diff options
author | Pavel Vomacka <pvomacka@redhat.com> | 2016-06-10 16:16:57 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-06-15 09:59:50 +0200 |
commit | 5e5df4abf037161d9c9d9fd5e6051f861dff4bd1 (patch) | |
tree | bf5d46b0034485360f24f169fd58c16c9d791c32 | |
parent | f4dd2446cd8b2c2a814c7bcb95415eb186b0a70f (diff) | |
download | freeipa-5e5df4abf037161d9c9d9fd5e6051f861dff4bd1.tar.gz freeipa-5e5df4abf037161d9c9d9fd5e6051f861dff4bd1.tar.xz freeipa-5e5df4abf037161d9c9d9fd5e6051f861dff4bd1.zip |
Extend caacl entity
There is new checkbox in adding new caacl which can set whether the ACL applies on all
CAs or not. Also there is a new table with CAs on which is current ACL applied. User
can add and remove CAs from this table.
Part of: https://fedorahosted.org/freeipa/ticket/5939
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
-rw-r--r-- | install/ui/less/widgets.less | 7 | ||||
-rw-r--r-- | install/ui/src/freeipa/plugins/caacl.js | 48 | ||||
-rw-r--r-- | install/ui/src/freeipa/rule.js | 21 | ||||
-rw-r--r-- | install/ui/test/data/ipa_init.json | 4 | ||||
-rw-r--r-- | ipaserver/plugins/internal.py | 4 |
5 files changed, 80 insertions, 4 deletions
diff --git a/install/ui/less/widgets.less b/install/ui/less/widgets.less index 0f9bc8c17..56a310462 100644 --- a/install/ui/less/widgets.less +++ b/install/ui/less/widgets.less @@ -188,3 +188,10 @@ tbody:empty { display: none; } font-weight: bold; } } + +/** + * Moves message next to the rule radio button to the right in caacl plugin. + */ +.rule-radio-note { + float: right; +} diff --git a/install/ui/src/freeipa/plugins/caacl.js b/install/ui/src/freeipa/plugins/caacl.js index 57343d1e4..e101d25fb 100644 --- a/install/ui/src/freeipa/plugins/caacl.js +++ b/install/ui/src/freeipa/plugins/caacl.js @@ -87,6 +87,17 @@ var spec = { fields: [ 'cn', { + $type: 'checkboxes', + name: 'ipacacategory', + options: [ + { + label: '@i18n:objects.caacl.all', + value: 'all' + } + ], + tooltip: '@i18n:objects.caacl.no_ca_msg' + }, + { $type: 'textarea', name: 'description' } @@ -245,6 +256,18 @@ var add_caacl_details_facet_widgets = function (spec) { name: 'memberservice_service', widget: 'who.service.memberservice_service', priority: IPA.caacl.remove_method_priority + }, + // ca + { + $type: 'radio', + name: 'ipacacategory', + widget: 'who.ipaca.ipacacategory' + }, + { + $type: 'rule_association_table', + name: 'ipamemberca_ca', + widget: 'who.ipaca.ipamemberca_ca', + priority: IPA.caacl.remove_method_priority } ); @@ -350,13 +373,36 @@ var add_caacl_details_facet_widgets = function (spec) { remove_title: '@i18n:association.remove.member' } ] + }, + { + $factory: IPA.rule_details_widget, + name: 'ipaca', + radio_name: 'ipacacategory', + note: '@i18n:objects.caacl.no_ca_msg', + options: [ + { 'value': 'all', 'label': '@i18n:objects.caacl.any_ca' }, + { 'value': '', 'label': '@i18n:objects.caacl.specified_cas' } + ], + tables: [ + { 'name': 'ipamemberca_ca' } + ], + widgets: [ + { + $type: 'rule_association_table', + id: 'caacl-ipamemberca_ca', + name: 'ipamemberca_ca', + add_method: 'add_ca', + remove_method: 'remove_ca', + add_title: '@i18n:association.add.member', + remove_title: '@i18n:association.remove.member' + } + ] } ] } ); }; - /** * CAACL entity specification object * @member plugins.caacl diff --git a/install/ui/src/freeipa/rule.js b/install/ui/src/freeipa/rule.js index 706827190..0f39d434f 100644 --- a/install/ui/src/freeipa/rule.js +++ b/install/ui/src/freeipa/rule.js @@ -24,11 +24,12 @@ define([ './phases', './reg', './rpc', + './text', './details', './search', './association', './entity'], - function(IPA, $, phases, reg, rpc) { + function(IPA, $, phases, reg, rpc, text) { IPA.rule_details_widget = function(spec) { @@ -40,6 +41,7 @@ IPA.rule_details_widget = function(spec) { that.options = spec.options || []; that.tables = spec.tables || []; that.columns = spec.columns; + that.note = spec.note; that.init = function() { @@ -47,7 +49,8 @@ IPA.rule_details_widget = function(spec) { name: that.radio_name, options: that.options, entity: that.entity, - css_class: 'rule-enable-radio' + css_class: 'rule-enable-radio', + note: that.note }); that.widgets.add_widget(that.enable_radio); @@ -85,6 +88,11 @@ IPA.rule_radio_widget = function(spec) { spec = spec || {}; var that = IPA.radio_widget(spec); + /** + * The text from note will be displayed after radio buttons. + */ + that.note = spec.note || ''; + /** @inheritDoc */ that.create = function(container) { @@ -97,6 +105,13 @@ IPA.rule_radio_widget = function(spec) { if (that.undo) { that.create_undo(container); } + + if (that.note) { + $('<div />', { + text: text.get(that.note), + 'class': 'rule-radio-note' + }).appendTo(container); + } }; return that; @@ -274,4 +289,4 @@ phases.on('registration', function() { }); return {}; -});
\ No newline at end of file +}); diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json index b19eafad3..eb5fb14cc 100644 --- a/install/ui/test/data/ipa_init.json +++ b/install/ui/test/data/ipa_init.json @@ -214,12 +214,16 @@ "map_type": "Map Type" }, "caacl": { + "all": "All", + "any_ca": "Any CA", "any_host": "Any Host", "any_service": "Any Service", "any_profile": "Any Profile", "anyone": "Anyone", "ipaenabledflag": "Rule status", + "no_ca_msg": "If no CAs are specified, requests to the default CA are allowed.", "profile": "Profiles", + "specified_cas": "Specified CAs", "specified_hosts": "Specified Hosts and Groups", "specified_profiles": "Specified Profiles", "specified_services": "Specified Services and Groups", diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py index 5cb78c5ef..1d83b4648 100644 --- a/ipaserver/plugins/internal.py +++ b/ipaserver/plugins/internal.py @@ -351,12 +351,16 @@ class i18n_messages(Command): "indirect": _("Indirect"), }, "caacl": { + "all": _("All"), + "any_ca": _("Any CA"), "any_host": _("Any Host"), "any_service": _("Any Service"), "any_profile": _("Any Profile"), "anyone": _("Anyone"), "ipaenabledflag": _("Rule status"), + "no_ca_msg": _("If no CAs are specified, requests to the default CA are allowed."), "profile": _("Profiles"), + "specified_cas": _("Specified CAs"), "specified_hosts": _("Specified Hosts and Groups"), "specified_profiles": _("Specified Profiles"), "specified_services": _("Specified Services and Groups"), |