New component: option_widget_base. It's not a regular widget but it share some of its characteristics. It should extend regular widget or it can be nested in itself alone.
checkbox_widget, checkboxes_widget, radio_widget were modified to use it.
Built as a prerequisite for:
https://fedorahosted.org/freeipa/ticket/3404
rhino-1.7R4-2.fc19.noarch dropped -main flag which made the build fail in rawhide (F19).
We can't use the same command for rhino-1.7R3-6 (F18) and rhino-1.7R4-2 (F19).
This patch adds check if rhino supports '-require' option. If so it calls rhino with it if not it calls rhino with -main option.
https://fedorahosted.org/freeipa/ticket/3501
Following pages were added to Web UI:
* certificated details
* certificate search
Certificate is not regular object so it gets no metadata. Therefore artificial
metadata were created for it to allow usage of search and details facet.
Search and details facet were modified to allow removing of add/remove/update/
reset buttons - certificates have no mod operation and they are not added by
standard means.
User can revoke and restore certificated in details facet.
https://fedorahosted.org/freeipa/ticket/3419
This patch adds 'nfs:NONE' as an allowed entry for the global
authorization data type in the CLI and WebUI. This is an ad-hoc solution
to make sure that the new default value for the NFS service is not
removed by chance.
This patch should be removed if a more generic solution is implemented
to modify service:TYPE style values of the authorization data type.
https://fedorahosted.org/freeipa/ticket/2960
Added blacklists section, with ipantsidblacklistincoming and
ipantsidblacklistoutgoing multivalued textbox fields, into trust details page.
https://fedorahosted.org/freeipa/ticket/3289
There was an incorrect check for no_update flag. Check was performed as
if the flag was an attribute of object not an item of array. Hence, the
flag never caused any effect.
Editable combobox didn't update it's dirty state correctly. CB had it's own
internal value changed event, which was incorrectly used. It was removed and
widget's value_changed event was used instead.
Combobox can be controlled just by using keyboard.
When value list is closed, user can:
* use UP and DOWN error to open list, it will focus the list and
select previous/next value
* when CB is non-editable, user can start typing, first character will open
list, second will be entered into search input. Note: I wanted to copy the
first char to the search box as well, but I did not figure out reliable
method for converting keycode to char for non ASCII keyboard layouts
* ESCAPE, ENTER, TAB keys are handled to allow keyboard operations in a
container
When value list is opened:
* CB tries to keep focus on either search input or a select
* when focus is lost, the value list is closed. So user can click anywhere
on a page to close it - two comboboxes can't be opened on the same time
* hitting TAB key switches between search and select
* if CB is not searchable, hitting TAB will close the value list and select
input textbox
* hitting ESCAPE on will close the value list
* hitting ENTER on search input will invoke search operation
* hitting ENTER on select will close the value list
* hitting UP/DOWN arrows will select previous/next values
Additional modifications:
* opening arrow and search button were made non-focusable. It fixes the
'wrong focus area' bug and simplifies keyboard usage. It doesn't affect
mouse usage.
https://fedorahosted.org/freeipa/ticket/3324
This is to prevent a fatal name clash wih the new common "messages" Output.
Since i18n_messages is an internal plugin, the change does not affect
our public API.
freeipa.profile was updated accordingly to contain all modules in dojo layer.
This change removes expected errors during the build and therefore it won't confuse others during rpm build. It also helps during development because developer will notice real dependency errors (those not specified this way).
One can specify module ids provided by other means (already built layer file) in providedMids array of build profile file's package section. Builder then ignores dependency errors for specified modules. This allows to build layers without source codes of their dependencies, with no expected errors raised.
Example:
packages:[
{
name: "freeipa",
location: "freeipa",
providedMids: [
'dojo/_base/declare',
'dojo/_base/lang',
'dojo/_base/array',
'dojo/Stateful'
//etc
]
}
],
Develop.js contains code useful only for debugging. It is not part of FreeIPA
release.
Is loaded by typing require(['freeipa/develop']); in browser JS console.
It adds IPA global variable and provide easier way of loading AMD modules into
window.ipadev[providedNameOrModuleName] variable.
https://fedorahosted.org/freeipa/ticket/112
Updated makefiles to comply to new directory structure and also to use builder
for building Web UI.
FreeIPA package spec is modified to use the output of the builder.
https://fedorahosted.org/freeipa/ticket/112
Third party JS libraries which are not AMD modules were moved to src/libs/
directory. Links in html files were changed accordingly.
https://fedorahosted.org/freeipa/ticket/112
Add util/sync.sh utility. It serves for copying source codes or compiled code
of Web UI to testing servers. Useful for development.
https://fedorahosted.org/freeipa/ticket/112
Added symbolic links which points to directories which should contain files of
Web UI layers. By changing those links we can switch between debugging (using
source codes) or testing (compiled version).
util/change-profile.sh utility serves for changing symbolic links in js/ dir
and therefore for switching between debugging and testing.
Default configuration for development is:
* freeipa source files
* libs as in git
* compiled Dojo layer
https://fedorahosted.org/freeipa/ticket/112
Added configuration files for building Dojo library and built library itself.
This configuration contains only modules currently needed.
make-dojo.sh script should be used for rebuilding the library when additional
modules or an update are needed.
https://fedorahosted.org/freeipa/ticket/112
* Added package configuration and build profile of FreeIPA UI layer for
Dojo Builder.
* Added script (util/make-ui.sh) which builds the layer
https://fedorahosted.org/freeipa/ticket/112
Added support for Dojo builder.
* Includes built builder and patches required to build the builder.
* _base/configRhino.js is required by the builder to run under rhino.
* added utility scripts for running the builder
* build.sh
* clean.sh
* compile.sh
* make-builder.sh
* prepare-dojo.sh
https://fedorahosted.org/freeipa/ticket/112
Uglify.js library was included in ui/util folder. A wrapper script
util/uglifyjs/uglify was created to run Uglify.js in Rhino enviroment.
https://fedorahosted.org/freeipa/ticket/112
When using 'Add and Add Another' button in entity adder dialog the dialog lose focus when an item is successfully added.
It caused by search dialog filter input. It gets focus in search facet's refresh. The refresh is happening when item is added.
This patch is disabling this focus and additionally is focusing first input element to allow imidiate definion of another item
When multiple dialogs is opened and one is closed the new top dialog doesn't recieve focus. It prevents from confirming/canceling the dialog using keyboard. This patch is fixing it.
https://fedorahosted.org/freeipa/ticket/3200
Base mixin class for dialogs witch confirmation/canceling capabilities.
When used, dialog can be 'confirmed' by 'enter' key or canceled by 'escape' key. It doesn't accept confirmation from all elements to not override default expected behavior like creating new line in text area, executing link or selecting a value in a select element.
https://fedorahosted.org/freeipa/ticket/3200
When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), he gets an unauthorized error with X-Ipa-Rejection-Reason=denied. Web UI responds with showing login dialog with following error message: 'Sorry you
are not allowed to access this service.'.
Note: such users are not supported because they don't have a corresponding entry in LDAP which is needed for ACLs.
https://fedorahosted.org/freeipa/ticket/3252
denied change
After upgrade, sshkeys of existing users and hosts or mac address are not editable because attribute level rights are not send to Web UI due to lack of ipasshuser/ieee802device object classes.
'w_if_no_aci' attribute flag was introduced to bypass this issue. It makes attribute writable when AttributeLevelRights for the attribute are not present and only when user posses rights for modifying object class attribute.
The flag was set for sshkeys_field and mac address field.
https://fedorahosted.org/freeipa/ticket/3260
In FreeIPA 2.2, the default for group type was 'POSIX', in 3.0 it's 'normal' (non-posix). CLI's default is 'POSIX', Web UI should use 'POSIX' as well.
https://fedorahosted.org/freeipa/ticket/3270
Web UI part of 'disable global forwaring per zone' effort.
Option "Forwarding disabled" was added to 'DNS global config' and 'DNS zone' forwarding policy. It corresponds to 'none' value of idnsforwardpolicy.
https://fedorahosted.org/freeipa/ticket/3209
Instructions to generate certificate were simplified.
New instructions:
1) Create a certificate database or use an existing one. To create a new database:
# certutil -N -d <database path>
2) Create a CSR with subject CN=<hostname>,O=<realm>, for example:
# certutil -R -d <database path> -a -g <key size> -s 'CN=dev.example.com,O=DEV.EXAMPLE.COM'
3) Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:
https://fedorahosted.org/freeipa/ticket/3056
browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1].
Old configuration method was moved to ssbrowser.html.
Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config.
The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps.
Ticket: https://fedorahosted.org/freeipa/ticket/3094
[1] https://fedorahosted.org/freeipa/ticket/823
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
There was an error in number validation check. If boundary value was an empty string, validation of a number always failed. This patch fixes the problem by not performing the check in these cases.
https://fedorahosted.org/freeipa/ticket/3066
Put the changes from Ade's dogtag 10 patch into namespaced constants in
dogtag.py, which are then referenced in the code.
Make ipaserver.install.CAInstance use the service name specified in the
configuration. Uninstallation, where config is removed before CA uninstall,
also uses the (previously) configured value.
This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846