habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

web/admin: show selected policy engine mode on bindings pages, allow setting it on sources (#12963)

Browse Source 
* web/admin: show select policy engine mode on bindings pages, allow setting it in sources

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* slight cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Marc 'risson' Schmitt
2025-06-10 16:17:31 +02:00
committed by GitHub
parent e22e79f310
commit 0ce017b77e
14 changed files with 94 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/admin/applications/ApplicationForm.ts
View File

@ -1,6 +1,7 @@
import { CapabilitiesEnum, WithCapabilitiesConfig } from "#elements/mixins/capabilities";
import "@goauthentik/admin/applications/ProviderSelectModal";
import { iconHelperText } from "@goauthentik/admin/helperText";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import "@goauthentik/components/ak-file-input";
import "@goauthentik/components/ak-radio-input";
@ -24,7 +25,6 @@ import { ifDefined } from "lit/directives/if-defined.js";
import { Application, CoreApi, Provider } from "@goauthentik/api";
import { policyOptions } from "./PolicyOptions.js";
import "./components/ak-backchannel-input";
import "./components/ak-provider-search-input";
@ -173,7 +173,7 @@ export class ApplicationForm extends WithCapabilitiesConfig(ModelForm<Applicatio
label=${msg("Policy engine mode")}
required
name="policyEngineMode"
.options=${policyOptions}
.options=${policyEngineModes}
.value=${this.instance?.policyEngineMode}
></ak-radio-input>
<ak-form-group>

5
web/src/admin/applications/ApplicationViewPage.ts
View File

@ -331,7 +331,10 @@ export class ApplicationViewPage extends AKElement {
<div class="pf-c-card__title">
${msg("These policies control which users can access this application.")}
</div>
<ak-bound-policies-list .target=${this.application.pk}>
<ak-bound-policies-list
.target=${this.application.pk}
.policyEngineMode=${this.application.policyEngineMode}
>
</ak-bound-policies-list>
</div>
</section>

4
web/src/admin/applications/wizard/steps/ak-application-wizard-application-step.ts
View File

@ -1,6 +1,6 @@
import { policyOptions } from "@goauthentik/admin/applications/PolicyOptions.js";
import { ApplicationWizardStep } from "@goauthentik/admin/applications/wizard/ApplicationWizardStep.js";
import "@goauthentik/admin/applications/wizard/ak-wizard-title.js";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import { camelToSnake } from "@goauthentik/common/utils.js";
import "@goauthentik/components/ak-radio-input";
import "@goauthentik/components/ak-slug-input";
@ -144,7 +144,7 @@ export class ApplicationWizardApplicationStep extends ApplicationWizardStep {
label=${msg("Policy engine mode")}
required
name="policyEngineMode"
.options=${policyOptions}
.options=${policyEngineModes}
.value=${app.policyEngineMode}
.errorMessages=${errors.policyEngineMode ?? []}
></ak-radio-input>

5
web/src/admin/flows/BoundStagesList.ts
View File

@ -123,7 +123,10 @@ export class BoundStagesList extends Table<FlowStageBinding> {
"These bindings control if this stage will be applied to the flow.",
)}
</p>
<ak-bound-policies-list .target=${item.policybindingmodelPtrId}>
<ak-bound-policies-list
.target=${item.policybindingmodelPtrId}
.policyEngineMode=${item.policyEngineMode}
>
</ak-bound-policies-list>
</div>
</div>

20
web/src/admin/flows/FlowForm.ts
View File

@ -1,5 +1,6 @@
import { CapabilitiesEnum, WithCapabilitiesConfig } from "#elements/mixins/capabilities";
import { DesignationToLabel, LayoutToLabel } from "@goauthentik/admin/flows/utils";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import { AuthenticationEnum } from "@goauthentik/api/dist/models/AuthenticationEnum";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import "@goauthentik/elements/forms/FormGroup";
@ -18,7 +19,6 @@ import {
FlowDesignationEnum,
FlowLayoutEnum,
FlowsApi,
PolicyEngineMode,
} from "@goauthentik/api";
@customElement("ak-flow-form")
@ -279,23 +279,7 @@ export class FlowForm extends WithCapabilitiesConfig(ModelForm<Flow, string>) {
name="policyEngineMode"
>
<ak-radio
.options=${[
{
label: "any",
value: PolicyEngineMode.Any,
default: true,
description: html`${msg(
"Any policy must match to grant access",
)}`,
},
{
label: "all",
value: PolicyEngineMode.All,
description: html`${msg(
"All policies must match to grant access",
)}`,
},
]}
.options=${policyEngineModes}
.value=${this.instance?.policyEngineMode}
>
</ak-radio>

5
web/src/admin/flows/FlowViewPage.ts
View File

@ -270,7 +270,10 @@ export class FlowViewPage extends AKElement {
${msg("These bindings control which users can access this flow.")}
</div>
<div class="pf-c-card__body">
<ak-bound-policies-list .target=${this.flow.policybindingmodelPtrId}>
<ak-bound-policies-list
.target=${this.flow.policybindingmodelPtrId}
.policyEngineMode=${this.flow.policyEngineMode}
>
</ak-bound-policies-list>
</div>
</div>

21
web/src/admin/policies/BoundPoliciesList.ts
View File

@ -1,6 +1,7 @@
import "@goauthentik/admin/groups/GroupForm";
import "@goauthentik/admin/policies/PolicyBindingForm";
import { PolicyBindingNotice } from "@goauthentik/admin/policies/PolicyBindingForm";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import "@goauthentik/admin/policies/PolicyWizard";
import {
PolicyBindingCheckTarget,
@ -34,6 +35,9 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
@property()
target?: string;
@property()
policyEngineMode: string = "";
@property({ type: Array })
allowedTypes: PolicyBindingCheckTarget[] = [
PolicyBindingCheckTarget.policy,
@ -244,6 +248,23 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
</button>
</ak-forms-modal> `;
}
renderPolicyEngineMode() {
const policyEngineMode = policyEngineModes.find(
(pem) => pem.value === this.policyEngineMode,
);
if (policyEngineMode === undefined) {
return nothing;
}
return html`<p>
${msg(str`The currently selected policy engine mode is ${policyEngineMode.label}:`)}
${policyEngineMode.description}
</p>`;
}
renderToolbarContainer(): TemplateResult {
return html`${this.renderPolicyEngineMode()} ${super.renderToolbarContainer()}`;
}
}
declare global {

2
web/src/admin/applications/PolicyOptions.ts → web/src/admin/policies/PolicyEngineModes.ts
View File

@ -3,7 +3,7 @@ import { html } from "lit";
import { PolicyEngineMode } from "@goauthentik/api";
export const policyOptions = [
export const policyEngineModes = [
{
label: "any",
value: PolicyEngineMode.Any,

17
web/src/admin/sources/oauth/OAuthSourceForm.ts
View File

@ -1,6 +1,7 @@
import { CapabilitiesEnum, WithCapabilitiesConfig } from "#elements/mixins/capabilities";
import "@goauthentik/admin/common/ak-flow-search/ak-source-flow-search";
import { iconHelperText, placeholderHelperText } from "@goauthentik/admin/helperText";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm";
import {
GroupMatchingModeToLabel,
@ -534,6 +535,22 @@ export class OAuthSourceForm extends WithCapabilitiesConfig(BaseSourceForm<OAuth
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
<span slot="header"> ${msg("Advanced settings")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
label=${msg("Policy engine mode")}
required
name="policyEngineMode"
>
<ak-radio
.options=${policyEngineModes}
.value=${this.instance?.policyEngineMode}
>
</ak-radio>
</ak-form-element-horizontal>
</div>
</ak-form-group>`;
}
}

1
web/src/admin/sources/oauth/OAuthSourceViewPage.ts
View File

@ -244,6 +244,7 @@ export class OAuthSourceViewPage extends AKElement {
<ak-bound-policies-list
.target=${this.source.pk}
.typeNotices=${sourceBindingTypeNotices()}
.policyEngineMode=${this.source.policyEngineMode}
>
</ak-bound-policies-list>
</div>

17
web/src/admin/sources/plex/PlexSourceForm.ts
View File

@ -1,6 +1,7 @@
import { CapabilitiesEnum, WithCapabilitiesConfig } from "#elements/mixins/capabilities";
import "@goauthentik/admin/common/ak-flow-search/ak-source-flow-search";
import { iconHelperText, placeholderHelperText } from "@goauthentik/admin/helperText";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm";
import {
GroupMatchingModeToLabel,
@ -414,6 +415,22 @@ export class PlexSourceForm extends WithCapabilitiesConfig(BaseSourceForm<PlexSo
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
<span slot="header"> ${msg("Advanced settings")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
label=${msg("Policy engine mode")}
required
name="policyEngineMode"
>
<ak-radio
.options=${policyEngineModes}
.value=${this.instance?.policyEngineMode}
>
</ak-radio>
</ak-form-element-horizontal>
</div>
</ak-form-group>`;
}
}

1
web/src/admin/sources/plex/PlexSourceViewPage.ts
View File

@ -134,6 +134,7 @@ export class PlexSourceViewPage extends AKElement {
<ak-bound-policies-list
.target=${this.source.pk}
.typeNotices=${sourceBindingTypeNotices()}
.policyEngineMode=${this.source.policyEngineMode}
>
</ak-bound-policies-list>
</div>

17
web/src/admin/sources/saml/SAMLSourceForm.ts
View File

@ -2,6 +2,7 @@ import { CapabilitiesEnum, WithCapabilitiesConfig } from "#elements/mixins/capab
import "@goauthentik/admin/common/ak-crypto-certificate-search";
import "@goauthentik/admin/common/ak-flow-search/ak-source-flow-search";
import { iconHelperText, placeholderHelperText } from "@goauthentik/admin/helperText";
import { policyEngineModes } from "@goauthentik/admin/policies/PolicyEngineModes";
import { BaseSourceForm } from "@goauthentik/admin/sources/BaseSourceForm";
import {
GroupMatchingModeToLabel,
@ -574,6 +575,22 @@ export class SAMLSourceForm extends WithCapabilitiesConfig(BaseSourceForm<SAMLSo
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
<span slot="header"> ${msg("Advanced settings")} </span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
label=${msg("Policy engine mode")}
required
name="policyEngineMode"
>
<ak-radio
.options=${policyEngineModes}
.value=${this.instance?.policyEngineMode}
>
</ak-radio>
</ak-form-element-horizontal>
</div>
</ak-form-group>`;
}
}

1
web/src/admin/sources/saml/SAMLSourceViewPage.ts
View File

@ -211,6 +211,7 @@ export class SAMLSourceViewPage extends AKElement {
<ak-bound-policies-list
.target=${this.source.pk}
.typeNotices=${sourceBindingTypeNotices()}
.policyEngineMode=${this.source.policyEngineMode}
>
</ak-bound-policies-list>
</div>