Base mixin class for dialogs witch confirmation/canceling capabilities.
When used, dialog can be 'confirmed' by 'enter' key or canceled by 'escape' key. It doesn't accept confirmation from all elements to not override default expected behavior like creating new line in text area, executing link or selecting a value in a select element.
https://fedorahosted.org/freeipa/ticket/3200
When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), he gets an unauthorized error with X-Ipa-Rejection-Reason=denied. Web UI responds with showing login dialog with following error message: 'Sorry you
are not allowed to access this service.'.
Note: such users are not supported because they don't have a corresponding entry in LDAP which is needed for ACLs.
https://fedorahosted.org/freeipa/ticket/3252
denied change
After upgrade, sshkeys of existing users and hosts or mac address are not editable because attribute level rights are not send to Web UI due to lack of ipasshuser/ieee802device object classes.
'w_if_no_aci' attribute flag was introduced to bypass this issue. It makes attribute writable when AttributeLevelRights for the attribute are not present and only when user posses rights for modifying object class attribute.
The flag was set for sshkeys_field and mac address field.
https://fedorahosted.org/freeipa/ticket/3260
In FreeIPA 2.2, the default for group type was 'POSIX', in 3.0 it's 'normal' (non-posix). CLI's default is 'POSIX', Web UI should use 'POSIX' as well.
https://fedorahosted.org/freeipa/ticket/3270
Web UI part of 'disable global forwaring per zone' effort.
Option "Forwarding disabled" was added to 'DNS global config' and 'DNS zone' forwarding policy. It corresponds to 'none' value of idnsforwardpolicy.
https://fedorahosted.org/freeipa/ticket/3209
Instructions to generate certificate were simplified.
New instructions:
1) Create a certificate database or use an existing one. To create a new database:
# certutil -N -d <database path>
2) Create a CSR with subject CN=<hostname>,O=<realm>, for example:
# certutil -R -d <database path> -a -g <key size> -s 'CN=dev.example.com,O=DEV.EXAMPLE.COM'
3) Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:
https://fedorahosted.org/freeipa/ticket/3056
browserconfig.html was changed to use new FF extension. The page is completely Firefox specific therefore the title was changed from 'Configure browser' to 'Firefox configuration'. Instruction to import CA cert in unauthorized.html are FF specific too, so they were moved to browserconfig.html. Unauthorized.html text was changed to distinguish FF config and other browsers. Now the page shows link for FF (browserconfig.html) and other browsers (ssbrowser.html). Ssbrowser.html should be enhanced by more configurations and browsers later [1].
Old configuration method was moved to ssbrowser.html.
Unauthorized dialog in Web UI now links to http://../unauthorized.html instead of https. This change is done because of FF strange handling of extension installations from https sites [2]. Firefox allows ext. installation from https sites only when the certificate is signed by some build-in CA. To allow custom CAs an option in about:config has to be changed which don't help us at all because we wants to avoid manual changes in about:config.
The design of browserconfig is inspired by Kyle Baker's design (2.1 Enhancements_v2.odt). It is not exactly the same. Highlighting of the steps wasn't used because in some cases we can switch some steps.
Ticket: https://fedorahosted.org/freeipa/ticket/3094
[1] https://fedorahosted.org/freeipa/ticket/823
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=688383
There was an error in number validation check. If boundary value was an empty string, validation of a number always failed. This patch fixes the problem by not performing the check in these cases.
https://fedorahosted.org/freeipa/ticket/3066
Put the changes from Ade's dogtag 10 patch into namespaced constants in
dogtag.py, which are then referenced in the code.
Make ipaserver.install.CAInstance use the service name specified in the
configuration. Uninstallation, where config is removed before CA uninstall,
also uses the (previously) configured value.
This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846
Dogtag 10 uses a new installer, new directory layout and new default
ports. This patch changes the ipa install code to integrate these changes.
https://fedorahosted.org/freeipa/ticket/2846
Facets which performs AJAX call after update refresh (clear dirty state) after calling callback of dirty dialog. It might lead to multiple openings of dirty dialog.
Assuming that calling dirty dialog's callback can be evaluated as "dirty state is gone", we can call reset in the callback to prevent the issue. There will be an incorrect state in the facet for a moment. It will be fixed soon on execute of callback of the refresh AJAX call. It is not an issue because it will happen in background. User will be looking on different facet.
https://fedorahosted.org/freeipa/ticket/2667
Format of ipasshpubkey in users and hosts changed from BYTES to STR. Web UI no longer gets the value as base64 encoded string in a object.
Label was changed to reflect that the key don't have to be plain base64 encoded blob.
https://fedorahosted.org/freeipa/ticket/2989
This patch is changing confirmation of actions according to ticket #3035, see the ticket description.
It does following changes:
* Confirmation of update action was removed.
* Action lists resets to first action (which is usually a NOP: '-- select action --') on change of displayed entry.
* New confirmation dialog was implemented. It is used for action confirmation. It is used in IPA.action to replace the call of window.confirm(message). The old call is a modal window which blocks all JS functionality and has different style than other dialogs in Web UI. The new one has same design and doesn't block background operations.
https://fedorahosted.org/freeipa/ticket/3035
While deleting an entry it now resets a facet if there are unsaved changes. It prevents pop up of various error dialogs when UI tries to redirect to search page after successful delete.
https://fedorahosted.org/freeipa/ticket/3047
Notification of success was added to:
* details facet: update
* association facet and association widget: add, delete items
* attribute facet: delete items (notification of add should be handled in entity adder dialog)
* sudo rule: add, remove option
* dnsrecord: add, update, delete
https://fedorahosted.org/freeipa/ticket/2977
Problem:
When a permission is edited, and Type switched, the attributes selected for
previous Type are still selected, and update fails, if they are invalid for the
new Type. But it should get deselected or not even listed if Type changes.
Fix:
When Type is changed, attribute list is refreshed and still applicable attributes
are chosen. If Type is reverted back, previously chosen attributes are back as chosen.
If attributes are extended outside Web UI by not listed attr, this attr is listed at
the list end.
Note:
If user makes change in attribute list before type change, this change is forgotten.
https://fedorahosted.org/freeipa/ticket/2617
This patch adds option to disable sorting when paging. It allowed to enable paging in password policy with order of items untouched (they are sorted on server side by priority).
Also fixing issue when paging is disabled and command summary = null. It displayed 'null' in facet footer.
https://fedorahosted.org/freeipa/ticket/2677
User was not notified about success of actions executed from action list, action panel or facet cotrol bar.
This patch adds IPA.notify_success(message) call. It creates a yellow notification area with supplied message in Web UI header in the middle of the green area (empty space of first level navigation).
This area is displayed for 3s and then it fades out (800ms). It also fades out when it is clicked.
This call is used(directly or indirectly) in:
* search facets: delete, disable, enable actions
* details facets: delete action
* user details facet: reset password action
* host details facet: unprovision, set OTP actions
* service details facet: unprovision action
* host and service details facet: request, revoke, restore certificates actions
* group details facet: change to POSIX/external actions
* dns zone details facet: add/remove permission actions
https://fedorahosted.org/freeipa/ticket/2977
When an object in search facet was deleted, other facets were not notified that they need to refresh. If one crated object with same pkey as deleted object and then navigated to it's details he could see old object's data.
This notification was added.
https://fedorahosted.org/freeipa/ticket/2618
WebUI catches the fact that the user can't access LDAP server with a current ticket. It shows form-based auth login dialog. Previoustly an ugly error was returned on an almost empty page, and user had no recourse.
https://fedorahosted.org/freeipa/ticket/2897
Added evaluators to decide if attribute facet should be read-only based on attribute level rights.
Default values serves well for group's external member.
https://fedorahosted.org/freeipa/ticket/2895
Created new type of facet: attribute facet. This facet is similar to association facet but it serves for displaying object's multivalued attributes which behaves like association attributes. It will serve as a basis for displaying group's externalmember attribute.
https://fedorahosted.org/freeipa/ticket/2895
Created new value_map_widget which serves for displaying values based on a map.
It is added to group for displaying its type. The decision is based on group's objectclass.
https://fedorahosted.org/freeipa/ticket/2895
Group can be normal, posix and external. Posix checkbox was removed and was replaced by radio for selecting group type. This adds possibility of adding of external group.
https://fedorahosted.org/freeipa/ticket/2895
Recommened way of setting boolean HTML attributes is by $.prop(boolean) method not $.attr(boolean) because it sets DOM object property not an attribute. Latter works because of jquery's backward compatibility. This patch makes things clearer.
Some info about prop and attr: http://stackoverflow.com/a/5876747https://fedorahosted.org/freeipa/ticket/2817
