');
+        facet.save(options);
+
+        facet = that.entity.get_facet('targethost');
+        facet.save(options);
+
+        facet = that.entity.get_facet('service');
+        facet.save(options);
+
+        facet = that.entity.get_facet('sourcehost');
+        facet.save(options);
+
+        facet = that.entity.get_facet('rules');
+        facet.save(options);
+
+        command.set_options(options);
+
+        command.on_success = function(data, text_status, xhr) {
+            var message = data.result.value ? 'Access granted' : 'Access Denied';
+            that.test_result.text(message);
+
+            that.load(data);
+        };
+
+        command.execute();
+    };
+
+    that.get_pkeys = function(data) {
+        var pkeys = [];
+        that.matched = {};
+
+        var matched = data.result.matched;
+        if (matched) {
+            for (var i=0; i<matched.length; i++) {
+                var pkey = matched[i];
+                pkeys.push(pkey);
+                that.matched[pkey] = 'TRUE';
+            }
+        }
+
+        var notmatched = data.result.notmatched;
+        if (notmatched) {
+            for (i=0; i<notmatched.length; i++) {
+                pkey = notmatched[i];
+                pkeys.push(pkey);
+                that.matched[pkey] = 'FALSE';
+            }
+        }
+
+        return pkeys;
+    };
+
+    that.load_records = function(records) {
+        var pkey_name = that.table.entity.metadata.primary_key;
+        that.table.empty();
+        for (var i=0; i<records.length; i++) {
+            var record = records[i];
+            var pkey = record[pkey_name];
+            record.matched = that.matched[pkey];
+            that.table.add_record(record);
+        }
+        that.table.set_values(that.selected_values);
+    };
+
+    init();
+
+    return that;
+};
+
+IPA.register('hbactest', IPA.hbac.test_entity);
--- a/install/ui/index.html
+++ b/install/ui/index.html
@ -30,6 +30,7 @@
    <script type="text/javascript" src="user.js"></script>
    <script type="text/javascript" src="group.js"></script>
    <script type="text/javascript" src="hbac.js"></script>
+    <script type="text/javascript" src="hbactest.js"></script>
    <script type="text/javascript" src="host.js"></script>
    <script type="text/javascript" src="hostgroup.js"></script>
    <script type="text/javascript" src="netgroup.js"></script>
@ -64,11 +65,13 @@
            <span class="header-logo">
                 <a href="#"><img src="images/ipa-logo.png" /><img src="images/ipa-banner.png" /></a>
            </span>
-            <span id="header-network-activity-indicator" class="network-activity-indicator">
-                 <img src="images/spinner-header.gif" />
-            </span>
-            <span id="loggedinas" class="header-loggedinas">
-                 <a href="#"><span id="login_header">Logged in as</span>: <strong>user@FREEIPA.ORG</strong></a>
+            <span class="header-right">
+                <span id="loggedinas" class="header-loggedinas">
+                     <a href="#"><span id="login_header">Logged in as</span>: <strong>user@FREEIPA.ORG</strong></a>
+                </span>
+                <span id="header-network-activity-indicator" class="network-activity-indicator">
+                     <img src="images/spinner-header.gif" />
+                </span>
            </span>
        </div>

--- a/install/ui/ipa.css
+++ b/install/ui/ipa.css
@ -53,9 +53,11 @@ body {

 .network-activity-indicator {
    visibility: hidden;
-    padding-right: 11px;
-    float: right;
-    padding-top: 3px;
+    width: 16px;
+    height: 16px;
+    line-height: 16px;
+    margin: 5px 3px;
+    display: inline-block;
 }

 /* ---- Container ---- */
@ -233,10 +235,12 @@ body {
 }

 /* ---- Logged-in As ---- */
-#loggedinas {
+.header-right {
    float: right;
+}
+
+.header-loggedinas {
    line-height: 34px;
-    margin-right: 10px;
    color: #fff;
 }

@ -581,6 +585,7 @@ span.main-nav-off > a:visited {
    bottom: 0;
    height: 30px;
    line-height: 30px;
+    padding: 0 6px 0 6px;
 }

 .right-aligned-facet-controls {
@ -603,6 +608,7 @@ span.main-nav-off > a:visited {
    left: 0;
    right: 0;
    bottom: 0;
+    margin: 0 12px;
    padding: 0;
 }

@ -633,7 +639,6 @@ span.main-nav-off > a:visited {
 }

 .search-filter {
-    float: right;
    width: 215px;
    -moz-border-radius: 15px !important;
    -webkit-border-radius: 15px !important;
@ -643,7 +648,8 @@ span.main-nav-off > a:visited {
    height: 20px;
    line-height: 20px;
    padding: 0 8px 0;
-    margin: 5px 0 5px;
+    margin: 5px;
+    display: inline-block;
 }

 .search-filter input {
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@ -332,6 +332,10 @@ IPA.command = function(spec) {
        that.options[name] = value;
    };

+    that.set_options = function(options) {
+        $.extend(that.options, options);
+    };
+
    that.add_option = function(name, value) {
        var values = that.options[name];
        if (!values) {
@ -869,9 +873,13 @@ IPA.get_member_attribute = function(obj_name, member) {
 };

 IPA.create_network_spinner = function(){
-    return $('<span />',{
-        'class':'network-activity-indicator',
-        html: '<img src="images/spinner-small.gif" />'});
+    var span = $('<span/>', {
+        'class': 'network-activity-indicator'
+    });
+    $('<img/>', {
+        src: 'images/spinner-small.gif'
+    }).appendTo(span);
+    return span;
 };

 IPA.dirty_dialog = function(spec) {
--- a/install/ui/search.js
+++ b/install/ui/search.js
@ -59,6 +59,8 @@ IPA.search_facet = function(spec) {
            'class': 'right-aligned-facet-controls'
        }).appendTo(that.controls);

+        span.append(IPA.create_network_spinner());
+
        var filter_container = $('<div/>', {
            'class': 'search-filter'
        }).appendTo(span);
@ -84,8 +86,6 @@ IPA.search_facet = function(spec) {
            }
        }).appendTo(filter_container);

-        span.append(IPA.create_network_spinner());
-
        that.remove_button = IPA.action_button({
            name: 'remove',
            label: IPA.messages.buttons.remove,
@ -183,12 +183,14 @@ IPA.search_facet = function(spec) {
    that.refresh = function() {

        var filter = [];
-        var current_entity = that.managed_entity;
-        filter.unshift(IPA.nav.get_state(current_entity.name+'-filter'));
-        current_entity = current_entity.get_containing_entity();
-        while (current_entity !== null) {
-            filter.unshift(IPA.nav.get_state(current_entity.name+'-pkey'));
-            current_entity = current_entity.get_containing_entity();
+        var entity = that.managed_entity;
+
+        filter.unshift(IPA.nav.get_state(entity.name+'-filter'));
+        entity = entity.get_containing_entity();
+
+        while (entity !== null) {
+            filter.unshift(IPA.nav.get_state(entity.name+'-pkey'));
+            entity = entity.get_containing_entity();
        }

        var command = IPA.command({
--- a/install/ui/test/data/hbacrule_find_pkeys.json
+++ b/install/ui/test/data/hbacrule_find_pkeys.json
@ -2,16 +2,28 @@
    "error": null,
    "id": null,
    "result": {
-        "count": 1,
+        "count": 3,
        "result": [
            {
                "cn": [
                    "allow_all"
                ],
                "dn": "ipauniqueid=ca842a42-a445-11e0-87ff-525400b55a47,cn=hbac,dc=dev,dc=example,dc=com"
+            },
+            {
+                "cn": [
+                    "rule1"
+                ],
+                "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com"
+            },
+            {
+                "cn": [
+                    "rule2"
+                ],
+                "dn": "ipauniqueid=12e2e4ba-120d-11e1-bbf7-525400e135d8,cn=hbac,dc=dev,dc=example,dc=com"
            }
        ],
-        "summary": "1 HBAC rule matched",
+        "summary": "3 HBAC rules matched",
        "truncated": false
    }
 }
--- a/install/ui/test/data/hbacrule_get_records.json
+++ b/install/ui/test/data/hbacrule_get_records.json
@ -2,7 +2,7 @@
    "error": null,
    "id": null,
    "result": {
-        "count": 1,
+        "count": 3,
        "results": [
            {
                "error": null,
@ -35,6 +35,87 @@
                },
                "summary": null,
                "value": "allow_all"
+            },
+            {
+                "error": null,
+                "result": {
+                    "accessruletype": [
+                        "allow"
+                    ],
+                    "cn": [
+                        "rule1"
+                    ],
+                    "description": [
+                        "Test Rule"
+                    ],
+                    "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com",
+                    "ipaenabledflag": [
+                        "TRUE"
+                    ],
+                    "memberhost_host": [
+                        "dev.example.com"
+                    ],
+                    "memberhost_hostgroup": [
+                        "production"
+                    ],
+                    "memberservice_hbacsvc": [
+                        "ftp",
+                        "sshd"
+                    ],
+                    "memberservice_hbacsvcgroup": [
+                        "sudo"
+                    ],
+                    "memberuser_group": [
+                        "editors"
+                    ],
+                    "memberuser_user": [
+                        "admin",
+                        "test"
+                    ],
+                    "sourcehost_host": [
+                        "dev.example.com"
+                    ],
+                    "sourcehost_hostgroup": [
+                        "staging"
+                    ]
+                },
+                "summary": null,
+                "value": "rule1"
+            },
+            {
+                "error": null,
+                "result": {
+                    "accessruletype": [
+                        "allow"
+                    ],
+                    "cn": [
+                        "rule2"
+                    ],
+                    "description": [
+                        "Test Rule"
+                    ],
+                    "dn": "ipauniqueid=12e2e4ba-120d-11e1-bbf7-525400e135d8,cn=hbac,dc=dev,dc=example,dc=com",
+                    "ipaenabledflag": [
+                        "FALSE"
+                    ],
+                    "memberhost_host": [
+                        "test.example.com"
+                    ],
+                    "memberhost_hostgroup": [
+                        "staging"
+                    ],
+                    "memberuser_group": [
+                        "ipausers"
+                    ],
+                    "servicecategory": [
+                        "all"
+                    ],
+                    "sourcehost_host": [
+                        "test.example.com"
+                    ]
+                },
+                "summary": null,
+                "value": "rule2"
            }
        ]
    }
--- a/install/ui/test/data/hbacrule_show.json
+++ b/install/ui/test/data/hbacrule_show.json
@ -30,7 +30,7 @@
                "usercategory": "rscwo"
            },
            "cn": [
-                "test"
+                "rule1"
            ],
            "dn": "ipauniqueid=4ed8b682-edf511df-b3f78f4b-11cc007b,cn=hbac,dc=dev,dc=example,dc=com",
            "ipaenabledflag": [
@ -71,6 +71,6 @@
            ]
        },
        "summary": null,
-        "value": "test"
+        "value": "rule1"
    }
 }
--- a/install/ui/test/data/hbactest.json
+++ b/install/ui/test/data/hbactest.json
@ -0,0 +1,16 @@
+{
+    "error": null,
+    "id": null,
+    "result": {
+        "error": null,
+        "matched": [
+            "allow_all",
+            "rule1"
+        ],
+        "notmatched": [
+            "rule2"
+        ],
+        "summary": "Access granted: True",
+        "value": true
+    }
+}
--- a/install/ui/webui.js
+++ b/install/ui/webui.js
@ -52,7 +52,8 @@ IPA.admin_navigation = function(spec) {
            {name: 'hbac', label: IPA.messages.tabs.hbac, children: [
                 {entity: 'hbacrule'},
                 {entity: 'hbacsvc'},
-                 {entity: 'hbacsvcgroup'}
+                 {entity: 'hbacsvcgroup'},
+                 {entity: 'hbactest'}
            ]},
            {name: 'sudo', label: IPA.messages.tabs.sudo, children: [
                 {entity: 'sudorule'},
--- a/install/ui/widget.js
+++ b/install/ui/widget.js
@ -1257,7 +1257,15 @@ IPA.table_widget = function (spec) {
        $('input[name="'+that.name+'"]', that.thead).attr('checked', false).
            attr('title', IPA.messages.search.select_all);
        $('input[name="'+that.name+'"]', that.tbody).attr('checked', false);
+        that.select_changed();
+    };

+    that.set_values = function(values) {
+        $('input[name="'+that.name+'"]', that.tbody).attr('checked', false);
+        for (var i=0; values && i<values.length; i++) {
+            var value = values[i];
+            $('input[name="'+that.name+'"][value="'+value+'"]', that.tbody).attr('checked', true);
+        }
        that.select_changed();
    };

@ -1274,8 +1282,6 @@ IPA.table_widget = function (spec) {
            var record = that.get_record(result, i);
            that.add_record(record);
        }
-
-        that.unselect_all();
    };

    that.save = function() {