The user details facet has been modified such that when the account
is activated/deactivated the page will be reloaded.
Some methods in the framework have been changed:
- The ipa_widget.clear() has been removed because it can be replaced
by existing reset().
- The ipa_widget.set_values() has been renamed into update().
If the ticket is expired or otherwise unusable it should fall back to the DM
password. It was prompted for correctly but wasn't being passed on.
ticket 549
The CA is installed before DS so we need to wait until DS is actually installed
to be able to ldap_enable the CA instance.
Fixes: https://fedorahosted.org/freeipa/ticket/612
This allows us to have the CA ready to serve out certs for any operation even
before the dsinstance is created. The CA is independent of the dsinstance
anyway.
Also fixes: https://fedorahosted.org/freeipa/ticket/544
This replace the former ipactl script, as well as replace the current way ipa
components are started.
Instead of enabling each service in the system init scripts, enable only the
ipa script, and then let it start all components based on the configuration
read from the LDAP tree.
resolves: https://fedorahosted.org/freeipa/ticket/294
The '+' and '-' signs before the section headers in details facet
are now enclosed in square brackets. The section content is now
hidden/shown using slideToggle().
The ipa_details_create() and ipa_details_setup() have been moved
into ipa_details_facet.
The SUDO rule details facet has been updated to support the latest UI
spec. The facet consists of 5 sections: general, users, hosts, commands,
and run-as.
The general section contains the SUDO rule description and status. If
the status is changed, the sudorule-enable/disable will be invoked.
The other sections contain radio buttons for the association category
and tables for the members. When a member is added or removed, the
category will be adjusted appropriately. If the category is changed to
'all', 'allow', or 'deny', all members will be removed.
The last section is currently not working because backend support is
not yet available.
The adder dialog boxes for users, groups, and hosts has been modified
to accept external identities. The layout for the base adder dialog
was updated. The base dialog class was updated to support templates.
The SUDO dialog boxes were implemented using templates. New CSS
classes were added to ipa.css.
The HBAC rule details facet has been updated as well.
The entity.default_facet has been removed, instead the first facet
registered to the entity will be considered as the default facet.
So, the 'setup' parameter has been removed from tab definitions
because it's no longer necessary. The ipa_details_only_setup() has
been removed as well.
An 'entity' parameter has been added to tab definitions to specify
which entity corresponds to a tab item. The tab label has been
changed to use entity label if available.
Some hard-coded labels have been removed. The unit tests have been
updated.
Instead of allocating a completely random start between 1M and 2G and a range
of 1M values, give 10000 possible 200k ranges. They all start at a 200k
boundary so they generate more readable IDs, at least until there arent't too
many users/replicas involved.
The ipa_add_dialog has been fixed to initialize the fields which
will get the labels from metadata. Hard-coded labels have been
removed from field declarations.
The superior() method has been removed because it doesn't work with
multi-level inheritance. Superclass method for now is called using
<class name>_<method> (e.g. widget_init).
The ipa_column has been modified to get the label from metadata
during initialization. The ipa_table_widget has been modified to
initialize the columns. Hard-coded labels have been removed from
column declarations.
The ipa_adder_dialog has been modified to execute a search at the
end of setup.
The association facet for HBAC Service Groups has been removed
and replaced with an association table in the details page.
The ipa_association_table_widget has been modified to support
multiple columns in the table itself and in the adder dialog.
The ipa_association_adder_dialog and ipa_association_facet have
been refactored.
The ipa_sudorule_association_widget and ipa_rule_association_widget
has been removed because their functionalities have been merged into
ipa_association_table_widget.
Updated the user,group,host, hostgroup, netgroup, service, and all policy
entities to use the newer framework functions, in order to
replaced the old array style definitions which did not support i18n.
update a few of the newer framerwork functions to get the lables from the
meta data.
Fixed the unit tests which were expecting a details facet for users,
no longer automatically created
The create_association_facets() has been modified such that it
does not generate duplicate links. This is done by assigning the
proper labels and hiding non-assignable associations.
Each association will get a label based on the attribute used:
- memberof: Membership in <entity name>
- member.*: <entity name> Members
- managedby: Managed by <entity name>
The following associations will be hidden:
- memberindirect
- enrolledby
The internal.py was modified to return localized labels.
The test data has been updated.
A custom facet has been added to manage the host's managedby attribute.
The facet defines the add and remove methods, the columns for the
association table and enrollment dialog, and the link for the primary
key column.
The enrollment dialog has been modified to use scrollable tables that
supports multiple columns to display the search results and selected
entries. The columns are specified by calling create_adder_column()
on the association facet. By default the tables will use only one
column which is to display the primary keys.
The following enrollment dialogs have been modified to use multiple
columns:
- Group's member_user
- Service's managedby_host
- HBAC Service Group's member_hbacsvc
- SUDO Command Group's member_sudocmd
The ipa_association_table_widget's add() and remove() have been moved
into ipa_association_facet so they can be customized by facet's
subclass. The ipa_table's add_row() has been renamed to add_record().
Some old code has been removed from ipa_facet_create_action_panel().
The code was used to generate association links from a single facet.
It's no longer needed because now each association has its own facet.
The test data has been updated. The IPA.nested_tabs() has been fixed
to return the entity itself if IPA.tab_set is not defined. This is
needed to pass unit test.
The certificate_status_widget has been modified to check for the
environment variable ra_plugin to determine the CA used by IPA
server. If self-signed CA is used, some operations will not be
available (e.g. checking certificate status, revoking/restoring
certificate), so the corresponding interface will be hidden. Other
operations such as creating new certificate and viewing certificate
are still available.
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).
A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.
ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).
This makes the aci plugin internal only.
ticket 445
The association facet has been modified to support multiple columns.
By default the facet will have one column which is the primary key of
the associated object (e.g. username of a group member), so the
existing code will work like before. Other fields (e.g. user's full
name) can be added by subclassing the ipa_association_facet class and
specifying the additional columns to display. These additional fields
will be retrieved using a batch operation.
Previously a single association facet instance will be used for all
associations in an entity. Now each association will have its own
association facet. This way each association facet can be customized
differently as needed. The <entity>-enroll URL parameter has been
removed because it's no longer needed.
The ipa_entity.create_association_facets() is provided to generate
the default association facets with one column for the primary key.
The column click handler has been moved out of ipa_column to provide
more flexibility for customization.
The get_action_panel() and get_client_area() have been modified to
search within the entity's container.
The group entity has been fully converted to use the new UI framework.
Association facets that have been modified to use multiple columns are:
- User Group's member_user
- HBAC Service Group's member_hbacsvc
- SUDO Command Group's member_sudocmd
- Service's managedby_host
New test data files have been added. Unit tests have been updated.
The list of attributes that a host bound as itself could write was
overly broad.
A host can now only update its description, information about itself
such as OS release, etc, its certificate, password and keytab.
ticket 416
If we don't then we need to add it when a group is detached causing
aci issues.
I had to move where we create the UPG template until after the DS
restart so the schema is available.
ticket 542
There was a corner case where the value of --ip-address was never verified
if you were also setting up DNS.
Added this bit of information to the man page too.
ticket 399
The SUDO Commands and Command Groups pages have been added under
SUDO Rules tab.
Similar to HBAC navigation issue, these entities do not have their
own tab, so an exception has been added to the navigation code
to read sudo-entity parameter to determine the entity being viewed.
Fixing this issue will require framework changes.
New test data for these operations have been added.
Previously the queries for action panel were done globally. Since each
entity container has its own action panel, the queries will return multiple
results. This is fixed by qualifying the query to run within the entity
container.
The query has also been moved into ipa_facet.get_action_panel(). Entities
that do not have their own entity container (e.g. HBAC services and service
groups) will need to override this method to get the action panel from the
right entity container (e.g. HBAC rules).
The facet.setup_views() has been renamed to facet.create_action_panel().
New test data for SUDO rules have been added.
This changes the system limits for the dirsrv user as well as
configuring DS to allow by default 8192 max files and 64 reserved
files (for replication indexes, etc..).
Fixes: https://fedorahosted.org/freeipa/ticket/464
Change the way we specify the id ranges to force uid and gid ranges to always
be the same. Add option to specify a maximum id.
Change DNA configuration to use shared ranges so that masters and replicas can
actually share the same overall range in a safe way.
Configure replicas so that their default range is depleted. This will force
them to fetch a range portion from the master on the first install.
fixes: https://fedorahosted.org/freeipa/ticket/198
The support for host enrollment via one-time-password has been added.
When submitted, the OTP will be used to set the host's userpassword.
Previously each IPA command can only have one JSON test data file.
The ipa_cmd() has been modifies to accept an optional command name.
When used with static files, it will pull the test data whose name
is the same as the command name.
The batch.json has been renamed to ipa_init.json for UI initialization.
Some test data have been added for operations against specific hosts.
The search and details pages for SUDO Rule have been added. Codes
that are shared with HBAC have been moved to rule.js.
The following methods were renamed for consistency:
- ipa_details_load() -> ipa_details_refresh()
- ipa_details_display() -> ipa_details_load()
The ipa_details_cache has been removed because the cache is now
stored in each widget.
The index.xhtml has been removed. All references to it has been
changed to index.html.
The Unselect All checkbox has been fixed. Unnecessary parameter
'container' has been removed.
The unit test has been updated and new test data has been added.
Disable any services when its host is disabled.
This also adds displaying the certificate attributes (subject, etc)
a bit more universal and centralized in a single function.
ticket 297
The service and host details pages have been modified to display Kerberos
key provisioning status and to provide a way to unprovision. The host
enrollment via OTP has not been implemented yet.
The ipa_details_field has been modified to remove any old <dd> tags it
created in the previous load operation. This is to support other widgets
that need to perform load operation without removing <dd> tags.
The certificate_status_panel has been converted into a widget. The host
entity has been rewritten using the new framework.
The unit tests has been updated.
The additions to the search widget have to go one level deeper, as
'container' has both the action panel and the client area
Conflicts:
install/static/hbac.js
install/static/hbacsvc.js
install/static/hbacsvcgroup.js
Making all of the page elements based on the font size.
Also, set the font to the defauklt for the browser.
By default, most brosers have Font set to 16px.
The HBAC details page has been enhanced to support Undo and Reset operations.
The functionality is implemented in the base widget class so the behavior
will be more consistent across widgets. A <span> tag now used to define the
field boundary in the HTML doc. The tag contains the visual representation
of the field which include the input tag and optionally the undo link.
The Update method on HBAC details page has been modified so that it executes
several operations using a batch command. The operations being executed
depends on the changes made to the fields. These operations may include:
- removing access time if access time is changed to any time
- removing memberships if member category is changed to all
- modifying rule attributes if description or rule type is changed
- enabling/disabling the rule if rule status is changed
The behavior of the Add & Remove buttons also has been changed such that
it adjust the category attribute properly in addition to adding the
memberships using batch command. For example, if category is initially
set to all, adding a new member will also change the category to empty.
The ipa_command have been modified to store the on_success and on_error
handlers as properties. When the command is executed as a part of batch
operation, the result of each command will be passed to the appropriate
handler.
The unit tests and test data have been updated as well.
Closer to the layout from the spec
The facets have been moved to the action panel, to the left of the page
the facets are now rendered in an area of the screen with a client class
The HBAC Service Groups search, details, and association pages have
been added under the HBAC tab.
New test data files for HBAC Service Groups have been added. The sample
metadata has been updated as well.
The HBAC Service search and details pages have been added under the HBAC
tab. This requires some changes to the framework.
Currently the navigation framework doesn't support multiple entities under
one tab. As a temporary solution, an 'entity' URL parameter is used to
determine the entity to be displayed. This parameter is now only used by
HBAC tab, but its use might be expanded later. The navigation framework
needs be redesigned to provide more flexibility.
The search page in all entities except DNS records have been changed to
use the ipa_search_widget. The Select/Unselect All checbox and Delete
button now work correctly and consistently.
The Add dialog has been enhanced to render and work in a more consistent
way while still supporting custom widgets & layouts. For the search page,
the Add button will refresh the search results and clear the fields in
the dialog box.
The framework now provides some extension points which can be overriden
by the subclasses:
- init(): for initialization and configuration
- create(): for creating the layout dynamically or from template
- setup(): for setting the look and feel
- load(): for loading the data
Entity and facet initialization is now done after IPA.init(). This is to
ensure the metadata is loaded first so the entities and facets can use
localized messages/labels/titles.
The group entity has been partially converted to use the new framework.
The unit tests have been updated accordingly.
The signature of ldap2.get_entry() changed so normalize wasn't being
handled properly so the basedn was always being appended causing our
entry in cn=config to be not found.
ticket 414
Uses a new subclass IPAOptionParser in scripts instead of OptionParser
from the standard python library. IPAOptionParser uses its own IPAOption
class to store options, which adds a new 'sensitive' attribute.
https://fedorahosted.org/freeipa/ticket/393
UI updated to use the enable and disable methods, and to correctly report them
Implementation has a few shortcomings:
1. Status is displayed in Browser alert dialog, not JQueryUI themed
2. Upon completion of RPC, navigate back to the Search page.
Still, this is much less broken than before.
With whitespace cleanup,
using toLowerCase for testing true
and removde dual declaration of variables
IPA commands now can be defined in these classes:
- ipa_command: a single IPA command
- ipa_batch_command: a batch command for executing multiple commands
on the server side using the new batch plugin
The dialog boxes for adding and removing entries have been refactored:
- ipa_dialog: base class for dialog boxes
- ipa_adder_dialog: generic adder dialog box
- ipa_deleter_dialog: generic deleter dialog box
- ipa_association_adder_dialog: adding entity association
- ipa_association_deleter_dialog: removing entity association
Dialog boxes for adding/deleting HBAC users, hosts, services, and
sourcehosts are implemented using the association dialog boxes.
The dialog box for adding access time is implemented using ipa_dialog
and currently contains only a text field. This will be replaced with a
custom dialog box in a separate patch.
The dialog box for removing access time is implemented using the
generic deleter class because it's not an association. Removing multiple
access times is implemented using batch operations.
New test data files for access times have been added.
THis patch handles Kerberos ticket expiration in the UI. Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app
Conflicts:
install/static/ipa.js
if the field does not have a 'w' for writable in its rights, disable it.
Merged with the HBAC/Widget changes
add and remove links are managed via permissions now
The UI framework has been extended to include a collection of widgets:
- ipa_widget: base class
- ipa_text_widget: text field
- ipa_radio_widget: radio button
- ipa_textarea_widget: textarea
- ipa_button_widget: button
- ipa_column_widget: column for table
- ipa_table_widget: table
These widgets can be used to create input controls. They can also be
extended to create custom controls.
The framework has also been enhanced to support custom layouts. This
can be used to change the look of the application without changing
the code. Initially this is only available in details section.
Layout consists of a collection of HTML templates. Each template is a
complete and valid HTML file representing a portion of a page. The
template will be loaded and initialized by the code, then filled with
the data from the server. The layouts are located in
install/static/layouts/<name> folder.
By default, if no templates are used, the fields in the details page
are rendered vertically using dd/dt/dd tags. For pages that require
different layout, a custom UI needs to be developed. There are two ways
to do that:
- write a custom widget to generate the UI dynamically
- create an HTML template and write the initialization code
For components that are quite complex or used frequently, it's might
be better to use the first method. For simple pages that are used only
in one location or need to support customization, the second method
might be preferable. Other benefits of templates:
- cleaner code and UI separation
- more flexibility in customization
- new pages can be developed quickly and require less coding
- multiple templates can be used with the same initialization code
- easier to maintain
The HBAC details page has been implemented using both methods. By
default it will use custom widgets to generate the page. To use a
custom layout, add the following parameter to the URL, then reload
the page:
&layout=<name>
Currently the only available layout is 'default' which produces the
same look as the custom widgets.
The HBAC details page is usable, but it still needs additional work.
The access time is not working yet. There is no undo button, hint,
or validation yet.
The table in the association facet has also been changed to use
ipa_association_widget which is derived from ipa_table_widget.
The Makefile has been updated to include the layouts. The unit tests
have been updated as well.
This lets the KDC count password failures and can lock out accounts for
a period of time. This only works for KDC >= 1.8.
There currently is no way to unlock a locked account across a replica. MIT
Kerberos 1.9 is adding support for doing so. Once that is available unlock
will be added.
The concept of a "global" password policy has changed. When we were managing
the policy using the IPA password plugin it was smart enough to search up
the tree looking for a policy. The KDC is not so smart and relies on the
krbpwdpolicyreference to find the policy. For this reason every user entry
requires this attribute. I've created a new global_policy entry to store
the default password policy. All users point at this now. The group policy
works the same and can override this setting.
As a result the special "GLOBAL" name has been replaced with global_policy.
This policy works like any other and is the default if a name is not
provided on the command-line.
ticket 51
Uses code very similar to the search code for deleting associations
Had to modify how we were configuring for bulk so that the logic for delete matched the logic for enroll
Fixed unit test and removed the 'new' from the associator call
This should make renamed users able to keep using old credentials as the salt
is not derived from the principal name but is always a random quantity.
https://fedorahosted.org/freeipa/ticket/412
The ipa_cmd() has been modified to identity the type of the error
it has received and display the error using the right dialog box.
The dialog box can be customized further to display the appropriate
amount of information for each type of error.
This patch introduces a new framework for implementing custom UI.
It consists of the following classes:
Main:
- IPA: global namespace and object repository
- ipa_entity: base class for entities
- ipa_facet: base class for facets
Add dialog:
- ipa_add_dialog: default add dialog
- ipa_add_field: the fields used in the dialog
Search facet:
- ipa_search_facet: default search facet
- ipa_search_column: the columns in the search result
Details facet:
- ipa_details_facet: default details facet
- ipa_details_section: the sections in the details facet
- ipa_details_field: the fields in the details facet
Association facet:
- ipa_association_facet: default association facet
- ipa_association_config: the association configurations
To use this framework, create a class extending the ipa_entity (e.g.
ipa_hbac). Use the create_* methods to create add dialog, search facet,
details facet, and association facet. The fields/columns for the dialog
and facets can be specified using the init() function. Custom UI can be
defined by overwriting the base methods (e.g. setup, save, load).
The entity must be added into the repository using IPA.add_entity().
The original ipa_entity_setup() has been generalized by moving facet-
specific codes into the corresponding facet. Some facet names are still
hard-coded. This will be fixed in follow-up patches.
Some global variables have been removed because their function has been
replaced by the object repository:
- ipa_entity_add_list
- ipa_entity_search_list
- ipa_entity_details_list
- window_hash_cache
Some functions and variables have been moved into IPA namespace:
- ipa_json_url -> IPA.json_url
- ipa_use_static_files -> IPA.use_static_files
- ipa_ajax_options -> IPA.ajax_options
- ipa_objs -> IPA.metadata
- ipa_messages -> IPA.messages
- ipa_dialog -> IPA.error_dialog
- ipa_init() -> IPA.init()
Initially the HBAC and Service entities have been rewritten to use the
new framework. The DNS is partially converted, the ipa_records_facet
is used to define custom records facet.
Other entities can still work using the old framework. The old framework
has been modified to be a wrapper for the new framework. Eventually all
entities will be converted to use the new framework.
Some unit tests have been modified to use the new framework.
without the details change
including changes from Reviewboard https://fedorahosted.org/reviewboard/r/96/
Fixed pages that use unspecified (krb ticket policy, config)
Facet name comes out of the facet, not hard coded.
serverHostName because this is tied to the FQDN so should only be changed
on a host rename (which we don't do).
memberOf because the plugin should do this. Directly manging this attribute
would be pretty dangerous and confusing.
Also remove a redundant aci granting the admins group write access to
users and groups. They have it with through the "admins can modify any
entry" aci.
tickets 300, 304
The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.
The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.
The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
We'll later replace them with a new scheme. For now, this is the simplest UI
The intention is to look unfinished, so people don't comment on how poor it looks.
The service details page has been modified to show certificate
status using bullets. It will also show the revocation reason,
and display the restore button only if the certificate is on
hold. The buttons action handlers have been moved into
service_usercertificate_load() so they can update the bullets.
A test data file for cert-show operation has been added. Other
test data files containing certificate info has been updated for
consistency.
The certificate_confirmation_dialog() has been removed because
it's no longer used.
The service.py has been modified to include certificate info in
the service-show result if the service contains usercertificate.
A new file certificate.js has been added to store codes related
to certificates (e.g. revocation reasons, dialog boxes). The
service.js has been modified to provide the UI for certificate
management. The certificate.js can also be used for host
certificate management.
The Makefile.am and index.xhtml has been modified to include
certificate.js. New test data files have been added for certificate
operations.
To test revoke and restore operations the server needs to be
installed with dogtag CA instead of self-signed CA.
The certificate status and revocation reason in the details page
will be implemented in subsequent patches. Unit tests will also
be added in subsequent patches.
metadata for phone numbers
test date for users
Undo works for multivalue
JQuery UI buttons have custom classes
inputs/fields are now managed inside of objects
removed the use of .call. as it was confusing the issue of
mismatched parameter lists.
Fixed the parameter lists, too.
Add automatic creation of python an C file lists for potfiles
Deletes useless copy of Makefile in install/po
Remove duplicate maintainer-clean target
Add debug target that prints file lists
Unbreak update-po target, merges in patch from John
This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.
On the server side, the service.py has been modified to define
usercertificate in the service object's takes_params. This is
needed to generate the proper JSON metadata which is needed by
the UI. It also has been modified to accept null certificate for
deletion.
On the client side, the service details page has been modified to
display the base64-encoded certificate in a text area. When the
page is saved, the action handler will store the base64-encoded
certificate in the proper JSON structure. Also the service name
and service hostname are now displayed in separate fields.
The details configuration has been modified to support displaying
and updating certificates. The structure is changed to use maps
to define sections and fields. A section contains name, label,
and an array of fields. A field contains name, label, setup
function, load function, and save function. This is used to
implement custom interface and behavior for certificates.
All other entities, test cases, and test data have been updated
accordingly. Some functions and variables have been renamed to
improve clarity and consistency.
Population of the policy and entites tabs.
DNS and ACI are broken due to PLugin issues
Fix for entities without search
Added new files to Makefile.am
used rolegroup.js file as the start point, renamed to serverconfig.js
When we uninstall we wipe out the entire LDAP database, so it doesn't really
make mush sense to try to also remove single entries from it.
This avoids the --uninstall procedure to fail because the DM password is not
available or the LDAP server is down, and we are just trying to cleanup
everything.
The ipa_error_handler() has been modified to display the AJAX URL
that is having a problem. The ipa_cmd() error handler is now invoked
using call() to pass 'this' object which contains the URL.
Helps when you need to add random snippets of config that really do not deserve
a full atttribute, but are still something you want to put in LDAP and have
replicated.
1) Added new attribute memberDenyCommand
2) Renamed memberCmd to memberAllowCmd
3) Changed the object class:
* removed type
* reflected the rename change
* added the new attribute
4) Renumbered the attributes (while we still can) for consistency.
The ipa_entity_set_association_definition() has been added to configure
the association between 2 entitites. By default the associator is
BulkAssociator and the method is add_member. The entities have been
updated to use the right configurations.
The ipa_cmd() has been modified to detect IPA errors and invoke the
error handler.
A bug in refresh_on_success() has been fixed as well.
ipa_entity_quick_links() has been added to generate quick links
automatically from object's attribute_members, the same logic used
for generating facet list. The search definition for each entity
has been updated to use the new function. A unit test has been
added for this function.
The navigation.js has been modified to make it more abstract, i.e.
unaware of entity facets. The nav_update_tabs() has been modified
such that it activates and updates the tabs based on the current
state stored in the URL.
The facets are now handled in entity.js. The ipa_entity_setup() has
been modified to update the facets based on the current state and
cached state.
The navigation.js also has been modified to be more class-like. The
nav_create() has been modified to store the tab configuration and
the tab container in internal variables nav_tabs_lists and
nav_container. The nav_update_tabs() now can be called without any
parameters.
Functions nav_push_state(), nav_get_state(), and nav_remove_state()
have been added to wrap BBQ API. This is to allow unit tests to
replace them with mockup functions to remove dependency on BBQ.
Some errors (e.g. server down) are reported as AJAX success with
empty data. The ipa_cmd() has been modified so that it will detect
such errors and invoke the error handler.
The ipa_cmd() has been modified such that when an error occurs a
dialog box will appear showing the error message with 2 buttons:
Retry and Cancel. If Retry is clicked, it will attempt to execute
the same operation again. If Cancel is clicked, the operation will
be canceled and the control is returned to the caller.
New unit tests have been added to test ipa_cmd() on successfull
and unsuccessfull cases.
The associate.js, details.js, entity.js, search.js, and webui.js
have been modified to display the error message inside the page.
This behavior can be changed in the future (e.g. redirect to error
page).
The navigation.js and webui.js have been modified to render only
the visible tabs. This improves the performance and reduce hidden
errors. The navigation unit test has been modified to reflect this
behavior.
Some variables/functions also have been renamed for consistency.
Convert the tab lists to arrays of objects with four potential fields:
tab[0] -> tab.name
tab[1] -> tab.label
tab[2] -> tab.setup or tab.children
Added unit tests for nav_setup and nav_select_tab
jQuery tabs by default will display the first tab, so reloading a page
or opening a page from bookmark may not show the active tab correctly.
The nav_select_tabs() has been added to get the list of active tabs from
the hash values in the URL and then activate the appropriate tabs. It
will be called during page initialization and whenever the hash values
change.
The navigation.js and webui.js has been cleaned up to better utilize
jQuery API. jQuery selectors are used to create DOM objects that can
be used by subsequent codes. Tab selection handler is now added to the
tabs object instead of anchors. The change event no longer needs to be
triggered manually.
THe Add button was located using the DOm, and the scheme used to find it was fragile enough to be broken by the I18N approach. This is a little more robust, using a JQuery selector based on the class of the controls, and the entity name.
Also remove Makefile, which should be autogenerated
New test cases have been added to test SerialAssociator and
BulkAssociator using mockup objects. Also fixed a bug in BulkAssociator.
Moved switch_view() out of ipa_entity_generate_views() in entity.js
to allow unit testing using mockup objects. Updated the test case
to validate click event on facets.
Performing I18N completely on the server, to leverage the
existing gettext architecture.
Also, the browser does not have access to the Language header.
Added the additional po files for a set of required languages
conflict with install/static/ipa.js was resolved.
Note that the addition of the .po files in this patch is necessary.
In order to get Transifex support, we need to update the LINGUAS
file with the languages for which we want support. If we don't
add the .po files in, they get automatically generated by the rpmbuild
process. Our implementation of gettext has a bug in it (It might
be F13 thing) where the the Plurals line is not getting correctly
transformed, which causes a build failure. However, since the
RPM would have the .po files anyway, we should revision control
the ones we have, even if they are empty.
Fixed the Bug reporting url to the original value.
Corrected the Chartype encoding for UK
The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user.
Also fixed a bug where, when reloading, the search page would fail due to scl being undefined.
Fixed a typo
replaced {'user-facet':'details', 'pkey':whoami_pkey},2);
with {'user-facet':'details', 'user-pkey':whoami_pkey},2);
Test framework for Web UI has been created using qUnit. The test files
are located in install/static/test. The main page is index.html which
contains links to all test suites (xxx_tests.html). The test cases are
stored in xxx_tests.js. All test suites can be executed at once using
all_tests.html. The test data is stored in data folder. This patch
includes test suites for ipa.js and entity.js.
Some variables and functions in ipa.js have been modified to accomodate
testing (e.g. JSON URL, error handler, synchronous operation). The
sampledata has been moved to test/data. The develop.js and webui.js also
have been modified accordingly.
This was meant to catch the case where the client wasn't configured and
it missed the most obvious one: the client was installed and is now
uninstalled.
The enroll facet has been converted into a dialog box. This dialog
box will appear when the user clicks the enroll button above the
association list. When the user clicks the enroll button in the
dialog box, the new associations will be created, then the list will
be refreshed to show the changes.
The SerialAssociator and BulkAssociator have been modified to accept
an on_success function which will be called when the whole operation
is completed successfully. This is used to refresh the list and close
the dialog box appropriately.
Some other changes were also made to improve code clarity.
Selects the site map based on the presence or absense of rolegroups for
the current user. If the user has no rolegroups, UI defaults to the Details page for that user.
Corrected to leave two levels of tabs
The Makefile.am and index.xhtml has been modified to include
rolegroup.js. The webui.js has been modified to register the
rolegroup tab.
The rolegroup.js defines the rolegroup's search, add, and details
pages. Sample data for some rolegroup operations have been added.
Unenrollment means that the host keytab is disabled on the server making
it possible to re-install on the client. This host principal is how we
distinguish an enrolled vs an unenrolled client machine on the server.
I added a --unroll option to ipa-join that binds using the host credentials
and disables its own keytab.
I fixed a couple of other unrelated problems in ipa-join at the same time.
I also documented all the possible return values of ipa-getkeytab and
ipa-join. There is so much overlap because ipa-join calls ipa-getkeytab
and it returns whatever value ipa-getkeytab returned on failure.
ticket 242
The add.js has been modified to support adding new entry with
dynamically generated pkey.
The index.xhtml has been modified to include service.js.
The service.js has been modified to use the new API to define
the search, add, and details fields. Callbacks are used to
add quick links and generate pkey dynamically.
The webui.js has been modified to add the Services tab.
The render_call() signature has been modified to pass the entry_attrs
so each callback function can construct the appropriate quick links
using any attributes from the search results.
The callback function has been implemented for user and group entities.
Quick summary:
- use jQuery UI and jQuery BBQ libraries
- code restructuring
The patch has so many changes they can't be listed here. Many parts
of the code have been rewritten from scrach.
See freeipa-devel mailing list:
webUI code restructuring [wall of text, diagrams, ... you've been warned!]
2010-09-07
* Adding a new SUDO schema file
* Adding this new file to the list of targets in make file
* Create SUDO container for sudo rules
* Add default sudo services to HBAC services
* Add default SUDO HBAC service group with two services sudo & sudo-i
* Installing schema
No SUDO rules are created by default by this patch.
The EntityBuilder has been modified to obtain the pkey value by
invoking getPKey(). This function can be overriden for different
entities.
The addOptionsFunction() has been renamed to getOptions() and it
can be overriden for different entities. Each entity that uses this
function has been modified accordingly.
The addEdit(), addAnother(), add_fail() has been moved into the
EntityBuilder class. The global builders is no longer needed because
a reference to the builder object can be obtained via enclosure.
The ServiceForms has been modified to take service name and
hostname and combine them to generate the service principal by
overriding the getPKey().
This started with the client uninstaller returning a 1 when not installed.
There was no way to tell whether the uninstall failed or the client
simply wasn't installed which caused no end of grief with the installer.
This led to a lot of certmonger failures too, either trying to stop
tracking a non-existent cert or not handling an existing tracked
certificate.
I moved the certmonger code out of the installer and put it into the
client/server shared ipapython lib. It now tries a lot harder and smarter
to untrack a certificate.
ticket 142
-Refactored the associations code into a set of objects that are configured by the entities
-Added support for associations that can be done in a single rpc
-hostgroup to host and group to user associations working
-Restructed sampledata so that the file is matched automatically by the RPC method name
-The new ipa_cmd/sampledata scheme insists on there being sample data for any commands or the ipa_command fails.
-Added sampledata files for all the calls we make
-renamed several of the sampledata files to match their rpc calls
-Started a pattern of refactoring where all the forms for the entity fall under a single object
We now catch the hashchange event and use that to drive most of the site.
To trigger page transitions, modify location.hash.
Params start with # not ?.
Removed user-group.inc.
converted tabs to spaces
trivial imlementation of add and details for netgroup and hostgroup
lots of bug fixes based on routing problems and the refactorings.
- Add/Remove links are now only available for multivalue
attributes (Param.multivalue = true) and attributes with param
types, that are multivalue by definition (as of now only List).
Single-value attributes with no value are displayed as empty
input elements.
- When updating an attribute, leading and trailing spaces are
stripped
- Context help available in the form of hints, that are extracted
form Param.hint.
to hash params ( starting with # ). User Details are now part of
index.xhtml, ao one more .inc file has been removed.
Updated commit to catch a few things that had been left out, including
sampledata handling and updateing Makefile.am
Move the netgroup compat configuration from the nis configuration to
the existing compat configuration.
Add a 'status' option to the ipa-copmat-manage tool.
ticket 91
