/* Authors: * Endi Sukma Dewata * * Copyright (C) 2010 Red Hat * see file 'COPYING' for use and warranty information * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; version 2 only * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ /* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */ function ipa_hbac() { var that = ipa_entity({ 'name': 'hbac' }); that.init = function() { var dialog = ipa_hbac_add_dialog({ 'name': 'add', 'title': 'Add New Rule' }); that.add_dialog(dialog); dialog.init(); var facet = ipa_hbac_search_facet({ 'name': 'search', 'label': 'Search' }); that.add_facet(facet); facet = ipa_hbac_details_facet({ 'name': 'details', 'label': 'Details' }); that.add_facet(facet); that.entity_init(); }; return that; } IPA.add_entity(ipa_hbac()); function ipa_hbac_add_dialog(spec) { spec = spec || {}; var that = ipa_add_dialog(spec); that.init = function() { that.add_dialog_init(); that.add_field(ipa_text_widget({ 'name': 'cn', 'label': 'Rule Name', 'undo': false })); that.add_field(ipa_radio_widget({ 'name': 'accessruletype', 'label': 'Rule type', 'options': [ { 'value': 'allow', 'label': 'Allow' }, { 'value': 'deny', 'label': 'Deny' } ], 'undo': false })); }; return that; } function ipa_hbac_search_facet(spec) { spec = spec || {}; var that = ipa_search_facet(spec); that.init = function() { that.create_column({name:'cn', label:'Rule Name'}); that.create_column({name:'usercategory', label:'Who'}); that.create_column({name:'hostcategory', label:'Accessing'}); that.create_column({name:'ipaenabledflag', label:'Active'}); that.create_column({name:'servicecategory', label:'Via Service'}); that.create_column({name:'sourcehostcategory', label:'From'}); that.search_facet_init(); }; that.create = function(container) { /* // Not yet implemented var left_buttons = $('', { 'style': 'float: left;' }).appendTo(container); left_buttons.append(ipa_button({ 'label': 'Troubleshoot Rules' })); left_buttons.append(ipa_button({ 'label': 'Cull Disabled Rules' })); */ that.search_facet_create(container); container.children().last().prepend( $('

', { 'html': IPA.metadata.hbac.label })); container.children().last().prepend('

'); }; that.setup = function(container) { that.search_facet_setup(container); }; return that; } function ipa_hbac_details_facet(spec) { spec = spec || {}; var that = ipa_details_facet(spec); that.init = function() { var section; if (IPA.layout) { section = that.create_section({ 'name': 'general', 'label': 'General', 'template': 'hbac-details-general.html #contents' }); } else { section = ipa_hbac_details_general_section({ 'name': 'general', 'label': 'General' }); that.add_section(section); } section.create_text({ 'name': 'cn', 'label': 'Name', 'read_only': true }); section.create_radio({ 'name': 'accessruletype', 'label': 'Rule Type' }); section.create_textarea({ 'name': 'description', 'label': 'Description' }); section.create_radio({ 'name': 'ipaenabledflag', 'label': 'Enabled' }); if (IPA.layout) { section = that.create_section({ 'name': 'user', 'label': 'Who', 'template': 'hbac-details-user.html #contents' }); } else { section = ipa_rule_details_section({ 'name': 'user', 'label': 'Who', 'text': 'Rule applies when access is requested by:', 'field_name': 'usercategory', 'options': [ { 'value': 'all', 'label': 'Anyone' }, { 'value': '', 'label': 'Specified Users and Groups' } ], 'tables': [ { 'field_name': 'memberuser_user' }, { 'field_name': 'memberuser_group' } ] }); that.add_section(section); } var category = section.create_radio({ name: 'usercategory', label: 'User category' }); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-memberuser_user', 'name': 'memberuser_user', 'label': 'Users', 'category': category, 'other_entity': 'user', 'add_method': 'add_user', 'remove_method': 'remove_user' })); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-memberuser_group', 'name': 'memberuser_group', 'label': 'Groups', 'category': category, 'other_entity': 'group', 'add_method': 'add_user', 'remove_method': 'remove_user' })); if (IPA.layout) { section = that.create_section({ 'name': 'host', 'label': 'Accessing', 'template': 'hbac-details-host.html #contents' }); } else { section = ipa_rule_details_section({ 'name': 'host', 'label': 'Accessing', 'text': 'Rule applies when access is requested to:', 'field_name': 'hostcategory', 'options': [ { 'value': 'all', 'label': 'Any Host' }, { 'value': '', 'label': 'Specified Hosts and Groups' } ], 'tables': [ { 'field_name': 'memberhost_host' }, { 'field_name': 'memberhost_hostgroup' } ] }); that.add_section(section); } category = section.create_radio({ 'name': 'hostcategory', 'label': 'Host category' }); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-memberhost_host', 'name': 'memberhost_host', 'label': 'Hosts', 'category': category, 'other_entity': 'host', 'add_method': 'add_host', 'remove_method': 'remove_host' })); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-memberhost_hostgroup', 'name': 'memberhost_hostgroup', 'label': 'Host Groups', 'category': category, 'other_entity': 'hostgroup', 'add_method': 'add_host', 'remove_method': 'remove_host' })); if (IPA.layout) { section = that.create_section({ 'name': 'service', 'label': 'Via Service', 'template': 'hbac-details-service.html #contents' }); } else { section = ipa_rule_details_section({ 'name': 'service', 'label': 'Via Service', 'text': 'Rule applies when access is requested via:', 'field_name': 'servicecategory', 'options': [ { 'value': 'all', 'label': 'Any Service' }, { 'value': '', 'label': 'Specified Services and Groups' } ], 'tables': [ { 'field_name': 'memberservice_hbacsvc' }, { 'field_name': 'memberservice_hbacsvcgroup' } ] }); that.add_section(section); } category = section.create_radio({ 'name': 'servicecategory', 'label': 'Service category' }); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-memberservice_hbacsvc', 'name': 'memberservice_hbacsvc', 'label': 'Services', 'category': category, 'other_entity': 'hbacsvc', 'add_method': 'add_service', 'remove_method': 'remove_service' })); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-memberservice_hbacsvcgroup', 'name': 'memberservice_hbacsvcgroup', 'label': 'Service Groups', 'category': category, 'other_entity': 'hbacsvcgroup', 'add_method': 'add_service', 'remove_method': 'remove_service' })); if (IPA.layout) { section = that.create_section({ 'name': 'sourcehost', 'label': 'From', 'template': 'hbac-details-sourcehost.html #contents' }); } else { section = ipa_rule_details_section({ 'name': 'sourcehost', 'label': 'From', 'text': 'Rule applies when access is being initiated from:', 'field_name': 'sourcehostcategory', 'options': [ { 'value': 'all', 'label': 'Any Host' }, { 'value': '', 'label': 'Specified Hosts and Groups' } ], 'tables': [ { 'field_name': 'sourcehost_host' }, { 'field_name': 'sourcehost_hostgroup' } ] }); that.add_section(section); } category = section.create_radio({ 'name': 'sourcehostcategory', 'label': 'Source host category' }); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-sourcehost_host', 'name': 'sourcehost_host', 'label': 'Host', 'category': category, 'other_entity': 'host', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost' })); section.add_field(ipa_hbac_association_widget({ 'id': that.entity_name+'-sourcehost_hostgroup', 'name': 'sourcehost_hostgroup', 'label': 'Host Groups', 'category': category, 'other_entity': 'hostgroup', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost' })); if (IPA.layout) { section = that.create_section({ 'name': 'accesstime', 'label': 'When', 'template': 'hbac-details-accesstime.html #contents' }); } else { section = that.create_section({ 'name': 'accesstime', 'label': 'When' }); /* section = ipa_rule_details_section({ 'name': 'accesstime', 'label': 'When', 'text': 'Rule applies when access is being requested at:', 'field_name': 'accesstimecategory', 'tables': [ { 'field_name': 'accesstime' } ] }); that.add_section(section); */ } section.add_field(ipa_hbac_accesstime_widget({ 'id': 'accesstime', 'name': 'accesstime', 'label': 'Access Time', 'text': 'Rule applies when access is being requested at:', 'options': [ { 'value': 'all', 'label': 'Any Time' }, { 'value': '', 'label': 'Specified Times' } ] })); that.details_facet_init(); }; that.update = function() { var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; var modify_operation = { 'execute': false, 'command': ipa_command({ 'method': that.entity_name+'_mod', 'args': [pkey], 'options': {'all': true, 'rights': true} }) }; var remove_accesstime = { 'template': ipa_command({ 'method': that.entity_name+'_remove_accesstime', 'args': [pkey], 'options': {'all': true, 'rights': true} }), 'commands': [] }; var member_category = { 'usercategory': 'memberuser', 'hostcategory': 'memberhost', 'servicecategory': 'memberservice', 'sourcehostcategory': 'sourcehost' }; var remove_members = { 'memberuser': { 'category_changed': false, 'has_values': false, 'command': ipa_command({ 'method': that.entity_name+'_remove_user', 'args': [pkey], 'options': {'all': true, 'rights': true} }) }, 'memberhost': { 'category_changed': false, 'has_values': false, 'command': ipa_command({ 'method': that.entity_name+'_remove_host', 'args': [pkey], 'options': {'all': true, 'rights': true} }) }, 'memberservice': { 'category_changed': false, 'has_values': false, 'command': ipa_command({ 'method': that.entity_name+'_remove_service', 'args': [pkey], 'options': {'all': true, 'rights': true} }) }, 'sourcehost': { 'category_changed': false, 'has_values': false, 'command': ipa_command({ 'method': that.entity_name+'_remove_sourcehost', 'args': [pkey], 'options': {'all': true, 'rights': true} }) } }; var enable_operation = { 'execute': false, 'command': ipa_command({ 'method': that.entity_name+'_enable', 'args': [pkey], 'options': {'all': true, 'rights': true} }) }; for (var i=0; i= 0) { // prepare command to remove members if needed var attribute = field.name.substring(0, p); var other_entity = field.name.substring(p+1); if (values.length) { remove_members[attribute].command.set_option(other_entity, values.join(',')); remove_members[attribute].has_values = true; } continue; } // skip unchanged field if (!field.is_dirty(span)) continue; // check enable/disable if (field.name == 'ipaenabledflag') { if (values[0] == 'FALSE') enable_operation.command.method = that.entity_name+'_disable'; enable_operation.execute = true; continue; } if (field.name == 'accesstime') { // if accesstime is dirty, it means 'Any Time' is selected, // so existing values have to be removed for (var k=0; k', { 'style': 'width: 100%;' }).appendTo(container); var tr = $('', { }).appendTo(table); var td = $('', { 'style': 'width: 100px; text-align: right;', 'html': 'Name:' }).appendTo(tr); td = $('').appendTo(tr); var span = $('', { 'name': 'cn' }).appendTo(td); $('', { 'type': 'text', 'name': 'cn', 'size': 30 }).appendTo(span); span.append(' '); $('', { 'name': 'undo', 'class': 'ui-state-highlight ui-corner-all', 'style': 'display: none;', 'html': 'undo' }).appendTo(span); td = $('', { 'style': 'text-align: right;' }).appendTo(tr); td.append('Rule type:'); span = $('', { 'name': 'accessruletype' }).appendTo(td); $('', { 'type': 'radio', 'name': 'accessruletype', 'value': 'allow' }).appendTo(span); span.append('Allow'); $('', { 'type': 'radio', 'name': 'accessruletype', 'value': 'deny' }).appendTo(span); span.append('Deny'); span.append(' '); $('', { 'name': 'undo', 'class': 'ui-state-highlight ui-corner-all', 'style': 'display: none;', 'html': 'undo' }).appendTo(span); tr = $('', { }).appendTo(table); td = $('', { 'style': 'text-align: right; vertical-align: top;', 'html': 'Description:' }).appendTo(tr); td = $('', { 'colspan': 2 }).appendTo(tr); span = $('', { 'name': 'description' }).appendTo(td); $('