Permission details page was incorrectly evaluated as dirty (update button enabled) right after load when permission type={subtree,filter} and some attrs are set.
Can be reproduced by opening 'Modify Automount maps' permission.
The culprit is that attrs widget is populated and dirty-checked even targets where it doesn't belong.
Fixed by running target_mapping action only for visible targets.
https://fedorahosted.org/freeipa/ticket/3527
ipakrbauthzdata accepts [null, 'NONE', 'MS-PAC, 'PAD']
New nesting feature of radios/checkboxes was used to handle mutual exclusivity between
['MS-PAC', 'PAD'], 'NONE' and ''.
https://fedorahosted.org/freeipa/ticket/3404
New component: option_widget_base. It's not a regular widget but it share some of its characteristics. It should extend regular widget or it can be nested in itself alone.
checkbox_widget, checkboxes_widget, radio_widget were modified to use it.
Built as a prerequisite for:
https://fedorahosted.org/freeipa/ticket/3404
rhino-1.7R4-2.fc19.noarch dropped -main flag which made the build fail in rawhide (F19).
We can't use the same command for rhino-1.7R3-6 (F18) and rhino-1.7R4-2 (F19).
This patch adds check if rhino supports '-require' option. If so it calls rhino with it if not it calls rhino with -main option.
https://fedorahosted.org/freeipa/ticket/3501
Following pages were added to Web UI:
* certificated details
* certificate search
Certificate is not regular object so it gets no metadata. Therefore artificial
metadata were created for it to allow usage of search and details facet.
Search and details facet were modified to allow removing of add/remove/update/
reset buttons - certificates have no mod operation and they are not added by
standard means.
User can revoke and restore certificated in details facet.
https://fedorahosted.org/freeipa/ticket/3419
This patch adds 'nfs:NONE' as an allowed entry for the global
authorization data type in the CLI and WebUI. This is an ad-hoc solution
to make sure that the new default value for the NFS service is not
removed by chance.
This patch should be removed if a more generic solution is implemented
to modify service:TYPE style values of the authorization data type.
https://fedorahosted.org/freeipa/ticket/2960
Added blacklists section, with ipantsidblacklistincoming and
ipantsidblacklistoutgoing multivalued textbox fields, into trust details page.
https://fedorahosted.org/freeipa/ticket/3289
There was an incorrect check for no_update flag. Check was performed as
if the flag was an attribute of object not an item of array. Hence, the
flag never caused any effect.
Editable combobox didn't update it's dirty state correctly. CB had it's own
internal value changed event, which was incorrectly used. It was removed and
widget's value_changed event was used instead.
Combobox can be controlled just by using keyboard.
When value list is closed, user can:
* use UP and DOWN error to open list, it will focus the list and
select previous/next value
* when CB is non-editable, user can start typing, first character will open
list, second will be entered into search input. Note: I wanted to copy the
first char to the search box as well, but I did not figure out reliable
method for converting keycode to char for non ASCII keyboard layouts
* ESCAPE, ENTER, TAB keys are handled to allow keyboard operations in a
container
When value list is opened:
* CB tries to keep focus on either search input or a select
* when focus is lost, the value list is closed. So user can click anywhere
on a page to close it - two comboboxes can't be opened on the same time
* hitting TAB key switches between search and select
* if CB is not searchable, hitting TAB will close the value list and select
input textbox
* hitting ESCAPE on will close the value list
* hitting ENTER on search input will invoke search operation
* hitting ENTER on select will close the value list
* hitting UP/DOWN arrows will select previous/next values
Additional modifications:
* opening arrow and search button were made non-focusable. It fixes the
'wrong focus area' bug and simplifies keyboard usage. It doesn't affect
mouse usage.
https://fedorahosted.org/freeipa/ticket/3324
This is to prevent a fatal name clash wih the new common "messages" Output.
Since i18n_messages is an internal plugin, the change does not affect
our public API.
freeipa.profile was updated accordingly to contain all modules in dojo layer.
This change removes expected errors during the build and therefore it won't confuse others during rpm build. It also helps during development because developer will notice real dependency errors (those not specified this way).
One can specify module ids provided by other means (already built layer file) in providedMids array of build profile file's package section. Builder then ignores dependency errors for specified modules. This allows to build layers without source codes of their dependencies, with no expected errors raised.
Example:
packages:[
{
name: "freeipa",
location: "freeipa",
providedMids: [
'dojo/_base/declare',
'dojo/_base/lang',
'dojo/_base/array',
'dojo/Stateful'
//etc
]
}
],
Develop.js contains code useful only for debugging. It is not part of FreeIPA
release.
Is loaded by typing require(['freeipa/develop']); in browser JS console.
It adds IPA global variable and provide easier way of loading AMD modules into
window.ipadev[providedNameOrModuleName] variable.
https://fedorahosted.org/freeipa/ticket/112
Updated makefiles to comply to new directory structure and also to use builder
for building Web UI.
FreeIPA package spec is modified to use the output of the builder.
https://fedorahosted.org/freeipa/ticket/112
Third party JS libraries which are not AMD modules were moved to src/libs/
directory. Links in html files were changed accordingly.
https://fedorahosted.org/freeipa/ticket/112
Add util/sync.sh utility. It serves for copying source codes or compiled code
of Web UI to testing servers. Useful for development.
https://fedorahosted.org/freeipa/ticket/112
Added symbolic links which points to directories which should contain files of
Web UI layers. By changing those links we can switch between debugging (using
source codes) or testing (compiled version).
util/change-profile.sh utility serves for changing symbolic links in js/ dir
and therefore for switching between debugging and testing.
Default configuration for development is:
* freeipa source files
* libs as in git
* compiled Dojo layer
https://fedorahosted.org/freeipa/ticket/112
Added configuration files for building Dojo library and built library itself.
This configuration contains only modules currently needed.
make-dojo.sh script should be used for rebuilding the library when additional
modules or an update are needed.
https://fedorahosted.org/freeipa/ticket/112
* Added package configuration and build profile of FreeIPA UI layer for
Dojo Builder.
* Added script (util/make-ui.sh) which builds the layer
https://fedorahosted.org/freeipa/ticket/112
Added support for Dojo builder.
* Includes built builder and patches required to build the builder.
* _base/configRhino.js is required by the builder to run under rhino.
* added utility scripts for running the builder
* build.sh
* clean.sh
* compile.sh
* make-builder.sh
* prepare-dojo.sh
https://fedorahosted.org/freeipa/ticket/112
Uglify.js library was included in ui/util folder. A wrapper script
util/uglifyjs/uglify was created to run Uglify.js in Rhino enviroment.
https://fedorahosted.org/freeipa/ticket/112
When using 'Add and Add Another' button in entity adder dialog the dialog lose focus when an item is successfully added.
It caused by search dialog filter input. It gets focus in search facet's refresh. The refresh is happening when item is added.
This patch is disabling this focus and additionally is focusing first input element to allow imidiate definion of another item
When multiple dialogs is opened and one is closed the new top dialog doesn't recieve focus. It prevents from confirming/canceling the dialog using keyboard. This patch is fixing it.
https://fedorahosted.org/freeipa/ticket/3200
Base mixin class for dialogs witch confirmation/canceling capabilities.
When used, dialog can be 'confirmed' by 'enter' key or canceled by 'escape' key. It doesn't accept confirmation from all elements to not override default expected behavior like creating new line in text area, executing link or selecting a value in a select element.
https://fedorahosted.org/freeipa/ticket/3200
When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), he gets an unauthorized error with X-Ipa-Rejection-Reason=denied. Web UI responds with showing login dialog with following error message: 'Sorry you
are not allowed to access this service.'.
Note: such users are not supported because they don't have a corresponding entry in LDAP which is needed for ACLs.
https://fedorahosted.org/freeipa/ticket/3252
denied change
After upgrade, sshkeys of existing users and hosts or mac address are not editable because attribute level rights are not send to Web UI due to lack of ipasshuser/ieee802device object classes.
'w_if_no_aci' attribute flag was introduced to bypass this issue. It makes attribute writable when AttributeLevelRights for the attribute are not present and only when user posses rights for modifying object class attribute.
The flag was set for sshkeys_field and mac address field.
https://fedorahosted.org/freeipa/ticket/3260
In FreeIPA 2.2, the default for group type was 'POSIX', in 3.0 it's 'normal' (non-posix). CLI's default is 'POSIX', Web UI should use 'POSIX' as well.
https://fedorahosted.org/freeipa/ticket/3270
Web UI part of 'disable global forwaring per zone' effort.
Option "Forwarding disabled" was added to 'DNS global config' and 'DNS zone' forwarding policy. It corresponds to 'none' value of idnsforwardpolicy.
https://fedorahosted.org/freeipa/ticket/3209
Instructions to generate certificate were simplified.
New instructions:
1) Create a certificate database or use an existing one. To create a new database:
# certutil -N -d <database path>
2) Create a CSR with subject CN=<hostname>,O=<realm>, for example:
# certutil -R -d <database path> -a -g <key size> -s 'CN=dev.example.com,O=DEV.EXAMPLE.COM'
3) Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:
https://fedorahosted.org/freeipa/ticket/3056
