From: Lukas Wagner <l.wagner@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH v2 proxmox-widget-toolkit 14/16] auth ui: add LDAP sync UI
Date: Wed, 18 Jan 2023 08:37:00 +0100 [thread overview]
Message-ID: <20230118073702.588417-15-l.wagner@proxmox.com> (raw)
In-Reply-To: <20230118073702.588417-1-l.wagner@proxmox.com>
Taken and adapted from PVE.
Changes:
- Removed fields that are irrelevant for PBS for now (PBS has no
groups yet). If PVE is adapted to use the implementation from the
widget toolkit, the fields can simply be readded and somehow
feature-gated so that the fields are only visible/editable on PVE
Signed-off-by: Lukas Wagner <l.wagner@proxmox.com>
---
src/Makefile | 1 +
src/Schema.js | 4 +
src/panel/AuthView.js | 24 +++++
src/window/AuthEditLDAP.js | 161 +++++++++++++++++++++++++++++++
src/window/SyncWindow.js | 192 +++++++++++++++++++++++++++++++++++++
5 files changed, 382 insertions(+)
create mode 100644 src/window/SyncWindow.js
diff --git a/src/Makefile b/src/Makefile
index a24ae43..458ae93 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -91,6 +91,7 @@ JSSRC= \
window/AddYubico.js \
window/TfaEdit.js \
window/NotesEdit.js \
+ window/SyncWindow.js \
node/APT.js \
node/APTRepositories.js \
node/NetworkEdit.js \
diff --git a/src/Schema.js b/src/Schema.js
index 372af89..b247b1e 100644
--- a/src/Schema.js
+++ b/src/Schema.js
@@ -7,6 +7,7 @@ Ext.define('Proxmox.Schema', { // a singleton
add: false,
edit: false,
pwchange: true,
+ sync: false,
},
openid: {
name: gettext('OpenID Connect Server'),
@@ -15,15 +16,18 @@ Ext.define('Proxmox.Schema', { // a singleton
edit: true,
tfa: false,
pwchange: false,
+ sync: false,
iconCls: 'pmx-itype-icon-openid-logo',
},
ldap: {
name: gettext('LDAP Server'),
ipanel: 'pmxAuthLDAPPanel',
+ syncipanel: 'pmxAuthLDAPSyncPanel',
add: true,
edit: true,
tfa: true,
pwchange: false,
+ sync: true,
},
},
// to add or change existing for product specific ones
diff --git a/src/panel/AuthView.js b/src/panel/AuthView.js
index 69fe1a5..52b6cac 100644
--- a/src/panel/AuthView.js
+++ b/src/panel/AuthView.js
@@ -75,6 +75,23 @@ Ext.define('Proxmox.panel.AuthView', {
me.openEditWindow(rec.data.type, rec.data.realm);
},
+ open_sync_window: function() {
+ let rec = this.getSelection()[0];
+ if (!rec) {
+ return;
+ }
+ if (!Proxmox.Schema.authDomains[rec.data.type].sync) {
+ return;
+ }
+ Ext.create('Proxmox.window.SyncWindow', {
+ type: rec.data.type,
+ realm: rec.data.realm,
+ listeners: {
+ destroy: () => this.reload(),
+ },
+ }).show();
+ },
+
initComponent: function() {
var me = this;
@@ -115,6 +132,13 @@ Ext.define('Proxmox.panel.AuthView', {
enableFn: (rec) => Proxmox.Schema.authDomains[rec.data.type].add,
callback: () => me.reload(),
},
+ {
+ xtype: 'proxmoxButton',
+ text: gettext('Sync'),
+ disabled: true,
+ enableFn: (rec) => Proxmox.Schema.authDomains[rec.data.type].sync,
+ handler: () => me.open_sync_window(),
+ },
];
if (me.extraButtons) {
diff --git a/src/window/AuthEditLDAP.js b/src/window/AuthEditLDAP.js
index a44c536..4195efe 100644
--- a/src/window/AuthEditLDAP.js
+++ b/src/window/AuthEditLDAP.js
@@ -192,3 +192,164 @@ Ext.define('Proxmox.panel.LDAPInputPanel', {
});
+
+Ext.define('Proxmox.panel.LDAPSyncInputPanel', {
+ extend: 'Proxmox.panel.InputPanel',
+ xtype: 'pmxAuthLDAPSyncPanel',
+ mixins: ['Proxmox.Mixin.CBind'],
+
+ editableAttributes: ['email'],
+ editableDefaults: ['scope', 'enable-new'],
+ default_opts: {},
+ sync_attributes: {},
+
+ type: 'ldap',
+
+ // (de)construct the sync-attributes from the list above,
+ // not touching all others
+ onGetValues: function(values) {
+ this.editableDefaults.forEach((attr) => {
+ if (values[attr]) {
+ this.default_opts[attr] = values[attr];
+ delete values[attr];
+ } else {
+ delete this.default_opts[attr];
+ }
+ });
+ let vanished_opts = [];
+ ['acl', 'entry', 'properties'].forEach((prop) => {
+ if (values[`remove-vanished-${prop}`]) {
+ vanished_opts.push(prop);
+ }
+ delete values[`remove-vanished-${prop}`];
+ });
+ this.default_opts['remove-vanished'] = vanished_opts.join(';');
+
+ values['sync-defaults-options'] = Proxmox.Utils.printPropertyString(this.default_opts);
+ this.editableAttributes.forEach((attr) => {
+ if (values[attr]) {
+ this.sync_attributes[attr] = values[attr];
+ delete values[attr];
+ } else {
+ delete this.sync_attributes[attr];
+ }
+ });
+ values['sync-attributes'] = Proxmox.Utils.printPropertyString(this.sync_attributes);
+
+ Proxmox.Utils.delete_if_default(values, 'sync-defaults-options');
+ Proxmox.Utils.delete_if_default(values, 'sync-attributes');
+
+ if (this.isCreate) {
+ delete values.delete; // on create we cannot delete values
+ }
+
+ return values;
+ },
+
+ setValues: function(values) {
+ if (values['sync-attributes']) {
+ this.sync_attributes = Proxmox.Utils.parsePropertyString(values['sync-attributes']);
+ delete values['sync-attributes'];
+ this.editableAttributes.forEach((attr) => {
+ if (this.sync_attributes[attr]) {
+ values[attr] = this.sync_attributes[attr];
+ }
+ });
+ }
+ if (values['sync-defaults-options']) {
+ this.default_opts = Proxmox.Utils.parsePropertyString(values['sync-defaults-options']);
+ delete values.default_opts;
+ this.editableDefaults.forEach((attr) => {
+ if (this.default_opts[attr]) {
+ values[attr] = this.default_opts[attr];
+ }
+ });
+
+ if (this.default_opts['remove-vanished']) {
+ let opts = this.default_opts['remove-vanished'].split(';');
+ for (const opt of opts) {
+ values[`remove-vanished-${opt}`] = 1;
+ }
+ }
+ }
+ return this.callParent([values]);
+ },
+
+ column1: [
+ {
+ xtype: 'proxmoxtextfield',
+ name: 'email',
+ fieldLabel: gettext('E-Mail attribute'),
+ },
+ {
+ xtype: 'displayfield',
+ value: gettext('Default Sync Options'),
+ },
+ {
+ xtype: 'proxmoxKVComboBox',
+ value: '__default__',
+ deleteEmpty: false,
+ comboItems: [
+ [
+ '__default__',
+ Ext.String.format(
+ gettext("{0} ({1})"),
+ Proxmox.Utils.yesText,
+ Proxmox.Utils.defaultText,
+ ),
+ ],
+ ['true', Proxmox.Utils.yesText],
+ ['false', Proxmox.Utils.noText],
+ ],
+ name: 'enable-new',
+ fieldLabel: gettext('Enable new users'),
+ },
+ ],
+
+ column2: [
+ {
+ xtype: 'proxmoxtextfield',
+ name: 'user-classes',
+ fieldLabel: gettext('User classes'),
+ deleteEmpty: true,
+ emptyText: 'inetorgperson, posixaccount, person, user',
+ autoEl: {
+ tag: 'div',
+ 'data-qtip': gettext('Default user classes: inetorgperson, posixaccount, person, user'),
+ },
+ },
+ {
+ xtype: 'proxmoxtextfield',
+ name: 'filter',
+ fieldLabel: gettext('User Filter'),
+ deleteEmpty: true,
+ },
+ ],
+
+ columnB: [
+ {
+ xtype: 'fieldset',
+ title: gettext('Remove Vanished Options'),
+ items: [
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('ACL'),
+ name: 'remove-vanished-acl',
+ boxLabel: gettext('Remove ACLs of vanished users'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Entry'),
+ name: 'remove-vanished-entry',
+ boxLabel: gettext('Remove vanished user'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Properties'),
+ name: 'remove-vanished-properties',
+ boxLabel: gettext('Remove vanished properties from synced users.'),
+ },
+ ],
+ },
+ ],
+});
diff --git a/src/window/SyncWindow.js b/src/window/SyncWindow.js
new file mode 100644
index 0000000..449782a
--- /dev/null
+++ b/src/window/SyncWindow.js
@@ -0,0 +1,192 @@
+Ext.define('Proxmox.window.SyncWindow', {
+ extend: 'Ext.window.Window',
+
+ title: gettext('Realm Sync'),
+
+ width: 600,
+ bodyPadding: 10,
+ modal: true,
+ resizable: false,
+
+ controller: {
+ xclass: 'Ext.app.ViewController',
+
+ control: {
+ 'form': {
+ validitychange: function(field, valid) {
+ this.lookup('preview_btn').setDisabled(!valid);
+ this.lookup('sync_btn').setDisabled(!valid);
+ },
+ },
+ 'button': {
+ click: function(btn) {
+ this.sync_realm(btn.reference === 'preview_btn');
+ },
+ },
+ },
+
+ sync_realm: function(is_preview) {
+ let view = this.getView();
+ let ipanel = this.lookup('ipanel');
+ let params = ipanel.getValues();
+
+ let vanished_opts = [];
+ ['acl', 'entry', 'properties'].forEach((prop) => {
+ if (params[`remove-vanished-${prop}`]) {
+ vanished_opts.push(prop);
+ }
+ delete params[`remove-vanished-${prop}`];
+ });
+ if (vanished_opts.length > 0) {
+ params['remove-vanished'] = vanished_opts.join(';');
+ }
+
+ params['dry-run'] = is_preview ? 1 : 0;
+ Proxmox.Utils.API2Request({
+ url: `/access/domains/${view.realm}/sync`,
+ waitMsgTarget: view,
+ method: 'POST',
+ params,
+ failure: (response) => {
+ view.show();
+ Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+ },
+ success: (response) => {
+ view.hide();
+ Ext.create('Proxmox.window.TaskViewer', {
+ upid: response.result.data,
+ listeners: {
+ destroy: () => {
+ if (is_preview) {
+ view.show();
+ } else {
+ view.close();
+ }
+ },
+ },
+ }).show();
+ },
+ });
+ },
+ },
+
+ items: [
+ {
+ xtype: 'form',
+ reference: 'form',
+ border: false,
+ fieldDefaults: {
+ labelWidth: 100,
+ anchor: '100%',
+ },
+ items: [{
+ xtype: 'inputpanel',
+ reference: 'ipanel',
+ column1: [
+ {
+ xtype: 'proxmoxKVComboBox',
+ value: 'true',
+ deleteEmpty: false,
+ allowBlank: false,
+ comboItems: [
+ ['true', Proxmox.Utils.yesText],
+ ['false', Proxmox.Utils.noText],
+ ],
+ name: 'enable-new',
+ fieldLabel: gettext('Enable new'),
+ },
+ ],
+
+ column2: [
+ ],
+
+ columnB: [
+ {
+ xtype: 'fieldset',
+ title: gettext('Remove Vanished Options'),
+ items: [
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('ACL'),
+ name: 'remove-vanished-acl',
+ boxLabel: gettext('Remove ACLs of vanished users and groups.'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Entry'),
+ name: 'remove-vanished-entry',
+ boxLabel: gettext('Remove vanished user and group entries.'),
+ },
+ {
+ xtype: 'proxmoxcheckbox',
+ fieldLabel: gettext('Properties'),
+ name: 'remove-vanished-properties',
+ boxLabel: gettext('Remove vanished properties from synced users.'),
+ },
+ ],
+ },
+ {
+ xtype: 'displayfield',
+ reference: 'defaulthint',
+ value: gettext('Default sync options can be set by editing the realm.'),
+ userCls: 'pmx-hint',
+ hidden: true,
+ },
+ ],
+ }],
+ },
+ ],
+
+ buttons: [
+ '->',
+ {
+ text: gettext('Preview'),
+ reference: 'preview_btn',
+ },
+ {
+ text: gettext('Sync'),
+ reference: 'sync_btn',
+ },
+ ],
+
+ initComponent: function() {
+ if (!this.realm) {
+ throw "no realm defined";
+ }
+
+ if (!this.type) {
+ throw "no realm type defined";
+ }
+
+ this.callParent();
+
+ Proxmox.Utils.API2Request({
+ url: `/config/access/${this.type}/${this.realm}`,
+ waitMsgTarget: this,
+ method: 'GET',
+ failure: (response) => {
+ Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+ this.close();
+ },
+ success: (response) => {
+ let default_options = response.result.data['sync-defaults-options'];
+ if (default_options) {
+ let options = Proxmox.Utils.parsePropertyString(default_options);
+ if (options['remove-vanished']) {
+ let opts = options['remove-vanished'].split(';');
+ for (const opt of opts) {
+ options[`remove-vanished-${opt}`] = 1;
+ }
+ }
+ let ipanel = this.lookup('ipanel');
+ ipanel.setValues(options);
+ } else {
+ this.lookup('defaulthint').setVisible(true);
+ }
+
+ // check validity for button state
+ this.lookup('form').isValid();
+ },
+ });
+ },
+});
--
2.30.2
next prev parent reply other threads:[~2023-01-18 7:37 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-18 7:36 [pbs-devel] [PATCH v2 proxmox{, -backup, -widget-toolkit} 00/16] add LDAP realm support Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox 01/16] rest-server: add handle_worker from backup debug cli Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 02/16] debug cli: use handle_worker in proxmox-rest-server Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 03/16] pbs-config: add delete_authid to ACL-tree Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 04/16] ui: add 'realm' field in user edit Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 05/16] api-types: add LDAP configuration type Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 06/16] api: add routes for managing LDAP realms Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 07/16] auth: add LDAP realm authenticator Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 08/16] api-types: add config options for LDAP user sync Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 09/16] server: add LDAP realm sync job Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 10/16] manager: add commands for managing LDAP realms Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 11/16] docs: add configuration file reference for domains.cfg Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-backup 12/16] docs: add documentation for LDAP realms Lukas Wagner
2023-01-18 7:36 ` [pbs-devel] [PATCH v2 proxmox-widget-toolkit 13/16] auth ui: add LDAP realm edit panel Lukas Wagner
2023-01-18 7:37 ` Lukas Wagner [this message]
2023-01-18 7:37 ` [pbs-devel] [PATCH v2 proxmox-widget-toolkit 15/16] auth ui: add `onlineHelp` for AuthEditLDAP Lukas Wagner
2023-01-18 7:37 ` [pbs-devel] [PATCH v2 proxmox-widget-toolkit 16/16] auth ui: add `firstname` and `lastname` sync-attribute fields Lukas Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230118073702.588417-15-l.wagner@proxmox.com \
--to=l.wagner@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox