After deleting section as a special type of object a new way of defining inter-field logic is needed.
For this purpose a facet_policy was created. It is a simple object with init() method. Init method should contain logic for attaching to fields' or widgets' events.
When a policy is added to facet or dialog its container property should be set to that facet or dialog. It gives the policy an access to fields and widgets.
Init method should be called after widgets creation.
https://fedorahosted.org/freeipa/ticket/2040
Sections are changed into pure widget objects. Introduced IPA.composite_widget, basic widget for widget nesting (it's using IPA.widget_container). It's base class for section widgets.
TODO: change old custom sections into custom fields and widgets.
Note: usage of section in HBAC and SUDO is kept - whole logic will be removed in #1515 patch.
https://fedorahosted.org/freeipa/ticket/2040
Introduced IPA.field_container and IPA.widget_container.
IPA.field_container: collection for fields. Can set logical container (facet, dialog...) to fields.
IPA.widget_container: collection for widgets. Has basic searching capability withing widget tree.
Introduced field_builder, widget_builder, section_builder, details_builder. All are used for building fields and widgets. Field_builder and widget_builder have the main building logic. Section_builder can create content based on current section spec. Details builder defines a strategy for building content.
https://fedorahosted.org/freeipa/ticket/2040
https://fedorahosted.org/freeipa/ticket/1794
If the master does not yet support the total update list feature we still
run the memberof fixup task and not fail to replicate due to the new
attribute not being settable.
Jointly-developed-with: Simo Sorce <ssorce@redhat.com>
Jointly-developed-with: Nathank Kinder <nkinder@redhat.com>
The develop.js is no longer necessary because the code in it has
been merged into the main code.
An empty extension.js has been added to provide a place for UI
customization.
Ticket #2099
The search facet has been modified to support paging on most entities
using the --pkey-only option to get the primary keys and a batch command
to get the complete records.
Paging on DNS records is not supported because a record may appear as
multiple rows. The following entities do not have --pkey-only option:
Automount Key, Self-Service Permissions, Delegation.
The search and association facet have been refactored to reuse the
common code from the table facet base class.
Ticket #981
New sample data files have been added for search facet paging. Unused
files have been removed. The names used in the files have been updated
for consistency.
Ticket #981
The reset password dialog for user has been modified to provide
a field to specify the current password when changing the user's
own password.
Ticket #2065
https://fedorahosted.org/freeipa/ticket/2041
Adding option to gathering changes for update from widgets, sections, details facet.
Changes are represented by update_info { fields [] ((field_info)), commands [] ((command_info)) } object.
* On calling get_update_info() method widget, section and facet returns update_info object which represents all changes in nested objects. Thus usually widgets are creating update_infos, their containers are merging them.
* This object can be then used in details facet update method. In order to use it command_mode = 'init' has to be set. Command mode was introduced to support backward compatibility.
* command_info consists of command and priority. Priority can be set to specify exact exectuting order of commands. It can be defined on facet level by setting widget's priority. When widgit is creating command_info it should pas its priority to it.
The entity definitions have been converted into classes. The entity
init() method will use the builder to construct the facets and dialogs.
The UI can be customized by creating a subclass of the original entity
in extension.js and then overriding the init() method.
Ticket #2043
The details page compares the old and the new primary keys to determine
if the page needs to be reloaded. The Kerberos Ticket Policy and Config
pages do not use primary keys, so they are never loaded/updated with
data. A parameter has been added to force update on these pages.
Ticket #1459
https://fedorahosted.org/freeipa/ticket/1459
Changes:
* added clear method to widgets, section, search, details, association facets
* clear and refresh method in facet are called only if key/filter was changed
* added id generator for widgets
Labels using the word "enroll" (except for host enrollment) have
been modified to use more relevant words.
The IPA.add_dialog has been renamed into IPA.entity_adder_dialog
for clarity.
Ticket #1642
The IPA.checkboxes_widget has been modified such that it performs
validation when the checkboxes are clicked. This will also clear any
validation errors.
The dialogs and details pages have been modified to use the * symbol
to mark required fields. The automount map and the DNS zone dialogs
have been modified to update the required fields according to the
input type.
Ticket #1696, #1973
Certificates are passed through the IPA XML-RPC and JSON as binary
data in DER X509 format. Queries peformed against the LDAP server
also return binary DER X509 format. In all cases the binary DER
data is base-64 encoded.
PEM is standard text format for certificates. It also uses base64 to
encode the binary DER data, but had specific formatting
requirements. The base64 data must be wrapped inside PEM delimiters
and the base64 data must be line wrapped at 64 characters.
Most external software which accepts certificates as input will only
accept DER or PEM format (e.g. openssl & NSS). Although base64 is
closely related to PEM it is not PEM unless the PEM delimters are
present and the base64 data is line wrapped at 64 characters.
We already convert binary DER certificates which have been passed as
base64 in other parts of the IPA code. However this conversion has not
been available in the web UI. When the web UI presented certificates
it did so by filling a dialog box with a single line of base64 data. A
user could not copy this data and use it as input to openssl or NSS
for example.
We resolve this problem by introducing new javascript functions in
certificate.js. IPA.cert.pem_cert_format(text) will examine the text
input and if it's already in PEM format just return it unmodified,
otherwise it will line wrap the base64 data and add the PEM
delimiters. Thus it is safe to call on either a previously formated
PEM cert or a binary DER cert encoded as base64. This applies to
pem_csr_format() as well for CSR's.
Because pem_cert_format() is safe to call on either format the web UI
will see the use of the flag add_pem_delimiters was eliminated except
in the one case where the IPA.cert.download_dialog() was being abused
to display PKCS12 binary data (pkcs12 is neither a cert nor a cert
request). Because of the abuse of the cert.download_dialog() for
pkcs12 it was necessary to retain the flag which in effect said "do
not treat the data as PEM".
Modify the CSR (Certificate Signing Request) dialog box to accept a
PEM formatted CSR. Remove the artifical PEM delimiters above and below
the dialog box which were used to suggest the input needed to be sans
the delimiters. The dialog box continues to accept bare base64 thus
allowing either text format.
Also note this solves the display of certificate data in the UI
without touching anything existing code in the server or command line,
thus it's isolated.
https://fedorahosted.org/freeipa/ticket/1565
The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems.
Additional changes:
* fixed whitespaces in ipa.css
* unified headings in config pages
https://fedorahosted.org/freeipa/ticket/1531
Each entity is created together with its dependent objects (e.g. facets and dialog boxes). This causes a circular dependency problem because some of the objects need to obtain a reference to another entity that has not been created.
Currently this is handled by storing only the other entity name and resolve it when needed (e.g. during rendering stage). In IPA.search_facet this delays the creation of the table widget, making it more difficult to customize.
One solution is to do the object creation in 2 steps:
* create all entity objects only
* create the dependent objects in each entity
Implemented solution:
* all entities are created on application start
* dependant objects (facets and dialogs) are created at once on their first use in entity.
Fixes the webui for the case wherea user is not admin but has a role. In
that case, the UI should show the full administrative tabset, but was
instead limited to the selfservice tabset.
The problem was rolegroup had been renamed to role but the UI hadn't
been updated to reflect this.
Addresses
https://bugzilla.redhat.com/show_bug.cgi?id=745957https://fedorahosted.org/freeipa/ticket/1970
https://fedorahosted.org/freeipa/ticket/1933
Web UI init method was modified to get initialization data in 3 calls.
First call remains the same as before except that the json_metadata command
was removed.
JSON metadata are requested after successful response of the first batch command.
This approach should preserve functionality in IE (where request is missing after
authentication). Getting JSON metadata is split to two commands - this should prevent
the error in linked ticket. These two commands are paralelly executed by new
concurent_command object.
Concurrent command waits for all responses then it calls each command's success
handler.
https://fedorahosted.org/freeipa/ticket/1932
Description of problem:
Title is missing while configuring browser for the first time.
Actual results:
There is no title on this screen. I noticed it only on step 8 and later so I am not sure if title is also missing earlier at step 6 or not.
Expected results:
Title "Identity Management" is always present.
Fixed:
* modified paths to images
* fixed padding in ssbrowser.html
* moved browser icons to ui folder
* deleted unused images in html and migration folders (they are already in ui folder, and weren't deployed)
whitespaces
https://fedorahosted.org/freeipa/ticket/1922
gidNumber is not an allowed attribute for a non-posix group. When adding a non-posix group from the UI, unchecking the "Is this a POSIX group?:" box should disable the "GID:" field.
The radio buttons in association facet and radio widget are now
linked to their labels so that they can be selected by clicking
the labels.
Ticket #1782
https://fedorahosted.org/freeipa/ticket/1454
The following widgets should call create_error_link() to create a space to show validation error messages:
IPA.checkbox_widget
IPA.checkboxes_widget
IPA.radio_widget
IPA.select_widget
IPA.table_widget
IPA.attributes_widget
IPA.rights_widget
IPA.target_section (it's a widget)
Solution:
* added call to checkbox, checkboxes, radio, select, table, attributes widget
* rights_widget inherits it from checkboxes_widget.
* target_section IS NOT a widget as it doesn't inherit from widget. It's still a section, which shows different widgets based on its state.
* table_widget displays error_link between pagination and summary.
Additional:
* added padding and unified font-weight for error message
A new IPA.dialog_button class has been added to encapsulate the
buttons in the dialog box so they can be managed more easily.
The adder dialog has been modified to disable the enroll button if
there is no entries selected.
Ticket #1856
The width of the 1st level tab has been modified to expand according
to the size of the tab label.
The width of the adder dialogs have been increased to allow longer
button labels.
Ticket #1825
https://fedorahosted.org/freeipa/ticket/1883
It's a regression introduced by patch for #1797
Reproduce:
* show user group foo
* click on user groups tab
* click on enroll button
Result:
User group 'foo' is listed in available list.
Expected result:
User group 'foo' is not listed in available list.
The DNS zone details page has been modified to use radio buttons for
active zone and dynamic update fields, and text area for BIND update
policy field.
Ticket #1781, #1785
https://fedorahosted.org/freeipa/ticket/1841
The column header for the attributes table (IPA.attributes_widget) does not cover the entire width of the table. This problem appears in the adder dialog and details page for permissions, self-service permissions, and delegations.
Some jQuery objects in various locations have been modified to use
text() to show values obtained from the server (except messages).
The text() will automatically encode special characters.
Ticket #1798
The IPA.combobox_widget has been modified such that if the drop-down
list doesn't contain the stored value (due to search limit) it will
not select anything from the list.
The widget has also been modified not to select the value that matches
the filter automatically because that might not be the user's intention.
Ticket #1819
The IPA.dialog has been modified to store sections instead of fields.
If there is no sections specified, it will create a default section.
The adder dialog for automount map has been modified such that the
fields related to indirect map are stored in a section which will
only be visible when the map type is set to indirect.
The adder dialog for host has been modified such that it uses a
custom section for hostname and DNS zone and standard section for
the other fields.
Ticket #1394
The IPA.association_adder_dialog has been modified to use an exclusion
list to hide entries that are already enrolled.
The IPA.adder_dialog has been modified to store the columns directly
in the available & selected tables.
Ticket #1797
The following list pages were modified to show these columns only:
* HBAC rules: name, type, enabled, description
* Sudo rules: name, enabled, description
Ticket #1796
In the adder dialog for groups the checkbox has been modified to use
the correct field name "nonposix" and be checked by default.
Note: This is a temporary fix to minimize the changes due to release
schedule. Eventually the field label will be changed into "Non-POSIX
group" and the checkbox will be unchecked by default, which is more
consistent with CLI.
Ticket #1799
The hidden fqdn field in the host adder dialog has been changed to
use a generic widget instead of text widget to avoid null pointer
error since the UI elements are never created.
Ticket #1788
The optional uid field in user's adder dialog did not appear when
the link is clicked to show the field. This is a regression introduced
in the patch for ticket #1648.
The click handler for the link field has been moved into a new closure
so that the variables point to the correct elements.
Note: the duplicate code in IPA.details_table_section.create() and
IPA.dialog.create() will be addressed separately in ticket #1394.
https://fedorahosted.org/freeipa/ticket/1640
On the HBAC Rules page, where the rules are listed, if no rule is selected, the "Delete" button is not enabled, and cannot be clicked on.
But edit a Rule, and Delete button is enabled in the available sections - regardless of, if an object is selected to be deleted or not, or even if there is no object to be selected to delete.
One can click on this button...but then - there is no message indicating that something should be selected for deletion for this button to do anything.
Notes:
* fixed association_table_widget and association_facet
The adder dialog for the user and host tables in sudo rule details
page have been fixed to use --not-in-sudorules to avoid showing
entries that are already added into the rule either directly or
indirectly via groups.
This does not apply to the command and run-as tables because they
do not support such option.
Ticket #1768
In order to maintain consistent layout between details page and dialog
boxes the IPA.details_list_section has been replaced with
IPA.details_table_section which is based on table.
The IPA.target_section and other subclasses of IPA.details_list_section
have been converted to use IPA.details_table_section as well.
The unit tests have been updated accordingly.
Ticket #1648
Due to a recent change, all dialog boxes are now reset initially. The
IPA.target_section has been modified to show the default target (i.e.
filter) and the fields properly when reset.
Ticket #1748
https://fedorahosted.org/freeipa/ticket/1739
The attributes table (IPA.attributes_widget) used in Permissions, Self-Service Permissions, and Delegations is supposed to be short but scrollable. In Firefox 3.6 it works fine, but in Firefox 6.0 it appears as a long non-scrollable table which makes it more difficult to use.
The memberof_netgroup association facet for hostgroup has been
explicitly defined to use the serial associator so it will invoke
the right methods.
Ticket #1737
Some hard-coded messages in ipa.js have been moved into internal.py.
The messages in internal.py have been rearranged to match the output
(ipa_init.json).
A new method IPA.get_message() has been added to take a message ID and
return the translated message or a default message if not found.
Ticket #1701
https://fedorahosted.org/freeipa/ticket/1697
Original problem:
WEBUI: Update automount location refer to unknown command
Update name of the automount location (Policy -> Automount ->
custom_location -> Settings -> Update) in the WEBUI refer to an unknown command.
Solution:
Tracking dirty state in field -> section -> details facet.
'Reset' and 'Updates' in details facet are enabled only if facet is dirty.
Removes the problem above and 'no modification to be performed' annoyance.
https://fedorahosted.org/freeipa/ticket/1689
Currently adding or deleting sudo options will refresh the entire page. It's not a problem but the code could be optimized to refresh only the sudo options table
https://fedorahosted.org/freeipa/ticket/1688
The serial associator is used to execute a command multiple times with different parameters. This is used for adding/removing a user into/from multiple groups. It has some issues:
Each command is executed one-by-one, so it could be slow.
* If there's a failure the rest of the commands will not be executed.
* This can be fixed by putting the commands into a batch and execute them at once.
Newly performs validation of details facet before update. If validation fails, notification dialog is shown and command isn't executed.
Fixed integer minimum and maximum value checking.
Read-only and non-writable fields are no longer considered required.
Since the Add/Delete links in the association table are disabled when
the category is set to 'all', it's no longer necessary to check the
category before showing the add/delete dialogs and modify the category
before adding entries. Thus, the IPA.rule_association_table_widget is
no longer needed.
Ticket #1692
The association table widget and facet have been modified to accept
titles for the add and delete dialogs. The table and facet definitions
have been modified to specify the appropriate titles.
Some unused code have been removed.
Ticket #1629
The 'Hide already enrolled' has been removed from the enrollment
dialog because it is checked by default and entries that are already
enrolled cannot be enrolled again.
Ticket #1638
The IPA.user_status_widget has been modified to show/hide the link for
activating/deactivating users according to the attributelevelrights.
Ticket #1625
The general link style defined in ipa.css was overriden by a more
specific rule in jquery-ui.css. So the style has been modified to
include the more specific rule.
Ticket #1623
The 3rd level tabs were partially covered by the content panel, so
only the top portion can be clicked. The content panel has been
repositioned to avoid the problem.
The host adder dialog has been modified to show separate fields for
hostname and DNS zone. The hostname is a text field and the DNS zone
is an editable drop-down list. The fields will have the following
behavior:
- If the user types a dot into the hostname field, the cursor will
automatically move into the DNS zone field.
- If the user pastes an FQDN into the hostname field, the value will
automatically be split into hostname and DNS zone.
- If the user selects a value from the drop-down list, it will only
change the DNS zone, not the hostname.
Ticket #1457
The IE does not resend the request body during negotiation, so after
after a successful authentication the server could not find the JSON
request to parse.
The Web UI has been modified to detect this error and resend the
initialization request.
Ticket #1540
The facet group labels have been modified according to UXD spec.
Some facet groups will have more descriptive labels. Some others
will not have any labels because the facet tab is self-explanatory.
Ticket #1423, #1561
https://fedorahosted.org/freeipa/ticket/1481
Shows status dialog instead of error dialog (error 4304 is treated like success).
Refactored error dialog.
Added generic message dialog (IPA.message_dialog)
Modified core tests to work with dialog.
The tables in the adder dialog have been modified to expand
according to the size of the dialog.
This patch also fixes the problem with row height on IE.
Ticket #1542
change widget and widget unit tests to hold on to entity, not entity name.
Replacing entity_name with entity.name in most places.
The one exception is columns for table_widget.
Widgets that refer to other entities have to have late resolution of the entity object, due to circular dependencies.
cleanup entity assignment.
removed template and layout,
merged setup into create
adder dialogs adjust height for external
removed init from widget, isection, association, facet, host and service
Make unit tests use factory.
fix functional tests to click find link correctly.
tweak to activation test, but still broken.
moved initialization code to the end
use --all for hbacrule find, so the type shows up now
fixed dns exception code and exception handling for get_entity
replace metadata look up with value from entity.
fixed author lines
removed duplicate columns in managed by facets.
tweak to nav fix in order to initialize tab.
more defensive code
update metadata for true false
one line init for entity_name in widget
move init code to end of constructor functions
moved constants to start of function for adder_dialog
external fields for dialogs initialized at dialog creation
sudo sections: move add fields and columns to widget definition.
The parameter validation in IPA.column ...This is precondition checking. Note that it merely throws an exception if the entity_name is not set. I want this stuff at the top of the function so that it is obvious to people looking to use them what is required. I added a comment to make this clear, but I'd like to keep precondition checking at the top of the function.
decreased the scope of the pkey_name and moved the initiailzation fof columns into the setup_column function for association_tables
return false at the end of click handler
removed blank labels in sudo command section
fix radio buttons for sudo category
fixed table side for adder dialogs with external fields
comments for future direction with add_columns
https://fedorahosted.org/freeipa/ticket/1451https://fedorahosted.org/freeipa/ticket/1462https://fedorahosted.org/freeipa/ticket/1493https://fedorahosted.org/freeipa/ticket/1497https://fedorahosted.org/freeipa/ticket/1532https://fedorahosted.org/freeipa/ticket/1534
The handler for host 'Set OTP' button has been modified to obtain
the primary key from the entity and return false to stop the normal
event processing.
Ticket #1511
When opening a bookmark, each tab level will be updated separately
from top to bottom according to the URL state. The navigation code
has been modified to recognize when an ancestor tab is being updated
and not change the URL state.
Ticket #1521
The navigation code has been modified store the facet's state
separately in the facet object itself. The path state is stored
in the navigation object. When the path is changed to view a new
facet, only the path and the state of the new facet will be shown
in the URL, thus keeping the URL short.
This fixes pagination, bookmark and search filter problems as well.
Ticket #1507, 1516, 1517
The select event handler in the navigation tab has been modified to
distinguish the source of the event. If the event is triggered by
URL hash change, it will use the state specified in the URL. If the
event is triggered by a mouse click, it will use the state stored
internally.
The IPA.current_facet() has been merged into IPA.entity.setup()
and replaced by IPA.entity.get_facet(). The setup() will read the
current facet's name from the <entity>-facet URL parameter and store
the facet object in the entity object. The get_facet() without any
parameter will return the current facet object.
The code for supporting custom layouts using HTML templates has been
removed. If it's needed again in the future the code can be restored.
Ticket #1501
The HBAC access time is currently not supported, so the related UI
code has been removed to reduce maintenance issue. When the feature
becomes supported in the future the code may be restored/rewritten.
Ticket #546
In a recent change the details page was changed to create and locate
field containers with 'details-field' CSS class. The HBAC and sudo
custom details pages have been modified to use the same CSS class.
Ticket #1508
The UUID field has been removed from the entitlement registration
dialog box because it's currently not supported. The code has been
modified not to send empty UUID value should this become supported
in the future.
Ticket #1506
A custom adder dialog has been added for DNS zones to simplify creating
reverse zones from IP address. The dialog provides a checkbox which
indicates whether the content of the zone name field is an IP address.
The IP address will be used to generate the reverse zone name and email
address.
Ticket #1045
Remove all DNS entities if the DNS server is not installed.
Removes it from the navigation as well.
https://fedorahosted.org/freeipa/ticket/1498
move created count to last thing in the funciton.
The IPA.entity_select_widget has been modified into a searchable and
editable drop down list. The base functionality has been extracted
into IPA.combobox_widget.
Ticket #1361
The CSS text-transform sometimes produces incorrect capitalization,
so the code has been modified to use translated labels that already
contain the correct capitalization.
Ticket #1424
Brings the DNS record infrastructure in line with the other entities.
Uses widgets, nested search, and a littel bit of overloading for dns specific behavior
The records now have their own page.
simplified link widget and use for dns
links work for nested entities.
change the field in the link widget to other_entity to avoid name collision.
unit test for entity link.
fixed reference to entity for getting pkeys
work around lack of setattr for dns record mod.
update wasn't deducing locked_field type correctly.
don't overwrite param_info in init
data is required on adder dialog
delete works for multiple records
use show instead of find for entity_link_widget.
https://fedorahosted.org/freeipa/ticket/1038https://fedorahosted.org/freeipa/ticket/1448https://fedorahosted.org/freeipa/ticket/577https://fedorahosted.org/freeipa/ticket/1460
https://fedorahosted.org/freeipa/ticket/1259
Python code will see nsaccountlock as bool. JavaScript code will also see it as bool.
This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
previsouly was checked on key down, but that does the check too soon.
Next attempt was on blur, but that had numerous problems. This now checkes when the add button is clicked.
works for entity_select widget, too
Checks upon form submission
https://fedorahosted.org/freeipa/ticket/1437
shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red.
Only shows up fro administrators, not for self service users.
https://fedorahosted.org/freeipa/ticket/1421
The object_name attribute was used as both an identifier and a
label which sometimes require different values (e.g. hbacrule
vs. HBAC rule). The code that uses object_name as an identifier
has been changed to use the 'name' attribute instead. The values
of the object_name attribute have been fixed to become proper
labels.
Ticket #1217
The entitlement buttons are located serveral levels underneath
facet-controls, so the CSS selector has been fixed to extend beyond
facet-controls' immediate children.
Ticket #1419
The IPA.user_status_widget has been modified such that it checks
the facet dirty status and asks the admin to either Update or Reset
the changes. Then the widget shows a dialog to confirm whether
the admin wants to activate/deactivate the user.
Ticket #1395
Instead of looking for a match on the entity name, use the nesting structure
of containing entites to grab their pkeys.
Code review fixes
https://fedorahosted.org/freeipa/ticket/674
https://fedorahosted.org/freeipa/ticket/674
decrement depth for hidden tabs.
Initialize state from url
useing delete for removing state
stricter attribute matching
not incrementing depth for all hidden tabs.
whitespace cleanup
The entity labels in the following locations have been fixed:
- search facet title: plural
- details facet title: singular
- association facet title: singular
- breadcrumb: plural
- adder dialog title: singular
- deleter dialog title: plural
Some entity labels have been changed into the correct plural form.
Unused file install/ui/test/data/i18n_messages.json has been removed.
Ticket #1249
Ticket #1387
A new attribute label_singular has been added to all entities which
contains the singular form of the entity label in lower cases except
for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web
UI, this label can be capitalized using CSS text-transform.
The existing 'label' attribute is intentionally left unchanged due to
inconsistencies in the current values. It contains mostly the plural
form of capitalized entity label, but some are singular. Also, it
seems currently there is no comparable capitalization method on the
server-side. So more work is needed before the label can be changed.
Ticket #1249
