Initial support for policy editing

More work is needed as the values are currently hardcoded and not saved

ipa-server/ipa-gui/ipagui/controllers.py

@@ -17,6 +17,8 @@ import ipa.ipaclient
 from subcontrollers.user import UserController
 from subcontrollers.group import GroupController
 from subcontrollers.delegation import DelegationController
+from subcontrollers.policy import PolicyController
+from subcontrollers.ipapolicy import IPAPolicyController
 
 ipa.config.init_config()
 
@@ -27,6 +29,8 @@ class Root(controllers.RootController):
     user = UserController()
     group = GroupController()
     delegate = DelegationController()
+    policy = PolicyController()
+    ipapolicy = IPAPolicyController()
 
     @expose(template="ipagui.templates.welcome")
     @identity.require(identity.not_anonymous())

ipa-server/ipa-gui/ipagui/forms/Makefile.am

@@ -4,8 +4,10 @@ appdir = $(IPA_DATA_DIR)/ipagui/forms
 app_PYTHON = 			\
 	__init__.py		\
 	group.py		\
+	ipapolicy.py		\
+	policy.py		\
 	user.py			\
-	delegate.py			\
+	delegate.py		\
 	$(NULL)
 
 EXTRA_DIST =			\

ipa-server/ipa-gui/ipagui/forms/ipapolicy.py

@@ -0,0 +1,29 @@
+import turbogears
+from turbogears import validators, widgets
+
+class IPAPolicyFields():
+    searchlimit = widgets.TextField(name="searchlimit", label="Search Time Limit", attrs=dict(size=6,maxlength=6))
+    maxuidlength = widgets.TextField(name="maxuidlength", label="Max. UID Length", attrs=dict(size=3,maxlength=3))
+    passwordnotif = widgets.TextField(name="passwordnotif", label="Password Expiration Notification (days)", attrs=dict(size=3,maxlength=3))
+
+class IPAPolicyValidator(validators.Schema):
+    searchlimit = validators.Number(not_empty=True)
+    maxuidlength = validators.Number(not_empty=True)
+    passwordnotif = validators.Number(not_empty=True)
+
+class IPAPolicyForm(widgets.Form):
+    params = ['ipapolicy_fields']
+
+    hidden_fields = [
+    ]
+
+    validator = IPAPolicyValidator()
+
+    def __init__(self, *args, **kw):
+        super(IPAPolicyForm,self).__init__(*args, **kw)
+        (self.template_c, self.template) = widgets.meta.load_kid_template(
+                "ipagui.templates.ipapolicyeditform")
+        self.ipapolicy_fields = IPAPolicyFields
+
+    def update_params(self, params):
+        super(IPAPolicyForm,self).update_params(params)

ipa-server/ipa-gui/ipagui/subcontrollers/Makefile.am

@@ -5,6 +5,8 @@ app_PYTHON = 			\
 	__init__.py		\
 	group.py		\
 	ipacontroller.py	\
+	ipapolicy.py		\
+	policy.py		\
 	user.py			\
 	delegation.py		\
 	$(NULL)

ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py

@@ -0,0 +1,96 @@
+import os
+from pickle import dumps, loads
+from base64 import b64encode, b64decode
+import copy
+import logging
+
+import cherrypy
+import turbogears
+from turbogears import controllers, expose, flash
+from turbogears import validators, validate
+from turbogears import widgets, paginate
+from turbogears import error_handler
+from turbogears import identity
+
+from ipacontroller import IPAController
+from ipa.entity import utf8_encode_values
+from ipa import ipaerror
+import ipagui.forms.ipapolicy
+
+import ldap.dn
+
+log = logging.getLogger(__name__)
+
+ipapolicy_edit_form = ipagui.forms.ipapolicy.IPAPolicyForm()
+
+class IPAPolicyController(IPAController):
+
+    @expose()
+    def index(self):
+        raise turbogears.redirect("/ipapolicy/show")
+
+    @expose("ipagui.templates.ipapolicyshow")
+    @identity.require(identity.not_anonymous())
+    def show(self, tg_errors=None):
+        """Displays the one policy page"""
+
+        # TODO: Get this dict from LDAP
+        ipapolicy = {}
+        ipapolicy['searchlimit'] = 2
+        ipapolicy['maxuidlength'] = 3
+        ipapolicy['passwordnotif'] = 4
+        return dict(ipapolicy=ipapolicy,fields=ipagui.forms.ipapolicy.IPAPolicyFields())
+
+    @expose("ipagui.templates.ipapolicyedit")
+    @identity.require(identity.not_anonymous())
+    def edit(self, tg_errors=None):
+        """Displays the edit IPA policy form"""
+        if tg_errors:
+            turbogears.flash("There were validation errors.<br/>" +
+                             "Please see the messages below for details.")
+
+        try:
+            # TODO: Get this dict from LDAP
+            ipapolicy_dict = {}
+            ipapolicy_dict['searchlimit'] = 2
+            ipapolicy_dict['maxuidlength'] = 3
+            ipapolicy_dict['passwordnotif'] = 4
+            return dict(form=ipapolicy_edit_form, ipapolicy=ipapolicy_dict)
+        except ipaerror.IPAError, e:
+            turbogears.flash("IPA Policy edit failed: " + str(e) + "<br/>" + str(e.detail))
+            raise turbogears.redirect('/group/show', uid=cn)
+
+
+    @expose()
+    @identity.require(identity.not_anonymous())
+    def update(self, **kw):
+        """Display delegate page"""
+        self.restrict_post()
+        client = self.get_ipaclient()
+
+        if kw.get('submit', '').startswith('Cancel'):
+            turbogears.flash("Edit policy cancelled")
+            raise turbogears.redirect('/ipapolicy/show')
+
+        tg_errors, kw = self.ipapolicyupdatevalidate(**kw)
+        if tg_errors:
+            turbogears.flash("There were validation errors.<br/>" +
+                             "Please see the messages below for details.")
+            return dict(form=ipapolicy_edit_form, ipapolicy=kw,
+                    tg_template='ipagui.templates.ipapolicyedit')
+
+        try:
+
+            # TODO: Actually save the data
+
+            turbogears.flash("IPA Policy updated")
+            raise turbogears.redirect('/ipapolicy/show')
+        except (SyntaxError, ipaerror.IPAError), e:
+            turbogears.flash("Policy update failed: " + str(e))
+            return dict(form=policy_form, policy=kw,
+                        tg_template='ipagui.templates.policyindex')
+
+    @validate(form=ipapolicy_edit_form)
+    @identity.require(identity.not_anonymous())
+    def ipapolicyupdatevalidate(self, tg_errors=None, **kw):
+        return tg_errors, kw

ipa-server/ipa-gui/ipagui/subcontrollers/policy.py

@@ -0,0 +1,32 @@
+import os
+from pickle import dumps, loads
+from base64 import b64encode, b64decode
+import copy
+import logging
+
+import cherrypy
+import turbogears
+from turbogears import controllers, expose, flash
+from turbogears import validators, validate
+from turbogears import widgets, paginate
+from turbogears import error_handler
+from turbogears import identity
+
+from ipacontroller import IPAController
+from ipa.entity import utf8_encode_values
+from ipa import ipaerror
+
+import ldap.dn
+
+log = logging.getLogger(__name__)
+
+class PolicyController(IPAController):
+
+    @expose("ipagui.templates.policyindex")
+    @identity.require(identity.not_anonymous())
+    def index(self, tg_errors=None):
+        """Displays the one policy page"""
+
+        # TODO: return a dict of the items and URLs to display on
+        #       Manage Policy
+        return dict()

ipa-server/ipa-gui/ipagui/templates/Makefile.am

@@ -20,8 +20,14 @@ app_DATA =			\
 	groupnewform.kid	\
 	groupnew.kid		\
 	groupshow.kid		\
+	ipapolicyeditform.kid	\
+	ipapolicyedit.kid	\
+	ipapolicyindex.kid	\
+	ipapolicyshow.kid	\
 	loginfailed.kid		\
 	master.kid		\
+	policyindex.kid		\
+	policylayout.kid	\
 	usereditform.kid	\
 	useredit.kid		\
 	userlayout.kid		\

ipa-server/ipa-gui/ipagui/templates/ipapolicyedit.kid

@@ -0,0 +1,15 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"
+    py:extends="'policylayout.kid'">
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type" py:replace="''"/>
+    <title>Edit IPA Policy</title>
+</head>
+<body>
+  <div>
+          <h1>Edit IPA Policy</h1>
+
+  ${form.display(action=tg.url('/ipapolicy/update'), value=ipapolicy)}
+</div>
+</body>
+</html>

ipa-server/ipa-gui/ipagui/templates/ipapolicyeditform.kid

@@ -0,0 +1,62 @@
+<div xmlns:py="http://purl.org/kid/ns#"
+  class="simpleroster">
+
+   <form action="${action}" name="${name}" method="${method}" class="tableform"
+      onsubmit="preSubmit()" >
+
+          <input type="submit" class="submitbutton" name="submit"
+              value="Update Policy"/>
+          <input type="submit" class="submitbutton" name="submit"
+              value="Cancel Edit" />
+
+<?python
+from ipagui.helpers import ipahelper
+?>
+
+  <script type="text/javascript" charset="utf-8"
+    src="${tg.url('/static/javascript/dynamicedit.js')}"></script>
+
+    <div py:for="field in hidden_fields"
+      py:replace="field.display(value_for(field), **params_for(field))"
+      />
+
+    <h2 class="formsection">Search</h2>
+    <table class="formtable" cellpadding="2" cellspacing="0" border="0">
+        <tr>
+          <th>
+            <label class="fieldlabel" py:content="ipapolicy_fields.searchlimit.label" />:
+          </th>
+        <td>
+          <span py:replace="ipapolicy_fields.searchlimit.display(value_for(ipapolicy_fields.searchlimit))" />
+          <span py:if="tg.errors.get('searchlimit')" class="fielderror"
+              py:content="tg.errors.get('searchlimit')" />
+        </td>
+        </tr>
+    </table>
+
+    <h2 class="formsection">Password Policy</h2>
+    <table class="formtable" cellpadding="2" cellspacing="0" border="0">
+        <tr>
+          <th>
+            <label class="fieldlabel" py:content="ipapolicy_fields.passwordnotif.label" />:
+          </th>
+          <td>
+          <span py:replace="ipapolicy_fields.passwordnotif.display(value_for(ipapolicy_fields.passwordnotif))" />
+          <span py:if="tg.errors.get('passwordnotif')" class="fielderror"
+              py:content="tg.errors.get('passwordnotif')" />
+          </td>
+        </tr>
+        <tr>
+          <th>
+            <label class="fieldlabel" py:content="ipapolicy_fields.maxuidlength.label" />:
+          </th>
+          <td>
+          <span py:replace="ipapolicy_fields.maxuidlength.display(value_for(ipapolicy_fields.maxuidlength))" />
+          <span py:if="tg.errors.get('maxuidlength')" class="fielderror"
+              py:content="tg.errors.get('maxuidlength')" />
+          </td>
+        </tr>
+    </table>
+  </form>
+
+</div>

ipa-server/ipa-gui/ipagui/templates/ipapolicyshow.kid

@@ -0,0 +1,51 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"
+    py:extends="'policylayout.kid'">
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type" py:replace="''"/>
+<title>Manage IPA Policy</title>
+</head>
+<body>
+
+<?python
+from ipagui.helpers import ipahelper
+edit_url = tg.url('/ipapolicy/edit')
+?>
+
+  <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/tablekit.js')}"></script>
+
+  <h1>Manage IPA Policy</h1>
+
+    <h2 class="formsection">Search</h2>
+    <table class="formtable" cellpadding="2" cellspacing="0" border="0">
+        <tr>
+          <th>
+            <label class="fieldlabel" py:content="fields.searchlimit.label" />:
+          </th>
+          <td>${ipapolicy.get("searchlimit")}</td>
+        </tr>
+    </table>
+
+    <h2 class="formsection">Password Policy</h2>
+    <table class="formtable" cellpadding="2" cellspacing="0" border="0">
+        <tr>
+          <th>
+            <label class="fieldlabel" py:content="fields.passwordnotif.label" />:
+          </th>
+          <td>${ipapolicy.get("passwordnotif")}</td>
+        </tr>
+        <tr>
+          <th>
+            <label class="fieldlabel" py:content="fields.maxuidlength.label" />:
+          </th>
+          <td>${ipapolicy.get("maxuidlength")}</td>
+        </tr>
+    </table>
+<hr />
+    <input class="submitbutton" type="button"
+      onclick="document.location.href='${edit_url}'"
+      value="Edit Policy" />
+
+
+</body>
+</html>

ipa-server/ipa-gui/ipagui/templates/master.kid

@@ -78,7 +78,7 @@
         <li><a href="${tg.url('/group/list')}">Find Groups</a></li>
         </ul>
         <ul>
-        <li><a href="${tg.url('/')}">Manage Policy</a></li>
+        <li><a href="${tg.url('/policy/index')}">Manage Policy</a></li>
         <li><a href="${tg.url('/user/edit/', principal=tg.identity.user.display_name)}">Self Service</a></li>
         </ul>
         <ul>

ipa-server/ipa-gui/ipagui/templates/policyindex.kid

@@ -0,0 +1,31 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"
+    py:extends="'policylayout.kid'">
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type" py:replace="''"/>
+<title>Manage Policy</title>
+</head>
+<body>
+
+<?python
+from ipagui.helpers import ipahelper
+?>
+
+  <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/tablekit.js')}"></script>
+
+  <h1>Manage Policy</h1>
+
+  <table>
+    <tbody>
+      <tr>
+          <td>
+            <a href="${tg.url('/ipapolicy/show')}"
+              >IPA Policy</a>
+          </td>
+      </tr>
+    </tbody>
+  </table>
+
+
+</body>
+</html>

ipa-server/ipa-gui/ipagui/templates/policylayout.kid

@@ -0,0 +1,17 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#"
+    py:extends="'master.kid'">
+<head>
+</head>
+
+<body py:match="item.tag=='{http://www.w3.org/1999/xhtml}body'" py:attrs="item.items()">
+      <div id="main_content">
+<div id="details">
+        <div id="alertbox" py:if="value_of('tg_flash', None)"><p py:content="XML(tg_flash)"></p></div>
+
+        <div py:replace="[item.text]+item[:]"></div>
+      </div>
+</div>
+</body>
+
+</html>