diff options
Diffstat (limited to 'install/static/hbacrule.js')
-rwxr-xr-x | install/static/hbacrule.js | 984 |
1 files changed, 984 insertions, 0 deletions
diff --git a/install/static/hbacrule.js b/install/static/hbacrule.js new file mode 100755 index 000000000..0e6d82ccd --- /dev/null +++ b/install/static/hbacrule.js @@ -0,0 +1,984 @@ +/* Authors: + * Endi Sukma Dewata <edewata@redhat.com> + * + * Copyright (C) 2010 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */ + +function ipa_hbacrule() { + + var that = ipa_entity({ + 'name': 'hbacrule' + }); + + that.init = function() { + + var dialog = ipa_hbacrule_add_dialog({ + 'name': 'add', + 'title': 'Add New Rule' + }); + that.add_dialog(dialog); + dialog.init(); + + var facet = ipa_hbacrule_search_facet({ + 'name': 'search', + 'label': 'Search' + }); + that.add_facet(facet); + + facet = ipa_hbacrule_details_facet({ + 'name': 'details', + 'label': 'Details' + }); + that.add_facet(facet); + + that.entity_init(); + }; + + return that; +} + +IPA.add_entity(ipa_hbacrule()); + +function ipa_hbacrule_add_dialog(spec) { + + spec = spec || {}; + + var that = ipa_add_dialog(spec); + + that.init = function() { + + that.add_field(ipa_text_widget({ + 'name': 'cn', + 'undo': false + })); + + that.add_field(ipa_radio_widget({ + 'name': 'accessruletype', + 'options': [ + { 'value': 'allow', 'label': 'Allow' }, + { 'value': 'deny', 'label': 'Deny' } + ], + 'undo': false + })); + + that.add_dialog_init(); + }; + + return that; +} + +function ipa_hbacrule_search_facet(spec) { + + spec = spec || {}; + + var that = ipa_search_facet(spec); + + that.init = function() { + + that.create_column({name:'cn'}); + that.create_column({name:'usercategory'}); + that.create_column({name:'hostcategory'}); + that.create_column({name:'ipaenabledflag'}); + that.create_column({name:'servicecategory'}); + that.create_column({name:'sourcehostcategory'}); + + that.search_facet_init(); + }; + + that.create = function(container) { + +/* + // Not yet implemented + + var left_buttons = $('<span/>', { + 'style': 'float: left;' + }).appendTo(container); + + left_buttons.append(ipa_button({ + 'label': 'Troubleshoot Rules' + })); + + left_buttons.append(ipa_button({ + 'label': 'Cull Disabled Rules' + })); +*/ + + that.search_facet_create(container); + + }; + + return that; +} + +function ipa_hbacrule_details_facet(spec) { + + spec = spec || {}; + + var that = ipa_details_facet(spec); + + that.init = function() { + + var section; + + if (IPA.layout) { + section = that.create_section({ + 'name': 'general', + 'label': 'General', + 'template': 'hbacrule-details-general.html #contents' + }); + + } else { + section = ipa_hbacrule_details_general_section({ + 'name': 'general', + 'label': 'General' + }); + that.add_section(section); + } + + section.create_text({ 'name': 'cn', 'label': 'Name', 'read_only': true }); + section.create_radio({ 'name': 'accessruletype', 'label': 'Rule Type' }); + section.create_textarea({ 'name': 'description', 'label': 'Description' }); + section.create_radio({ 'name': 'ipaenabledflag', 'label': 'Enabled' }); + + if (IPA.layout) { + section = that.create_section({ + 'name': 'user', + 'label': 'Who', + 'template': 'hbacrule-details-user.html #contents' + }); + + } else { + section = ipa_rule_details_section({ + 'name': 'user', + 'label': 'Who', + 'text': 'Rule applies when access is requested by:', + 'field_name': 'usercategory', + 'options': [ + { 'value': 'all', 'label': 'Anyone' }, + { 'value': '', 'label': 'Specified Users and Groups' } + ], + 'tables': [ + { 'field_name': 'memberuser_user' }, + { 'field_name': 'memberuser_group' } + ] + }); + that.add_section(section); + } + + var category = section.create_radio({ name: 'usercategory', label: 'User category' }); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-memberuser_user', + 'name': 'memberuser_user', 'label': 'Users', 'category': category, + 'other_entity': 'user', 'add_method': 'add_user', 'remove_method': 'remove_user' + })); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-memberuser_group', + 'name': 'memberuser_group', 'label': 'Groups', 'category': category, + 'other_entity': 'group', 'add_method': 'add_user', 'remove_method': 'remove_user' + })); + + if (IPA.layout) { + section = that.create_section({ + 'name': 'host', + 'label': 'Accessing', + 'template': 'hbacrule-details-host.html #contents' + }); + + } else { + section = ipa_rule_details_section({ + 'name': 'host', + 'label': 'Accessing', + 'text': 'Rule applies when access is requested to:', + 'field_name': 'hostcategory', + 'options': [ + { 'value': 'all', 'label': 'Any Host' }, + { 'value': '', 'label': 'Specified Hosts and Groups' } + ], + 'tables': [ + { 'field_name': 'memberhost_host' }, + { 'field_name': 'memberhost_hostgroup' } + ] + }); + that.add_section(section); + } + + category = section.create_radio({ 'name': 'hostcategory', 'label': 'Host category' }); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-memberhost_host', + 'name': 'memberhost_host', 'label': 'Hosts', 'category': category, + 'other_entity': 'host', 'add_method': 'add_host', 'remove_method': 'remove_host' + })); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-memberhost_hostgroup', + 'name': 'memberhost_hostgroup', 'label': 'Host Groups', 'category': category, + 'other_entity': 'hostgroup', 'add_method': 'add_host', 'remove_method': 'remove_host' + })); + + if (IPA.layout) { + section = that.create_section({ + 'name': 'service', + 'label': 'Via Service', + 'template': 'hbacrule-details-service.html #contents' + }); + + } else { + section = ipa_rule_details_section({ + 'name': 'service', + 'label': 'Via Service', + 'text': 'Rule applies when access is requested via:', + 'field_name': 'servicecategory', + 'options': [ + { 'value': 'all', 'label': 'Any Service' }, + { 'value': '', 'label': 'Specified Services and Groups' } + ], + 'tables': [ + { 'field_name': 'memberservice_hbacsvc' }, + { 'field_name': 'memberservice_hbacsvcgroup' } + ] + }); + that.add_section(section); + } + + category = section.create_radio({ 'name': 'servicecategory', 'label': 'Service category' }); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-memberservice_hbacsvc', + 'name': 'memberservice_hbacsvc', 'label': 'Services', 'category': category, + 'other_entity': 'hbacsvc', 'add_method': 'add_service', 'remove_method': 'remove_service' + })); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-memberservice_hbacsvcgroup', + 'name': 'memberservice_hbacsvcgroup', 'label': 'Service Groups', 'category': category, + 'other_entity': 'hbacsvcgroup', 'add_method': 'add_service', 'remove_method': 'remove_service' + })); + + if (IPA.layout) { + section = that.create_section({ + 'name': 'sourcehost', + 'label': 'From', + 'template': 'hbacrule-details-sourcehost.html #contents' + }); + + } else { + section = ipa_rule_details_section({ + 'name': 'sourcehost', + 'label': 'From', + 'text': 'Rule applies when access is being initiated from:', + 'field_name': 'sourcehostcategory', + 'options': [ + { 'value': 'all', 'label': 'Any Host' }, + { 'value': '', 'label': 'Specified Hosts and Groups' } + ], + 'tables': [ + { 'field_name': 'sourcehost_host' }, + { 'field_name': 'sourcehost_hostgroup' } + ] + }); + that.add_section(section); + } + + category = section.create_radio({ 'name': 'sourcehostcategory', 'label': 'Source host category' }); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-sourcehost_host', + 'name': 'sourcehost_host', 'label': 'Host', 'category': category, + 'other_entity': 'host', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost' + })); + section.add_field(ipa_rule_association_table_widget({ + 'id': that.entity_name+'-sourcehost_hostgroup', + 'name': 'sourcehost_hostgroup', 'label': 'Host Groups', 'category': category, + 'other_entity': 'hostgroup', 'add_method': 'add_sourcehost', 'remove_method': 'remove_sourcehost' + })); +/* + if (IPA.layout) { + section = that.create_section({ + 'name': 'accesstime', + 'label': 'When', + 'template': 'hbacrule-details-accesstime.html #contents' + }); + + } else { + section = that.create_section({ + 'name': 'accesstime', + 'label': 'When' + }); + } + + section.add_field(ipa_hbacrule_accesstime_widget({ + 'id': 'accesstime', + 'name': 'accesstime', 'label': 'Access Time', + 'text': 'Rule applies when access is being requested at:', + 'options': [ + { 'value': 'all', 'label': 'Any Time' }, + { 'value': '', 'label': 'Specified Times' } + ] + })); +*/ + that.details_facet_init(); + }; + + that.update = function() { + + var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; + + var modify_operation = { + 'execute': false, + 'command': ipa_command({ + 'method': that.entity_name+'_mod', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }) + }; + + var remove_accesstime = { + 'template': ipa_command({ + 'method': that.entity_name+'_remove_accesstime', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }), + 'commands': [] + }; + + var categories = { + 'usercategory': { + 'remove_values': false + }, + 'hostcategory': { + 'remove_values': false + }, + 'servicecategory': { + 'remove_values': false + }, + 'sourcehostcategory': { + 'remove_values': false + } + }; + + var member_operations = { + 'memberuser': { + 'category': 'usercategory', + 'has_values': false, + 'command': ipa_command({ + 'method': that.entity_name+'_remove_user', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }) + }, + 'memberhost': { + 'category': 'hostcategory', + 'has_values': false, + 'command': ipa_command({ + 'method': that.entity_name+'_remove_host', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }) + }, + 'memberservice': { + 'category': 'servicecategory', + 'has_values': false, + 'command': ipa_command({ + 'method': that.entity_name+'_remove_service', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }) + }, + 'sourcehost': { + 'category': 'sourcehostcategory', + 'has_values': false, + 'command': ipa_command({ + 'method': that.entity_name+'_remove_sourcehost', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }) + } + }; + + var enable_operation = { + 'execute': false, + 'command': ipa_command({ + 'method': that.entity_name+'_enable', + 'args': [pkey], + 'options': {'all': true, 'rights': true} + }) + }; + + for (var i=0; i<that.sections.length; i++) { + var section = that.sections[i]; + + var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container); + + for (var j=0; j<section.fields.length; j++) { + var field = section.fields[j]; + + var span = $('span[name='+field.name+']', div).first(); + var values = field.save(); + if (!values) continue; + + var param_info = ipa_get_param_info(that.entity_name, field.name); + + // skip primary key + if (param_info && param_info['primary_key']) continue; + + var p = field.name.indexOf('_'); + if (p >= 0) { + // prepare command to remove members if needed + var attribute = field.name.substring(0, p); + var other_entity = field.name.substring(p+1); + + if (values.length) { + member_operations[attribute].command.set_option(other_entity, values.join(',')); + member_operations[attribute].has_values = true; + } + continue; + } + + // skip unchanged field + if (!field.is_dirty(span)) continue; + + // check enable/disable + if (field.name == 'ipaenabledflag') { + if (values[0] == 'FALSE') enable_operation.command.method = that.entity_name+'_disable'; + enable_operation.execute = true; + continue; + } + + if (field.name == 'accesstime') { + // if accesstime is dirty, it means 'Any Time' is selected, + // so existing values have to be removed + for (var k=0; k<field.values.length; k++) { + var command = ipa_command(remove_accesstime.template); + command.set_option(field.name, field.values[k]); + remove_accesstime.commands.push(command); + } + continue; + } + + if (categories[field.name]) { + if (values[0] == 'all') { + categories[field.name].remove_values = true; + } + } + + // use setattr/addattr if param_info not available + if (!param_info) { + for (var k=0; k<values.length; k++) { + modify_operation.command.set_option( + k == 0 ? 'setattr' : 'addattr', + field.name+'='+values[k] + ); + modify_operation.execute = true; + } + continue; + } + + // set modify options + if (values.length == 1) { + modify_operation.command.set_option(field.name, values[0]); + } else { + modify_operation.command.set_option(field.name, values); + } + modify_operation.execute = true; + } + } + + var batch = ipa_batch_command({ + 'name': 'hbac_details_update', + 'on_success': function(data, text_status, xhr) { + that.refresh(); + }, + 'on_error': function(xhr, text_status, error_thrown) { + that.refresh(); + } + }); + + for (var member_attribute in member_operations) { + var member_operation = member_operations[member_attribute]; + if (member_operation.has_values && + categories[member_operation.category].remove_values) { + batch.add_command(member_operations[member_attribute].command); + } + } + + batch.add_commands(remove_accesstime.commands); + + if (modify_operation.execute) batch.add_command(modify_operation.command); + if (enable_operation.execute) batch.add_command(enable_operation.command); + + if (!batch.commands.length) { + that.refresh(); + return; + } + + alert(JSON.stringify(batch.to_json())); + + batch.execute(); + }; + + that.reset = function() { + for (var i=0; i<that.sections.length; i++) { + var section = that.sections[i]; + section.reset(); + } + }; + + return that; +} + +function ipa_hbacrule_details_general_section(spec){ + + spec = spec || {}; + + var that = ipa_details_section(spec); + + that.create = function(container) { + + var table = $('<table/>', { + 'style': 'width: 100%;' + }).appendTo(container); + + var tr = $('<tr/>').appendTo(table); + + var td = $('<td/>', { + 'style': 'width: 100px; text-align: right;', + 'html': 'Name:' + }).appendTo(tr); + + td = $('<td/>').appendTo(tr); + + var span = $('<span/>', { 'name': 'cn' }).appendTo(td); + + $('<input/>', { + 'type': 'text', + 'name': 'cn', + 'size': 30 + }).appendTo(span); + + span.append(' '); + + $('<span/>', { + 'name': 'undo', + 'class': 'ui-state-highlight ui-corner-all', + 'style': 'display: none;', + 'html': 'undo' + }).appendTo(span); + + td = $('<td/>', { + 'style': 'text-align: right;' + }).appendTo(tr); + + td.append('Rule type:'); + + span = $('<span/>', { 'name': 'accessruletype' }).appendTo(td); + + $('<input/>', { + 'type': 'radio', + 'name': 'accessruletype', + 'value': 'allow' + }).appendTo(span); + + span.append('Allow'); + + $('<input/>', { + 'type': 'radio', + 'name': 'accessruletype', + 'value': 'deny' + }).appendTo(span); + + span.append('Deny'); + + span.append(' '); + + $('<span/>', { + 'name': 'undo', + 'class': 'ui-state-highlight ui-corner-all', + 'style': 'display: none;', + 'html': 'undo' + }).appendTo(span); + + tr = $('<tr/>').appendTo(table); + + td = $('<td/>', { + 'style': 'text-align: right; vertical-align: top;', + 'html': 'Description:' + }).appendTo(tr); + + td = $('<td/>', { + 'colspan': 2 + }).appendTo(tr); + + span = $('<span/>', { 'name': 'description' }).appendTo(td); + + $('<textarea/>', { + 'name': 'description', + 'rows': 5, + 'style': 'width: 100%' + }).appendTo(span); + + span.append(' '); + + $('<span/>', { + 'name': 'undo', + 'class': 'ui-state-highlight ui-corner-all', + 'style': 'display: none;', + 'html': 'undo' + }).appendTo(span); + + tr = $('<tr/>').appendTo(table); + + td = $('<td/>', { + 'style': 'text-align: right; vertical-align: top;', + 'html': 'Rule status:' + }).appendTo(tr); + + td = $('<td/>', { + 'colspan': 2 + }).appendTo(tr); + + span = $('<span/>', { 'name': 'ipaenabledflag' }).appendTo(td); + + $('<input/>', { + 'type': 'radio', + 'name': 'ipaenabledflag', + 'value': 'TRUE' + }).appendTo(span); + + span.append('Active'); + + $('<input/>', { + 'type': 'radio', + 'name': 'ipaenabledflag', + 'value': 'FALSE' + }).appendTo(span); + + span.append('Inactive'); + + span.append(' '); + + $('<span/>', { + 'name': 'undo', + 'class': 'ui-state-highlight ui-corner-all', + 'style': 'display: none;', + 'html': 'undo' + }).appendTo(span); + }; + + return that; +} + +function ipa_hbacrule_accesstime_widget(spec) { + + spec = spec || {}; + + var that = ipa_widget(spec); + + that.text = spec.text; + that.options = spec.options || []; + + that.init = function() { + + that.widget_init(); + + that.table = ipa_table_widget({ + 'id': 'accesstime-table', + 'name': 'table', 'label': that.label + }); + + that.table.create_column({ + 'name': that.name, + 'label': that.label, + 'primary_key': true + }); + + that.table.init(); + }; + + that.create = function(container) { + + that.widget_create(container); + + var span = $('<span/>', { 'name': 'text' }).appendTo(container); + + span.append(that.text); + + for (var i=0; i<that.options.length; i++) { + var option = that.options[i]; + + $('<input/>', { + 'type': 'radio', + 'name': that.name, + 'value': option.value + }).appendTo(container); + + container.append(option.label); + } + + container.append(' '); + + $('<span/>', { + 'name': 'undo', + 'class': 'ui-state-highlight ui-corner-all', + 'style': 'display: none;', + 'html': 'undo' + }).appendTo(container); + + container.append('<br/>'); + + span = $('<span/>', { 'name': 'table' }).appendTo(container); + + that.table.create(span); + + var buttons = $('span[name=buttons]', span); + + $('<input/>', { + 'type': 'button', + 'name': 'remove', + 'value': 'Remove '+that.label + }).appendTo(buttons); + + $('<input/>', { + 'type': 'button', + 'name': 'add', + 'value': 'Add '+that.label + }).appendTo(buttons); + }; + + that.setup = function(container) { + + that.widget_setup(container); + + var span = $('span[name="table"]', that.container); + that.table.setup(span); + + var button = $('input[name=remove]', span); + button.replaceWith(ipa_button({ + 'label': button.val(), + 'icon': 'ui-icon-trash', + 'click': function() { that.remove(that.container); } + })); + + button = $('input[name=add]', span); + button.replaceWith(ipa_button({ + 'label': button.val(), + 'icon': 'ui-icon-plus', + 'click': function() { that.add(that.container) } + })); + + var input = $('input[name="'+that.name+'"]', that.container); + input.change(function() { + that.show_undo(); + }); + + var undo = that.get_undo(); + undo.click(function() { + that.reset(); + }); + }; + + that.save = function() { + var value = $('input[name="'+that.name+'"]:checked', that.container).val(); + if (value == '') { + return that.table.save(); + } else { + return []; + } + }; + + that.load = function(record) { + + that.values = record[that.name] || []; + that.reset(); + }; + + that.update = function() { + + that.set_category(that.container, that.values && that.values.length ? '' : 'all'); + + that.table.tbody.empty(); + for (var i=0; that.values && i<that.values.length; i++) { + var record = {}; + record[that.name] = that.values[i]; + that.table.add_record(record); + } + }; + + that.set_category = function(container, value) { + $('input[name="'+that.name+'"][value="'+value+'"]', that.container).get(0).checked = true; + }; + + that.add = function() { + + var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; + var title = 'Add '+that.label+' to '+that.entity_name+' '+pkey; + + var dialog = ipa_dialog({ + 'title': title + }); + + dialog.add_field(ipa_text_widget({ + 'name': that.name, + 'label': that.label + })); + + dialog.create = function() { + var table = $('<table/>').appendTo(dialog.container); + + var tr = $('<tr/>').appendTo(table); + + var td = $('<td/>', { + 'style': 'vertical-align: top;' + }).appendTo(tr); + td.append(that.label+': '); + + td = $('<td/>').appendTo(tr); + + var span = $('<span/>', { 'name': that.name }).appendTo(td); + + $('<input/>', { + 'type': 'text', + 'name': that.name, + 'size': 40 + }).appendTo(span); + + tr = $('<tr/>').appendTo(table); + + td = $('<td/>', { + 'style': 'vertical-align: top;' + }).appendTo(tr); + td.append('Example:'); + + td = $('<td/>').appendTo(tr); + + td.append('<b>Every day between 0800 and 1400:</b><br/>'); + td.append('periodic daily 0800-1400<br/><br/>'); + + td.append('<b>December 16, 2010 from 10:32 until 10:33:</b><br/>'); + td.append('absolute 201012161032 ~ 201012161033<td/>'); + }; + + function add(on_success, on_error) { + + var field = dialog.get_field(that.name); + var value = field.save()[0]; + + var command = ipa_command({ + 'method': that.entity_name+'_add_'+that.name, + 'args': [pkey], + 'on_success': function() { + that.refresh(); + if (on_success) on_success(); + }, + 'on_error': function() { + that.refresh(); + if (on_error) on_error(); + } + }); + + command.set_option(that.name, value); + + command.execute(); + } + + dialog.add_button('Add', function() { + add( + function() { dialog.reset(); } + ); + }); + + dialog.add_button('Add and Close', function() { + add( + function() { dialog.close(); }, + function() { dialog.close(); } + ); + }); + + dialog.add_button('Cancel', function() { + dialog.close(); + }); + + dialog.init(); + + dialog.open(that.container); + }; + + that.remove = function() { + + var values = that.table.get_selected_values(); + + if (!values.length) { + alert('Select '+that.label+' to be removed.'); + return; + } + + var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; + var title = 'Remove '+that.label+' from '+that.entity_name+' '+pkey; + + var dialog = ipa_deleter_dialog({ + 'title': title, + 'values': values + }); + + dialog.remove = function() { + + var batch = ipa_batch_command({ + 'on_success': function() { + that.refresh(); + dialog.close(); + }, + 'on_error': function() { + that.refresh(); + dialog.close(); + } + }); + + for (var i=0; i<values.length; i++) { + var command = ipa_command({ + 'method': that.entity_name+'_remove_'+that.name, + 'args': [pkey] + }); + + command.set_option(that.name, values[i]); + + batch.add_command(command); + } + + batch.execute(); + }; + + dialog.init(); + + dialog.open(that.container); + }; + + that.refresh = function() { + + function on_success(data, text_status, xhr) { + that.load(data.result.result); + } + + function on_error(xhr, text_status, error_thrown) { + var summary = $('span[name=summary]', that.table.tfoot).empty(); + summary.append('<p>Error: '+error_thrown.name+'</p>'); + summary.append('<p>'+error_thrown.title+'</p>'); + summary.append('<p>'+error_thrown.message+'</p>'); + } + + var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || ''; + ipa_cmd('show', [pkey], {'rights': true}, on_success, on_error, that.entity_name); + }; + + return that; +} |