From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id AD06362E25 for ; Wed, 28 Oct 2020 12:37:25 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A93DD1EE5A for ; Wed, 28 Oct 2020 12:37:25 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id A3F1A1ED86 for ; Wed, 28 Oct 2020 12:37:24 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7218245F4B for ; Wed, 28 Oct 2020 12:37:24 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Wed, 28 Oct 2020 12:37:17 +0100 Message-Id: <20201028113717.827644-7-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201028113717.827644-1-f.gruenbichler@proxmox.com> References: <20201028113632.814586-1-f.gruenbichler@proxmox.com> <20201028113717.827644-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.027 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 16/16] gui: add API token ACLs X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2020 11:37:25 -0000 and the needed API token selector. Signed-off-by: Fabian Grünbichler --- www/Makefile | 1 + www/config/ACLView.js | 42 +++++++++++++++++++---- www/form/TokenSelector.js | 72 +++++++++++++++++++++++++++++++++++++++ www/window/ACLEdit.js | 69 ++++++++++++++++++++++--------------- 4 files changed, 150 insertions(+), 34 deletions(-) create mode 100644 www/form/TokenSelector.js diff --git a/www/Makefile b/www/Makefile index ab056c8c..18e77b19 100644 --- a/www/Makefile +++ b/www/Makefile @@ -6,6 +6,7 @@ IMAGES := \ JSSRC= \ form/UserSelector.js \ + form/TokenSelector.js \ form/RemoteSelector.js \ form/DataStoreSelector.js \ form/CalendarEvent.js \ diff --git a/www/config/ACLView.js b/www/config/ACLView.js index d552b029..67bf04f8 100644 --- a/www/config/ACLView.js +++ b/www/config/ACLView.js @@ -31,19 +31,35 @@ Ext.define('PBS.config.ACLView', { controller: { xclass: 'Ext.app.ViewController', - addACL: function() { + addUserACL: function() { let me = this; let view = me.getView(); - Ext.create('PBS.window.ACLEdit', { + Ext.create('PBS.window.ACLEdit', { path: view.aclPath, + aclType: 'user', listeners: { destroy: function() { me.reload(); }, }, - }).show(); + }).show(); }, + addTokenACL: function() { + let me = this; + let view = me.getView(); + Ext.create('PBS.window.ACLEdit', { + path: view.aclPath, + aclType: 'token', + listeners: { + destroy: function() { + me.reload(); + }, + }, + }).show(); + }, + + removeACL: function(btn, event, rec) { let me = this; Proxmox.Utils.API2Request({ @@ -106,10 +122,22 @@ Ext.define('PBS.config.ACLView', { tbar: [ { - xtype: 'proxmoxButton', text: gettext('Add'), - handler: 'addACL', - selModel: false, + menu: { + xtype: 'menu', + items: [ + { + text: gettext('User Permission'), + iconCls: 'fa fa-fw fa-user', + handler: 'addUserACL', + }, + { + text: gettext('API Token Permission'), + iconCls: 'fa fa-fw fa-user-o', + handler: 'addTokenACL', + }, + ], + }, }, { xtype: 'proxmoxStdRemoveButton', @@ -127,7 +155,7 @@ Ext.define('PBS.config.ACLView', { dataIndex: 'path', }, { - header: gettext('User/Group'), + header: gettext('User/Group/API Token'), width: 100, sortable: true, renderer: Ext.String.htmlEncode, diff --git a/www/form/TokenSelector.js b/www/form/TokenSelector.js new file mode 100644 index 00000000..502fe827 --- /dev/null +++ b/www/form/TokenSelector.js @@ -0,0 +1,72 @@ +Ext.define('PBS.form.TokenSelector', { + extend: 'Proxmox.form.ComboGrid', + alias: 'widget.pbsTokenSelector', + + allowBlank: false, + autoSelect: false, + valueField: 'tokenid', + displayField: 'tokenid', + + editable: true, + anyMatch: true, + forceSelection: true, + + store: { + model: 'pbs-tokens', + params: { + enabled: 1, + }, + sorters: 'tokenid', + }, + + initComponent: function() { + let me = this; + me.userStore = Ext.create('Ext.data.Store', { + model: 'pbs-users-with-tokens', + }); + me.userStore.on('load', this.onLoad, this); + me.userStore.load(); + + me.callParent(); + }, + + onLoad: function(store, data, success) { + if (!success) return; + + let tokenStore = this.store; + + let records = []; + Ext.Array.each(data, function(user) { + let tokens = user.data.tokens || []; + Ext.Array.each(tokens, function(token) { + let r = {}; + r.tokenid = token.tokenid; + r.comment = token.comment; + r.expire = token.expire; + r.enable = token.enable; + records.push(r); + }); + }); + + tokenStore.loadData(records); + }, + + listConfig: { + columns: [ + { + header: gettext('API Token'), + sortable: true, + dataIndex: 'tokenid', + renderer: Ext.String.htmlEncode, + flex: 1, + }, + { + header: gettext('Comment'), + sortable: false, + dataIndex: 'comment', + renderer: Ext.String.htmlEncode, + flex: 1, + }, + ], + }, +}); diff --git a/www/window/ACLEdit.js b/www/window/ACLEdit.js index ffeb9e81..42db1ff6 100644 --- a/www/window/ACLEdit.js +++ b/www/window/ACLEdit.js @@ -14,47 +14,62 @@ Ext.define('PBS.window.ACLEdit', { // caller can give a static path path: undefined, - subject: gettext('User Permission'), - - getValues: function(dirtyOnly) { + initComponent: function() { let me = this; - let values = me.callParent(arguments); - if (me.path) { - values.path = me.path; - } - return values; - }, + me.items = []; - items: [ - { + me.items.push({ xtype: 'pbsPermissionPathSelector', fieldLabel: gettext('Path'), - cbind: { - editable: '{!path}', - value: '{path}', - }, + editable: !me.path, + value: me.path, name: 'path', allowBlank: false, - }, - { - xtype: 'pbsUserSelector', - fieldLabel: gettext('User'), - name: 'auth_id', - allowBlank: false, - }, - { + }); + + if (me.aclType === 'user') { + me.subject = gettext('User Permission'); + me.items.push({ + xtype: 'pbsUserSelector', + fieldLabel: gettext('User'), + name: 'auth_id', + allowBlank: false, + }); + } else if (me.aclType === 'token') { + me.subject = gettext('API Token Permission'); + me.items.push({ + xtype: 'pbsTokenSelector', + fieldLabel: gettext('API Token'), + name: 'auth_id', + allowBlank: false, + }); + } + me.items.push({ xtype: 'pmxRoleSelector', name: 'role', value: 'NoAccess', fieldLabel: gettext('Role'), - }, - { + }); + me.items.push({ xtype: 'proxmoxcheckbox', name: 'propagate', checked: true, uncheckedValue: 0, fieldLabel: gettext('Propagate'), - }, - ], + }); + + me.callParent(); + }, + + getValues: function(dirtyOnly) { + let me = this; + let values = me.callParent(arguments); + + if (me.path) { + values.path = me.path; + } + return values; + }, + }); -- 2.20.1