Without nsslapd-allow-hashed-passwords being turned on, user password
migration fails.
https://fedorahosted.org/freeipa/ticket/4450
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Allow use of characters that no longer cause troubles. Check for
leading and trailing characters in case of 389 Direcory Manager password.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Nested options (MS-PAC and PAD) of service's PAC type should be
disabled if no value is supplied (default value is "Inherited
from server configuration"). That was not the case - regression.
This patch fixes it and along with it simplifies the update method
of option_widget_base to be more comprehensible.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
User is not able to change Bind Rule Type if permission is already
member of a privilege. Let's disable it and don't confuse user.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Little regression - select widget could not handle empty or no array as an
input value.
It broke 'undo' operation in Permissions' 'Type' attribute while switching
between '' and some value.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Visible read-only fields are no longer displayed as disabled in
permission details facet.
https://fedorahosted.org/freeipa/ticket/4254
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
The input-group class was added based on visibility of child elements.
This failed when it had to be determined *before* displaying the widget.
Now it's added if the buttons are not hidden by `display: none` CSS rule.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Separate update of read-only state from update of value.
It should be possible to switch from read-only UI to editable UI without
value change.
https://fedorahosted.org/freeipa/ticket/4254
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Very useful for managed permissions since the list of attrs in metadata
might be smaller that default attributes. This smooths behavior if one
removes an attr from effective attrs which is not in metadata. Without
this it will disappear from the list and one has to add it manually
through 'Add'.
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Web UI doesn't always know what are the possible attributes
for target object. This will allow to add custom attributes
if necessary.
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
There is a case where attributes widget can contain > 1000 items.
It's about 3000 nodes. It's slow in jQuery. Simple move to dojo
speeds it up (is closer to native calls) while maintaining developer
friendliness.
Now the biggest lag is in browser's render. It's probably not worth
developer time to optimize that.
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Adds filter field to attribute box in permissions for better user
experience. User can then quickly find the desired attribute.
Initial version of the patch authored by: Adam Misnyovszki
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Attributes widget layour was changed from tiny table which allowed
to display only few options to a checkbox list with multiple
columns (depends on container).
Check all attributes option was removed to force the user
to read through the attributes which he selects.
Initial version authored by: Adam Misnyovszki
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Since recent permissions work references this entry, we need to be
able to have memberOf attributes created on this entry. Hence we
need to include the nestedgroup objectclass.
https://fedorahosted.org/freeipa/ticket/4433
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
API responses can contain warnings in "messages" array. This patch
also adds support for displaying multiple notifications at the same
time in order to show the message and a status of finished operation.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
/usr/share/java/rhino.jar is a Fedora's symlink to /usr/share/java/js.jar
Debian doesn't have it. Direct usage of upstream /usr/share/java/js.jar should
work on both systems.
Reviewed-By: Timo Aaltonen <tjaalton@ubuntu.com>
It was decided not to change the OID space for FreeIPA 4.0+ objectclasses.
However, we should still at least properly mark the X-ORIGIN to make
analyzing schema easier.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The make-ui.sh script builds both app.js and core.js,
but only one was specified in the Makefile.
Correct the mistake.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Call user-unlock command from Web UI.
It will unlock displayed user on current master.
https://fedorahosted.org/freeipa/ticket/4407
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
standalone page for OTP token synchronization. It reuses SyncOTPScreen
widget instead of reimplementing the logic as in other standalone pages.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Current compiled Web UI layer (app.js) contains every FreeIPA plugin and
not just the UI framework. It's not possible to start just a simple facet.
This commit creates a basis for a layer (core.js) which contains only
framework code and not entity related code.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Simple plugin which handles transition from login facet to OTP sync facet
and vice versa.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Global notifications were limited to "main" container. Now they have their
own container which is displayed over other ones. It makes them usable
everywhere.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
When a new objectclass was defined as "objectclass" and not
"objectClass", it made the schema updater skip some objectclasses.
https://fedorahosted.org/freeipa/ticket/4405
Reviewed-By: Rich Megginson <rmeggins@redhat.com>
Currently there is an incorrect behavior that server doesn't send datetime
and dnsname data in new format.
This patch adds the version to each RPC request making the UI look as the
latest client. Server then sends data in correct format. It also removes
the "unknown version" warning from each RPC response.
https://fedorahosted.org/freeipa/ticket/4394
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
old detection did not work with the static version used for test and
demonstration purposes.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Regular update of static metadata for testing and presentation purposes.
It should also contain new DNS Forward Zones metadata.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This HTTP call takes the following parameters:
* user
* password
* first_code
* second_code
* token (optional)
Using this information, the server will perform token synchronization.
If the token is not specified, all tokens will be searched for synchronization.
Otherwise, only the token specified will be searched.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This new extended operation allow to create new keys or retrieve
existing ones. The new set of keys is returned as a ASN.1 structure
similar to the one that is passed in by the 'set keytab' extended
operation.
Access to the operation is regulated through a new special ACI that
allows 'retrieval' only if the user has access to an attribute named
ipaProtectedOperation postfixed by the subtypes 'read_keys' and
'write_keys' to distinguish between creation and retrieval operation.
For example for allowing retrieval by a specific user the following ACI
is set on cn=accounts:
(targetattr="ipaProtectedOperation;read_keys") ...
... userattr=ipaAllowedToPerform;read_keys#USERDN)
This ACI matches only if the service object hosts a new attribute named
ipaAllowedToPerform that holds the DN of the user attempting the
operation.
Resolves:
https://fedorahosted.org/freeipa/ticket/3859
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Adds a new attribute ipaSudoRunAsExtUserGroup and corresponding hooks
sudorule plugin.
https://fedorahosted.org/freeipa/ticket/4263
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Adds a new --hostmasks option to sudorule-add-host and sudorule-remove-host
commands, which allows setting a range of hosts specified by a hostmask.
https://fedorahosted.org/freeipa/ticket/4274
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Search for privileges was limited to bindruletype==permission. There
was no reason to do that.
This patch removes the restriction.
Related to:
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Fields with default value, such as DNS Zone's idnsforwardpolicy, were
marked as dirty when no value was loaded and when default value of
input control was other than empty.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This patch adds support for importing tokens using RFC 6030 key container
files. This includes decryption support. For sysadmin sanity, any tokens
which fail to add will be written to the output file for examination. The
main use case here is where a small subset of a large set of tokens fails
to validate or add. Using the output file, the sysadmin can attempt to
recover these specific tokens.
This code is implemented as a server-side script. However, it doesn't
actually need to run on the server. This was done because importing is an
odd fit for the IPA command framework:
1. We need to write an output file.
2. The operation may be long-running (thousands of tokens).
3. Only admins need to perform this task and it only happens infrequently.
https://fedorahosted.org/freeipa/ticket/4261
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
For each SAN in a request there must be a matching service entry writable by
the requestor. Users can request certificates with SAN only if they have
"Request Certificate With SubjectAltName" permission.
https://fedorahosted.org/freeipa/ticket/3977
Reviewed-By: Martin Kosek <mkosek@redhat.com>
new `extend` module should serve as a stable API for plugin authors.
It should expose the most commonly used global calls.
https://fedorahosted.org/freeipa/ticket/4345
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Standard facets sets `facet` attribute to widgets. This one adds
similar, more generic `parent` attribute which should be used for going through
the hierarchy up to top.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Router is not able to create hash from facet state for custom
routes/facets. This patch refactors router methods into providers. It
allows to create additional route handlers, navigators and hash creators.
These providers are mapped to facets and therefore it's possible
to create router hash for any facet without any logic in the facet itself.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
One can access standard standalone facets with:
`navigation.show('facet_name')`
and completely custom facets with low level call:
`navigation.show_generic('/custom/hash', facet)``
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
`Facet` descendants don't have `container` attribute as opposite to
`facet.facet`. Therefore the registration will happen on every facet
visit.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
These entries are the same in all IPA installations, so there's
no need to hide them.
Also remove the ipaVirtualOperation objectclass, since it is
no longer needed.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The ipa host-del command checks if the host to be deleted is an
IPA master by looking up the entry in cn=masters.
If the entry is not accessible, host-del would proceed to delete
the host.
Thus we need to allow reading the master entries to at least
those that can delete hosts.
Since the host information is also available via DNS, it makes
no sense be extremely secretive about it.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Convert the existing default permissions.
The Read permission is split between Read DNS Entries and Read
DNS Configuration.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
It enables declarative extraction of values from partial
results of a batch commands and also further extensibility
in custom adapters.
The default adapter has detection logic for this extraction so
it can use bare record or extract data from normal or batch RPC
command.
Minor change of user plugin fixed:
https://fedorahosted.org/freeipa/ticket/4355
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This also constitutes a rethinking of the token ACIs after the introduction
of SELFDN support.
Admins, as before, have full access to all token permissions.
Normal users have read/search/compare access to all of the non-secret data
for tokens assigned to them, whether managed by them or not. Users can add
tokens if, and only if, they will also manage this token.
Managers can also read/search/compare tokens they manage. Additionally,
they can write non-secret data to their managed tokens and delete them.
When a normal user self-creates a token (the default behavior), then
managedBy is automatically set. When an admin creates a token for another
user (or no owner is assigned at all), then managed by is not set. In this
second case, the token is effectively read-only for the assigned owner.
This behavior enables two important other behaviors. First, an admin can
create a hardware token and assign it to the user as a read-only token.
Second, when the user is deleted, only his self-managed tokens are deleted.
All other (read-only) tokens are instead orphaned. This permits the same
token object to be reasigned to another user without loss of any counter
data.
https://fedorahosted.org/freeipa/ticket/4228https://fedorahosted.org/freeipa/ticket/4259
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
`memberdenycmd_sudocmd` and `memberdenycmd_sudocmdgroup` tables are now
enabled/disabled based on `cmdcategory` as well.
https://fedorahosted.org/freeipa/ticket/4361
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Interface for setting default group is hidden when user doesn't have
necessary rights or if there is some error while loading the state.
https://fedorahosted.org/freeipa/ticket/4356
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
using browser history when unauthenticated causes transition to
the original and/or preceding facets. But nothing works since
all commands fail due to expired credentials in session.
These changes make sure that user stays on login screen if he misses
valid session credentials while he wants to switch to facet which
requires authentication.
https://fedorahosted.org/freeipa/ticket/4353
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Dialog instances no longer directly call IPA.opened_dialog methods. It's
handled through events (decoupled from dialog's POV). IPA.open_dialogs
with assistance of ApplicationController makes sure that there is only
one dialog opened at the same time.
It also makes sure to hide all dialogs, which are not global dialogs and
did not originate from current facet, when switching facets.
https://fedorahosted.org/freeipa/ticket/4348
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
there is only one top level item -> no point of having this level.
This patch replaces top level with second menu level
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
GID field should be enabled by default since the default group is posix.
Was caused by option_widget_base not properly reporting value change while
selecting the default value. It has to be notified with delay otherwise the
event is consumed by FieldBinder.
https://fedorahosted.org/freeipa/ticket/4325
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Now buttons have normal button appearance instead of link button.
Partially fixes: https://fedorahosted.org/freeipa/ticket/4258 since the disabling is done through button's disabled attribute.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Mainly html and css changes.
Second level menus are absolutely positioned and so they don't adjust container
size making other elements to overlap.
side effect partially fixes:
https://fedorahosted.org/freeipa/ticket/3435
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
To update install/ui/css/patternfly.css you should:
1. clone Bootstrap 3, Font-Awesome, Bootstrap-Select and PatternFly
to the same parent directory as for FreeIPA (or use symlinks)
2. checkout desired versions of each component
3. run install/ui/util/make-patternfly.css
4. when changing component versions, copy xxx/variables.less from each
component to install/ui/less/xxx/ so we can use the variables in our
less files
This commit contain css made from component versions as follows:
- PatternFly: 0.2.5
- Bootstrap: 3.1.1
- Bootstrap-select: 1.4.3
- Font-Awesome: 4.0.3
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Permission to read all tasks is given to high-level admins.
Managed permission for automember tasks is given to automember task admins.
"targetattr=*" is used because tasks are extensibleObject with
attributes that aren't in the schema.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Add the IPA version, and vendor version if applicable, to the beginning
of admintool logs -- both framework and indivitual tools that don't yet
use the framework.
This will make debugging easier.
https://fedorahosted.org/freeipa/ticket/4219
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Also remove
- the deny ACIs that implemented exceptions to it:
- no anonymous access to roles
- no anonymous access to member information
- no anonymous access to hbac
- no anonymous access to sudo (2×)
- its updater plugin
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Add a 'Read Replication Agreements' permission to replace
the read ACI for cn=config.
https://fedorahosted.org/freeipa/ticket/3829
Reviewed-By: Martin Kosek <mkosek@redhat.com>
When the static test site called batch delete,
it always referred to batch.json. This patch
fixes it, by referring entityname + '_batch_del.json'
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
- required indicators are not present for all sections except the last
- validation has wrong color for the same sections
There was only one layout for all choices. Layout should not be reused
because `create` method will reset layout's rows therefore it worked
properly only for the last choice.
https://fedorahosted.org/freeipa/ticket/4327
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
ID range adder was not properly addressed in field binding refactoring.
The usage of reset caused some weird loops.
https://fedorahosted.org/freeipa/ticket/4326
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
The select all checkbox remained selected after bulk
operation. This patch fixes it, after any bulk modify
or delete operation, unselect_all function is called.
https://fedorahosted.org/freeipa/ticket/4245
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Most admin access is granted with the "Admin can manage any entry" ACI,
but before the global anonymous read ACI is removed, read-only admin
access must be explicitly given.
Add an ACI for read-only attributes.
https://fedorahosted.org/freeipa/ticket/4319
Reviewed-By: Martin Kosek <mkosek@redhat.com>
These attributes are removed from the blacklist, which means
high-level admins can now modify them:
- krbPrincipalAliases
- krbPrincipalType
- krbPwdPolicyReference
- krbTicketPolicyReference
- krbUPEnabled
- serverHostName
The intention is to only blacklist password attributes and attributes
that are managed by DS plugins.
Also, move the admin ACIs from ldif and trusts.update to aci.update.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
This adds permissions to:
- cn=masters,cn=ipa (with new privilege)
- cn=dna,cn=ipa (authenticated users)
- cn=ca_renewal,cn=ipa (authenticated users)
- cn=CAcert,cn=ipa (anonymous)
- cn=replication (authenticated users)
- cn=ad (authenticated users)
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
- Allow cn=etc,$SUFFIX with these exceptions:
- cn=masters,cn=ipa,cn=etc,$SUFFIX
- virtual operations
- cn=replicas,cn=ipa,cn=etc,$SUFFIX
- Disallow anonymous read access to Kerberos password policy
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
OTP Token add failed because of invalid function call. qr_widget doesn't
contain `on_value_changed` method since it inherits from `IPA.widget` and
not from `IPA.input_widget`.
Emitting the event was preserved for future possible usage.
https://fedorahosted.org/freeipa/ticket/4306
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Unlike other objects, the ticket policy is stored in different
subtrees: global policy in cn=kerberos and per-user policy in
cn=users,cn=accounts.
Add two permissions, one for each location.
Also, modify tests so that adding new permissions in cn=users
doesn't cause failures.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Change `IPA.login_password` and `IPA.get_credentials` to use async AJAX
and to return promise instead of blocking the code.
IPA.get_credentials is still partially blocking because of negotiate process.
We can't do anything about that.
It allows activity indicators to do their job.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
General purpose authentication interface and state. See doc of 'freeipa/auth' module.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reimplementation of unauthorized dialog into separate widget. It uses RCUE
design.
New features compared to unauthorized dialog:
- reflects auth methods from `auth` module
- validation summary
- differentiates Kerberos auth failure with session expiration
- Caps Lock warning
- form based method doesn't allow password only submission
https://fedorahosted.org/freeipa/ticket/4017https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Load page is a simple facet which is displayed up to 'runtime' phase.
On application start it tells the user that there is ongoing activity.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Network activity is now published through global topics. It allows other
components like activity_widget to listen to them.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
A widget for showing ongoing activity.
Displays a text with changing dots.
It listens to `network-activity-start` and `network-activity-end` topics.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
`facet.Facet` is a new base class for facets. It doesn't have any dependencies
on entities so it's usable for general purpose facets, e.g., future API browser,
load facet or login facet.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
A mixin which implements widget storing logic. Similar logic is already implemented
in details facet and dialog.
Long term goal is to replace that with this one.
Separating the logic into mixin makes it usable in other components.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
a mixin used for fields validation. Basically implements a logic which
is already in details facet and dialog.
Now this logic can be used in any component.
The long term goal is to replace the logic in details facet and dialog
with this mixin.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
A widget which servers as container for facets. FacetContainer is a base
class. App is specialization.
Doing this abstraction will allow us to implement various facet containers.
https://fedorahosted.org/freeipa/ticket/3903
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Add default read permissions to roles, privileges and permissions.
Also add permission to read ACIs. This is required for legacy permissions.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
All nsContainer objects, except ones in cn=etc, can now be read anonymously.
The allowed attributes are cn and objectclass.
These are the same in all IPA installations so they don't provide
any sensitive information.
Also, $SUFFIX itself can now be read anonymously.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
schema-compat plugin rewrites bind DN to point to the original entry
on LDAP bind operation. To work with OTP tokens this requires that
schema-compat's pre-bind callback is called before pre-bind callback of
the ipa-pwd-extop plugin. Therefore, schema-compat plugin should have
a nsslapd-pluginprecedence value lower than (default) 50 which is used
by the ipa-pwd-extop plugin.
Note that this will only work if ticket 47699 is fixed in 389-ds.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
This change allow us to use proper two way binding between a field and
a widget. In previous implementation field was not changed if something
changed the value of a widget in 'update'. Now listeners are notified
when the widget value is changed by: calling 'update', 'set_value'
or by user change.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Hidden was used only in ACI. There is no reason to have two properties
which are negations of each other.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
This is a Web UI wide change. Fields and Widgets binding was refactored
to enable proper two-way binding between them. This should allow to have
one source of truth (field) for multiple consumers - widgets or something
else. One of the goal is to have fields and widget implementations
independent on each other. So that one could use a widget without field
or use one field for multiple widgets, etc..
Basically a fields logic was split into separate components:
- adapters
- parsers & formatters
- binder
Adapters
- extract data from data source (FreeIPA RPC command result)
- prepares them for commands.
Parsers
- parse extracted data to format expected by field
- parse widget value to format expected by field
Formatters
- format field value to format suitable for widgets
- format field value to format suitable for adapter
Binder
- is a communication bridge between field and widget
- listens to field's and widget's events and call appropriate methods
Some side benefits:
- better validation reporting in multivalued widget
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Replace all IPA.command, IPA.batch_command and IPA.concurrent_command usages
by equivalents from rpc module.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
- moves RPC code from ipa.js to it's own module
- part of ongoing effort where the ultimate goal is to get rid of ipa.js
and IPA namespace
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
When some module used 'freeipa/navigation' it pulled the entire Web UI
because navigation depended on app.
This patch splits the app into two modules: app and app_container.
App specifies the entities which are part of final application.
app_container module represents the application boot classes. Navigation
now depends on app_container.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
On CA masters, a certificate is requested and stored to LDAP. On CA clones,
the certificate is retrieved from LDAP.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Before, dogtag-ipa-renew-agent was used to track the certificates and the
certificates were stored to LDAP in renew_ca_cert and renew_ra_cert. Since
dogtag-ipa-ca-renew-agent can store the certificates itself, the storage code
was removed from renew_ca_cert and renew_ra_cert.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Before, the file provided in the --root-ca-file option was used directly for
the upload. However, it is the same file which is imported to the NSS
database, so the second code path is not necessary.
Also removed now unused upload_ca_dercert method of dsinstance.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The files are created later by ipa-client-install, there's no need to do it
twice.
This also fixes a bug in CA-less, where the CA certificate is not removed from
/etc/pki/nssdb after client uninstall, because it has a different nickname.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Remove 'u' from .po files as it is a typo and has been removed from other files.
https://fedorahosted.org/freeipa/ticket/2546
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reflects:
- adding of RCUE styles along with Bootstrap 2.0.
- removal of jQuery BBQ plugin
- removal of rhino enviroment for selenium which was used in old UI tests
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Child widgets are disabled when main widget is disabled. Also main
widget won't show "add" button.
prerequisite for:
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
UI unit tests were broken since main RCUE work. This patch fixes them
all except aci, which will be fixed along with update of aci UI.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
