Commit Graph

2953 Commits

Author SHA1 Message Date
Adam Young
b84b0239f8 HBAC css cleanup
The additions to the search widget have to go one level deeper, as
'container' has both the action panel and the client area

Conflicts:

	install/static/hbac.js
	install/static/hbacsvc.js
	install/static/hbacsvcgroup.js
2010-11-16 11:20:02 -05:00
Adam Young
59cc365a1d demo deploy Makes it easier to deploy demos. This version will demo cleanly from html providing you just set
that.use_static_files = true;

in the IPA definition section
2010-11-16 11:19:55 -05:00
Adam Young
455bf4d288 px to em
Making all of the page elements based on the font size.
Also, set the font to the defauklt for the browser.
By default, most brosers have Font set to 16px.
2010-11-16 11:19:34 -05:00
Adam Young
9ea16ebce5 entity container size
No longer wastes %20 of the the page in the entity container.
2010-11-15 13:54:33 -05:00
Endi S. Dewata
9c502641b5 HBAC details page enhancement
The HBAC details page has been enhanced to support Undo and Reset operations.
The functionality is implemented in the base widget class so the behavior
will be more consistent across widgets. A <span> tag now used to define the
field boundary in the HTML doc. The tag contains the visual representation
of the field which include the input tag and optionally the undo link.

The Update method on HBAC details page has been modified so that it executes
several operations using a batch command. The operations being executed
depends on the changes made to the fields. These operations may include:
 - removing access time if access time is changed to any time
 - removing memberships if member category is changed to all
 - modifying rule attributes if description or rule type is changed
 - enabling/disabling the rule if rule status is changed

The behavior of the Add & Remove buttons also has been changed such that
it adjust the category attribute properly in addition to adding the
memberships using batch command. For example, if category is initially
set to all, adding a new member will also change the category to empty.

The ipa_command have been modified to store the on_success and on_error
handlers as properties. When the command is executed as a part of batch
operation, the result of each command will be passed to the appropriate
handler.

The unit tests and test data have been updated as well.
2010-11-15 12:48:45 -05:00
Simo Sorce
629e9520e0 Revert tests code to use the old uuid format. 2010-11-15 11:47:27 -05:00
Simo Sorce
23f03251e0 uuid plugin: convert the plugin to use the libuuid library
The DS guys decided not to expose the DS inetrnal functions used to generate
UUIDs for DS. This means the interface is not guaranteed to be available.
Switch the ipa_uuid plugin to use the system libuuid plugin instead.

NOTE: This causes once again a change in the tring format used for UUIDs.

fixes: https://fedorahosted.org/freeipa/ticket/465
2010-11-15 11:47:27 -05:00
Simo Sorce
edf0f9b901 Fix test.po errors in make test
Fixes: https://fedorahosted.org/freeipa/ticket/401
2010-11-15 11:46:42 -05:00
Adam Young
dbd823c8d8 Push associate buttons to the action-panel 2010-11-15 10:47:02 -05:00
Adam Young
9fa543700b buttons to action panel 2010-11-14 01:53:56 -05:00
Adam Young
59a0c17c54 super to superior 2010-11-14 01:53:52 -05:00
Adam Young
828f87e4a6 more css cleanup remove quick links css very close to specs 2010-11-14 01:53:47 -05:00
Adam Young
821987fe67 layout
Closer to the layout from the spec
The facets have been moved to the action panel, to the left of the page
the facets are now rendered in an area of the screen with a client class
2010-11-14 01:53:41 -05:00
Rob Crittenden
d658b0de5c Use a different user for dogtag DS instance
Also shut down all services before starting uninstall.

ticket 349
2010-11-12 17:26:43 -05:00
Rob Crittenden
25469cf4f1 Increase # of chars in users and groups to 255 and default username to 32.
ticket 434
2010-11-12 17:25:40 -05:00
Endi Sukma Dewata
42b82f09f3 Added in the effective rights 2010-11-11 12:31:23 -05:00
Endi S. Dewata
db11592228 HBAC Service Groups
The HBAC Service Groups search, details, and association pages have
been added under the HBAC tab.

New test data files for HBAC Service Groups have been added. The sample
metadata has been updated as well.
2010-11-11 12:23:05 -05:00
Endi S. Dewata
65c9442e26 HBAC Services
The HBAC Service search and details pages have been added under the HBAC
tab. This requires some changes to the framework.

Currently the navigation framework doesn't support multiple entities under
one tab. As a temporary solution, an 'entity' URL parameter is used to
determine the entity to be displayed. This parameter is now only used by
HBAC tab, but its use might be expanded later. The navigation framework
needs be redesigned to provide more flexibility.

The search page in all entities except DNS records have been changed to
use the ipa_search_widget. The Select/Unselect All checbox and Delete
button now work correctly and consistently.

The Add dialog has been enhanced to render and work in a more consistent
way while still supporting custom widgets & layouts. For the search page,
the Add button will refresh the search results and clear the fields in
the dialog box.

The framework now provides some extension points which can be overriden
by the subclasses:
 - init(): for initialization and configuration
 - create(): for creating the layout dynamically or from template
 - setup(): for setting the look and feel
 - load(): for loading the data

Entity and facet initialization is now done after IPA.init(). This is to
ensure the metadata is loaded first so the entities and facets can use
localized messages/labels/titles.

The group entity has been partially converted to use the new framework.

The unit tests have been updated accordingly.
2010-11-11 12:23:05 -05:00
Endi Sukma Dewata
569f4e1a5c HBAC Service & Service Group test data 2010-11-11 12:23:05 -05:00
Jakub Hrozek
6a9846f3f3 Set CACERTDIR during install to work around openldap bug
Even though ldap.conf(5) claims that LDAPTLS_CACERT takes precedence over
LDAPTLS_CACERTDIR, this seems to be broken in F14. This patch works around
the issue by setting both into the environment.

https://fedorahosted.org/freeipa/ticket/467
2010-11-11 08:53:15 -05:00
Rob Crittenden
1db42b5461 Don't include INTERNAL commands in ipa help commands output.
ticket 463
2010-11-10 20:20:29 -05:00
Jakub Hrozek
e1888f82c4 Remove some more mod_python references 2010-11-10 17:38:17 -05:00
Simo Sorce
7aae58fd2d uuid-plugin: Fix control access bug on replication
Fixes: https://fedorahosted.org/freeipa/ticket/468
2010-11-10 15:34:58 -05:00
Adam Young
a8637bdaa0 Label cleanup Also, addeed in the default shell field. 2010-11-10 16:16:28 -05:00
Rob Crittenden
6a6db10dbc Become IPA v2 alpha 5 (1.9.0.pre5) 2010-11-09 15:03:20 -05:00
Simo Sorce
caa3f843da Use strongest keytype for master key 2010-11-09 15:01:43 -05:00
Pavel Zuna
dc34075fa5 Replace 'Locking' in ipa help user with 'Disabling'.
Ticket #452
2010-11-09 14:02:12 -05:00
Rob Crittenden
fcf3cbbe8b Fix NotFound exception in ipa-nis-manage.
The signature of ldap2.get_entry() changed so normalize wasn't being
handled properly so the basedn was always being appended causing our
entry in cn=config to be not found.

ticket 414
2010-11-09 13:33:04 -05:00
Rob Crittenden
a3c4c7e891 Add some examples to ipa-replica-install.1
ticket 290
2010-11-09 13:32:10 -05:00
Rob Crittenden
c819b27f9e Rename 60sudo.ldif to 60ipasudo.ldif to not overwrite the 389-ds version.
This meant that the compat sudo schema was not available.

ticket 439
2010-11-09 13:30:45 -05:00
Jakub Hrozek
594adb9877 Log script options to logfile
Uses a new subclass IPAOptionParser in scripts instead of OptionParser
from the standard python library. IPAOptionParser uses its own IPAOption
class to store options, which adds a new 'sensitive' attribute.

https://fedorahosted.org/freeipa/ticket/393
2010-11-09 13:28:10 -05:00
Jakub Hrozek
2205620664 Rewrite the migration page using WSGI 2010-11-09 13:25:17 -05:00
Endi Sukma Dewata
440267a93e Renamed button.delete to button.remove in json_metadata.json. 2010-11-09 02:22:24 -05:00
Endi Sukma Dewata
90b421b834 Renamed button.deletes to button.remove. 2010-11-09 02:18:45 -05:00
Adam Young
1f9531bea2 delete to remove THe keyword delete is reserved in Javascript Using it breaks the WebUI on Chrome. This fixes replaces the word with delete. 2010-11-09 02:14:23 -05:00
Adam Young
cb739c10d0 link indications we had removed the decorations from links for previous ui approaches It is not long relevant, and hides the hyperlink underline in places where we want it to show 2010-11-09 01:42:03 -05:00
Adam Young
3c9fc345c1 Disable Enable user
UI updated to use the enable and disable methods, and to correctly report them
Implementation has a few shortcomings:
1.  Status is displayed in Browser alert dialog, not JQueryUI themed
2.  Upon completion of RPC, navigate back to the Search page.

Still, this is much less broken than before.

With whitespace cleanup,
using toLowerCase for testing true
and removde dual declaration of variables
2010-11-08 20:54:50 -05:00
Adam Young
2b0f3fbd42 sample data with rights and lock value 2010-11-08 20:46:55 -05:00
Endi S. Dewata
c854435a27 HBAC Access Time
IPA commands now can be defined in these classes:
 - ipa_command: a single IPA command
 - ipa_batch_command: a batch command for executing multiple commands
   on the server side using the new batch plugin

The dialog boxes for adding and removing entries have been refactored:
 - ipa_dialog: base class for dialog boxes
 - ipa_adder_dialog: generic adder dialog box
 - ipa_deleter_dialog: generic deleter dialog box
 - ipa_association_adder_dialog: adding entity association
 - ipa_association_deleter_dialog: removing entity association

Dialog boxes for adding/deleting HBAC users, hosts, services, and
sourcehosts are implemented using the association dialog boxes.

The dialog box for adding access time is implemented using ipa_dialog
and currently contains only a text field. This will be replaced with a
custom dialog box in a separate patch.

The dialog box for removing access time is implemented using the
generic deleter class because it's not an association. Removing multiple
access times is implemented using batch operations.

New test data files for access times have been added.
2010-11-08 20:06:49 -05:00
Rob Crittenden
537f4074d1 Add usercategory and hostcategory and fix displaying members in netgroup_show
ticket 443
2010-11-08 15:23:41 -05:00
Jakub Hrozek
a874d5f8e5 Clarify the description of --raw and -all
https://fedorahosted.org/freeipa/ticket/244
2010-11-08 15:23:03 -05:00
Rob Crittenden
3bb0186199 Remove ipa-fix-CVE-2008-3274, it isn't needed any more.
ticket 331
2010-11-08 14:23:27 -05:00
Rob Crittenden
d76ead6cce Add additional default HBAC login services
ticket 307
2010-11-08 14:23:03 -05:00
Adam Young
90baf597dd Ticket Expiration
THis patch handles Kerberos ticket expiration in the UI.  Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app

Conflicts:

	install/static/ipa.js
2010-11-08 14:17:47 -05:00
Adam Young
29c9c70d46 Clear fields after add
This version corrects an error in the oriogianl patch cause  by matching
the wrong opening brace
2010-11-08 15:05:19 -05:00
Adam Young
9a785ed91c rights check
if the field does not have a 'w' for writable in its rights, disable it.
Merged with the HBAC/Widget changes
add and remove links are managed via permissions now
2010-11-05 16:41:07 -04:00
Rob Crittenden
655aa0fcdf Add the --rights option to the LDAPUpdate base class.
ticket 437
2010-11-05 16:30:19 -04:00
Rob Crittenden
9c50371652 Fix typo in exception sample causing a doctest to fail 2010-11-05 12:17:09 -04:00
Adam Young
2c7f2e8fea batch
Allows the user to send multiple commands bundled together
2010-11-05 11:21:42 -04:00
Rob Crittenden
db758c92cd Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa 2010-11-04 15:13:08 -04:00