core: Initial RBAC (#6806)
* rename consent permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * the user version Signed-off-by: Jens Langhammer <jens@goauthentik.io> t Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * some minor table refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix user, add assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix backend Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add assign API for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding toggle buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude add_ permission for per-object perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission list for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make sidebar update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix page header not re-rendering? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add search Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show first category in table groupBy except when its empty Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make model and object PK optional but required together Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow for setting global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude non-authentik permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude models which aren't allowed (base models etc) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure all models have verbose_name set, exclude some more internal objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * lint fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role perm assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unasign for global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add meta changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clear modal state after submit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles to our group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make recursive group query more usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add name field to role itself and move group creation to signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move rbac stuff to separate django app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make admin interface not require superuser for now, improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace some IsAdminUser where applicable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate flow inspector perms to actual permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix license not being a serializermodel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission modal to models without view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add additional permissions to assign/unassign permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add action to unassign user permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permissions tab to remaining view pages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow inspector permission check Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix codecov config? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure viewsets have an order set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hopefully the last api name change Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make perm modal less confusing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start user view permission page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only make delete bulk form expandable if usedBy is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * expand permission tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user global permission table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests' url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests for assign perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unassign tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rebuild permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent assigning/unassigning permissions to internal service accounts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only enable default api browser in debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role object permissions showing duplicate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role link on role object permissions table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix object permission modal having duplicate close buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * return error if user has no global perm and no object perms also improve error display on table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small optimisation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimise even more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system permission for non-object permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow access to admin interface based on perm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't exclude base models Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
@ -116,7 +116,11 @@ export class AdminInterface extends Interface {
|
||||
configureSentry(true);
|
||||
this.version = await new AdminApi(DEFAULT_CONFIG).adminVersionRetrieve();
|
||||
this.user = await me();
|
||||
if (!this.user.user.isSuperuser && this.user.user.pk > 0) {
|
||||
const canAccessAdmin =
|
||||
this.user.user.isSuperuser ||
|
||||
// TODO: somehow add `access_admin_interface` to the API schema
|
||||
this.user.user.systemPermissions.includes("access_admin_interface");
|
||||
if (!canAccessAdmin && this.user.user.pk > 0) {
|
||||
window.location.assign("/if/user");
|
||||
}
|
||||
}
|
||||
@ -211,6 +215,7 @@ export class AdminInterface extends Interface {
|
||||
[null, msg("Directory"), null, [
|
||||
["/identity/users", msg("Users"), [`^/identity/users/(?<id>${ID_REGEX})$`]],
|
||||
["/identity/groups", msg("Groups"), [`^/identity/groups/(?<id>${UUID_REGEX})$`]],
|
||||
["/identity/roles", msg("Roles"), [`^/identity/roles/(?<id>${UUID_REGEX})$`]],
|
||||
["/core/sources", msg("Federation and Social login"), [`^/core/sources/(?<slug>${SLUG_REGEX})$`]],
|
||||
["/core/tokens", msg("Tokens and App passwords")],
|
||||
["/flow/stages/invitations", msg("Invitations")]]],
|
||||
|
||||
@ -80,6 +80,14 @@ export const ROUTES: Route[] = [
|
||||
await import("@goauthentik/admin/users/UserViewPage");
|
||||
return html`<ak-user-view .userId=${parseInt(args.id, 10)}></ak-user-view>`;
|
||||
}),
|
||||
new Route(new RegExp("^/identity/roles$"), async () => {
|
||||
await import("@goauthentik/admin/roles/RoleListPage");
|
||||
return html`<ak-role-list></ak-role-list>`;
|
||||
}),
|
||||
new Route(new RegExp(`^/identity/roles/(?<id>${UUID_REGEX})$`), async (args) => {
|
||||
await import("@goauthentik/admin/roles/RoleViewPage");
|
||||
return html`<ak-role-view roleId=${args.id}></ak-role-view>`;
|
||||
}),
|
||||
new Route(new RegExp("^/flow/stages/invitations$"), async () => {
|
||||
await import("@goauthentik/admin/stages/invitation/InvitationListPage");
|
||||
return html`<ak-stage-invitation-list></ak-stage-invitation-list>`;
|
||||
|
||||
@ -2,9 +2,12 @@ import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { PFSize } from "@goauthentik/elements/Spinner";
|
||||
import { AggregateCard } from "@goauthentik/elements/cards/AggregateCard";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { until } from "lit/directives/until.js";
|
||||
|
||||
import { ResponseError } from "@goauthentik/api";
|
||||
|
||||
export interface AdminStatus {
|
||||
icon: string;
|
||||
message?: TemplateResult;
|
||||
@ -41,6 +44,12 @@ export abstract class AdminStatusCard<T> extends AggregateCard {
|
||||
${status.message
|
||||
? html`<p class="subtext">${status.message}</p>`
|
||||
: html``}`;
|
||||
})
|
||||
.catch((exc: ResponseError) => {
|
||||
return html` <p>
|
||||
<i class="fa fa-times"></i> ${exc.response.statusText}
|
||||
</p>
|
||||
<p class="subtext">${msg("Failed to fetch")}</p>`;
|
||||
}),
|
||||
html`<ak-spinner size="${PFSize.Large}"></ak-spinner>`,
|
||||
)}
|
||||
|
||||
@ -3,6 +3,7 @@ import "@goauthentik/admin/applications/ApplicationCheckAccessForm";
|
||||
import "@goauthentik/admin/applications/ApplicationForm";
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import { PFSize } from "@goauthentik/app/elements/Spinner";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-app-icon";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -27,7 +28,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { Application, CoreApi, OutpostsApi } from "@goauthentik/api";
|
||||
import {
|
||||
Application,
|
||||
CoreApi,
|
||||
OutpostsApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-application-view")
|
||||
export class ApplicationViewPage extends AKElement {
|
||||
@ -299,6 +305,12 @@ export class ApplicationViewPage extends AKElement {
|
||||
</ak-bound-policies-list>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreApplication}
|
||||
objectPk=${this.application.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/ActionButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -18,7 +19,12 @@ import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
|
||||
import { BlueprintInstance, BlueprintInstanceStatusEnum, ManagedApi } from "@goauthentik/api";
|
||||
import {
|
||||
BlueprintInstance,
|
||||
BlueprintInstanceStatusEnum,
|
||||
ManagedApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function BlueprintStatus(blueprint?: BlueprintInstance): string {
|
||||
if (!blueprint) return "";
|
||||
@ -151,6 +157,11 @@ export class BlueprintListPage extends TablePage<BlueprintInstance> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.BlueprintsBlueprintinstance}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-action-button
|
||||
class="pf-m-plain"
|
||||
.apiRequest=${() => {
|
||||
|
||||
@ -6,6 +6,7 @@ import { PFColor } from "@goauthentik/elements/Label";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -17,7 +18,11 @@ import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
|
||||
import { CertificateKeyPair, CryptoApi } from "@goauthentik/api";
|
||||
import {
|
||||
CertificateKeyPair,
|
||||
CryptoApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-crypto-certificate-list")
|
||||
export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
|
||||
@ -119,16 +124,21 @@ export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
|
||||
</ak-label>`,
|
||||
html`<ak-label color=${color}> ${item.certExpiry?.toLocaleString()} </ak-label>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Certificate-Key Pair")} </span>
|
||||
<ak-crypto-certificate-form slot="form" .instancePk=${item.pk}>
|
||||
</ak-crypto-certificate-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Certificate-Key Pair")} </span>
|
||||
<ak-crypto-certificate-form slot="form" .instancePk=${item.pk}>
|
||||
</ak-crypto-certificate-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CryptoCertificatekeypair}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/cards/AggregateCard";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -23,7 +24,13 @@ import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList
|
||||
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
|
||||
import { EnterpriseApi, License, LicenseForecast, LicenseSummary } from "@goauthentik/api";
|
||||
import {
|
||||
EnterpriseApi,
|
||||
License,
|
||||
LicenseForecast,
|
||||
LicenseSummary,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-enterprise-license-list")
|
||||
export class EnterpriseLicenseListPage extends TablePage<License> {
|
||||
@ -221,16 +228,21 @@ export class EnterpriseLicenseListPage extends TablePage<License> {
|
||||
<div>${msg(str`External: ${item.externalUsers}`)}</div>`,
|
||||
html`<ak-label color=${color}> ${item.expiry?.toLocaleString()} </ak-label>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update License")} </span>
|
||||
<ak-enterprise-license-form slot="form" .instancePk=${item.licenseUuid}>
|
||||
</ak-enterprise-license-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update License")} </span>
|
||||
<ak-enterprise-license-form slot="form" .instancePk=${item.licenseUuid}>
|
||||
</ak-enterprise-license-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.EnterpriseLicense}
|
||||
objectPk=${item.licenseUuid}
|
||||
>
|
||||
</ak-rbac-object-permission-modal> `,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -6,6 +6,8 @@ import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -15,7 +17,11 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { EventsApi, NotificationRule } from "@goauthentik/api";
|
||||
import {
|
||||
EventsApi,
|
||||
NotificationRule,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-event-rule-list")
|
||||
export class RuleListPage extends TablePage<NotificationRule> {
|
||||
@ -88,15 +94,21 @@ export class RuleListPage extends TablePage<NotificationRule> {
|
||||
? html`<a href="#/identity/groups/${item.groupObj.pk}">${item.groupObj.name}</a>`
|
||||
: msg("None (rule disabled)")}`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Notification Rule")} </span>
|
||||
<ak-event-rule-form slot="form" .instancePk=${item.pk}> </ak-event-rule-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Notification Rule")} </span>
|
||||
<ak-event-rule-form slot="form" .instancePk=${item.pk}> </ak-event-rule-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.EventsNotificationrule}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,8 @@ import "@goauthentik/elements/buttons/ActionButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -14,7 +16,11 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { EventsApi, NotificationTransport } from "@goauthentik/api";
|
||||
import {
|
||||
EventsApi,
|
||||
NotificationTransport,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-event-transport-list")
|
||||
export class TransportListPage extends TablePage<NotificationTransport> {
|
||||
@ -90,6 +96,12 @@ export class TransportListPage extends TablePage<NotificationTransport> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.EventsNotificationtransport}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-action-button
|
||||
class="pf-m-plain"
|
||||
.apiRequest=${() => {
|
||||
|
||||
@ -3,6 +3,7 @@ import "@goauthentik/admin/flows/FlowDiagram";
|
||||
import "@goauthentik/admin/flows/FlowForm";
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import { DesignationToLabel } from "@goauthentik/app/admin/flows/utils";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { AndNext, DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
@ -22,7 +23,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { Flow, FlowsApi, ResponseError } from "@goauthentik/api";
|
||||
import {
|
||||
Flow,
|
||||
FlowsApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
ResponseError,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-flow-view")
|
||||
export class FlowViewPage extends AKElement {
|
||||
@ -267,6 +273,12 @@ export class FlowViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.FlowsFlow}
|
||||
objectPk=${this.flow.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,13 +11,22 @@ import YAML from "yaml";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||
import { customElement } from "lit/decorators.js";
|
||||
import { customElement, state } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { CoreApi, CoreGroupsListRequest, Group } from "@goauthentik/api";
|
||||
import {
|
||||
CoreApi,
|
||||
CoreGroupsListRequest,
|
||||
Group,
|
||||
PaginatedRoleList,
|
||||
RbacApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-group-form")
|
||||
export class GroupForm extends ModelForm<Group, string> {
|
||||
@state()
|
||||
roles?: PaginatedRoleList;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return super.styles.concat(css`
|
||||
.pf-c-button.pf-m-control {
|
||||
@ -43,6 +52,12 @@ export class GroupForm extends ModelForm<Group, string> {
|
||||
}
|
||||
}
|
||||
|
||||
async load(): Promise<void> {
|
||||
this.roles = await new RbacApi(DEFAULT_CONFIG).rbacRolesList({
|
||||
ordering: "name",
|
||||
});
|
||||
}
|
||||
|
||||
async send(data: Group): Promise<Group> {
|
||||
if (this.instance?.pk) {
|
||||
return new CoreApi(DEFAULT_CONFIG).coreGroupsPartialUpdate({
|
||||
@ -112,6 +127,26 @@ export class GroupForm extends ModelForm<Group, string> {
|
||||
>
|
||||
</ak-search-select>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal label=${msg("Roles")} name="roles">
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.roles?.results.map((role) => {
|
||||
const selected = Array.from(this.instance?.roles || []).some((sp) => {
|
||||
return sp == role.pk;
|
||||
});
|
||||
return html`<option value=${role.pk} ?selected=${selected}>
|
||||
${role.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Select roles to grant this groups' users' permissions from the selected roles.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Attributes")}
|
||||
?required=${true}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/groups/GroupForm";
|
||||
import "@goauthentik/admin/users/RelatedUserList";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -20,13 +21,14 @@ import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFList from "@patternfly/patternfly/components/List/list.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { CoreApi, Group } from "@goauthentik/api";
|
||||
import { CoreApi, Group, RbacPermissionsAssignedByUsersListModelEnum } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-group-view")
|
||||
export class GroupViewPage extends AKElement {
|
||||
@ -51,6 +53,7 @@ export class GroupViewPage extends AKElement {
|
||||
PFButton,
|
||||
PFDisplay,
|
||||
PFGrid,
|
||||
PFList,
|
||||
PFContent,
|
||||
PFCard,
|
||||
PFDescriptionList,
|
||||
@ -92,7 +95,7 @@ export class GroupViewPage extends AKElement {
|
||||
>
|
||||
<div class="pf-c-card__title">${msg("Group Info")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<dl class="pf-c-description-list pf-m-2-col">
|
||||
<dl class="pf-c-description-list">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
@ -121,6 +124,26 @@ export class GroupViewPage extends AKElement {
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${msg("Roles")}</span
|
||||
>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
<ul class="pf-c-list">
|
||||
${this.group.rolesObj.map((role) => {
|
||||
return html`<li>
|
||||
<a href=${`#/identity/roles/${role.pk}`}
|
||||
>${role.name}
|
||||
</a>
|
||||
</li>`;
|
||||
})}
|
||||
</ul>
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="pf-c-card__footer">
|
||||
@ -177,6 +200,13 @@ export class GroupViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreGroup}
|
||||
objectPk=${this.group.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import { PFSize } from "@goauthentik/elements/Spinner";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -23,7 +24,13 @@ import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
|
||||
import { Outpost, OutpostHealth, OutpostTypeEnum, OutpostsApi } from "@goauthentik/api";
|
||||
import {
|
||||
Outpost,
|
||||
OutpostHealth,
|
||||
OutpostTypeEnum,
|
||||
OutpostsApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function TypeToLabel(type?: OutpostTypeEnum): string {
|
||||
if (!type) return "";
|
||||
@ -141,6 +148,11 @@ export class OutpostListPage extends TablePage<Outpost> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.OutpostsOutpost}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
${item.managed !== "goauthentik.io/outposts/embedded"
|
||||
? html`<ak-outpost-deployment-modal .outpost=${item} size=${PFSize.Medium}>
|
||||
<button slot="trigger" class="pf-c-button pf-m-tertiary">
|
||||
|
||||
@ -9,6 +9,7 @@ import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -88,23 +89,27 @@ export class OutpostServiceConnectionListPage extends TablePage<ServiceConnectio
|
||||
html`${itemState?.healthy
|
||||
? html`<ak-label color=${PFColor.Green}>${ifDefined(itemState.version)}</ak-label>`
|
||||
: html`<ak-label color=${PFColor.Red}>${msg("Unhealthy")}</ak-label>`}`,
|
||||
html` <ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg(str`Update ${item.verboseName}`)} </span>
|
||||
<ak-proxy-form
|
||||
slot="form"
|
||||
.args=${{
|
||||
instancePk: item.pk,
|
||||
}}
|
||||
type=${ifDefined(item.component)}
|
||||
>
|
||||
</ak-proxy-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg(str`Update ${item.verboseName}`)} </span>
|
||||
<ak-proxy-form
|
||||
slot="form"
|
||||
.args=${{
|
||||
instancePk: item.pk,
|
||||
}}
|
||||
type=${ifDefined(item.component)}
|
||||
>
|
||||
</ak-proxy-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -13,6 +13,7 @@ import "@goauthentik/elements/forms/ConfirmationForm";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -92,6 +93,9 @@ export class PolicyListPage extends TablePage<Policy> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-forms-modal .closeAfterSuccessfulSubmit=${false}>
|
||||
<span slot="submit"> ${msg("Test")} </span>
|
||||
<span slot="header"> ${msg("Test Policy")} </span>
|
||||
|
||||
@ -4,6 +4,7 @@ import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -13,7 +14,11 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { PoliciesApi, Reputation } from "@goauthentik/api";
|
||||
import {
|
||||
PoliciesApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
Reputation,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-policy-reputation-list")
|
||||
export class ReputationListPage extends TablePage<Reputation> {
|
||||
@ -52,6 +57,7 @@ export class ReputationListPage extends TablePage<Reputation> {
|
||||
new TableColumn(msg("IP"), "ip"),
|
||||
new TableColumn(msg("Score"), "score"),
|
||||
new TableColumn(msg("Updated"), "updated"),
|
||||
new TableColumn(msg("Actions")),
|
||||
];
|
||||
}
|
||||
|
||||
@ -86,6 +92,13 @@ export class ReputationListPage extends TablePage<Reputation> {
|
||||
${item.ip}`,
|
||||
html`${item.score}`,
|
||||
html`${item.updated.toLocaleString()}`,
|
||||
html`
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.PoliciesReputationReputation}
|
||||
objectPk=${item.pk || ""}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
`,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
@ -107,6 +108,8 @@ export class PropertyMappingListPage extends TablePage<PropertyMapping> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-forms-modal .closeAfterSuccessfulSubmit=${false}>
|
||||
<span slot="submit"> ${msg("Test")} </span>
|
||||
<span slot="header"> ${msg("Test Property Mapping")} </span>
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/ldap/LDAPProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { me } from "@goauthentik/common/users";
|
||||
@ -27,7 +28,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { LDAPProvider, ProvidersApi, SessionUser } from "@goauthentik/api";
|
||||
import {
|
||||
LDAPProvider,
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SessionUser,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-ldap-view")
|
||||
export class LDAPProviderViewPage extends AKElement {
|
||||
@ -101,6 +107,12 @@ export class LDAPProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersLdapLdapprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -33,6 +33,7 @@ import {
|
||||
OAuth2ProviderSetupURLs,
|
||||
PropertyMappingPreview,
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-oauth2-view")
|
||||
@ -128,6 +129,12 @@ export class OAuth2ProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersOauth2Oauth2provider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/proxy/ProxyProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { convertToSlug } from "@goauthentik/common/utils";
|
||||
@ -39,7 +40,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { ProvidersApi, ProxyMode, ProxyProvider } from "@goauthentik/api";
|
||||
import {
|
||||
ProvidersApi,
|
||||
ProxyMode,
|
||||
ProxyProvider,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function ModeToLabel(action?: ProxyMode): string {
|
||||
if (!action) return "";
|
||||
@ -208,6 +214,12 @@ export class ProxyProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersProxyProxyprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/radius/RadiusProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -21,10 +22,13 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGallery from "@patternfly/patternfly/layouts/Gallery/gallery.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFFlex from "@patternfly/patternfly/utilities/Flex/flex.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { ProvidersApi, RadiusProvider } from "@goauthentik/api";
|
||||
import {
|
||||
ProvidersApi,
|
||||
RadiusProvider,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-radius-view")
|
||||
export class RadiusProviderViewPage extends AKElement {
|
||||
@ -50,7 +54,6 @@ export class RadiusProviderViewPage extends AKElement {
|
||||
PFBase,
|
||||
PFButton,
|
||||
PFPage,
|
||||
PFFlex,
|
||||
PFDisplay,
|
||||
PFGallery,
|
||||
PFContent,
|
||||
@ -162,6 +165,12 @@ export class RadiusProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersRadiusRadiusprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/saml/SAMLProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { MessageLevel } from "@goauthentik/common/messages";
|
||||
@ -34,6 +35,7 @@ import {
|
||||
CertificateKeyPair,
|
||||
CryptoApi,
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SAMLMetadata,
|
||||
SAMLProvider,
|
||||
} from "@goauthentik/api";
|
||||
@ -226,6 +228,12 @@ export class SAMLProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersSamlSamlprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
import "@goauthentik/admin/providers/scim/SCIMProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -26,7 +27,12 @@ import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFStack from "@patternfly/patternfly/layouts/Stack/stack.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { ProvidersApi, SCIMProvider, Task } from "@goauthentik/api";
|
||||
import {
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SCIMProvider,
|
||||
Task,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-scim-view")
|
||||
export class SCIMProviderViewPage extends AKElement {
|
||||
@ -113,6 +119,12 @@ export class SCIMProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersScimScimprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
56
web/src/admin/roles/RoleForm.ts
Normal file
56
web/src/admin/roles/RoleForm.ts
Normal file
@ -0,0 +1,56 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/elements/chips/Chip";
|
||||
import "@goauthentik/elements/chips/ChipGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { RbacApi, Role } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-form")
|
||||
export class RoleForm extends ModelForm<Role, string> {
|
||||
loadInstance(pk: string): Promise<Role> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesRetrieve({
|
||||
uuid: pk,
|
||||
});
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
if (this.instance) {
|
||||
return msg("Successfully updated role.");
|
||||
} else {
|
||||
return msg("Successfully created role.");
|
||||
}
|
||||
}
|
||||
|
||||
async send(data: Role): Promise<Role> {
|
||||
if (this.instance?.pk) {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesPartialUpdate({
|
||||
uuid: this.instance.pk,
|
||||
patchedRoleRequest: data,
|
||||
});
|
||||
} else {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesCreate({
|
||||
roleRequest: data,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
|
||||
<input
|
||||
type="text"
|
||||
value="${ifDefined(this.instance?.name)}"
|
||||
class="pf-c-form-control"
|
||||
required
|
||||
/>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
98
web/src/admin/roles/RoleListPage.ts
Normal file
98
web/src/admin/roles/RoleListPage.ts
Normal file
@ -0,0 +1,98 @@
|
||||
import "@goauthentik/admin/roles/RoleForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { RbacApi, Role } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-list")
|
||||
export class RoleListPage extends TablePage<Role> {
|
||||
checkbox = true;
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
pageTitle(): string {
|
||||
return msg("Roles");
|
||||
}
|
||||
pageDescription(): string {
|
||||
return msg("Manage roles which grant permissions to objects within authentik.");
|
||||
}
|
||||
pageIcon(): string {
|
||||
return "fa fa-lock";
|
||||
}
|
||||
|
||||
@property()
|
||||
order = "name";
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<Role>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesList({
|
||||
ordering: this.order,
|
||||
page: page,
|
||||
pageSize: (await uiConfig()).pagination.perPage,
|
||||
search: this.search || "",
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [new TableColumn(msg("Name"), "name"), new TableColumn(msg("Actions"))];
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Role(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.usedBy=${(item: Role) => {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesUsedByList({
|
||||
uuid: item.pk,
|
||||
});
|
||||
}}
|
||||
.delete=${(item: Role) => {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesDestroy({
|
||||
uuid: item.pk,
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: Role): TemplateResult[] {
|
||||
return [
|
||||
html`<a href="#/identity/roles/${item.pk}">${item.name}</a>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Role")} </span>
|
||||
<ak-role-form slot="form" .instancePk=${item.pk}> </ak-role-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Create")} </span>
|
||||
<span slot="header"> ${msg("Create Role")} </span>
|
||||
<ak-role-form slot="form"> </ak-role-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">${msg("Create")}</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
}
|
||||
88
web/src/admin/roles/RolePermissionForm.ts
Normal file
88
web/src/admin/roles/RolePermissionForm.ts
Normal file
@ -0,0 +1,88 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/chips/Chip";
|
||||
import "@goauthentik/elements/chips/ChipGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
import "@goauthentik/elements/rbac/PermissionSelectModal";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
interface RolePermissionAssign {
|
||||
permissions: string[];
|
||||
}
|
||||
|
||||
@customElement("ak-role-permission-form")
|
||||
export class RolePermissionForm extends ModelForm<RolePermissionAssign, number> {
|
||||
@state()
|
||||
permissionsToAdd: Permission[] = [];
|
||||
|
||||
@property()
|
||||
roleUuid?: string;
|
||||
|
||||
async load(): Promise<void> {}
|
||||
|
||||
loadInstance(): Promise<RolePermissionAssign> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
return msg("Successfully assigned permission.");
|
||||
}
|
||||
|
||||
async send(data: RolePermissionAssign): Promise<unknown> {
|
||||
await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesAssignCreate({
|
||||
uuid: this.roleUuid || "",
|
||||
permissionAssignRequest: {
|
||||
permissions: data.permissions,
|
||||
},
|
||||
});
|
||||
this.permissionsToAdd = [];
|
||||
return;
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Permissions to add")} name="permissions">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-rbac-permission-select-table
|
||||
.confirm=${(items: Permission[]) => {
|
||||
this.permissionsToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Select permissions")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-rbac-permission-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.permissionsToAdd.map((permission) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${`${permission.appLabel}.${permission.codename}`}
|
||||
@remove=${() => {
|
||||
const idx = this.permissionsToAdd.indexOf(permission);
|
||||
this.permissionsToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${permission.name}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
</div>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
89
web/src/admin/roles/RolePermissionGlobalTable.ts
Normal file
89
web/src/admin/roles/RolePermissionGlobalTable.ts
Normal file
@ -0,0 +1,89 @@
|
||||
import "@goauthentik/admin/roles/RolePermissionForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-permissions-global-table")
|
||||
export class RolePermissionGlobalTable extends Table<Permission> {
|
||||
@property()
|
||||
roleUuid?: string;
|
||||
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
|
||||
checkbox = true;
|
||||
|
||||
order = "content_type__app_label,content_type__model";
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
role: this.roleUuid,
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: Permission[]): [string, Permission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Assign")} </span>
|
||||
<span slot="header"> ${msg("Assign permission to role")} </span>
|
||||
<ak-role-permission-form roleUuid=${ifDefined(this.roleUuid)} slot="form">
|
||||
</ak-role-permission-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Assign permission")}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.delete=${(item: Permission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByRolesUnassignPartialUpdate({
|
||||
uuid: this.roleUuid || "",
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: Permission): TemplateResult[] {
|
||||
return [html`${item.modelVerbose}`, html`${item.name}`, html`✓`];
|
||||
}
|
||||
}
|
||||
94
web/src/admin/roles/RolePermissionObjectTable.ts
Normal file
94
web/src/admin/roles/RolePermissionObjectTable.ts
Normal file
@ -0,0 +1,94 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { ExtraRoleObjectPermission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-permissions-object-table")
|
||||
export class RolePermissionObjectTable extends Table<ExtraRoleObjectPermission> {
|
||||
@property()
|
||||
roleUuid?: string;
|
||||
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
|
||||
checkbox = true;
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<ExtraRoleObjectPermission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsRolesList({
|
||||
uuid: this.roleUuid || "",
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: ExtraRoleObjectPermission[]): [string, ExtraRoleObjectPermission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn("Object", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: ExtraRoleObjectPermission) => {
|
||||
return [
|
||||
{ key: msg("Permission"), value: item.name },
|
||||
{ key: msg("Object"), value: item.objectDescription || item.objectPk },
|
||||
];
|
||||
}}
|
||||
.delete=${(item: ExtraRoleObjectPermission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByRolesUnassignPartialUpdate({
|
||||
uuid: this.roleUuid || "",
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
objectPk: item.objectPk,
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: ExtraRoleObjectPermission): TemplateResult[] {
|
||||
return [
|
||||
html`${item.modelVerbose}`,
|
||||
html`${item.name}`,
|
||||
html`${item.objectDescription
|
||||
? html`${item.objectDescription}`
|
||||
: html`<pf-tooltip
|
||||
position="top"
|
||||
content=${msg(
|
||||
"Role doesn't have view permission so description cannot be retrieved.",
|
||||
)}
|
||||
>
|
||||
<pre>${item.objectPk}</pre>
|
||||
</pf-tooltip>`}`,
|
||||
html`✓`,
|
||||
];
|
||||
}
|
||||
}
|
||||
144
web/src/admin/roles/RoleViewPage.ts
Normal file
144
web/src/admin/roles/RoleViewPage.ts
Normal file
@ -0,0 +1,144 @@
|
||||
import "@goauthentik/admin/groups/RelatedGroupList";
|
||||
import "@goauthentik/app/admin/roles/RolePermissionGlobalTable";
|
||||
import "@goauthentik/app/admin/roles/RolePermissionObjectTable";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
import "@goauthentik/components/events/UserEvents";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import "@goauthentik/elements/CodeMirror";
|
||||
import "@goauthentik/elements/PageHeader";
|
||||
import "@goauthentik/elements/Tabs";
|
||||
|
||||
import { msg, str } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
|
||||
import { RbacApi, RbacPermissionsAssignedByUsersListModelEnum, Role } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-view")
|
||||
export class RoleViewPage extends AKElement {
|
||||
@property({ type: String })
|
||||
set roleId(id: string) {
|
||||
new RbacApi(DEFAULT_CONFIG)
|
||||
.rbacRolesRetrieve({
|
||||
uuid: id,
|
||||
})
|
||||
.then((role) => {
|
||||
this._role = role;
|
||||
});
|
||||
}
|
||||
|
||||
@state()
|
||||
_role?: Role;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [
|
||||
PFBase,
|
||||
PFPage,
|
||||
PFButton,
|
||||
PFDisplay,
|
||||
PFGrid,
|
||||
PFContent,
|
||||
PFCard,
|
||||
PFDescriptionList,
|
||||
css`
|
||||
.pf-c-description-list__description ak-action-button {
|
||||
margin-right: 6px;
|
||||
margin-bottom: 6px;
|
||||
}
|
||||
.ak-button-collection {
|
||||
max-width: 12em;
|
||||
}
|
||||
`,
|
||||
];
|
||||
}
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
this.addEventListener(EVENT_REFRESH, () => {
|
||||
if (!this._role?.pk) return;
|
||||
this.roleId = this._role?.pk;
|
||||
});
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html`<ak-page-header
|
||||
icon="fa fa-lock"
|
||||
header=${msg(str`Role ${this._role?.name || ""}`)}
|
||||
>
|
||||
</ak-page-header>
|
||||
${this.renderBody()}`;
|
||||
}
|
||||
|
||||
renderBody(): TemplateResult {
|
||||
if (!this._role) {
|
||||
return html``;
|
||||
}
|
||||
return html`<ak-tabs>
|
||||
<section
|
||||
slot="page-overview"
|
||||
data-tab-title="${msg("Overview")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div
|
||||
class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-3-col-on-xl pf-m-3-col-on-2xl"
|
||||
>
|
||||
<div class="pf-c-card__title">${msg("Role Info")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<dl class="pf-c-description-list">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${msg("Name")}</span
|
||||
>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
${this._role.name}
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-9-col-on-xl pf-m-9-col-on-2xl"
|
||||
>
|
||||
<div class="pf-c-card__title">${msg("Assigned global permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-role-permissions-global-table
|
||||
roleUuid=${this._role.pk}
|
||||
></ak-role-permissions-global-table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${msg("Assigned object permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-role-permissions-object-table
|
||||
roleUuid=${this._role.pk}
|
||||
></ak-role-permissions-object-table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.RbacRole}
|
||||
objectPk=${this._role.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
@ -1,4 +1,5 @@
|
||||
import "@goauthentik/admin/sources/ldap/LDAPSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -22,7 +23,13 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { LDAPSource, SourcesApi, Task, TaskStatusEnum } from "@goauthentik/api";
|
||||
import {
|
||||
LDAPSource,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
Task,
|
||||
TaskStatusEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-ldap-view")
|
||||
export class LDAPSourceViewPage extends AKElement {
|
||||
@ -206,6 +213,12 @@ export class LDAPSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesLdapLdapsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceDiagram";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -22,7 +23,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { OAuthSource, ProviderTypeEnum, SourcesApi } from "@goauthentik/api";
|
||||
import {
|
||||
OAuthSource,
|
||||
ProviderTypeEnum,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function ProviderToLabel(provider?: ProviderTypeEnum): string {
|
||||
switch (provider) {
|
||||
@ -238,6 +244,12 @@ export class OAuthSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesOauthOauthsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import "@goauthentik/admin/sources/plex/PlexSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -21,7 +22,11 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { PlexSource, SourcesApi } from "@goauthentik/api";
|
||||
import {
|
||||
PlexSource,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-plex-view")
|
||||
export class PlexSourceViewPage extends AKElement {
|
||||
@ -131,6 +136,12 @@ export class PlexSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesPlexPlexsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import "@goauthentik/admin/sources/saml/SAMLSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -22,7 +23,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { SAMLMetadata, SAMLSource, SourcesApi } from "@goauthentik/api";
|
||||
import {
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SAMLMetadata,
|
||||
SAMLSource,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-saml-view")
|
||||
export class SAMLSourceViewPage extends AKElement {
|
||||
@ -206,6 +212,12 @@ export class SAMLSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesSamlSamlsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,6 +24,7 @@ import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -149,6 +150,8 @@ export class StageListPage extends TablePage<Stage> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
${this.renderStageActions(item)}`,
|
||||
];
|
||||
}
|
||||
|
||||
@ -9,7 +9,6 @@ import { until } from "lit/directives/until.js";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFForm from "@patternfly/patternfly/components/Form/form.css";
|
||||
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
|
||||
import PFFlex from "@patternfly/patternfly/layouts/Flex/flex.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { Invitation, StagesApi } from "@goauthentik/api";
|
||||
@ -23,7 +22,7 @@ export class InvitationListLink extends AKElement {
|
||||
selectedFlow?: string;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFForm, PFFormControl, PFFlex, PFDescriptionList];
|
||||
return [PFBase, PFForm, PFFormControl, PFDescriptionList];
|
||||
}
|
||||
|
||||
renderLink(): string {
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -19,7 +20,12 @@ import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
|
||||
|
||||
import { FlowDesignationEnum, Invitation, StagesApi } from "@goauthentik/api";
|
||||
import {
|
||||
FlowDesignationEnum,
|
||||
Invitation,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
StagesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-stage-invitation-list")
|
||||
export class InvitationListPage extends TablePage<Invitation> {
|
||||
@ -124,15 +130,20 @@ export class InvitationListPage extends TablePage<Invitation> {
|
||||
html`${item.createdBy?.username}`,
|
||||
html`${item.expires?.toLocaleString() || msg("-")}`,
|
||||
html` <ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Invitation")} </span>
|
||||
<ak-invitation-form slot="form" .instancePk=${item.pk}> </ak-invitation-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Invitation")} </span>
|
||||
<ak-invitation-form slot="form" .instancePk=${item.pk}> </ak-invitation-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.StagesInvitationInvitation}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,7 @@ import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -14,7 +15,7 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { Prompt, StagesApi } from "@goauthentik/api";
|
||||
import { Prompt, RbacPermissionsAssignedByUsersListModelEnum, StagesApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-stage-prompt-list")
|
||||
export class PromptListPage extends TablePage<Prompt> {
|
||||
@ -88,15 +89,20 @@ export class PromptListPage extends TablePage<Prompt> {
|
||||
return html`<li>${stage.name}</li>`;
|
||||
})}`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Prompt")} </span>
|
||||
<ak-prompt-form slot="form" .instancePk=${item.pk}> </ak-prompt-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Prompt")} </span>
|
||||
<ak-prompt-form slot="form" .instancePk=${item.pk}> </ak-prompt-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.StagesPromptPrompt}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal> `,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,7 @@ import { PFColor } from "@goauthentik/elements/Label";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -14,7 +15,7 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { CoreApi, Tenant } from "@goauthentik/api";
|
||||
import { CoreApi, RbacPermissionsAssignedByUsersListModelEnum, Tenant } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-tenant-list")
|
||||
export class TenantListPage extends TablePage<Tenant> {
|
||||
@ -85,15 +86,21 @@ export class TenantListPage extends TablePage<Tenant> {
|
||||
${item._default ? msg("Yes") : msg("No")}
|
||||
</ak-label>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Tenant")} </span>
|
||||
<ak-tenant-form slot="form" .instancePk=${item.tenantUuid}> </ak-tenant-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Tenant")} </span>
|
||||
<ak-tenant-form slot="form" .instancePk=${item.tenantUuid}> </ak-tenant-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.TenantsTenant}
|
||||
objectPk=${item.tenantUuid}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/Dropdown";
|
||||
import "@goauthentik/elements/buttons/TokenCopyButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -16,7 +17,12 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
|
||||
import {
|
||||
CoreApi,
|
||||
IntentEnum,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
Token,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-token-list")
|
||||
export class TokenListPage extends TablePage<Token> {
|
||||
@ -120,7 +126,19 @@ export class TokenListPage extends TablePage<Token> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`
|
||||
: html``}
|
||||
: html` <button class="pf-c-button pf-m-plain" disabled>
|
||||
<pf-tooltip
|
||||
position="top"
|
||||
content=${msg("Editing is disabled for managed tokens")}
|
||||
>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>`}
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreToken}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-token-copy-button
|
||||
class="pf-c-button pf-m-plain"
|
||||
identifier="${item.identifier}"
|
||||
|
||||
@ -69,41 +69,40 @@ export class RelatedUserAdd extends Form<{ users: number[] }> {
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`${this.group?.isSuperuser ? html`` : html``}
|
||||
<ak-form-element-horizontal label=${msg("Users to add")} name="users">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-group-member-select-table
|
||||
.confirm=${(items: User[]) => {
|
||||
this.usersToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Add users")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-group-member-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.usersToAdd.map((user) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${ifDefined(user.pk)}
|
||||
@remove=${() => {
|
||||
const idx = this.usersToAdd.indexOf(user);
|
||||
this.usersToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${UserOption(user)}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
return html` <ak-form-element-horizontal label=${msg("Users to add")} name="users">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-group-member-select-table
|
||||
.confirm=${(items: User[]) => {
|
||||
this.usersToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Add users")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-group-member-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.usersToAdd.map((user) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${ifDefined(user.pk)}
|
||||
@remove=${() => {
|
||||
const idx = this.usersToAdd.indexOf(user);
|
||||
this.usersToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${UserOption(user)}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
</ak-form-element-horizontal>`;
|
||||
</div>
|
||||
</ak-form-element-horizontal>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
88
web/src/admin/users/UserAssignedGlobalPermissionsTable.ts
Normal file
88
web/src/admin/users/UserAssignedGlobalPermissionsTable.ts
Normal file
@ -0,0 +1,88 @@
|
||||
import "@goauthentik/admin/users/UserPermissionForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-assigned-global-permissions-table")
|
||||
export class UserAssignedGlobalPermissionsTable extends Table<Permission> {
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
checkbox = true;
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
user: this.userId || 0,
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: Permission[]): [string, Permission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Assign")} </span>
|
||||
<span slot="header"> ${msg("Assign permission to user")} </span>
|
||||
<ak-user-permission-form userId=${ifDefined(this.userId)} slot="form">
|
||||
</ak-user-permission-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Assign permission")}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: Permission) => {
|
||||
return [{ key: msg("Permission"), value: item.name }];
|
||||
}}
|
||||
.delete=${(item: Permission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByUsersUnassignPartialUpdate({
|
||||
id: this.userId || 0,
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: Permission): TemplateResult[] {
|
||||
return [html`${item.modelVerbose}`, html`${item.name}`, html`✓`];
|
||||
}
|
||||
}
|
||||
90
web/src/admin/users/UserAssignedObjectPermissionsTable.ts
Normal file
90
web/src/admin/users/UserAssignedObjectPermissionsTable.ts
Normal file
@ -0,0 +1,90 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { ExtraUserObjectPermission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-assigned-object-permissions-table")
|
||||
export class UserAssignedObjectPermissionsTable extends Table<ExtraUserObjectPermission> {
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
checkbox = true;
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<ExtraUserObjectPermission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsUsersList({
|
||||
userId: this.userId || 0,
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: ExtraUserObjectPermission[]): [string, ExtraUserObjectPermission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn("Object", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: ExtraUserObjectPermission) => {
|
||||
return [
|
||||
{ key: msg("Permission"), value: item.name },
|
||||
{ key: msg("Object"), value: item.objectDescription || item.objectPk },
|
||||
];
|
||||
}}
|
||||
.delete=${(item: ExtraUserObjectPermission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByUsersUnassignPartialUpdate({
|
||||
id: this.userId || 0,
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
objectPk: item.objectPk,
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: ExtraUserObjectPermission): TemplateResult[] {
|
||||
return [
|
||||
html`${item.modelVerbose}`,
|
||||
html`${item.name}`,
|
||||
html`${item.objectDescription
|
||||
? html`${item.objectDescription}`
|
||||
: html`<pf-tooltip
|
||||
position="top"
|
||||
content=${msg(
|
||||
"User doesn't have view permission so description cannot be retrieved.",
|
||||
)}
|
||||
>
|
||||
<pre>${item.objectPk}</pre>
|
||||
</pf-tooltip>`}`,
|
||||
html`✓`,
|
||||
];
|
||||
}
|
||||
}
|
||||
@ -10,8 +10,8 @@ import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { AuthenticatorsApi, Device } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-device-list")
|
||||
export class UserDeviceList extends Table<Device> {
|
||||
@customElement("ak-user-device-table")
|
||||
export class UserDeviceTable extends Table<Device> {
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
88
web/src/admin/users/UserPermissionForm.ts
Normal file
88
web/src/admin/users/UserPermissionForm.ts
Normal file
@ -0,0 +1,88 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/chips/Chip";
|
||||
import "@goauthentik/elements/chips/ChipGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
import "@goauthentik/elements/rbac/PermissionSelectModal";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
interface UserPermissionAssign {
|
||||
permissions: string[];
|
||||
}
|
||||
|
||||
@customElement("ak-user-permission-form")
|
||||
export class UserPermissionForm extends ModelForm<UserPermissionAssign, number> {
|
||||
@state()
|
||||
permissionsToAdd: Permission[] = [];
|
||||
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
async load(): Promise<void> {}
|
||||
|
||||
loadInstance(): Promise<UserPermissionAssign> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
return msg("Successfully assigned permission.");
|
||||
}
|
||||
|
||||
async send(data: UserPermissionAssign): Promise<unknown> {
|
||||
await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersAssignCreate({
|
||||
id: this.userId || 0,
|
||||
permissionAssignRequest: {
|
||||
permissions: data.permissions,
|
||||
},
|
||||
});
|
||||
this.permissionsToAdd = [];
|
||||
return;
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Permissions to add")} name="permissions">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-rbac-permission-select-table
|
||||
.confirm=${(items: Permission[]) => {
|
||||
this.permissionsToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Select permissions")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-rbac-permission-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.permissionsToAdd.map((permission) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${`${permission.appLabel}.${permission.codename}`}
|
||||
@remove=${() => {
|
||||
const idx = this.permissionsToAdd.indexOf(permission);
|
||||
this.permissionsToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${permission.name}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
</div>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
@ -3,7 +3,10 @@ import "@goauthentik/admin/users/UserActiveForm";
|
||||
import "@goauthentik/admin/users/UserChart";
|
||||
import "@goauthentik/admin/users/UserForm";
|
||||
import "@goauthentik/admin/users/UserPasswordForm";
|
||||
import "@goauthentik/app/admin/users/UserAssignedGlobalPermissionsTable";
|
||||
import "@goauthentik/app/admin/users/UserAssignedObjectPermissionsTable";
|
||||
import { me } from "@goauthentik/app/common/users";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { MessageLevel } from "@goauthentik/common/messages";
|
||||
@ -35,12 +38,17 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFFlex from "@patternfly/patternfly/utilities/Flex/flex.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { CapabilitiesEnum, CoreApi, SessionUser, User } from "@goauthentik/api";
|
||||
import {
|
||||
CapabilitiesEnum,
|
||||
CoreApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SessionUser,
|
||||
User,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
import "./UserDevicesList";
|
||||
import "./UserDevicesTable";
|
||||
|
||||
@customElement("ak-user-view")
|
||||
export class UserViewPage extends AKElement {
|
||||
@ -68,7 +76,6 @@ export class UserViewPage extends AKElement {
|
||||
return [
|
||||
PFBase,
|
||||
PFPage,
|
||||
PFFlex,
|
||||
PFButton,
|
||||
PFDisplay,
|
||||
PFGrid,
|
||||
@ -443,7 +450,35 @@ export class UserViewPage extends AKElement {
|
||||
>
|
||||
<div class="pf-c-card">
|
||||
<div class="pf-c-card__body">
|
||||
<ak-user-device-list userId=${this.user.pk}> </ak-user-device-list>
|
||||
<ak-user-device-table userId=${this.user.pk}> </ak-user-device-table>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreUser}
|
||||
objectPk=${this.user.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
<section
|
||||
slot="page-mfa-assigned-permissions"
|
||||
data-tab-title="${msg("Assigned permissions")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${msg("Assigned global permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-user-assigned-global-permissions-table userId=${this.user.pk}>
|
||||
</ak-user-assigned-global-permissions-table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${msg("Assigned object permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-user-assigned-object-permissions-table userId=${this.user.pk}>
|
||||
</ak-user-assigned-object-permissions-table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
@ -1,3 +1,30 @@
|
||||
import {
|
||||
GenericError,
|
||||
GenericErrorFromJSON,
|
||||
ResponseError,
|
||||
ValidationError,
|
||||
ValidationErrorFromJSON,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export class SentryIgnoredError extends Error {}
|
||||
export class NotFoundError extends Error {}
|
||||
export class RequestError extends Error {}
|
||||
|
||||
export type APIErrorTypes = ValidationError | GenericError;
|
||||
|
||||
export async function parseAPIError(error: Error): Promise<APIErrorTypes> {
|
||||
if (!(error instanceof ResponseError)) {
|
||||
return error;
|
||||
}
|
||||
if (error.response.status < 400 && error.response.status > 499) {
|
||||
return error;
|
||||
}
|
||||
const body = await error.response.json();
|
||||
if (error.response.status === 400) {
|
||||
return ValidationErrorFromJSON(body);
|
||||
}
|
||||
if (error.response.status === 403) {
|
||||
return GenericErrorFromJSON(body);
|
||||
}
|
||||
return body;
|
||||
}
|
||||
|
||||
@ -45,6 +45,7 @@ export function me(): Promise<SessionUser> {
|
||||
username: "",
|
||||
name: "",
|
||||
settings: {},
|
||||
systemPermissions: [],
|
||||
},
|
||||
};
|
||||
if (ex.response?.status === 401 || ex.response?.status === 403) {
|
||||
|
||||
@ -13,7 +13,7 @@ import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
@ -55,6 +55,7 @@ export class PageHeader extends AKElement {
|
||||
@property()
|
||||
description?: string;
|
||||
|
||||
@state()
|
||||
_header = "";
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
|
||||
@ -74,7 +74,7 @@ export class LocaleContext extends LitElement {
|
||||
console.warn(`Received a non-custom event at EVENT_LOCALE_REQUEST: ${ev}`);
|
||||
return;
|
||||
}
|
||||
console.log("Locale update request received.");
|
||||
console.debug("authentik/locale: Locale update request received.");
|
||||
this.updateLocale(ev.detail.locale);
|
||||
}
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ import { msg, str } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||
import { property, state } from "lit/decorators.js";
|
||||
|
||||
import { UiThemeEnum } from "@goauthentik/api";
|
||||
import { ResponseError, UiThemeEnum } from "@goauthentik/api";
|
||||
|
||||
Chart.register(Legend, Tooltip);
|
||||
Chart.register(LineController, BarController, DoughnutController);
|
||||
@ -65,6 +65,9 @@ export abstract class AKChart<T> extends AKElement {
|
||||
@state()
|
||||
chart?: Chart;
|
||||
|
||||
@state()
|
||||
error?: ResponseError;
|
||||
|
||||
@property()
|
||||
centerText?: string;
|
||||
|
||||
@ -129,19 +132,23 @@ export abstract class AKChart<T> extends AKElement {
|
||||
}
|
||||
|
||||
firstUpdated(): void {
|
||||
this.apiRequest().then((r) => {
|
||||
const canvas = this.shadowRoot?.querySelector<HTMLCanvasElement>("canvas");
|
||||
if (!canvas) {
|
||||
console.warn("Failed to get canvas element");
|
||||
return;
|
||||
}
|
||||
const ctx = canvas.getContext("2d");
|
||||
if (!ctx) {
|
||||
console.warn("failed to get 2d context");
|
||||
return;
|
||||
}
|
||||
this.chart = this.configureChart(r, ctx);
|
||||
});
|
||||
this.apiRequest()
|
||||
.then((r) => {
|
||||
const canvas = this.shadowRoot?.querySelector<HTMLCanvasElement>("canvas");
|
||||
if (!canvas) {
|
||||
console.warn("Failed to get canvas element");
|
||||
return;
|
||||
}
|
||||
const ctx = canvas.getContext("2d");
|
||||
if (!ctx) {
|
||||
console.warn("failed to get 2d context");
|
||||
return;
|
||||
}
|
||||
this.chart = this.configureChart(r, ctx);
|
||||
})
|
||||
.catch((exc: ResponseError) => {
|
||||
this.error = exc;
|
||||
});
|
||||
}
|
||||
|
||||
getChartType(): string {
|
||||
@ -204,7 +211,15 @@ export abstract class AKChart<T> extends AKElement {
|
||||
render(): TemplateResult {
|
||||
return html`
|
||||
<div class="container">
|
||||
${this.chart ? html`` : html`<ak-empty-state ?loading="${true}"></ak-empty-state>`}
|
||||
${this.error
|
||||
? html`
|
||||
<ak-empty-state header="${msg("Failed to fetch data.")}" icon="fa-times">
|
||||
<p slot="body">${this.error.response.statusText}</p>
|
||||
</ak-empty-state>
|
||||
`
|
||||
: html`${this.chart
|
||||
? html``
|
||||
: html`<ak-empty-state ?loading="${true}"></ak-empty-state>`}`}
|
||||
${this.centerText ? html` <span>${this.centerText}</span> ` : html``}
|
||||
<canvas style="${this.chart === undefined ? "display: none;" : ""}"></canvas>
|
||||
</div>
|
||||
|
||||
@ -20,7 +20,6 @@ type BulkDeleteMetadata = { key: string; value: string }[];
|
||||
|
||||
@customElement("ak-delete-objects-table")
|
||||
export class DeleteObjectsTable<T> extends Table<T> {
|
||||
expandable = true;
|
||||
paginated = false;
|
||||
|
||||
@property({ attribute: false })
|
||||
@ -70,6 +69,11 @@ export class DeleteObjectsTable<T> extends Table<T> {
|
||||
return html``;
|
||||
}
|
||||
|
||||
firstUpdated(): void {
|
||||
this.expandable = this.usedBy !== undefined;
|
||||
super.firstUpdated();
|
||||
}
|
||||
|
||||
renderExpanded(item: T): TemplateResult {
|
||||
const handler = async () => {
|
||||
if (!this.usedByData.has(item) && this.usedBy) {
|
||||
|
||||
74
web/src/elements/rbac/ObjectPermissionModal.ts
Normal file
74
web/src/elements/rbac/ObjectPermissionModal.ts
Normal file
@ -0,0 +1,74 @@
|
||||
import { AKElement } from "@goauthentik/app/elements/Base";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionsPage";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { RbacPermissionsAssignedByUsersListModelEnum } from "@goauthentik/api";
|
||||
|
||||
/**
|
||||
* This is a bit of a hack to get the viewport checking from ModelForm,
|
||||
* even though we actually don't need a form here.
|
||||
* #TODO: Rework this in the future
|
||||
*/
|
||||
@customElement("ak-rbac-object-permission-modal-form")
|
||||
export class ObjectPermissionsPageForm extends ModelForm<unknown, string> {
|
||||
@property()
|
||||
model?: RbacPermissionsAssignedByUsersListModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string | number;
|
||||
|
||||
loadInstance(): Promise<unknown> {
|
||||
return Promise.resolve();
|
||||
}
|
||||
send(): Promise<unknown> {
|
||||
return Promise.resolve();
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<ak-rbac-object-permission-page
|
||||
.model=${this.model}
|
||||
.objectPk=${this.objectPk}
|
||||
slot="form"
|
||||
>
|
||||
</ak-rbac-object-permission-page>`;
|
||||
}
|
||||
}
|
||||
|
||||
@customElement("ak-rbac-object-permission-modal")
|
||||
export class ObjectPermissionModal extends AKElement {
|
||||
@property()
|
||||
model?: RbacPermissionsAssignedByUsersListModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string | number;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFButton];
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal .showSubmitButton=${false} cancelText=${msg("Close")}>
|
||||
<span slot="header"> ${msg("Update Permissions")} </span>
|
||||
<ak-rbac-object-permission-modal-form
|
||||
slot="form"
|
||||
.model=${this.model}
|
||||
.objectPk=${this.objectPk}
|
||||
></ak-rbac-object-permission-modal-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Permissions")}>
|
||||
<i class="fas fa-lock"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
}
|
||||
68
web/src/elements/rbac/ObjectPermissionsPage.ts
Normal file
68
web/src/elements/rbac/ObjectPermissionsPage.ts
Normal file
@ -0,0 +1,68 @@
|
||||
import { AKElement } from "@goauthentik/app/elements/Base";
|
||||
import "@goauthentik/app/elements/rbac/RoleObjectPermissionTable";
|
||||
import "@goauthentik/app/elements/rbac/UserObjectPermissionTable";
|
||||
import "@goauthentik/elements/Tabs";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { RbacPermissionsAssignedByUsersListModelEnum } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-rbac-object-permission-page")
|
||||
export class ObjectPermissionPage extends AKElement {
|
||||
@property()
|
||||
model?: RbacPermissionsAssignedByUsersListModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string | number;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFGrid, PFPage, PFCard];
|
||||
}
|
||||
render(): TemplateResult {
|
||||
return html`<ak-tabs pageIdentifier="permissionPage">
|
||||
<section
|
||||
slot="page-object-user"
|
||||
data-tab-title="${msg("User Object Permissions")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">User Object Permissions</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-rbac-user-object-permission-table
|
||||
.model=${this.model}
|
||||
.objectPk=${this.objectPk}
|
||||
>
|
||||
</ak-rbac-user-object-permission-table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<section
|
||||
slot="page-object-role"
|
||||
data-tab-title="${msg("Role Object Permissions")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">Role Object Permissions</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-rbac-role-object-permission-table
|
||||
.model=${this.model}
|
||||
.objectPk=${this.objectPk}
|
||||
>
|
||||
</ak-rbac-role-object-permission-table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
95
web/src/elements/rbac/PermissionSelectModal.ts
Normal file
95
web/src/elements/rbac/PermissionSelectModal.ts
Normal file
@ -0,0 +1,95 @@
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TableModal } from "@goauthentik/elements/table/TableModal";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-rbac-permission-select-table")
|
||||
export class PermissionSelectModal extends TableModal<Permission> {
|
||||
checkbox = true;
|
||||
checkboxChip = true;
|
||||
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
|
||||
@property()
|
||||
confirm!: (selectedItems: Permission[]) => Promise<unknown>;
|
||||
|
||||
order = "content_type__app_label,content_type__model";
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return super.styles.concat(PFBanner);
|
||||
}
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
ordering: this.order,
|
||||
page: page,
|
||||
pageSize: (await uiConfig()).pagination.perPage,
|
||||
search: this.search || "",
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: Permission[]): [string, Permission[]][] {
|
||||
return groupBy(items, (perm) => {
|
||||
return perm.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [new TableColumn(msg("Name"), "codename"), new TableColumn(msg("Model"), "")];
|
||||
}
|
||||
|
||||
row(item: Permission): TemplateResult[] {
|
||||
return [
|
||||
html`<div>
|
||||
<div>${item.name}</div>
|
||||
</div>`,
|
||||
html`${item.modelVerbose}`,
|
||||
];
|
||||
}
|
||||
|
||||
renderSelectedChip(item: Permission): TemplateResult {
|
||||
return html`${item.name}`;
|
||||
}
|
||||
|
||||
renderModalInner(): TemplateResult {
|
||||
return html`<section class="pf-c-modal-box__header pf-c-page__main-section pf-m-light">
|
||||
<div class="pf-c-content">
|
||||
<h1 class="pf-c-title pf-m-2xl">${msg("Select permissions to grant")}</h1>
|
||||
</div>
|
||||
</section>
|
||||
<section class="pf-c-modal-box__body pf-m-light">${this.renderTable()}</section>
|
||||
<footer class="pf-c-modal-box__footer">
|
||||
<ak-spinner-button
|
||||
.callAction=${() => {
|
||||
return this.confirm(this.selectedElements).then(() => {
|
||||
this.open = false;
|
||||
});
|
||||
}}
|
||||
class="pf-m-primary"
|
||||
>
|
||||
${msg("Add")} </ak-spinner-button
|
||||
>
|
||||
<ak-spinner-button
|
||||
.callAction=${async () => {
|
||||
this.open = false;
|
||||
}}
|
||||
class="pf-m-secondary"
|
||||
>
|
||||
${msg("Cancel")}
|
||||
</ak-spinner-button>
|
||||
</footer>`;
|
||||
}
|
||||
}
|
||||
107
web/src/elements/rbac/RoleObjectPermissionForm.ts
Normal file
107
web/src/elements/rbac/RoleObjectPermissionForm.ts
Normal file
@ -0,0 +1,107 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import {
|
||||
ModelEnum,
|
||||
PaginatedPermissionList,
|
||||
RbacApi,
|
||||
RbacRolesListRequest,
|
||||
Role,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
interface RoleAssignData {
|
||||
role: string;
|
||||
permissions: {
|
||||
[key: string]: boolean;
|
||||
};
|
||||
}
|
||||
|
||||
@customElement("ak-rbac-role-object-permission-form")
|
||||
export class RoleObjectPermissionForm extends ModelForm<RoleAssignData, number> {
|
||||
@property()
|
||||
model?: ModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string;
|
||||
|
||||
@state()
|
||||
modelPermissions?: PaginatedPermissionList;
|
||||
|
||||
async load(): Promise<void> {
|
||||
const [appLabel, modelName] = (this.model || "").split(".");
|
||||
this.modelPermissions = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
contentTypeModel: modelName,
|
||||
contentTypeAppLabel: appLabel,
|
||||
ordering: "codename",
|
||||
});
|
||||
}
|
||||
|
||||
loadInstance(): Promise<RoleAssignData> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
return msg("Successfully assigned permission.");
|
||||
}
|
||||
|
||||
send(data: RoleAssignData): Promise<unknown> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesAssignCreate({
|
||||
uuid: data.role,
|
||||
permissionAssignRequest: {
|
||||
permissions: Object.keys(data.permissions).filter((key) => data.permissions[key]),
|
||||
model: this.model!,
|
||||
objectPk: this.objectPk,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
if (!this.modelPermissions) {
|
||||
return html``;
|
||||
}
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Role")} name="role">
|
||||
<ak-search-select
|
||||
.fetchObjects=${async (query?: string): Promise<Role[]> => {
|
||||
const args: RbacRolesListRequest = {
|
||||
ordering: "name",
|
||||
};
|
||||
if (query !== undefined) {
|
||||
args.search = query;
|
||||
}
|
||||
const roles = await new RbacApi(DEFAULT_CONFIG).rbacRolesList(args);
|
||||
return roles.results;
|
||||
}}
|
||||
.renderElement=${(role: Role): string => {
|
||||
return role.name;
|
||||
}}
|
||||
.value=${(role: Role | undefined): string | undefined => {
|
||||
return role?.pk;
|
||||
}}
|
||||
>
|
||||
</ak-search-select>
|
||||
</ak-form-element-horizontal>
|
||||
${this.modelPermissions?.results.map((perm) => {
|
||||
return html` <ak-form-element-horizontal name="permissions.${perm.codename}">
|
||||
<label class="pf-c-switch">
|
||||
<input class="pf-c-switch__input" type="checkbox" />
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label">${perm.name}</span>
|
||||
</label>
|
||||
</ak-form-element-horizontal>`;
|
||||
})}
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
97
web/src/elements/rbac/RoleObjectPermissionTable.ts
Normal file
97
web/src/elements/rbac/RoleObjectPermissionTable.ts
Normal file
@ -0,0 +1,97 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/RoleObjectPermissionForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import {
|
||||
PaginatedPermissionList,
|
||||
RbacApi,
|
||||
RbacPermissionsAssignedByRolesListModelEnum,
|
||||
RoleAssignedObjectPermission,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-rbac-role-object-permission-table")
|
||||
export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectPermission> {
|
||||
@property()
|
||||
model?: RbacPermissionsAssignedByRolesListModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string | number;
|
||||
|
||||
@state()
|
||||
modelPermissions?: PaginatedPermissionList;
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<RoleAssignedObjectPermission>> {
|
||||
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesList({
|
||||
page: page,
|
||||
// TODO: better default
|
||||
model: this.model || RbacPermissionsAssignedByRolesListModelEnum.CoreUser,
|
||||
objectPk: this.objectPk?.toString(),
|
||||
});
|
||||
const [appLabel, modelName] = (this.model || "").split(".");
|
||||
const modelPermissions = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
contentTypeModel: modelName,
|
||||
contentTypeAppLabel: appLabel,
|
||||
ordering: "codename",
|
||||
});
|
||||
modelPermissions.results = modelPermissions.results.filter((value) => {
|
||||
return !value.codename.startsWith("add_");
|
||||
});
|
||||
this.modelPermissions = modelPermissions;
|
||||
return perms;
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
const baseColumns = [new TableColumn("User", "user")];
|
||||
// We don't check pagination since models shouldn't need to have that many permissions?
|
||||
this.modelPermissions?.results.forEach((perm) => {
|
||||
baseColumns.push(new TableColumn(perm.name, perm.codename));
|
||||
});
|
||||
return baseColumns;
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Assign")} </span>
|
||||
<span slot="header"> ${msg("Assign permission to role")} </span>
|
||||
<ak-rbac-role-object-permission-form
|
||||
model=${ifDefined(this.model)}
|
||||
objectPk=${ifDefined(this.objectPk)}
|
||||
slot="form"
|
||||
>
|
||||
</ak-rbac-role-object-permission-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Assign to new role")}
|
||||
</button>
|
||||
</ak-forms-modal>`;
|
||||
}
|
||||
|
||||
row(item: RoleAssignedObjectPermission): TemplateResult[] {
|
||||
const baseRow = [html` <a href="#/identity/roles/${item.rolePk}">${item.name}</a>`];
|
||||
this.modelPermissions?.results.forEach((perm) => {
|
||||
const granted =
|
||||
item.permissions.filter((uperm) => uperm.codename === perm.codename).length > 0;
|
||||
baseRow.push(html`
|
||||
<ak-action-button
|
||||
.apiRequest=${async () => {
|
||||
console.log(granted);
|
||||
}}
|
||||
class="pf-m-link"
|
||||
>
|
||||
${granted
|
||||
? html`<pf-tooltip position="top" content=${msg("Directly assigned")}
|
||||
>✓</pf-tooltip
|
||||
>`
|
||||
: html`X`}
|
||||
</ak-action-button>
|
||||
`);
|
||||
});
|
||||
return baseRow;
|
||||
}
|
||||
}
|
||||
111
web/src/elements/rbac/UserObjectPermissionForm.ts
Normal file
111
web/src/elements/rbac/UserObjectPermissionForm.ts
Normal file
@ -0,0 +1,111 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import {
|
||||
CoreApi,
|
||||
CoreUsersListRequest,
|
||||
ModelEnum,
|
||||
PaginatedPermissionList,
|
||||
RbacApi,
|
||||
User,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
interface UserAssignData {
|
||||
user: number;
|
||||
permissions: {
|
||||
[key: string]: boolean;
|
||||
};
|
||||
}
|
||||
|
||||
@customElement("ak-rbac-user-object-permission-form")
|
||||
export class UserObjectPermissionForm extends ModelForm<UserAssignData, number> {
|
||||
@property()
|
||||
model?: ModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string;
|
||||
|
||||
@state()
|
||||
modelPermissions?: PaginatedPermissionList;
|
||||
|
||||
async load(): Promise<void> {
|
||||
const [appLabel, modelName] = (this.model || "").split(".");
|
||||
this.modelPermissions = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
contentTypeModel: modelName,
|
||||
contentTypeAppLabel: appLabel,
|
||||
ordering: "codename",
|
||||
});
|
||||
}
|
||||
|
||||
loadInstance(): Promise<UserAssignData> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
return msg("Successfully assigned permission.");
|
||||
}
|
||||
|
||||
send(data: UserAssignData): Promise<unknown> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersAssignCreate({
|
||||
id: data.user,
|
||||
permissionAssignRequest: {
|
||||
permissions: Object.keys(data.permissions).filter((key) => data.permissions[key]),
|
||||
model: this.model!,
|
||||
objectPk: this.objectPk!,
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
if (!this.modelPermissions) {
|
||||
return html``;
|
||||
}
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("User")} name="user">
|
||||
<ak-search-select
|
||||
.fetchObjects=${async (query?: string): Promise<User[]> => {
|
||||
const args: CoreUsersListRequest = {
|
||||
ordering: "username",
|
||||
};
|
||||
if (query !== undefined) {
|
||||
args.search = query;
|
||||
}
|
||||
const users = await new CoreApi(DEFAULT_CONFIG).coreUsersList(args);
|
||||
return users.results;
|
||||
}}
|
||||
.renderElement=${(user: User): string => {
|
||||
return user.username;
|
||||
}}
|
||||
.renderDescription=${(user: User): TemplateResult => {
|
||||
return html`${user.name}`;
|
||||
}}
|
||||
.value=${(user: User | undefined): number | undefined => {
|
||||
return user?.pk;
|
||||
}}
|
||||
>
|
||||
</ak-search-select>
|
||||
</ak-form-element-horizontal>
|
||||
${this.modelPermissions?.results.map((perm) => {
|
||||
return html` <ak-form-element-horizontal name="permissions.${perm.codename}">
|
||||
<label class="pf-c-switch">
|
||||
<input class="pf-c-switch__input" type="checkbox" />
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label">${perm.name}</span>
|
||||
</label>
|
||||
</ak-form-element-horizontal>`;
|
||||
})}
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
90
web/src/elements/rbac/UserObjectPermissionTable.ts
Normal file
90
web/src/elements/rbac/UserObjectPermissionTable.ts
Normal file
@ -0,0 +1,90 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/UserObjectPermissionForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import {
|
||||
PaginatedPermissionList,
|
||||
RbacApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
UserAssignedObjectPermission,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-rbac-user-object-permission-table")
|
||||
export class UserAssignedObjectPermissionTable extends Table<UserAssignedObjectPermission> {
|
||||
@property()
|
||||
model?: RbacPermissionsAssignedByUsersListModelEnum;
|
||||
|
||||
@property()
|
||||
objectPk?: string | number;
|
||||
|
||||
@state()
|
||||
modelPermissions?: PaginatedPermissionList;
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<UserAssignedObjectPermission>> {
|
||||
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersList({
|
||||
page: page,
|
||||
// TODO: better default
|
||||
model: this.model || RbacPermissionsAssignedByUsersListModelEnum.CoreUser,
|
||||
objectPk: this.objectPk?.toString(),
|
||||
});
|
||||
const [appLabel, modelName] = (this.model || "").split(".");
|
||||
const modelPermissions = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
contentTypeModel: modelName,
|
||||
contentTypeAppLabel: appLabel,
|
||||
ordering: "codename",
|
||||
});
|
||||
modelPermissions.results = modelPermissions.results.filter((value) => {
|
||||
return !value.codename.startsWith("add_");
|
||||
});
|
||||
this.modelPermissions = modelPermissions;
|
||||
return perms;
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
const baseColumns = [new TableColumn("User", "user")];
|
||||
// We don't check pagination since models shouldn't need to have that many permissions?
|
||||
this.modelPermissions?.results.forEach((perm) => {
|
||||
baseColumns.push(new TableColumn(perm.name, perm.codename));
|
||||
});
|
||||
return baseColumns;
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Assign")} </span>
|
||||
<span slot="header"> ${msg("Assign permission to user")} </span>
|
||||
<ak-rbac-user-object-permission-form
|
||||
model=${ifDefined(this.model)}
|
||||
objectPk=${ifDefined(this.objectPk)}
|
||||
slot="form"
|
||||
>
|
||||
</ak-rbac-user-object-permission-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Assign to new user")}
|
||||
</button>
|
||||
</ak-forms-modal>`;
|
||||
}
|
||||
|
||||
row(item: UserAssignedObjectPermission): TemplateResult[] {
|
||||
const baseRow = [html` <a href="#/identity/users/${item.pk}"> ${item.username} </a> `];
|
||||
this.modelPermissions?.results.forEach((perm) => {
|
||||
let cell = html`X`;
|
||||
if (item.permissions.filter((uperm) => uperm.codename === perm.codename).length > 0) {
|
||||
cell = html`<pf-tooltip position="top" content=${msg("Directly assigned")}
|
||||
>✓</pf-tooltip
|
||||
>`;
|
||||
} else if (item.isSuperuser) {
|
||||
cell = html`<pf-tooltip position="top" content=${msg("Superuser")}>✓</pf-tooltip>`;
|
||||
}
|
||||
baseRow.push(cell);
|
||||
});
|
||||
return baseRow;
|
||||
}
|
||||
}
|
||||
@ -1,3 +1,4 @@
|
||||
import { APIErrorTypes, parseAPIError } from "@goauthentik/app/common/errors";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { groupBy } from "@goauthentik/common/utils";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
@ -148,7 +149,7 @@ export abstract class Table<T> extends AKElement {
|
||||
expandedElements: T[] = [];
|
||||
|
||||
@state()
|
||||
hasError?: Error;
|
||||
error?: APIErrorTypes;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [
|
||||
@ -191,7 +192,7 @@ export abstract class Table<T> extends AKElement {
|
||||
this.isLoading = true;
|
||||
try {
|
||||
this.data = await this.apiEndpoint(this.page);
|
||||
this.hasError = undefined;
|
||||
this.error = undefined;
|
||||
this.page = this.data.pagination.current;
|
||||
const newSelected: T[] = [];
|
||||
const newExpanded: T[] = [];
|
||||
@ -228,7 +229,7 @@ export abstract class Table<T> extends AKElement {
|
||||
this.expandedElements = newExpanded;
|
||||
} catch (ex) {
|
||||
this.isLoading = false;
|
||||
this.hasError = ex as Error;
|
||||
this.error = await parseAPIError(ex as Error);
|
||||
}
|
||||
}
|
||||
|
||||
@ -249,25 +250,32 @@ export abstract class Table<T> extends AKElement {
|
||||
<div class="pf-l-bullseye">
|
||||
${inner
|
||||
? inner
|
||||
: html`<ak-empty-state
|
||||
header="${msg("No objects found.")}"
|
||||
></ak-empty-state>`}
|
||||
: html`<ak-empty-state header="${msg("No objects found.")}"
|
||||
><div slot="primary">${this.renderObjectCreate()}</div>
|
||||
</ak-empty-state>`}
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>`;
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html``;
|
||||
}
|
||||
|
||||
renderError(): TemplateResult {
|
||||
if (!this.error) {
|
||||
return html``;
|
||||
}
|
||||
return html`<ak-empty-state header="${msg("Failed to fetch objects.")}" icon="fa-times">
|
||||
${this.hasError instanceof ResponseError
|
||||
? html` <div slot="body">${this.hasError.message}</div> `
|
||||
: html`<div slot="body">${this.hasError?.toString()}</div>`}
|
||||
${this.error instanceof ResponseError
|
||||
? html` <div slot="body">${this.error.message}</div> `
|
||||
: html`<div slot="body">${this.error.detail}</div>`}
|
||||
</ak-empty-state>`;
|
||||
}
|
||||
|
||||
private renderRows(): TemplateResult[] | undefined {
|
||||
if (this.hasError) {
|
||||
if (this.error) {
|
||||
return [this.renderEmpty(this.renderError())];
|
||||
}
|
||||
if (!this.data || this.isLoading) {
|
||||
@ -277,7 +285,7 @@ export abstract class Table<T> extends AKElement {
|
||||
return [this.renderEmpty()];
|
||||
}
|
||||
const groupedResults = this.groupBy(this.data.results);
|
||||
if (groupedResults.length === 1) {
|
||||
if (groupedResults.length === 1 && groupedResults[0][0] === "") {
|
||||
return this.renderRowGroup(groupedResults[0][1]);
|
||||
}
|
||||
return groupedResults.map(([group, items]) => {
|
||||
@ -397,14 +405,15 @@ export abstract class Table<T> extends AKElement {
|
||||
}
|
||||
|
||||
renderToolbar(): TemplateResult {
|
||||
return html` <ak-spinner-button
|
||||
.callAction=${() => {
|
||||
return this.fetch();
|
||||
}}
|
||||
class="pf-m-secondary"
|
||||
>
|
||||
${msg("Refresh")}</ak-spinner-button
|
||||
>`;
|
||||
return html` ${this.renderObjectCreate()}
|
||||
<ak-spinner-button
|
||||
.callAction=${() => {
|
||||
return this.fetch();
|
||||
}}
|
||||
class="pf-m-secondary"
|
||||
>
|
||||
${msg("Refresh")}</ak-spinner-button
|
||||
>`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
@ -419,18 +428,20 @@ export abstract class Table<T> extends AKElement {
|
||||
if (!this.searchEnabled()) {
|
||||
return html``;
|
||||
}
|
||||
return html`<ak-table-search
|
||||
class="pf-c-toolbar__item pf-m-search-filter"
|
||||
value=${ifDefined(this.search)}
|
||||
.onSearch=${(value: string) => {
|
||||
this.search = value;
|
||||
this.fetch();
|
||||
updateURLParams({
|
||||
search: value,
|
||||
});
|
||||
}}
|
||||
>
|
||||
</ak-table-search>`;
|
||||
return html`<div class="pf-c-toolbar__group pf-m-search-filter">
|
||||
<ak-table-search
|
||||
class="pf-c-toolbar__item pf-m-search-filter"
|
||||
value=${ifDefined(this.search)}
|
||||
.onSearch=${(value: string) => {
|
||||
this.search = value;
|
||||
this.fetch();
|
||||
updateURLParams({
|
||||
search: value,
|
||||
});
|
||||
}}
|
||||
>
|
||||
</ak-table-search>
|
||||
</div>`;
|
||||
}
|
||||
|
||||
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
||||
@ -441,7 +452,7 @@ export abstract class Table<T> extends AKElement {
|
||||
renderToolbarContainer(): TemplateResult {
|
||||
return html`<div class="pf-c-toolbar">
|
||||
<div class="pf-c-toolbar__content">
|
||||
<div class="pf-c-toolbar__group pf-m-search-filter">${this.renderSearch()}</div>
|
||||
${this.renderSearch()}
|
||||
<div class="pf-c-toolbar__bulk-select">${this.renderToolbar()}</div>
|
||||
<div class="pf-c-toolbar__group">${this.renderToolbarAfter()}</div>
|
||||
<div class="pf-c-toolbar__group">${this.renderToolbarSelected()}</div>
|
||||
|
||||
@ -70,14 +70,6 @@ export abstract class TablePage<T> extends Table<T> {
|
||||
</button>`;
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html``;
|
||||
}
|
||||
|
||||
renderToolbar(): TemplateResult {
|
||||
return html`${this.renderObjectCreate()}${super.renderToolbar()}`;
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html`<ak-page-header
|
||||
icon=${this.pageIcon()}
|
||||
|
||||
@ -16,7 +16,11 @@ import PFTitle from "@patternfly/patternfly/components/Title/title.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFSpacing from "@patternfly/patternfly/utilities/Spacing/spacing.css";
|
||||
|
||||
import { ConsentChallenge, ConsentChallengeResponseRequest, Permission } from "@goauthentik/api";
|
||||
import {
|
||||
ConsentChallenge,
|
||||
ConsentChallengeResponseRequest,
|
||||
ConsentPermission,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-stage-consent")
|
||||
export class ConsentStage extends BaseStage<ConsentChallenge, ConsentChallengeResponseRequest> {
|
||||
@ -24,7 +28,7 @@ export class ConsentStage extends BaseStage<ConsentChallenge, ConsentChallengeRe
|
||||
return [PFBase, PFLogin, PFList, PFForm, PFSpacing, PFFormControl, PFTitle, PFButton];
|
||||
}
|
||||
|
||||
renderPermissions(perms: Permission[]): TemplateResult {
|
||||
renderPermissions(perms: ConsentPermission[]): TemplateResult {
|
||||
return html`${perms.map((permission) => {
|
||||
if (permission.name === "") {
|
||||
return html``;
|
||||
|
||||
@ -175,6 +175,10 @@ export class UserInterface extends Interface {
|
||||
default:
|
||||
userDisplay = this.me.user.username;
|
||||
}
|
||||
const canAccessAdmin =
|
||||
this.me.user.isSuperuser ||
|
||||
// TODO: somehow add `access_admin_interface` to the API schema
|
||||
this.me.user.systemPermissions.includes("access_admin_interface");
|
||||
return html` <ak-locale-context>
|
||||
<ak-enterprise-status interface="user"></ak-enterprise-status>
|
||||
<div class="pf-c-page">
|
||||
@ -280,7 +284,7 @@ export class UserInterface extends Interface {
|
||||
</pf-tooltip>
|
||||
</a>
|
||||
</div>
|
||||
${this.me.user.isSuperuser
|
||||
${canAccessAdmin
|
||||
? html`<a
|
||||
class="pf-c-button pf-m-secondary pf-m-small pf-u-display-none pf-u-display-block-on-md"
|
||||
href="/if/admin/"
|
||||
|
||||
@ -26,7 +26,6 @@ import PFGallery from "@patternfly/patternfly/layouts/Gallery/gallery.css";
|
||||
import PFStack from "@patternfly/patternfly/layouts/Stack/stack.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFFlex from "@patternfly/patternfly/utilities/Flex/flex.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { StagesApi, UserSetting } from "@goauthentik/api";
|
||||
@ -38,7 +37,6 @@ export class UserSettingsPage extends AKElement {
|
||||
return [
|
||||
PFBase,
|
||||
PFPage,
|
||||
PFFlex,
|
||||
PFDisplay,
|
||||
PFGallery,
|
||||
PFContent,
|
||||
|
||||
Reference in New Issue
Block a user