IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-21 05:43:11 -06:00
Code Issues Packages Projects Releases Wiki Activity
41d89d0d13
freeipa/install/ui/hbac.js
Endi S. Dewata 5f9fcd1be0 Removed unnecessary HBAC/sudo rule category modification. 
Since the Add/Delete links in the association table are disabled when
the category is set to 'all', it's no longer necessary to check the
category before showing the add/delete dialogs and modify the category
before adding entries. Thus, the IPA.rule_association_table_widget is
no longer needed.

Ticket #1692
2011-08-23 22:22:41 +00:00

554 lines
18 KiB
JavaScript
Raw Blame History

/*jsl:import ipa.js */
/* Authors:
* Endi Sukma Dewata <edewata@redhat.com>
* Adam Young <ayoung@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
IPA.entity_factories.hbacrule = function() {
return IPA.entity_builder().
entity('hbacrule').
search_facet({
search_all:true,
columns:['cn',
{
factory: IPA.column,
name:'accessruletype',
setup : function(container,record){
container.empty();
var value = record[this.name];
value = value ? value.toString() : '';
if (value === 'deny'){
container.addClass('hbac-deny-rule');
}
container.append(value);
}
},
'usercategory','hostcategory','ipaenabledflag',
'servicecategory','sourcehostcategory']
}).
details_facet({
factory: IPA.hbacrule_details_facet
}).
adder_dialog({
fields:['cn']
}).
build();
};
IPA.entity_factories.hbacsvc = function() {
return IPA.entity_builder().
entity('hbacsvc').
search_facet({
columns:['cn','description']}).
details_facet({sections:[{
name: 'general',
label: IPA.messages.details.general,
fields:[ 'cn', 'description']}]}).
association_facet({
name: 'memberof_hbacsvcgroup',
associator: IPA.serial_associator,
columns:[
{
name: 'cn',
primary_key: true,
link: true
},
{ name: 'description' }
],
adder_columns: [
{
name: 'cn',
primary_key: true,
width: '100px'
},
{
name: 'description',
width: '100px'
}
]
}).
standard_association_facets().
adder_dialog({
fields:['cn','description']
}).
build();
};
IPA.entity_factories.hbacsvcgroup = function() {
return IPA.entity_builder().
entity('hbacsvcgroup').
search_facet({
columns:['cn', 'description']}).
details_facet({sections:[
{
name: 'general',
label: IPA.messages.details.general,
fields:['cn','description']
}]}).
association_facet({
name: 'member_hbacsvc',
columns:[
{
name: 'cn',
primary_key: true,
link: true
},
{ name: 'description' }
],
adder_columns: [
{
name: 'cn',
primary_key: true,
width: '100px'
},
{
name: 'description',
width: '100px'
}
]
}).
standard_association_facets().
adder_dialog({
fields:['cn', 'description']
}).
build();
};
IPA.hbacrule_details_facet = function(spec) {
spec = spec || {};
var that = IPA.details_facet(spec);
function general_section(){
var section = IPA.details_list_section({
name: 'general',
entity:that.entity,
label: IPA.messages.details.general
});
section.text({name: 'cn', read_only: true});
section.text({
name: 'accessruletype',
read_only:true
});
section.textarea({name: 'description'});
section.radio({
name: 'ipaenabledflag',
options:[
{'value': 'TRUE',label: IPA.messages['true']},
{'value': 'FALSE',label:IPA.messages['false']}
]
});
return section;
}
function user_category_section(){
var section = IPA.rule_details_section({
name: 'user',
entity: that.entity,
label: IPA.messages.objects.hbacrule.user,
field_name: 'usercategory',
options: [
{ value: 'all', label: IPA.messages.objects.hbacrule.anyone },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_users }
],
tables: [
{ field_name: 'memberuser_user' },
{ field_name: 'memberuser_group' }
]
});
section.add_field(IPA.radio_widget({
name: 'usercategory'
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-memberuser_user',
name: 'memberuser_user',
add_method: 'add_user',
remove_method: 'remove_user',
add_title: IPA.messages.association.add.member,
remove_title: IPA.messages.association.remove.member
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-memberuser_group',
name: 'memberuser_group',
add_method: 'add_user',
remove_method: 'remove_user',
add_title: IPA.messages.association.add.member,
remove_title: IPA.messages.association.remove.member
}));
return section;
}
function hostcategory_section(){
var section = IPA.rule_details_section({
name: 'host',
label: IPA.messages.objects.hbacrule.host,
entity: that.entity,
field_name: 'hostcategory',
options: [
{ value: 'all', label: IPA.messages.objects.hbacrule.any_host },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_hosts }
],
tables: [
{ field_name: 'memberhost_host' },
{ field_name: 'memberhost_hostgroup' }
]
});
section.add_field(IPA.radio_widget({
name: 'hostcategory'
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-memberhost_host',
name: 'memberhost_host',
add_method: 'add_host',
remove_method: 'remove_host',
add_title: IPA.messages.association.add.member,
remove_title: IPA.messages.association.remove.member
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-memberhost_hostgroup',
name: 'memberhost_hostgroup',
add_method: 'add_host',
remove_method: 'remove_host',
add_title: IPA.messages.association.add.member,
remove_title: IPA.messages.association.remove.member
}));
return section;
}
function servicecategory_section(){
var section = IPA.rule_details_section({
name: 'service',
entity: that.entity,
label: IPA.messages.objects.hbacrule.service,
field_name: 'servicecategory',
options: [
{ value: 'all',
label: IPA.messages.objects.hbacrule.any_service },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_services }
],
tables: [
{ field_name: 'memberservice_hbacsvc' },
{ field_name: 'memberservice_hbacsvcgroup' }
]
});
section.add_field(IPA.radio_widget({
name: 'servicecategory'
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-memberservice_hbacsvc',
name: 'memberservice_hbacsvc',
add_method: 'add_service',
remove_method: 'remove_service',
add_title: IPA.messages.association.add.member,
remove_title: IPA.messages.association.remove.member
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-memberservice_hbacsvcgroup',
name: 'memberservice_hbacsvcgroup',
add_method: 'add_service',
remove_method: 'remove_service',
add_title: IPA.messages.association.add.member,
remove_title: IPA.messages.association.remove.member
}));
return section;
}
function sourcehostcategory_section(){
var section = IPA.rule_details_section({
name: 'sourcehost',
entity: that.entity,
label: IPA.messages.objects.hbacrule.sourcehost,
field_name: 'sourcehostcategory',
options: [
{ value: 'all', label: IPA.messages.objects.hbacrule.any_host },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_hosts }
],
tables: [
{ field_name: 'sourcehost_host' },
{ field_name: 'sourcehost_hostgroup' }
]
});
section.add_field(IPA.radio_widget({
name: 'sourcehostcategory'
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-sourcehost_host',
name: 'sourcehost_host',
add_method: 'add_sourcehost',
remove_method: 'remove_sourcehost',
add_title: IPA.messages.association.add.sourcehost,
remove_title: IPA.messages.association.remove.sourcehost
}));
section.add_field(IPA.association_table_widget({
id: that.entity.name+'-sourcehost_hostgroup',
name: 'sourcehost_hostgroup',
add_method: 'add_sourcehost',
remove_method: 'remove_sourcehost',
add_title: IPA.messages.association.add.sourcehost,
remove_title: IPA.messages.association.remove.sourcehost
}));
return section;
}
that.update = function(on_success, on_error) {
var pkey = IPA.nav.get_state(that.entity.name+'-pkey');
var modify_operation = {
'execute': false,
'command': IPA.command({
entity: that.entity.name,
method: 'mod',
args: [pkey],
options: {all: true, rights: true}
})
};
var categories = {
'usercategory': {
'remove_values': false
},
'hostcategory': {
'remove_values': false
},
'servicecategory': {
'remove_values': false
},
'sourcehostcategory': {
'remove_values': false
}
};
var member_operations = {
'memberuser': {
'category': 'usercategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_user',
args: [pkey],
options: {all: true, rights: true}
})
},
'memberhost': {
'category': 'hostcategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_host',
args: [pkey],
options: {all: true, rights: true}
})
},
'memberservice': {
'category': 'servicecategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_service',
args: [pkey],
options: {all: true, rights: true}
})
},
'sourcehost': {
'category': 'sourcehostcategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_sourcehost',
args: [pkey],
options: {all: true, rights: true}
})
}
};
var enable_operation = {
'execute': false,
'command': IPA.command({
entity: that.entity.name,
method: 'enable',
args: [pkey],
options: {all: true, rights: true}
})
};
var sections = that.sections.values;
for (var i=0; i<sections.length; i++) {
var section = sections[i];
var section_fields = section.fields.values;
for (var j=0; j<section_fields.length; j++) {
var field = section_fields[j];
if (!field.is_dirty()) continue;
var values = field.save();
if (!values) continue;
var param_info = IPA.get_entity_param(that.entity.name, field.name);
// skip primary key
if (param_info && param_info['primary_key']) continue;
var p = field.name.indexOf('_');
if (p >= 0) {
// prepare command to remove members if needed
var attribute = field.name.substring(0, p);
var other_entity = field.name.substring(p+1);
if (values.length) {
member_operations[attribute].command.set_option(other_entity, values.join(','));
member_operations[attribute].has_values = true;
}
continue;
}
// skip unchanged field
if (!field.is_dirty()) continue;
// check enable/disable
if (field.name == 'ipaenabledflag') {
if (values[0] == 'FALSE') enable_operation.command.method = 'disable';
enable_operation.execute = true;
continue;
}
if (categories[field.name]) {
if (values[0] == 'all') {
categories[field.name].remove_values = true;
}
}
if (param_info) {
if (values.length == 1) {
modify_operation.command.set_option(field.name, values[0]);
} else if (field.join) {
modify_operation.command.set_option(field.name, values.join(','));
} else {
modify_operation.command.set_option(field.name, values);
}
} else {
if (values.length) {
modify_operation.command.set_option('setattr', field.name+'='+values[0]);
} else {
modify_operation.command.set_option('setattr', field.name+'=');
}
for (var l=1; l<values.length; l++) {
modify_operation.command.set_option('addattr', field.name+'='+values[l]);
}
}
modify_operation.execute = true;
}
}
var batch = IPA.batch_command({
'name': 'hbac_details_update',
'on_success': function(data, text_status, xhr) {
that.refresh();
if (on_success) on_success(data, text_status, xhr);
},
'on_error': function(xhr, text_status, error_thrown) {
that.refresh();
if (on_error) on_error(xhr, text_status, error_thrown);
}
});
for (var member_attribute in member_operations) {
var member_operation = member_operations[member_attribute];
if (member_operation.has_values &&
categories[member_operation.category].remove_values) {
batch.add_command(member_operations[member_attribute].command);
}
}
if (modify_operation.execute) batch.add_command(modify_operation.command);
if (enable_operation.execute) batch.add_command(enable_operation.command);
if (!batch.commands.length) {
that.refresh();
return;
}
batch.execute();
};
/*initialization*/
that.add_section(general_section());
that.add_section(user_category_section());
that.add_section(hostcategory_section());
that.add_section(servicecategory_section());
that.add_section(sourcehostcategory_section());
return that;
};
IPA.hbac_deny_warning_dialog = function(container) {
var dialog = IPA.dialog({
'title': 'HBAC Deny Rules found'
});
var link_path = "config";
if (IPA.use_static_files){
link_path = "html";
}
dialog.create = function() {
dialog.container.append(
"HBAC rules with type deny have been found."+
" These rules have been deprecated." +
" Please remove them, and restructure the HBAC rules." );
$('<p/>').append($('<a/>',{
text: 'Click here for more information',
href: '../' +link_path +'/hbac-deny-remove.html',
target: "_blank",
style: 'target: tab; color: blue; '
})).appendTo(dialog.container);
};
dialog.add_button('Edit HBAC Rules', function() {
dialog.close();
IPA.nav.show_page('hbacrule', 'search');
});
dialog.add_button('Ignore for now', function() {
dialog.close();
});
dialog.open();
};
Reference in New Issue View Git Blame Copy Permalink