diff options
Diffstat (limited to 'install/ui/hbac.js')
| -rw-r--r-- | install/ui/hbac.js | 696 |
1 files changed, 324 insertions, 372 deletions
diff --git a/install/ui/hbac.js b/install/ui/hbac.js index 31f789a8..cf13e459 100644 --- a/install/ui/hbac.js +++ b/install/ui/hbac.js @@ -23,7 +23,11 @@ /* REQUIRES: ipa.js, details.js, search.js, add.js, facet.js, entity.js */ -IPA.hbac = {}; +IPA.hbac = { + //priority of commands in details facet + remove_method_priority: IPA.config.default_priority - 1, + enable_priority: IPA.config.default_priority + 1 +}; IPA.hbac.rule_entity = function(spec) { @@ -40,7 +44,9 @@ IPA.hbac.rule_entity = function(spec) { ] }). details_facet({ - factory: IPA.hbacrule_details_facet + factory: IPA.hbacrule_details_facet, + entity: that, + command_mode: 'info' }). adder_dialog({ fields: [ 'cn' ] @@ -70,7 +76,7 @@ IPA.hbac.service_entity = function(spec) { fields: [ 'cn', { - factory: IPA.textarea_widget, + type: 'textarea', name: 'description' } ] @@ -105,7 +111,7 @@ IPA.hbac.service_entity = function(spec) { fields: [ 'cn', { - factory: IPA.textarea_widget, + type: 'textarea', name: 'description' } ] @@ -135,7 +141,7 @@ IPA.hbac.service_group_entity = function(spec) { fields: [ 'cn', { - factory: IPA.textarea_widget, + type: 'textarea', name: 'description' } ] @@ -169,7 +175,7 @@ IPA.hbac.service_group_entity = function(spec) { fields: [ 'cn', { - factory: IPA.textarea_widget, + type: 'textarea', name: 'description' } ] @@ -181,395 +187,341 @@ IPA.hbac.service_group_entity = function(spec) { IPA.hbacrule_details_facet = function(spec) { - spec = spec || {}; - - var that = IPA.details_facet(spec); + var entity_name = spec.entity.name; + + // + // General + // + + spec.fields = [ + { + name: 'cn', + read_only: true, + widget: 'general.cn' + }, + { + type: 'textarea', + name: 'description', + widget: 'general.description' + }, + { + type: 'enable', + name: 'ipaenabledflag', + priority: IPA.sudo.enable_priority, + widget: 'general.ipaenabledflag' + } + ]; - function general_section(){ - var section = IPA.details_table_section({ + spec.widgets = [ + { + type: 'details_table_section', name: 'general', - entity: that.entity, - label: IPA.messages.details.general - }); - - section.text({ - name: 'cn' - }); - section.textarea({ - name: 'description' - }); - section.radio({ - name: 'ipaenabledflag', - options: [ - { value: 'TRUE', label: IPA.get_message('true') }, - { value: 'FALSE', label: IPA.get_message('false') } + label: IPA.messages.details.general, + widgets: [ + { + name: 'cn' + }, + { + type: 'textarea', + name: 'description' + }, + { + type: 'enable', + name: 'ipaenabledflag', + options: [ + { value: 'TRUE', label: IPA.get_message('true') }, + { value: 'FALSE', label: IPA.get_message('false') } + ] + } ] - }); - return section; - } - + } + ]; + + // + // Users + // + + spec.fields.push( + { + type: 'radio', + name: 'usercategory', + widget: 'user.rule.usercategory' + }, + { + type: 'rule_association_table', + name: 'memberuser_user', + widget: 'user.rule.memberuser_user', + priority: IPA.hbac.remove_method_priority + }, + { + type: 'rule_association_table', + name: 'memberuser_group', + widget: 'user.rule.memberuser_group', + priority: IPA.hbac.remove_method_priority + } + ); - function user_category_section(){ - var section = IPA.rule_details_section({ + spec.widgets.push( + { + factory: IPA.collapsible_section, name: 'user', - entity: that.entity, label: IPA.messages.objects.hbacrule.user, - field_name: 'usercategory', - options: [ - { value: 'all', label: IPA.messages.objects.hbacrule.anyone }, - { value: '', - label: IPA.messages.objects.hbacrule.specified_users } - ], - tables: [ - { field_name: 'memberuser_user' }, - { field_name: 'memberuser_group' } + widgets: [ + { + factory: IPA.rule_details_widget, + name: 'rule', + radio_name: 'usercategory', + options: [ + { value: 'all', + label: IPA.messages.objects.hbacrule.anyone }, + { value: '', + label: IPA.messages.objects.hbacrule.specified_users } + ], + tables: [ + { name: 'memberuser_user' }, + { name: 'memberuser_group' } + ], + widgets: [ + { + type: 'rule_association_table', + id: entity_name+'-memberuser_user', + name: 'memberuser_user', + add_method: 'add_user', + remove_method: 'remove_user', + add_title: IPA.messages.association.add.member, + remove_title: IPA.messages.association.remove.member + }, + { + type: 'rule_association_table', + id: entity_name+'-memberuser_group', + name: 'memberuser_group', + add_method: 'add_user', + remove_method: 'remove_user', + add_title: IPA.messages.association.add.member, + remove_title: IPA.messages.association.remove.member + } + ] + } ] - }); + } + ); + + // + // Hosts + // + + spec.fields.push( + { + type: 'radio', + name: 'hostcategory', + widget: 'host.rule.hostcategory' + }, + { + type: 'rule_association_table', + name: 'memberhost_host', + widget: 'host.rule.memberhost_host', + priority: IPA.hbac.remove_method_priority + }, + { + type: 'rule_association_table', + name: 'memberhost_hostgroup', + widget: 'host.rule.memberhost_hostgroup', + priority: IPA.hbac.remove_method_priority + } + ); - section.add_field(IPA.radio_widget({ - name: 'usercategory' - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-memberuser_user', - name: 'memberuser_user', - entity: that.entity, - add_method: 'add_user', - remove_method: 'remove_user', - add_title: IPA.messages.association.add.member, - remove_title: IPA.messages.association.remove.member - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-memberuser_group', - name: 'memberuser_group', - entity: that.entity, - add_method: 'add_user', - remove_method: 'remove_user', - add_title: IPA.messages.association.add.member, - remove_title: IPA.messages.association.remove.member - })); - return section; - } - - function hostcategory_section(){ - var section = IPA.rule_details_section({ + spec.widgets.push( + { + factory: IPA.collapsible_section, name: 'host', label: IPA.messages.objects.hbacrule.host, - entity: that.entity, - field_name: 'hostcategory', - options: [ - { value: 'all', label: IPA.messages.objects.hbacrule.any_host }, - { value: '', - label: IPA.messages.objects.hbacrule.specified_hosts } - ], - tables: [ - { field_name: 'memberhost_host' }, - { field_name: 'memberhost_hostgroup' } - ] - }); - - section.add_field(IPA.radio_widget({ - name: 'hostcategory' - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-memberhost_host', - name: 'memberhost_host', - entity: that.entity, - add_method: 'add_host', - remove_method: 'remove_host', - add_title: IPA.messages.association.add.member, - remove_title: IPA.messages.association.remove.member - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-memberhost_hostgroup', - name: 'memberhost_hostgroup', - entity: that.entity, - add_method: 'add_host', - remove_method: 'remove_host', - add_title: IPA.messages.association.add.member, - remove_title: IPA.messages.association.remove.member - })); - return section; - } - - function servicecategory_section(){ - var section = IPA.rule_details_section({ - name: 'service', - entity: that.entity, - label: IPA.messages.objects.hbacrule.service, - field_name: 'servicecategory', - options: [ - { value: 'all', - label: IPA.messages.objects.hbacrule.any_service }, - { value: '', - label: IPA.messages.objects.hbacrule.specified_services } - ], - tables: [ - { field_name: 'memberservice_hbacsvc' }, - { field_name: 'memberservice_hbacsvcgroup' } + widgets: [ + { + factory: IPA.rule_details_widget, + name: 'rule', + radio_name: 'hostcategory', + options: [ + { + 'value': 'all', + 'label': IPA.messages.objects.hbacrule.any_host + }, + { + 'value': '', + 'label': IPA.messages.objects.hbacrule.specified_hosts + } + ], + tables: [ + { 'name': 'memberhost_host' }, + { 'name': 'memberhost_hostgroup' } + ], + widgets: [ + { + type: 'rule_association_table', + id: entity_name+'-memberuser_user', + name: 'memberhost_host', + add_method: 'add_host', + remove_method: 'remove_host', + add_title: IPA.messages.association.add.member, + remove_title: IPA.messages.association.remove.member + }, + { + type: 'rule_association_table', + id: entity_name+'-memberuser_group', + name: 'memberhost_hostgroup', + add_method: 'add_host', + remove_method: 'remove_host', + add_title: IPA.messages.association.add.member, + remove_title: IPA.messages.association.remove.member + } + ] + } ] - }); - - section.add_field(IPA.radio_widget({ - name: 'servicecategory' - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-memberservice_hbacsvc', + } + ); + + // + // Service + // + + spec.fields.push( + { + type: 'radio', + name: 'servicecategory', + widget: 'service.rule.servicecategory' + }, + { + type: 'rule_association_table', name: 'memberservice_hbacsvc', - entity: that.entity, - add_method: 'add_service', - remove_method: 'remove_service', - add_title: IPA.messages.association.add.member, - remove_title: IPA.messages.association.remove.member - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-memberservice_hbacsvcgroup', + widget: 'service.rule.memberservice_hbacsvc', + priority: IPA.hbac.remove_method_priority + }, + { + type: 'rule_association_table', name: 'memberservice_hbacsvcgroup', - entity: that.entity, - add_method: 'add_service', - remove_method: 'remove_service', - add_title: IPA.messages.association.add.member, - remove_title: IPA.messages.association.remove.member - })); - return section; - } - - function sourcehostcategory_section(){ - var section = IPA.rule_details_section({ - name: 'sourcehost', - entity: that.entity, - label: IPA.messages.objects.hbacrule.sourcehost, - field_name: 'sourcehostcategory', - options: [ - { value: 'all', label: IPA.messages.objects.hbacrule.any_host }, - { value: '', - label: IPA.messages.objects.hbacrule.specified_hosts } - ], - tables: [ - { field_name: 'sourcehost_host' }, - { field_name: 'sourcehost_hostgroup' } - ] - }); + widget: 'service.rule.memberservice_hbacsvcgroup', + priority: IPA.hbac.remove_method_priority + } + ); - section.add_field(IPA.radio_widget({ - name: 'sourcehostcategory' - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-sourcehost_host', + spec.widgets.push( + { + factory: IPA.collapsible_section, + name: 'service', + label: IPA.messages.objects.hbacrule.service, + widgets: [ + { + factory: IPA.rule_details_widget, + name: 'rule', + radio_name: 'servicecategory', + options: [ + { 'value': 'all', 'label': IPA.messages.objects.hbacrule.any_host }, + { 'value': '', 'label': IPA.messages.objects.hbacrule.specified_hosts } + ], + tables: [ + { 'name': 'memberservice_hbacsvc' }, + { 'name': 'memberservice_hbacsvcgroup' } + ], + widgets: [ + { + type: 'rule_association_table', + id: entity_name+'-memberuser_user', + name: 'memberservice_hbacsvc', + add_method: 'add_service', + remove_method: 'remove_service', + add_title: IPA.messages.association.add.member, + remove_title: IPA.messages.association.remove.member + }, + { + type: 'rule_association_table', + id: entity_name+'-memberuser_group', + name: 'memberservice_hbacsvcgroup', + add_method: 'add_service', + remove_method: 'remove_service', + add_title: IPA.messages.association.add.member, + remove_title: IPA.messages.association.remove.member + } + ] + } + ] + } + ); + + // + // Source host + // + + spec.fields.push( + { + type: 'radio', + name: 'sourcehostcategory', + widget: 'sourcehost.rule.sourcehostcategory' + }, + { + type: 'rule_association_table', name: 'sourcehost_host', - entity: that.entity, - add_method: 'add_sourcehost', - remove_method: 'remove_sourcehost', - add_title: IPA.messages.association.add.sourcehost, - remove_title: IPA.messages.association.remove.sourcehost - })); - section.add_field(IPA.association_table_widget({ - id: that.entity.name+'-sourcehost_hostgroup', + widget: 'sourcehost.rule.sourcehost_host', + priority: IPA.hbac.remove_method_priority + }, + { + type: 'rule_association_table', name: 'sourcehost_hostgroup', - entity: that.entity, - add_method: 'add_sourcehost', - remove_method: 'remove_sourcehost', - add_title: IPA.messages.association.add.sourcehost, - remove_title: IPA.messages.association.remove.sourcehost - })); - return section; - } - - that.update = function(on_success, on_error) { - - var args = that.get_primary_key(); - - var modify_operation = { - 'execute': false, - 'command': IPA.command({ - entity: that.entity.name, - method: 'mod', - args: args, - options: {all: true, rights: true} - }) - }; - - var categories = { - 'usercategory': { - 'remove_values': false - }, - 'hostcategory': { - 'remove_values': false - }, - 'servicecategory': { - 'remove_values': false - }, - 'sourcehostcategory': { - 'remove_values': false - } - }; - - var member_operations = { - 'memberuser': { - 'category': 'usercategory', - 'has_values': false, - 'command': IPA.command({ - entity: that.entity.name, - method: 'remove_user', - args: args, - options: {all: true, rights: true} - }) - }, - 'memberhost': { - 'category': 'hostcategory', - 'has_values': false, - 'command': IPA.command({ - entity: that.entity.name, - method: 'remove_host', - args: args, - options: {all: true, rights: true} - }) - }, - 'memberservice': { - 'category': 'servicecategory', - 'has_values': false, - 'command': IPA.command({ - entity: that.entity.name, - method: 'remove_service', - args: args, - options: {all: true, rights: true} - }) - }, - 'sourcehost': { - 'category': 'sourcehostcategory', - 'has_values': false, - 'command': IPA.command({ - entity: that.entity.name, - method: 'remove_sourcehost', - args: args, - options: {all: true, rights: true} - }) - } - }; - - var enable_operation = { - 'execute': false, - 'command': IPA.command({ - entity: that.entity.name, - method: 'enable', - args: args, - options: {all: true, rights: true} - }) - }; - - var record = {}; - that.save(record); - - var sections = that.sections.values; - for (var i=0; i<sections.length; i++) { - var section = sections[i]; - - var section_fields = section.fields.values; - for (var j=0; j<section_fields.length; j++) { - var field = section_fields[j]; - - // association tables are never dirty, so call - // is_dirty() after checking table values - - var values = record[field.name]; - if (!values) continue; - - var metadata = field.metadata; - - // skip primary key - if (metadata && metadata.primary_key) continue; - - var p = field.name.indexOf('_'); - if (p >= 0) { - // prepare command to remove members if needed - var attribute = field.name.substring(0, p); - var other_entity = field.name.substring(p+1); - - if (values.length) { - member_operations[attribute].command.set_option(other_entity, values.join(',')); - member_operations[attribute].has_values = true; - } - continue; - } - - // skip unchanged field - if (!field.is_dirty()) continue; - - // check enable/disable - if (field.name == 'ipaenabledflag') { - if (values[0] == 'FALSE') enable_operation.command.method = 'disable'; - enable_operation.execute = true; - continue; - } - - if (categories[field.name]) { - if (values[0] == 'all') { - categories[field.name].remove_values = true; - } - } - - if (metadata) { - if (values.length == 1) { - modify_operation.command.set_option(field.name, values[0]); - } else if (field.join) { - modify_operation.command.set_option(field.name, values.join(',')); - } else { - modify_operation.command.set_option(field.name, values); - } - - } else { - if (values.length) { - modify_operation.command.set_option('setattr', field.name+'='+values[0]); - } else { - modify_operation.command.set_option('setattr', field.name+'='); - } - for (var l=1; l<values.length; l++) { - modify_operation.command.set_option('addattr', field.name+'='+values[l]); - } - } - - modify_operation.execute = true; - } + widget: 'sourcehost.rule.sourcehost_hostgroup', + priority: IPA.hbac.remove_method_priority } + ); - var batch = IPA.batch_command({ - 'name': 'hbac_details_update', - 'on_success': function(data, text_status, xhr) { - that.refresh(); - if (on_success) on_success.call(this, data, text_status, xhr); - }, - 'on_error': function(xhr, text_status, error_thrown) { - that.refresh(); - if (on_error) on_error.call(this, xhr, text_status, error_thrown); - } - }); - - for (var member_attribute in member_operations) { - var member_operation = member_operations[member_attribute]; - if (member_operation.has_values && - categories[member_operation.category].remove_values) { - batch.add_command(member_operations[member_attribute].command); - } + spec.widgets.push( + { + factory: IPA.collapsible_section, + name: 'sourcehost', + label: IPA.messages.objects.hbacrule.sourcehost, + widgets: [ + { + factory: IPA.rule_details_widget, + name: 'rule', + radio_name: 'sourcehostcategory', + options: [ + { 'value': 'all', 'label': IPA.messages.objects.hbacrule.any_host }, + { 'value': '', 'label': IPA.messages.objects.hbacrule.specified_hosts } + ], + tables: [ + { 'name': 'sourcehost_host' }, + { 'name': 'sourcehost_hostgroup' } + ], + widgets: [ + { + type: 'rule_association_table', + id: entity_name+'-memberuser_user', + name: 'sourcehost_host', + add_method: 'add_sourcehost', + remove_method: 'remove_sourcehost', + add_title: IPA.messages.association.add.sourcehost, + remove_title: IPA.messages.association.remove.sourcehost + }, + { + type: 'rule_association_table', + id: entity_name+'-memberuser_group', + name: 'sourcehost_hostgroup', + add_method: 'add_sourcehost', + remove_method: 'remove_sourcehost', + add_title: IPA.messages.association.add.sourcehost, + remove_title: IPA.messages.association.remove.sourcehost + } + ] + } + ] } + ); + var that = IPA.details_facet(spec); - if (modify_operation.execute) batch.add_command(modify_operation.command); - if (enable_operation.execute) batch.add_command(enable_operation.command); - - if (!batch.commands.length) { - that.refresh(); - return; - } - - batch.execute(); + that.on_update_success = function(data, text_status, xhr) { + that.refresh(); }; - /*initialization*/ - that.add_section(general_section()); - that.add_section(user_category_section()); - that.add_section(hostcategory_section()); - that.add_section(servicecategory_section()); - that.add_section(sourcehostcategory_section()); - + that.on_update_error = function(xhr, text_status, error_thrown) { + that.refresh(); + }; return that; }; |