ipa/0013-WebUI-Improve-subordinate-ids-user-workflow.patch
Florence Blanc-Renaud 5a5afdbc6f ipa-4.9.6-3
- Resolves: rhbz#1979629 Add checks to prevent assigning authentication indicators to internal IPA services
- Resolves: rhbz#1982212 ipa-trust-add fails with "not enough quota"
- Resolves: rhbz#1952028 [RFE] Add support for managing subuids and subgids in FreeIPA
- Resolves: rhbz#1981789 [man page] contradiction in ipa-server-upgrade command's man page and usage
2021-07-15 18:19:28 +02:00

276 lines
10 KiB
Diff

From 10418b7f3ea8c682961fc201545169663d507bf6 Mon Sep 17 00:00:00 2001
From: Serhii Tsymbaliuk <stsymbal@redhat.com>
Date: Thu, 17 Jun 2021 13:56:19 +0200
Subject: [PATCH] WebUI: Improve subordinate ids user workflow
- add "Subordinate ID Statistics" page
- add button for generating subid in "Subordinate ids" tab of user details page
- allow to navigate directly to owner details from subordinate id page
- adjust i18n strings
Ticket: https://pagure.io/freeipa/issue/8361
Signed-off-by: Serhii Tsymbaliuk <stsymbal@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Francois Cami <fcami@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
install/ui/src/freeipa/details.js | 8 ++-
.../ui/src/freeipa/navigation/menu_spec.js | 19 ++++++-
install/ui/src/freeipa/subid.js | 43 +++++++++++++++-
install/ui/src/freeipa/user.js | 49 +++++++++++++++----
ipaserver/plugins/internal.py | 22 ++++++---
5 files changed, 121 insertions(+), 20 deletions(-)
diff --git a/install/ui/src/freeipa/details.js b/install/ui/src/freeipa/details.js
index b557bbcef9a427a87eee3216f4345fc853cbaaff..2704cbd0ba98efa877cf5ec8a878e688ee6807e9 100644
--- a/install/ui/src/freeipa/details.js
+++ b/install/ui/src/freeipa/details.js
@@ -602,6 +602,12 @@ exp.details_facet = IPA.details_facet = function(spec, no_init) {
*/
that.facet_group = spec.facet_group || 'settings';
+ /**
+ * Indicates if the details facet depends on pkey
+ * @property {boolean}
+ */
+ that.require_pkey = spec.require_pkey !== undefined ? spec.require_pkey : true;
+
/**
* Widgets
* @property {IPA.widget_container}
@@ -1105,7 +1111,7 @@ exp.details_facet = IPA.details_facet = function(spec, no_init) {
*/
that.refresh = function(on_success, on_error) {
- if (!that.get_pkey() && that.entity.redirect_facet) {
+ if (that.require_pkey && !that.get_pkey() && that.entity.redirect_facet) {
that.redirect();
return;
}
diff --git a/install/ui/src/freeipa/navigation/menu_spec.js b/install/ui/src/freeipa/navigation/menu_spec.js
index 6ccd06919fbe04c7e8d2034ff7a1f644f373c607..a205dfade2f9508edbdc23ee6f7247508cc0479c 100644
--- a/install/ui/src/freeipa/navigation/menu_spec.js
+++ b/install/ui/src/freeipa/navigation/menu_spec.js
@@ -104,7 +104,24 @@ var nav = {};
}
]
},
- { entity: 'subid' }
+ {
+ name: 'subid',
+ label: '@i18n:tabs.subid',
+ children: [
+ {
+ name: 'subid',
+ entity: 'subid',
+ facet: 'search',
+ label: '@i18n:tabs.subid'
+ },
+ {
+ name: 'subid-stats',
+ entity: 'subid',
+ facet: 'stats',
+ label: '@i18n:objects.subid.stats'
+ }
+ ]
+ }
]
},
{
diff --git a/install/ui/src/freeipa/subid.js b/install/ui/src/freeipa/subid.js
index f286165070b08badf77cac6c30e93cab916c2acc..32f75bb7854cd3e84417a66870e99d34d49617e3 100644
--- a/install/ui/src/freeipa/subid.js
+++ b/install/ui/src/freeipa/subid.js
@@ -31,6 +31,7 @@ return {
},
{
$type: 'details',
+ disable_facet_tabs: true,
sections: [
{
name: 'details',
@@ -38,9 +39,11 @@ return {
'ipauniqueid',
'description',
{
+ $type: 'link',
name: 'ipaowner',
label: '@i18n:objects.subid.ipaowner',
- title: '@mo-param:subid:ipaowner:label'
+ title: '@mo-param:subid:ipaowner:label',
+ other_entity: 'user'
},
{
name: 'ipasubgidnumber',
@@ -65,6 +68,44 @@ return {
]
}
]
+ },
+ {
+ $type: 'details',
+ name: 'stats',
+ label: '@i18n:objects.subid.stats',
+ refresh_command_name: 'stats',
+ check_rights: false,
+ no_update: true,
+ disable_facet_tabs: true,
+ disable_breadcrumb: true,
+ require_pkey: false,
+ fields: [
+ {
+ name: 'assigned_subids',
+ label: '@i18n:objects.subid.assigned_subids',
+ read_only: true
+ },
+ {
+ name: 'baseid',
+ label: '@i18n:objects.subid.baseid',
+ read_only: true
+ },
+ {
+ name: 'dna_remaining',
+ label: '@i18n:objects.subid.dna_remaining',
+ read_only: true
+ },
+ {
+ name: 'rangesize',
+ label: '@i18n:objects.subid.rangesize',
+ read_only: true
+ },
+ {
+ name: 'remaining_subids',
+ label: '@i18n:objects.subid.remaining_subids',
+ read_only: true
+ }
+ ]
}
],
adder_dialog: {
diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js
index 56bb6f4feffb637d33a57aecf9a98f08d4639550..6a56320c580f58a1aba84e598736631986421113 100644
--- a/install/ui/src/freeipa/user.js
+++ b/install/ui/src/freeipa/user.js
@@ -464,7 +464,7 @@ return {
},
{
$type: 'subid_generate',
- hide_cond: ['preserved-user'],
+ hide_cond: ['preserved-user', 'self-service-other'],
enable_cond: ['no-subid']
}
],
@@ -556,8 +556,35 @@ return {
{
$type: 'association',
name: 'memberof_subid',
+ columns: [
+ 'ipauniqueid',
+ 'ipasubuidnumber',
+ 'ipasubgidnumber'
+ ],
associator: IPA.serial_associator,
- read_only: true
+ read_only: true,
+ state: {
+ evaluators: [
+ IPA.user.self_service_other_user_evaluator,
+ IPA.user.preserved_user_evaluator,
+ IPA.user.has_subid_evaluator
+ ]
+ },
+ actions: [
+ {
+ $type: 'subid_generate',
+ name: 'subid_generate',
+ hide_cond: ['preserved-user', 'self-service-other'],
+ enable_cond: ['no-subid']
+ }
+ ],
+ control_buttons: [
+ {
+ name: 'subid_generate',
+ label: '@i18n:objects.user.auto_subid',
+ icon: 'fa-plus'
+ }
+ ]
}
],
standard_association_facets: {
@@ -1216,14 +1243,16 @@ IPA.user.subid_generate_action = function(spec) {
var that = IPA.action(spec);
that.execute_action = function(facet) {
-
- var subid_e = reg.entity.get('subid');
- var dialog = subid_e.get_dialog('add');
- dialog.open();
- if (!IPA.is_selfservice) {
- var owner = facet.get_pkey();
- dialog.get_field('ipaowner').set_value([owner]);
- }
+ var owner = facet.get_pkey();
+ var command = rpc.command({
+ entity: 'subid',
+ method: 'generate'
+ });
+ command.set_option('ipaowner', owner);
+ command.on_success = function(data, text_status, xhr) {
+ facet.refresh();
+ };
+ command.execute();
};
return that;
diff --git a/ipaserver/plugins/internal.py b/ipaserver/plugins/internal.py
index 5ef940c2b88cc2b132a15d619772349b30731306..29e09f0067ec60d014e61c49313455d64478ef22 100644
--- a/ipaserver/plugins/internal.py
+++ b/ipaserver/plugins/internal.py
@@ -1364,6 +1364,20 @@ class i18n_messages(Command):
"undel_success": _("${count} user(s) restored"),
"user_categories": _("User categories"),
},
+ "subid": {
+ "add": _("Add subid"),
+ "assigned_subids": _("Assigned subids"),
+ "baseid": _("Base ID"),
+ "dna_remaining": _("DNA remaining"),
+ "ipaowner": _("Owner"),
+ "ipasubgidcount": _("SubGID range size"),
+ "ipasubgidnumber": _("SubGID range start"),
+ "ipasubuidcount": _("SubUID range size"),
+ "ipasubuidnumber": _("SubUID range start"),
+ "rangesize": _("Range size"),
+ "remaining_subids": _("Remaining subids"),
+ "stats": _("Subordinate ID Statistics"),
+ },
"sudocmd": {
"add": _("Add sudo command"),
"add_into_sudocmdgroups": _(
@@ -1547,13 +1561,6 @@ class i18n_messages(Command):
"Drive to mount a home directory"
),
},
- "subid": {
- "identity": _("Subordinate user and group id"),
- "subuidnumber": _("Subordinate user id"),
- "subuidcount": _("Subordinate user id count"),
- "subgidnumber": _("Subordinate group id"),
- "subgidcount": _("Subordinate group id count"),
- },
"trustconfig": {
"options": _("Options"),
},
@@ -1942,6 +1949,7 @@ class i18n_messages(Command):
"network_services": _("Network Services"),
"policy": _("Policy"),
"role": _("Role-Based Access Control"),
+ "subid": _("Subordinate IDs"),
"sudo": _("Sudo"),
"topology": _("Topology"),
"trust": _("Trusts"),
--
2.26.3