core/rbac: fix missing field when removing perm, add delete from object page (#7226)
* make object permissions deletable from the object page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix error when removing object permissions form user/role page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * upgrade translation Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
@ -8,7 +8,7 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { ExtraRoleObjectPermission, RbacApi } from "@goauthentik/api";
|
||||
import { ExtraRoleObjectPermission, ModelEnum, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-permissions-object-table")
|
||||
export class RolePermissionObjectTable extends Table<ExtraRoleObjectPermission> {
|
||||
@ -64,6 +64,7 @@ export class RolePermissionObjectTable extends Table<ExtraRoleObjectPermission>
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
objectPk: item.objectPk,
|
||||
model: `${item.appLabel}.${item.model}` as ModelEnum,
|
||||
},
|
||||
});
|
||||
}}
|
||||
|
||||
@ -8,7 +8,7 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { ExtraUserObjectPermission, RbacApi } from "@goauthentik/api";
|
||||
import { ExtraUserObjectPermission, ModelEnum, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-assigned-object-permissions-table")
|
||||
export class UserAssignedObjectPermissionsTable extends Table<ExtraUserObjectPermission> {
|
||||
@ -60,6 +60,7 @@ export class UserAssignedObjectPermissionsTable extends Table<ExtraUserObjectPer
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
objectPk: item.objectPk,
|
||||
model: `${item.appLabel}.${item.model}` as ModelEnum,
|
||||
},
|
||||
});
|
||||
}}
|
||||
|
||||
@ -25,6 +25,7 @@ export class ObjectPermissionPage extends AKElement {
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFGrid, PFPage, PFCard];
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html`<ak-tabs pageIdentifier="permissionPage">
|
||||
<section
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/RoleObjectPermissionForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
@ -27,6 +28,8 @@ export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectP
|
||||
@state()
|
||||
modelPermissions?: PaginatedPermissionList;
|
||||
|
||||
checkbox = true;
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<RoleAssignedObjectPermission>> {
|
||||
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesList({
|
||||
page: page,
|
||||
@ -72,6 +75,35 @@ export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectP
|
||||
</ak-forms-modal>`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: RoleAssignedObjectPermission) => {
|
||||
return [{ key: msg("Permission"), value: item.name }];
|
||||
}}
|
||||
.delete=${(item: RoleAssignedObjectPermission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByRolesUnassignPartialUpdate({
|
||||
uuid: item.rolePk,
|
||||
patchedPermissionAssignRequest: {
|
||||
objectPk: this.objectPk?.toString(),
|
||||
model: this.model,
|
||||
permissions: item.permissions.map((perm) => {
|
||||
return `${perm.appLabel}.${perm.codename}`;
|
||||
}),
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: RoleAssignedObjectPermission): TemplateResult[] {
|
||||
const baseRow = [html` <a href="#/identity/roles/${item.rolePk}">${item.name}</a>`];
|
||||
this.modelPermissions?.results.forEach((perm) => {
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/UserObjectPermissionForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
@ -27,6 +28,8 @@ export class UserAssignedObjectPermissionTable extends Table<UserAssignedObjectP
|
||||
@state()
|
||||
modelPermissions?: PaginatedPermissionList;
|
||||
|
||||
checkbox = true;
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<UserAssignedObjectPermission>> {
|
||||
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersList({
|
||||
page: page,
|
||||
@ -72,6 +75,40 @@ export class UserAssignedObjectPermissionTable extends Table<UserAssignedObjectP
|
||||
</ak-forms-modal>`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled =
|
||||
this.selectedElements.length < 1 ||
|
||||
this.selectedElements.filter((item) => item.isSuperuser).length > 0;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements.filter((item) => !item.isSuperuser)}
|
||||
.metadata=${(item: UserAssignedObjectPermission) => {
|
||||
return [{ key: msg("Permission"), value: item.name }];
|
||||
}}
|
||||
.delete=${(item: UserAssignedObjectPermission) => {
|
||||
if (item.isSuperuser) {
|
||||
return Promise.resolve();
|
||||
}
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByUsersUnassignPartialUpdate({
|
||||
id: item.pk,
|
||||
patchedPermissionAssignRequest: {
|
||||
objectPk: this.objectPk?.toString(),
|
||||
model: this.model,
|
||||
permissions: item.permissions.map((perm) => {
|
||||
return `${perm.appLabel}.${perm.codename}`;
|
||||
}),
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: UserAssignedObjectPermission): TemplateResult[] {
|
||||
const baseRow = [html` <a href="#/identity/users/${item.pk}"> ${item.username} </a> `];
|
||||
this.modelPermissions?.results.forEach((perm) => {
|
||||
|
||||
Reference in New Issue
Block a user