freeipa/install/ui/hbac.js
Adam Young b36df6e9b9 removing setters setup and init
change widget and widget unit tests to hold on to entity, not entity name.
    Replacing entity_name with entity.name  in most places.
       The one exception is columns for table_widget.
       Widgets that refer to other entities have to have late resolution of the entity object, due to circular dependencies.

    cleanup entity assignment.
    removed template and layout,
    merged setup into create
    adder dialogs adjust height for external
    removed init from widget, isection, association, facet, host and service

    Make unit tests use factory.
    fix functional tests to click find link correctly.
    tweak to activation test, but still broken.
    moved initialization code to the end
    use --all for hbacrule find, so the type shows up now

    fixed dns exception code and exception handling for get_entity
    replace metadata look up with value from entity.
    fixed author lines
    removed duplicate columns in managed by facets.
    tweak to nav fix in order to initialize tab.
    more defensive code
    update metadata for true false
    one line init for entity_name in widget
    move init code to end of constructor functions
    moved constants to start of function for adder_dialog
    external fields for dialogs initialized at dialog creation
    sudo sections: move add fields and columns to widget definition.

   The parameter validation in IPA.column ...This is precondition checking.  Note that it merely throws an exception if the entity_name is not set.  I want this stuff at the top of the function so that it is obvious to people looking to use them what is required.  I added a comment to make this clear, but I'd like to keep precondition checking at the top of the function.

   decreased the scope of the pkey_name and moved the initiailzation fof columns into the setup_column function for association_tables

   return false at the end of click handler

   removed blank labels in sudo command section

   fix radio buttons for sudo category

   fixed table side for adder dialogs with external fields
    comments for future direction with add_columns

    https://fedorahosted.org/freeipa/ticket/1451
    https://fedorahosted.org/freeipa/ticket/1462
    https://fedorahosted.org/freeipa/ticket/1493
    https://fedorahosted.org/freeipa/ticket/1497
    https://fedorahosted.org/freeipa/ticket/1532
    https://fedorahosted.org/freeipa/ticket/1534
2011-07-28 14:17:25 -04:00

554 lines
18 KiB
JavaScript

/*jsl:import ipa.js */
/* Authors:
* Endi Sukma Dewata <edewata@redhat.com>
* Adam Young <ayoung@redhat.com>
*
* Copyright (C) 2010 Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */
IPA.entity_factories.hbacrule = function() {
return IPA.entity_builder().
entity('hbacrule').
search_facet({
search_all:true,
columns:['cn',
{
factory: IPA.column,
name:'accessruletype',
setup : function(container,record){
container.empty();
var value = record[this.name];
value = value ? value.toString() : '';
if (value === 'deny'){
container.addClass('hbac-deny-rule');
}
container.append(value);
}
},
'usercategory','hostcategory','ipaenabledflag',
'servicecategory','sourcehostcategory']
}).
details_facet({
factory: IPA.hbacrule_details_facet
}).
adder_dialog({
fields:['cn']
}).
build();
};
IPA.entity_factories.hbacsvc = function() {
return IPA.entity_builder().
entity('hbacsvc').
search_facet({
columns:['cn','description']}).
details_facet({sections:[{
name: 'general',
label: IPA.messages.details.general,
fields:[ 'cn', 'description']}]}).
adder_dialog({
fields:['cn','description']
}).
build();
};
IPA.entity_factories.hbacsvcgroup = function() {
return IPA.entity_builder().
entity('hbacsvcgroup').
search_facet({
columns:['cn', 'description']}).
details_facet({sections:[
{
name: 'general',
label: IPA.messages.details.general,
fields:['cn','description']
},
{
name: 'services',
label: IPA.messages.objects.hbacsvcgroup.services,
fields:[{
factory: IPA.hbacsvcgroup_member_hbacsvc_table_widget,
name: 'member_hbacsvc',
label: IPA.messages.objects.hbacsvcgroup.services,
other_entity: 'hbacsvc',
save_values: false
}]
}]}).
adder_dialog({
fields:['cn', 'description']
}).
build();
};
IPA.hbacsvcgroup_member_hbacsvc_table_widget = function(spec) {
spec = spec || {};
var that = IPA.association_table_widget(spec);
var column = that.create_column({
name: 'cn',
primary_key: true,
width: '150px',
entity:that.entity,
link: true
});
that.create_column({
name: 'description',
entity:that.entity,
width: '350px'
});
that.create_adder_column({
name: 'cn',
primary_key: true,
width: '100px'
});
that.create_adder_column({
name: 'description',
width: '100px'
});
return that;
};
IPA.hbacrule_details_facet = function(spec) {
spec = spec || {};
var that = IPA.details_facet(spec);
function general_section(){
var section = IPA.details_list_section({
name: 'general',
entity:that.entity,
label: IPA.messages.details.general
});
section.text({name: 'cn', read_only: true});
section.text({
name: 'accessruletype',
read_only:true
});
section.textarea({name: 'description'});
section.radio({
name: 'ipaenabledflag',
options:[
{'value': 'TRUE',label: IPA.messages['true']},
{'value': 'FALSE',label:IPA.messages['false']}
]
});
return section;
}
function user_category_section(){
var param_info = IPA.get_entity_param('hbacrule', 'usercategory');
var section = IPA.rule_details_section({
name: 'user',
entity:that.entity,
label: IPA.messages.objects.hbacrule.user,
text: param_info.doc+':',
field_name: 'usercategory',
options: [
{ value: 'all', label: IPA.messages.objects.hbacrule.anyone },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_users }
],
tables: [
{ field_name: 'memberuser_user' },
{ field_name: 'memberuser_group' }
]
});
var category = section.add_field(IPA.radio_widget({
name: 'usercategory'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-memberuser_user',
name: 'memberuser_user', category: category,
other_entity: 'user', add_method: 'add_user',
remove_method: 'remove_user'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-memberuser_group',
name: 'memberuser_group', category: category,
other_entity: 'group', add_method: 'add_user',
remove_method: 'remove_user'
}));
return section;
}
function hostcategory_section(){
var param_info = IPA.get_entity_param('hbacrule', 'hostcategory');
var section = IPA.rule_details_section({
name: 'host',
label: IPA.messages.objects.hbacrule.host,
entity:that.entity,
text: param_info.doc+':',
field_name: 'hostcategory',
options: [
{ value: 'all', label: IPA.messages.objects.hbacrule.any_host },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_hosts }
],
tables: [
{ field_name: 'memberhost_host' },
{ field_name: 'memberhost_hostgroup' }
]
});
var category = section.add_field(IPA.radio_widget({
name: 'hostcategory'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-memberhost_host',
name: 'memberhost_host', category: category,
other_entity: 'host', add_method: 'add_host',
remove_method: 'remove_host'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-memberhost_hostgroup',
name: 'memberhost_hostgroup', category: category,
other_entity: 'hostgroup', add_method: 'add_host',
remove_method: 'remove_host'
}));
return section;
}
function servicecategory_section(){
var param_info = IPA.get_entity_param('hbacrule', 'servicecategory');
var section = IPA.rule_details_section({
name: 'service',
entity:that.entity,
label: IPA.messages.objects.hbacrule.service,
text: param_info.doc+':',
field_name: 'servicecategory',
options: [
{ value: 'all',
label: IPA.messages.objects.hbacrule.any_service },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_services }
],
'tables': [
{ field_name: 'memberservice_hbacsvc' },
{ field_name: 'memberservice_hbacsvcgroup' }
]
});
var category = section.add_field(IPA.radio_widget({
name: 'servicecategory'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-memberservice_hbacsvc',
name: 'memberservice_hbacsvc', category: category,
other_entity: 'hbacsvc', add_method: 'add_service',
remove_method: 'remove_service'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-memberservice_hbacsvcgroup',
name: 'memberservice_hbacsvcgroup', category: category,
other_entity: 'hbacsvcgroup', add_method: 'add_service',
remove_method: 'remove_service'
}));
return section;
}
function sourcehostcategory_section(){
var param_info = IPA.get_entity_param('hbacrule', 'sourcehostcategory');
var section = IPA.rule_details_section({
name: 'sourcehost',
entity:that.entity,
label: IPA.messages.objects.hbacrule.sourcehost,
text: param_info.doc+':',
field_name: 'sourcehostcategory',
options: [
{ value: 'all', label: IPA.messages.objects.hbacrule.any_host },
{ value: '',
label: IPA.messages.objects.hbacrule.specified_hosts }
],
tables: [
{ field_name: 'sourcehost_host' },
{ field_name: 'sourcehost_hostgroup' }
]
});
var category = section.add_field(IPA.radio_widget({
name: 'sourcehostcategory'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-sourcehost_host',
name: 'sourcehost_host', category: category,
other_entity: 'host', add_method: 'add_sourcehost',
remove_method: 'remove_sourcehost'
}));
section.add_field(IPA.rule_association_table_widget({
id: that.entity.name+'-sourcehost_hostgroup',
name: 'sourcehost_hostgroup', category: category,
other_entity: 'hostgroup', add_method: 'add_sourcehost',
remove_method: 'remove_sourcehost'
}));
return section;
}
that.update = function(on_success, on_error) {
var pkey = IPA.nav.get_state(that.entity.name+'-pkey');
var modify_operation = {
'execute': false,
'command': IPA.command({
entity: that.entity.name,
method: 'mod',
args: [pkey],
options: {all: true, rights: true}
})
};
var categories = {
'usercategory': {
'remove_values': false
},
'hostcategory': {
'remove_values': false
},
'servicecategory': {
'remove_values': false
},
'sourcehostcategory': {
'remove_values': false
}
};
var member_operations = {
'memberuser': {
'category': 'usercategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_user',
args: [pkey],
options: {all: true, rights: true}
})
},
'memberhost': {
'category': 'hostcategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_host',
args: [pkey],
options: {all: true, rights: true}
})
},
'memberservice': {
'category': 'servicecategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_service',
args: [pkey],
options: {all: true, rights: true}
})
},
'sourcehost': {
'category': 'sourcehostcategory',
'has_values': false,
'command': IPA.command({
entity: that.entity.name,
method: 'remove_sourcehost',
args: [pkey],
options: {all: true, rights: true}
})
}
};
var enable_operation = {
'execute': false,
'command': IPA.command({
entity: that.entity.name,
method: 'enable',
args: [pkey],
options: {all: true, rights: true}
})
};
var sections = that.sections.values;
for (var i=0; i<sections.length; i++) {
var section = sections[i];
var section_fields = section.fields.values;
for (var j=0; j<section_fields.length; j++) {
var field = section_fields[j];
if (!field.is_dirty()) continue;
var values = field.save();
if (!values) continue;
var param_info = IPA.get_entity_param(that.entity.name, field.name);
// skip primary key
if (param_info && param_info['primary_key']) continue;
var p = field.name.indexOf('_');
if (p >= 0) {
// prepare command to remove members if needed
var attribute = field.name.substring(0, p);
var other_entity = field.name.substring(p+1);
if (values.length) {
member_operations[attribute].command.set_option(other_entity, values.join(','));
member_operations[attribute].has_values = true;
}
continue;
}
// skip unchanged field
if (!field.is_dirty()) continue;
// check enable/disable
if (field.name == 'ipaenabledflag') {
if (values[0] == 'FALSE') enable_operation.command.method = 'disable';
enable_operation.execute = true;
continue;
}
if (categories[field.name]) {
if (values[0] == 'all') {
categories[field.name].remove_values = true;
}
}
if (param_info) {
if (values.length == 1) {
modify_operation.command.set_option(field.name, values[0]);
} else if (field.join) {
modify_operation.command.set_option(field.name, values.join(','));
} else {
modify_operation.command.set_option(field.name, values);
}
} else {
if (values.length) {
modify_operation.command.set_option('setattr', field.name+'='+values[0]);
} else {
modify_operation.command.set_option('setattr', field.name+'=');
}
for (var l=1; l<values.length; l++) {
modify_operation.command.set_option('addattr', field.name+'='+values[l]);
}
}
modify_operation.execute = true;
}
}
var batch = IPA.batch_command({
'name': 'hbac_details_update',
'on_success': function(data, text_status, xhr) {
that.refresh();
if (on_success) on_success(data, text_status, xhr);
},
'on_error': function(xhr, text_status, error_thrown) {
that.refresh();
if (on_error) on_error(xhr, text_status, error_thrown);
}
});
for (var member_attribute in member_operations) {
var member_operation = member_operations[member_attribute];
if (member_operation.has_values &&
categories[member_operation.category].remove_values) {
batch.add_command(member_operations[member_attribute].command);
}
}
if (modify_operation.execute) batch.add_command(modify_operation.command);
if (enable_operation.execute) batch.add_command(enable_operation.command);
if (!batch.commands.length) {
that.refresh();
return;
}
batch.execute();
};
/*initialization*/
that.add_section(general_section());
that.add_section(user_category_section());
that.add_section(hostcategory_section());
that.add_section(servicecategory_section());
that.add_section(sourcehostcategory_section());
return that;
};
IPA.hbac_deny_warning_dialog = function(container) {
var dialog = IPA.dialog({
'title': 'HBAC Deny Rules found'
});
var link_path = "config";
if (IPA.use_static_files){
link_path = "html";
}
dialog.create = function() {
dialog.container.append(
"HBAC rules with type deny have been found."+
" These rules have been deprecated." +
" Please remove them, and restructure the HBAC rules." );
$('<p/>').append($('<a/>',{
text: 'Click here for more information',
href: '../' +link_path +'/hbac-deny-remove.html',
target: "_blank",
style: 'target: tab; color: blue; '
})).appendTo(dialog.container);
};
dialog.add_button('Edit HBAC Rules', function() {
dialog.close();
IPA.nav.show_page('hbacrule', 'search');
});
dialog.add_button('Ignore for now', function() {
dialog.close();
});
dialog.open();
};