HBAC deny warning

shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red. Only shows up fro administrators, not for self service users. https://fedorahosted.org/freeipa/ticket/1421
2025-02-25 18:55:28 -06:00 · 2011-07-05 17:59:05 -04:00
parent aca908e1e4
commit e4a444ba81
11 changed files with 262 additions and 32 deletions
--- a/install/ui/hbac.js
+++ b/install/ui/hbac.js
@@ -26,7 +26,21 @@ IPA.entity_factories.hbacrule = function () {
    return IPA.entity_builder().
        entity('hbacrule').
        search_facet({
-            columns:['cn','usercategory','hostcategory','ipaenabledflag',
+            columns:['cn',
+                     {
+                         factory: IPA.column,
+                         name:'accessruletype',
+                         setup : function(container,record){
+                             container.empty();
+                             var value = record[this.name];
+                             value = value ? value.toString() : '';
+                             if (value === 'deny'){
+                                 container.addClass('hbac-deny-rule');
+                             }
+                             container.append(value);
+                         }
+                     },
+                     'usercategory','hostcategory','ipaenabledflag',
                     'servicecategory','sourcehostcategory']
        }).
        details_facet({
@@ -996,3 +1010,40 @@ IPA.hbacrule_accesstime_widget = function (spec) {

    return that;
 };
+
+IPA.hbac_deny_warning_dialog = function (container) {
+    var dialog = IPA.dialog({
+        'title': 'HBAC Deny Rules found'
+    });
+
+    var link_path = "config";
+    if (IPA.use_static_files){
+        link_path = "html";
+    }
+
+    dialog.create = function() {
+        dialog.container.append(
+            "HBAC rules with type deny have been found."+
+                "  These rules have been deprecated." +
+                "  Please remove them, and restructure the HBAC rules." );
+        $('<p/>').append($('<a/>',{
+            text: 'Click here for more information',
+            href: '../' +link_path +'/hbac-deny-remove.html',
+            target: "_blank",
+            style: 'target: tab; color: blue; '
+        })).appendTo(dialog.container);
+    };
+
+    dialog.add_button('Edit HBAC Rules', function() {
+        dialog.close();
+        IPA.nav.show_page('hbacrule', 'search');
+    });
+
+    dialog.add_button('Ignore for now', function() {
+        dialog.close();
+    });
+
+    dialog.init();
+
+    dialog.open();
+};