core: Initial RBAC (#6806)
* rename consent permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * the user version Signed-off-by: Jens Langhammer <jens@goauthentik.io> t Signed-off-by: Jens Langhammer <jens@goauthentik.io> * initial role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start form Signed-off-by: Jens Langhammer <jens@goauthentik.io> * some minor table refactoring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix user, add assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix backend Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add assign API for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding toggle buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude add_ permission for per-object perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small cleanup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission list for roles Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make sidebar update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix page header not re-rendering? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fixup Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add search Signed-off-by: Jens Langhammer <jens@goauthentik.io> * show first category in table groupBy except when its empty Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make model and object PK optional but required together Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow for setting global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude non-authentik permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * exclude models which aren't allowed (base models etc) Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure all models have verbose_name set, exclude some more internal objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * lint fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role perm assign Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unasign for global perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add meta changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clear modal state after submit Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add roles to our group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make recursive group query more usable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add name field to role itself and move group creation to signal Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start sync Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move rbac stuff to separate django app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint and such Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix go Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start API changes Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make admin interface not require superuser for now, improve error handling Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace some IsAdminUser where applicable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * migrate flow inspector perms to actual permission Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix license not being a serializermodel Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission modal to models without view page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add additional permissions to assign/unassign permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add action to unassign user permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permissions tab to remaining view pages Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow inspector permission check Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix codecov config? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more API tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure viewsets have an order set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * hopefully the last api name change Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make perm modal less confusing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start user view permission page Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only make delete bulk form expandable if usedBy is set Signed-off-by: Jens Langhammer <jens@goauthentik.io> * expand permission tables Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user global permission table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lint Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests' url names Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests for assign perms Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add unassign tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rebuild permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent assigning/unassigning permissions to internal service accounts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only enable default api browser in debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role object permissions showing duplicate Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix role link on role object permissions table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix object permission modal having duplicate close buttons Signed-off-by: Jens Langhammer <jens@goauthentik.io> * return error if user has no global perm and no object perms also improve error display on table Signed-off-by: Jens Langhammer <jens@goauthentik.io> * small optimisation Signed-off-by: Jens Langhammer <jens@goauthentik.io> * optimise even more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update locale Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add system permission for non-object permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * allow access to admin interface based on perm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't exclude base models Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
@ -116,7 +116,11 @@ export class AdminInterface extends Interface {
|
||||
configureSentry(true);
|
||||
this.version = await new AdminApi(DEFAULT_CONFIG).adminVersionRetrieve();
|
||||
this.user = await me();
|
||||
if (!this.user.user.isSuperuser && this.user.user.pk > 0) {
|
||||
const canAccessAdmin =
|
||||
this.user.user.isSuperuser ||
|
||||
// TODO: somehow add `access_admin_interface` to the API schema
|
||||
this.user.user.systemPermissions.includes("access_admin_interface");
|
||||
if (!canAccessAdmin && this.user.user.pk > 0) {
|
||||
window.location.assign("/if/user");
|
||||
}
|
||||
}
|
||||
@ -211,6 +215,7 @@ export class AdminInterface extends Interface {
|
||||
[null, msg("Directory"), null, [
|
||||
["/identity/users", msg("Users"), [`^/identity/users/(?<id>${ID_REGEX})$`]],
|
||||
["/identity/groups", msg("Groups"), [`^/identity/groups/(?<id>${UUID_REGEX})$`]],
|
||||
["/identity/roles", msg("Roles"), [`^/identity/roles/(?<id>${UUID_REGEX})$`]],
|
||||
["/core/sources", msg("Federation and Social login"), [`^/core/sources/(?<slug>${SLUG_REGEX})$`]],
|
||||
["/core/tokens", msg("Tokens and App passwords")],
|
||||
["/flow/stages/invitations", msg("Invitations")]]],
|
||||
|
||||
@ -80,6 +80,14 @@ export const ROUTES: Route[] = [
|
||||
await import("@goauthentik/admin/users/UserViewPage");
|
||||
return html`<ak-user-view .userId=${parseInt(args.id, 10)}></ak-user-view>`;
|
||||
}),
|
||||
new Route(new RegExp("^/identity/roles$"), async () => {
|
||||
await import("@goauthentik/admin/roles/RoleListPage");
|
||||
return html`<ak-role-list></ak-role-list>`;
|
||||
}),
|
||||
new Route(new RegExp(`^/identity/roles/(?<id>${UUID_REGEX})$`), async (args) => {
|
||||
await import("@goauthentik/admin/roles/RoleViewPage");
|
||||
return html`<ak-role-view roleId=${args.id}></ak-role-view>`;
|
||||
}),
|
||||
new Route(new RegExp("^/flow/stages/invitations$"), async () => {
|
||||
await import("@goauthentik/admin/stages/invitation/InvitationListPage");
|
||||
return html`<ak-stage-invitation-list></ak-stage-invitation-list>`;
|
||||
|
||||
@ -2,9 +2,12 @@ import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { PFSize } from "@goauthentik/elements/Spinner";
|
||||
import { AggregateCard } from "@goauthentik/elements/cards/AggregateCard";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { until } from "lit/directives/until.js";
|
||||
|
||||
import { ResponseError } from "@goauthentik/api";
|
||||
|
||||
export interface AdminStatus {
|
||||
icon: string;
|
||||
message?: TemplateResult;
|
||||
@ -41,6 +44,12 @@ export abstract class AdminStatusCard<T> extends AggregateCard {
|
||||
${status.message
|
||||
? html`<p class="subtext">${status.message}</p>`
|
||||
: html``}`;
|
||||
})
|
||||
.catch((exc: ResponseError) => {
|
||||
return html` <p>
|
||||
<i class="fa fa-times"></i> ${exc.response.statusText}
|
||||
</p>
|
||||
<p class="subtext">${msg("Failed to fetch")}</p>`;
|
||||
}),
|
||||
html`<ak-spinner size="${PFSize.Large}"></ak-spinner>`,
|
||||
)}
|
||||
|
||||
@ -3,6 +3,7 @@ import "@goauthentik/admin/applications/ApplicationCheckAccessForm";
|
||||
import "@goauthentik/admin/applications/ApplicationForm";
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import { PFSize } from "@goauthentik/app/elements/Spinner";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-app-icon";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -27,7 +28,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { Application, CoreApi, OutpostsApi } from "@goauthentik/api";
|
||||
import {
|
||||
Application,
|
||||
CoreApi,
|
||||
OutpostsApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-application-view")
|
||||
export class ApplicationViewPage extends AKElement {
|
||||
@ -299,6 +305,12 @@ export class ApplicationViewPage extends AKElement {
|
||||
</ak-bound-policies-list>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreApplication}
|
||||
objectPk=${this.application.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/ActionButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -18,7 +19,12 @@ import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
|
||||
import { BlueprintInstance, BlueprintInstanceStatusEnum, ManagedApi } from "@goauthentik/api";
|
||||
import {
|
||||
BlueprintInstance,
|
||||
BlueprintInstanceStatusEnum,
|
||||
ManagedApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function BlueprintStatus(blueprint?: BlueprintInstance): string {
|
||||
if (!blueprint) return "";
|
||||
@ -151,6 +157,11 @@ export class BlueprintListPage extends TablePage<BlueprintInstance> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.BlueprintsBlueprintinstance}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-action-button
|
||||
class="pf-m-plain"
|
||||
.apiRequest=${() => {
|
||||
|
||||
@ -6,6 +6,7 @@ import { PFColor } from "@goauthentik/elements/Label";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -17,7 +18,11 @@ import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
|
||||
import { CertificateKeyPair, CryptoApi } from "@goauthentik/api";
|
||||
import {
|
||||
CertificateKeyPair,
|
||||
CryptoApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-crypto-certificate-list")
|
||||
export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
|
||||
@ -119,16 +124,21 @@ export class CertificateKeyPairListPage extends TablePage<CertificateKeyPair> {
|
||||
</ak-label>`,
|
||||
html`<ak-label color=${color}> ${item.certExpiry?.toLocaleString()} </ak-label>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Certificate-Key Pair")} </span>
|
||||
<ak-crypto-certificate-form slot="form" .instancePk=${item.pk}>
|
||||
</ak-crypto-certificate-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Certificate-Key Pair")} </span>
|
||||
<ak-crypto-certificate-form slot="form" .instancePk=${item.pk}>
|
||||
</ak-crypto-certificate-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CryptoCertificatekeypair}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/cards/AggregateCard";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -23,7 +24,13 @@ import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList
|
||||
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
|
||||
import { EnterpriseApi, License, LicenseForecast, LicenseSummary } from "@goauthentik/api";
|
||||
import {
|
||||
EnterpriseApi,
|
||||
License,
|
||||
LicenseForecast,
|
||||
LicenseSummary,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-enterprise-license-list")
|
||||
export class EnterpriseLicenseListPage extends TablePage<License> {
|
||||
@ -221,16 +228,21 @@ export class EnterpriseLicenseListPage extends TablePage<License> {
|
||||
<div>${msg(str`External: ${item.externalUsers}`)}</div>`,
|
||||
html`<ak-label color=${color}> ${item.expiry?.toLocaleString()} </ak-label>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update License")} </span>
|
||||
<ak-enterprise-license-form slot="form" .instancePk=${item.licenseUuid}>
|
||||
</ak-enterprise-license-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update License")} </span>
|
||||
<ak-enterprise-license-form slot="form" .instancePk=${item.licenseUuid}>
|
||||
</ak-enterprise-license-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.EnterpriseLicense}
|
||||
objectPk=${item.licenseUuid}
|
||||
>
|
||||
</ak-rbac-object-permission-modal> `,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -6,6 +6,8 @@ import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -15,7 +17,11 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { EventsApi, NotificationRule } from "@goauthentik/api";
|
||||
import {
|
||||
EventsApi,
|
||||
NotificationRule,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-event-rule-list")
|
||||
export class RuleListPage extends TablePage<NotificationRule> {
|
||||
@ -88,15 +94,21 @@ export class RuleListPage extends TablePage<NotificationRule> {
|
||||
? html`<a href="#/identity/groups/${item.groupObj.pk}">${item.groupObj.name}</a>`
|
||||
: msg("None (rule disabled)")}`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Notification Rule")} </span>
|
||||
<ak-event-rule-form slot="form" .instancePk=${item.pk}> </ak-event-rule-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Notification Rule")} </span>
|
||||
<ak-event-rule-form slot="form" .instancePk=${item.pk}> </ak-event-rule-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.EventsNotificationrule}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,8 @@ import "@goauthentik/elements/buttons/ActionButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -14,7 +16,11 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { EventsApi, NotificationTransport } from "@goauthentik/api";
|
||||
import {
|
||||
EventsApi,
|
||||
NotificationTransport,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-event-transport-list")
|
||||
export class TransportListPage extends TablePage<NotificationTransport> {
|
||||
@ -90,6 +96,12 @@ export class TransportListPage extends TablePage<NotificationTransport> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.EventsNotificationtransport}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-action-button
|
||||
class="pf-m-plain"
|
||||
.apiRequest=${() => {
|
||||
|
||||
@ -3,6 +3,7 @@ import "@goauthentik/admin/flows/FlowDiagram";
|
||||
import "@goauthentik/admin/flows/FlowForm";
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import { DesignationToLabel } from "@goauthentik/app/admin/flows/utils";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { AndNext, DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
@ -22,7 +23,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { Flow, FlowsApi, ResponseError } from "@goauthentik/api";
|
||||
import {
|
||||
Flow,
|
||||
FlowsApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
ResponseError,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-flow-view")
|
||||
export class FlowViewPage extends AKElement {
|
||||
@ -267,6 +273,12 @@ export class FlowViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.FlowsFlow}
|
||||
objectPk=${this.flow.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -11,13 +11,22 @@ import YAML from "yaml";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||
import { customElement } from "lit/decorators.js";
|
||||
import { customElement, state } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { CoreApi, CoreGroupsListRequest, Group } from "@goauthentik/api";
|
||||
import {
|
||||
CoreApi,
|
||||
CoreGroupsListRequest,
|
||||
Group,
|
||||
PaginatedRoleList,
|
||||
RbacApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-group-form")
|
||||
export class GroupForm extends ModelForm<Group, string> {
|
||||
@state()
|
||||
roles?: PaginatedRoleList;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return super.styles.concat(css`
|
||||
.pf-c-button.pf-m-control {
|
||||
@ -43,6 +52,12 @@ export class GroupForm extends ModelForm<Group, string> {
|
||||
}
|
||||
}
|
||||
|
||||
async load(): Promise<void> {
|
||||
this.roles = await new RbacApi(DEFAULT_CONFIG).rbacRolesList({
|
||||
ordering: "name",
|
||||
});
|
||||
}
|
||||
|
||||
async send(data: Group): Promise<Group> {
|
||||
if (this.instance?.pk) {
|
||||
return new CoreApi(DEFAULT_CONFIG).coreGroupsPartialUpdate({
|
||||
@ -112,6 +127,26 @@ export class GroupForm extends ModelForm<Group, string> {
|
||||
>
|
||||
</ak-search-select>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal label=${msg("Roles")} name="roles">
|
||||
<select class="pf-c-form-control" multiple>
|
||||
${this.roles?.results.map((role) => {
|
||||
const selected = Array.from(this.instance?.roles || []).some((sp) => {
|
||||
return sp == role.pk;
|
||||
});
|
||||
return html`<option value=${role.pk} ?selected=${selected}>
|
||||
${role.name}
|
||||
</option>`;
|
||||
})}
|
||||
</select>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg(
|
||||
"Select roles to grant this groups' users' permissions from the selected roles.",
|
||||
)}
|
||||
</p>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Hold control/command to select multiple items.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal
|
||||
label=${msg("Attributes")}
|
||||
?required=${true}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/groups/GroupForm";
|
||||
import "@goauthentik/admin/users/RelatedUserList";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -20,13 +21,14 @@ import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFList from "@patternfly/patternfly/components/List/list.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { CoreApi, Group } from "@goauthentik/api";
|
||||
import { CoreApi, Group, RbacPermissionsAssignedByUsersListModelEnum } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-group-view")
|
||||
export class GroupViewPage extends AKElement {
|
||||
@ -51,6 +53,7 @@ export class GroupViewPage extends AKElement {
|
||||
PFButton,
|
||||
PFDisplay,
|
||||
PFGrid,
|
||||
PFList,
|
||||
PFContent,
|
||||
PFCard,
|
||||
PFDescriptionList,
|
||||
@ -92,7 +95,7 @@ export class GroupViewPage extends AKElement {
|
||||
>
|
||||
<div class="pf-c-card__title">${msg("Group Info")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<dl class="pf-c-description-list pf-m-2-col">
|
||||
<dl class="pf-c-description-list">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
@ -121,6 +124,26 @@ export class GroupViewPage extends AKElement {
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${msg("Roles")}</span
|
||||
>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
<ul class="pf-c-list">
|
||||
${this.group.rolesObj.map((role) => {
|
||||
return html`<li>
|
||||
<a href=${`#/identity/roles/${role.pk}`}
|
||||
>${role.name}
|
||||
</a>
|
||||
</li>`;
|
||||
})}
|
||||
</ul>
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
<div class="pf-c-card__footer">
|
||||
@ -177,6 +200,13 @@ export class GroupViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreGroup}
|
||||
objectPk=${this.group.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import { PFSize } from "@goauthentik/elements/Spinner";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -23,7 +24,13 @@ import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
|
||||
import { Outpost, OutpostHealth, OutpostTypeEnum, OutpostsApi } from "@goauthentik/api";
|
||||
import {
|
||||
Outpost,
|
||||
OutpostHealth,
|
||||
OutpostTypeEnum,
|
||||
OutpostsApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function TypeToLabel(type?: OutpostTypeEnum): string {
|
||||
if (!type) return "";
|
||||
@ -141,6 +148,11 @@ export class OutpostListPage extends TablePage<Outpost> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.OutpostsOutpost}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
${item.managed !== "goauthentik.io/outposts/embedded"
|
||||
? html`<ak-outpost-deployment-modal .outpost=${item} size=${PFSize.Medium}>
|
||||
<button slot="trigger" class="pf-c-button pf-m-tertiary">
|
||||
|
||||
@ -9,6 +9,7 @@ import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -88,23 +89,27 @@ export class OutpostServiceConnectionListPage extends TablePage<ServiceConnectio
|
||||
html`${itemState?.healthy
|
||||
? html`<ak-label color=${PFColor.Green}>${ifDefined(itemState.version)}</ak-label>`
|
||||
: html`<ak-label color=${PFColor.Red}>${msg("Unhealthy")}</ak-label>`}`,
|
||||
html` <ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg(str`Update ${item.verboseName}`)} </span>
|
||||
<ak-proxy-form
|
||||
slot="form"
|
||||
.args=${{
|
||||
instancePk: item.pk,
|
||||
}}
|
||||
type=${ifDefined(item.component)}
|
||||
>
|
||||
</ak-proxy-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg(str`Update ${item.verboseName}`)} </span>
|
||||
<ak-proxy-form
|
||||
slot="form"
|
||||
.args=${{
|
||||
instancePk: item.pk,
|
||||
}}
|
||||
type=${ifDefined(item.component)}
|
||||
>
|
||||
</ak-proxy-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -13,6 +13,7 @@ import "@goauthentik/elements/forms/ConfirmationForm";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -92,6 +93,9 @@ export class PolicyListPage extends TablePage<Policy> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-forms-modal .closeAfterSuccessfulSubmit=${false}>
|
||||
<span slot="submit"> ${msg("Test")} </span>
|
||||
<span slot="header"> ${msg("Test Policy")} </span>
|
||||
|
||||
@ -4,6 +4,7 @@ import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -13,7 +14,11 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { PoliciesApi, Reputation } from "@goauthentik/api";
|
||||
import {
|
||||
PoliciesApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
Reputation,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-policy-reputation-list")
|
||||
export class ReputationListPage extends TablePage<Reputation> {
|
||||
@ -52,6 +57,7 @@ export class ReputationListPage extends TablePage<Reputation> {
|
||||
new TableColumn(msg("IP"), "ip"),
|
||||
new TableColumn(msg("Score"), "score"),
|
||||
new TableColumn(msg("Updated"), "updated"),
|
||||
new TableColumn(msg("Actions")),
|
||||
];
|
||||
}
|
||||
|
||||
@ -86,6 +92,13 @@ export class ReputationListPage extends TablePage<Reputation> {
|
||||
${item.ip}`,
|
||||
html`${item.score}`,
|
||||
html`${item.updated.toLocaleString()}`,
|
||||
html`
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.PoliciesReputationReputation}
|
||||
objectPk=${item.pk || ""}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
`,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { getURLParam, updateURLParams } from "@goauthentik/elements/router/RouteMatch";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
@ -107,6 +108,8 @@ export class PropertyMappingListPage extends TablePage<PropertyMapping> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-forms-modal .closeAfterSuccessfulSubmit=${false}>
|
||||
<span slot="submit"> ${msg("Test")} </span>
|
||||
<span slot="header"> ${msg("Test Property Mapping")} </span>
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/ldap/LDAPProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { me } from "@goauthentik/common/users";
|
||||
@ -27,7 +28,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { LDAPProvider, ProvidersApi, SessionUser } from "@goauthentik/api";
|
||||
import {
|
||||
LDAPProvider,
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SessionUser,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-ldap-view")
|
||||
export class LDAPProviderViewPage extends AKElement {
|
||||
@ -101,6 +107,12 @@ export class LDAPProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersLdapLdapprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -33,6 +33,7 @@ import {
|
||||
OAuth2ProviderSetupURLs,
|
||||
PropertyMappingPreview,
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-oauth2-view")
|
||||
@ -128,6 +129,12 @@ export class OAuth2ProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersOauth2Oauth2provider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/proxy/ProxyProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { convertToSlug } from "@goauthentik/common/utils";
|
||||
@ -39,7 +40,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { ProvidersApi, ProxyMode, ProxyProvider } from "@goauthentik/api";
|
||||
import {
|
||||
ProvidersApi,
|
||||
ProxyMode,
|
||||
ProxyProvider,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function ModeToLabel(action?: ProxyMode): string {
|
||||
if (!action) return "";
|
||||
@ -208,6 +214,12 @@ export class ProxyProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersProxyProxyprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/radius/RadiusProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -21,10 +22,13 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGallery from "@patternfly/patternfly/layouts/Gallery/gallery.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFFlex from "@patternfly/patternfly/utilities/Flex/flex.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { ProvidersApi, RadiusProvider } from "@goauthentik/api";
|
||||
import {
|
||||
ProvidersApi,
|
||||
RadiusProvider,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-radius-view")
|
||||
export class RadiusProviderViewPage extends AKElement {
|
||||
@ -50,7 +54,6 @@ export class RadiusProviderViewPage extends AKElement {
|
||||
PFBase,
|
||||
PFButton,
|
||||
PFPage,
|
||||
PFFlex,
|
||||
PFDisplay,
|
||||
PFGallery,
|
||||
PFContent,
|
||||
@ -162,6 +165,12 @@ export class RadiusProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersRadiusRadiusprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/providers/RelatedApplicationButton";
|
||||
import "@goauthentik/admin/providers/saml/SAMLProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { MessageLevel } from "@goauthentik/common/messages";
|
||||
@ -34,6 +35,7 @@ import {
|
||||
CertificateKeyPair,
|
||||
CryptoApi,
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SAMLMetadata,
|
||||
SAMLProvider,
|
||||
} from "@goauthentik/api";
|
||||
@ -226,6 +228,12 @@ export class SAMLProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersSamlSamlprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
import "@goauthentik/admin/providers/scim/SCIMProviderForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -26,7 +27,12 @@ import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFStack from "@patternfly/patternfly/layouts/Stack/stack.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { ProvidersApi, SCIMProvider, Task } from "@goauthentik/api";
|
||||
import {
|
||||
ProvidersApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SCIMProvider,
|
||||
Task,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-provider-scim-view")
|
||||
export class SCIMProviderViewPage extends AKElement {
|
||||
@ -113,6 +119,12 @@ export class SCIMProviderViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.ProvidersScimScimprovider}
|
||||
objectPk=${this.provider.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
|
||||
|
||||
56
web/src/admin/roles/RoleForm.ts
Normal file
56
web/src/admin/roles/RoleForm.ts
Normal file
@ -0,0 +1,56 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/elements/chips/Chip";
|
||||
import "@goauthentik/elements/chips/ChipGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { RbacApi, Role } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-form")
|
||||
export class RoleForm extends ModelForm<Role, string> {
|
||||
loadInstance(pk: string): Promise<Role> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesRetrieve({
|
||||
uuid: pk,
|
||||
});
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
if (this.instance) {
|
||||
return msg("Successfully updated role.");
|
||||
} else {
|
||||
return msg("Successfully created role.");
|
||||
}
|
||||
}
|
||||
|
||||
async send(data: Role): Promise<Role> {
|
||||
if (this.instance?.pk) {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesPartialUpdate({
|
||||
uuid: this.instance.pk,
|
||||
patchedRoleRequest: data,
|
||||
});
|
||||
} else {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesCreate({
|
||||
roleRequest: data,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
|
||||
<input
|
||||
type="text"
|
||||
value="${ifDefined(this.instance?.name)}"
|
||||
class="pf-c-form-control"
|
||||
required
|
||||
/>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
98
web/src/admin/roles/RoleListPage.ts
Normal file
98
web/src/admin/roles/RoleListPage.ts
Normal file
@ -0,0 +1,98 @@
|
||||
import "@goauthentik/admin/roles/RoleForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { RbacApi, Role } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-list")
|
||||
export class RoleListPage extends TablePage<Role> {
|
||||
checkbox = true;
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
pageTitle(): string {
|
||||
return msg("Roles");
|
||||
}
|
||||
pageDescription(): string {
|
||||
return msg("Manage roles which grant permissions to objects within authentik.");
|
||||
}
|
||||
pageIcon(): string {
|
||||
return "fa fa-lock";
|
||||
}
|
||||
|
||||
@property()
|
||||
order = "name";
|
||||
|
||||
async apiEndpoint(page: number): Promise<PaginatedResponse<Role>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesList({
|
||||
ordering: this.order,
|
||||
page: page,
|
||||
pageSize: (await uiConfig()).pagination.perPage,
|
||||
search: this.search || "",
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [new TableColumn(msg("Name"), "name"), new TableColumn(msg("Actions"))];
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Role(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.usedBy=${(item: Role) => {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesUsedByList({
|
||||
uuid: item.pk,
|
||||
});
|
||||
}}
|
||||
.delete=${(item: Role) => {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacRolesDestroy({
|
||||
uuid: item.pk,
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: Role): TemplateResult[] {
|
||||
return [
|
||||
html`<a href="#/identity/roles/${item.pk}">${item.name}</a>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Role")} </span>
|
||||
<ak-role-form slot="form" .instancePk=${item.pk}> </ak-role-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Create")} </span>
|
||||
<span slot="header"> ${msg("Create Role")} </span>
|
||||
<ak-role-form slot="form"> </ak-role-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">${msg("Create")}</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
}
|
||||
88
web/src/admin/roles/RolePermissionForm.ts
Normal file
88
web/src/admin/roles/RolePermissionForm.ts
Normal file
@ -0,0 +1,88 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/chips/Chip";
|
||||
import "@goauthentik/elements/chips/ChipGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
import "@goauthentik/elements/rbac/PermissionSelectModal";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
interface RolePermissionAssign {
|
||||
permissions: string[];
|
||||
}
|
||||
|
||||
@customElement("ak-role-permission-form")
|
||||
export class RolePermissionForm extends ModelForm<RolePermissionAssign, number> {
|
||||
@state()
|
||||
permissionsToAdd: Permission[] = [];
|
||||
|
||||
@property()
|
||||
roleUuid?: string;
|
||||
|
||||
async load(): Promise<void> {}
|
||||
|
||||
loadInstance(): Promise<RolePermissionAssign> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
return msg("Successfully assigned permission.");
|
||||
}
|
||||
|
||||
async send(data: RolePermissionAssign): Promise<unknown> {
|
||||
await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesAssignCreate({
|
||||
uuid: this.roleUuid || "",
|
||||
permissionAssignRequest: {
|
||||
permissions: data.permissions,
|
||||
},
|
||||
});
|
||||
this.permissionsToAdd = [];
|
||||
return;
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Permissions to add")} name="permissions">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-rbac-permission-select-table
|
||||
.confirm=${(items: Permission[]) => {
|
||||
this.permissionsToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Select permissions")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-rbac-permission-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.permissionsToAdd.map((permission) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${`${permission.appLabel}.${permission.codename}`}
|
||||
@remove=${() => {
|
||||
const idx = this.permissionsToAdd.indexOf(permission);
|
||||
this.permissionsToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${permission.name}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
</div>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
89
web/src/admin/roles/RolePermissionGlobalTable.ts
Normal file
89
web/src/admin/roles/RolePermissionGlobalTable.ts
Normal file
@ -0,0 +1,89 @@
|
||||
import "@goauthentik/admin/roles/RolePermissionForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-permissions-global-table")
|
||||
export class RolePermissionGlobalTable extends Table<Permission> {
|
||||
@property()
|
||||
roleUuid?: string;
|
||||
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
|
||||
checkbox = true;
|
||||
|
||||
order = "content_type__app_label,content_type__model";
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
role: this.roleUuid,
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: Permission[]): [string, Permission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Assign")} </span>
|
||||
<span slot="header"> ${msg("Assign permission to role")} </span>
|
||||
<ak-role-permission-form roleUuid=${ifDefined(this.roleUuid)} slot="form">
|
||||
</ak-role-permission-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Assign permission")}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.delete=${(item: Permission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByRolesUnassignPartialUpdate({
|
||||
uuid: this.roleUuid || "",
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: Permission): TemplateResult[] {
|
||||
return [html`${item.modelVerbose}`, html`${item.name}`, html`✓`];
|
||||
}
|
||||
}
|
||||
94
web/src/admin/roles/RolePermissionObjectTable.ts
Normal file
94
web/src/admin/roles/RolePermissionObjectTable.ts
Normal file
@ -0,0 +1,94 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { ExtraRoleObjectPermission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-permissions-object-table")
|
||||
export class RolePermissionObjectTable extends Table<ExtraRoleObjectPermission> {
|
||||
@property()
|
||||
roleUuid?: string;
|
||||
|
||||
searchEnabled(): boolean {
|
||||
return true;
|
||||
}
|
||||
|
||||
checkbox = true;
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<ExtraRoleObjectPermission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsRolesList({
|
||||
uuid: this.roleUuid || "",
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: ExtraRoleObjectPermission[]): [string, ExtraRoleObjectPermission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn("Object", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: ExtraRoleObjectPermission) => {
|
||||
return [
|
||||
{ key: msg("Permission"), value: item.name },
|
||||
{ key: msg("Object"), value: item.objectDescription || item.objectPk },
|
||||
];
|
||||
}}
|
||||
.delete=${(item: ExtraRoleObjectPermission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByRolesUnassignPartialUpdate({
|
||||
uuid: this.roleUuid || "",
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
objectPk: item.objectPk,
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: ExtraRoleObjectPermission): TemplateResult[] {
|
||||
return [
|
||||
html`${item.modelVerbose}`,
|
||||
html`${item.name}`,
|
||||
html`${item.objectDescription
|
||||
? html`${item.objectDescription}`
|
||||
: html`<pf-tooltip
|
||||
position="top"
|
||||
content=${msg(
|
||||
"Role doesn't have view permission so description cannot be retrieved.",
|
||||
)}
|
||||
>
|
||||
<pre>${item.objectPk}</pre>
|
||||
</pf-tooltip>`}`,
|
||||
html`✓`,
|
||||
];
|
||||
}
|
||||
}
|
||||
144
web/src/admin/roles/RoleViewPage.ts
Normal file
144
web/src/admin/roles/RoleViewPage.ts
Normal file
@ -0,0 +1,144 @@
|
||||
import "@goauthentik/admin/groups/RelatedGroupList";
|
||||
import "@goauthentik/app/admin/roles/RolePermissionGlobalTable";
|
||||
import "@goauthentik/app/admin/roles/RolePermissionObjectTable";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
import "@goauthentik/components/events/UserEvents";
|
||||
import { AKElement } from "@goauthentik/elements/Base";
|
||||
import "@goauthentik/elements/CodeMirror";
|
||||
import "@goauthentik/elements/PageHeader";
|
||||
import "@goauthentik/elements/Tabs";
|
||||
|
||||
import { msg, str } from "@lit/localize";
|
||||
import { CSSResult, TemplateResult, css, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import PFButton from "@patternfly/patternfly/components/Button/button.css";
|
||||
import PFCard from "@patternfly/patternfly/components/Card/card.css";
|
||||
import PFContent from "@patternfly/patternfly/components/Content/content.css";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
|
||||
import { RbacApi, RbacPermissionsAssignedByUsersListModelEnum, Role } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-role-view")
|
||||
export class RoleViewPage extends AKElement {
|
||||
@property({ type: String })
|
||||
set roleId(id: string) {
|
||||
new RbacApi(DEFAULT_CONFIG)
|
||||
.rbacRolesRetrieve({
|
||||
uuid: id,
|
||||
})
|
||||
.then((role) => {
|
||||
this._role = role;
|
||||
});
|
||||
}
|
||||
|
||||
@state()
|
||||
_role?: Role;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [
|
||||
PFBase,
|
||||
PFPage,
|
||||
PFButton,
|
||||
PFDisplay,
|
||||
PFGrid,
|
||||
PFContent,
|
||||
PFCard,
|
||||
PFDescriptionList,
|
||||
css`
|
||||
.pf-c-description-list__description ak-action-button {
|
||||
margin-right: 6px;
|
||||
margin-bottom: 6px;
|
||||
}
|
||||
.ak-button-collection {
|
||||
max-width: 12em;
|
||||
}
|
||||
`,
|
||||
];
|
||||
}
|
||||
|
||||
constructor() {
|
||||
super();
|
||||
this.addEventListener(EVENT_REFRESH, () => {
|
||||
if (!this._role?.pk) return;
|
||||
this.roleId = this._role?.pk;
|
||||
});
|
||||
}
|
||||
|
||||
render(): TemplateResult {
|
||||
return html`<ak-page-header
|
||||
icon="fa fa-lock"
|
||||
header=${msg(str`Role ${this._role?.name || ""}`)}
|
||||
>
|
||||
</ak-page-header>
|
||||
${this.renderBody()}`;
|
||||
}
|
||||
|
||||
renderBody(): TemplateResult {
|
||||
if (!this._role) {
|
||||
return html``;
|
||||
}
|
||||
return html`<ak-tabs>
|
||||
<section
|
||||
slot="page-overview"
|
||||
data-tab-title="${msg("Overview")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div
|
||||
class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-3-col-on-xl pf-m-3-col-on-2xl"
|
||||
>
|
||||
<div class="pf-c-card__title">${msg("Role Info")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<dl class="pf-c-description-list">
|
||||
<div class="pf-c-description-list__group">
|
||||
<dt class="pf-c-description-list__term">
|
||||
<span class="pf-c-description-list__text"
|
||||
>${msg("Name")}</span
|
||||
>
|
||||
</dt>
|
||||
<dd class="pf-c-description-list__description">
|
||||
<div class="pf-c-description-list__text">
|
||||
${this._role.name}
|
||||
</div>
|
||||
</dd>
|
||||
</div>
|
||||
</dl>
|
||||
</div>
|
||||
</div>
|
||||
<div
|
||||
class="pf-c-card pf-l-grid__item pf-m-12-col pf-m-9-col-on-xl pf-m-9-col-on-2xl"
|
||||
>
|
||||
<div class="pf-c-card__title">${msg("Assigned global permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-role-permissions-global-table
|
||||
roleUuid=${this._role.pk}
|
||||
></ak-role-permissions-global-table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${msg("Assigned object permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-role-permissions-object-table
|
||||
roleUuid=${this._role.pk}
|
||||
></ak-role-permissions-object-table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.RbacRole}
|
||||
objectPk=${this._role.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
@ -1,4 +1,5 @@
|
||||
import "@goauthentik/admin/sources/ldap/LDAPSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -22,7 +23,13 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { LDAPSource, SourcesApi, Task, TaskStatusEnum } from "@goauthentik/api";
|
||||
import {
|
||||
LDAPSource,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
Task,
|
||||
TaskStatusEnum,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-ldap-view")
|
||||
export class LDAPSourceViewPage extends AKElement {
|
||||
@ -206,6 +213,12 @@ export class LDAPSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesLdapLdapsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceDiagram";
|
||||
import "@goauthentik/admin/sources/oauth/OAuthSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -22,7 +23,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { OAuthSource, ProviderTypeEnum, SourcesApi } from "@goauthentik/api";
|
||||
import {
|
||||
OAuthSource,
|
||||
ProviderTypeEnum,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
export function ProviderToLabel(provider?: ProviderTypeEnum): string {
|
||||
switch (provider) {
|
||||
@ -238,6 +244,12 @@ export class OAuthSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesOauthOauthsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import "@goauthentik/admin/sources/plex/PlexSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -21,7 +22,11 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { PlexSource, SourcesApi } from "@goauthentik/api";
|
||||
import {
|
||||
PlexSource,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-plex-view")
|
||||
export class PlexSourceViewPage extends AKElement {
|
||||
@ -131,6 +136,12 @@ export class PlexSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesPlexPlexsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
import "@goauthentik/admin/policies/BoundPoliciesList";
|
||||
import "@goauthentik/admin/sources/saml/SAMLSourceForm";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import "@goauthentik/components/events/ObjectChangelog";
|
||||
@ -22,7 +23,12 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { SAMLMetadata, SAMLSource, SourcesApi } from "@goauthentik/api";
|
||||
import {
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SAMLMetadata,
|
||||
SAMLSource,
|
||||
SourcesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-source-saml-view")
|
||||
export class SAMLSourceViewPage extends AKElement {
|
||||
@ -206,6 +212,12 @@ export class SAMLSourceViewPage extends AKElement {
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.SourcesSamlSamlsource}
|
||||
objectPk=${this.source.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
</ak-tabs>`;
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,6 +24,7 @@ import { uiConfig } from "@goauthentik/common/ui/config";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/forms/ProxyForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -149,6 +150,8 @@ export class StageListPage extends TablePage<Stage> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal model=${item.metaModelName} objectPk=${item.pk}>
|
||||
</ak-rbac-object-permission-modal>
|
||||
${this.renderStageActions(item)}`,
|
||||
];
|
||||
}
|
||||
|
||||
@ -9,7 +9,6 @@ import { until } from "lit/directives/until.js";
|
||||
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
|
||||
import PFForm from "@patternfly/patternfly/components/Form/form.css";
|
||||
import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css";
|
||||
import PFFlex from "@patternfly/patternfly/layouts/Flex/flex.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
|
||||
import { Invitation, StagesApi } from "@goauthentik/api";
|
||||
@ -23,7 +22,7 @@ export class InvitationListLink extends AKElement {
|
||||
selectedFlow?: string;
|
||||
|
||||
static get styles(): CSSResult[] {
|
||||
return [PFBase, PFForm, PFFormControl, PFFlex, PFDescriptionList];
|
||||
return [PFBase, PFForm, PFFormControl, PFDescriptionList];
|
||||
}
|
||||
|
||||
renderLink(): string {
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -19,7 +20,12 @@ import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
|
||||
|
||||
import { FlowDesignationEnum, Invitation, StagesApi } from "@goauthentik/api";
|
||||
import {
|
||||
FlowDesignationEnum,
|
||||
Invitation,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
StagesApi,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-stage-invitation-list")
|
||||
export class InvitationListPage extends TablePage<Invitation> {
|
||||
@ -124,15 +130,20 @@ export class InvitationListPage extends TablePage<Invitation> {
|
||||
html`${item.createdBy?.username}`,
|
||||
html`${item.expires?.toLocaleString() || msg("-")}`,
|
||||
html` <ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Invitation")} </span>
|
||||
<ak-invitation-form slot="form" .instancePk=${item.pk}> </ak-invitation-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Invitation")} </span>
|
||||
<ak-invitation-form slot="form" .instancePk=${item.pk}> </ak-invitation-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.StagesInvitationInvitation}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,7 @@ import "@goauthentik/elements/buttons/ModalButton";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -14,7 +15,7 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { Prompt, StagesApi } from "@goauthentik/api";
|
||||
import { Prompt, RbacPermissionsAssignedByUsersListModelEnum, StagesApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-stage-prompt-list")
|
||||
export class PromptListPage extends TablePage<Prompt> {
|
||||
@ -88,15 +89,20 @@ export class PromptListPage extends TablePage<Prompt> {
|
||||
return html`<li>${stage.name}</li>`;
|
||||
})}`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Prompt")} </span>
|
||||
<ak-prompt-form slot="form" .instancePk=${item.pk}> </ak-prompt-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Prompt")} </span>
|
||||
<ak-prompt-form slot="form" .instancePk=${item.pk}> </ak-prompt-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.StagesPromptPrompt}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal> `,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -5,6 +5,7 @@ import { PFColor } from "@goauthentik/elements/Label";
|
||||
import "@goauthentik/elements/buttons/SpinnerButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -14,7 +15,7 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { CoreApi, Tenant } from "@goauthentik/api";
|
||||
import { CoreApi, RbacPermissionsAssignedByUsersListModelEnum, Tenant } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-tenant-list")
|
||||
export class TenantListPage extends TablePage<Tenant> {
|
||||
@ -85,15 +86,21 @@ export class TenantListPage extends TablePage<Tenant> {
|
||||
${item._default ? msg("Yes") : msg("No")}
|
||||
</ak-label>`,
|
||||
html`<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Tenant")} </span>
|
||||
<ak-tenant-form slot="form" .instancePk=${item.tenantUuid}> </ak-tenant-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`,
|
||||
<span slot="submit"> ${msg("Update")} </span>
|
||||
<span slot="header"> ${msg("Update Tenant")} </span>
|
||||
<ak-tenant-form slot="form" .instancePk=${item.tenantUuid}> </ak-tenant-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-plain">
|
||||
<pf-tooltip position="top" content=${msg("Edit")}>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.TenantsTenant}
|
||||
objectPk=${item.tenantUuid}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>`,
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ import "@goauthentik/elements/buttons/Dropdown";
|
||||
import "@goauthentik/elements/buttons/TokenCopyButton";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@goauthentik/elements/rbac/ObjectPermissionModal";
|
||||
import { PaginatedResponse } from "@goauthentik/elements/table/Table";
|
||||
import { TableColumn } from "@goauthentik/elements/table/Table";
|
||||
import { TablePage } from "@goauthentik/elements/table/TablePage";
|
||||
@ -16,7 +17,12 @@ import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { CoreApi, IntentEnum, Token } from "@goauthentik/api";
|
||||
import {
|
||||
CoreApi,
|
||||
IntentEnum,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
Token,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-token-list")
|
||||
export class TokenListPage extends TablePage<Token> {
|
||||
@ -120,7 +126,19 @@ export class TokenListPage extends TablePage<Token> {
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-forms-modal>`
|
||||
: html``}
|
||||
: html` <button class="pf-c-button pf-m-plain" disabled>
|
||||
<pf-tooltip
|
||||
position="top"
|
||||
content=${msg("Editing is disabled for managed tokens")}
|
||||
>
|
||||
<i class="fas fa-edit"></i>
|
||||
</pf-tooltip>
|
||||
</button>`}
|
||||
<ak-rbac-object-permission-modal
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreToken}
|
||||
objectPk=${item.pk}
|
||||
>
|
||||
</ak-rbac-object-permission-modal>
|
||||
<ak-token-copy-button
|
||||
class="pf-c-button pf-m-plain"
|
||||
identifier="${item.identifier}"
|
||||
|
||||
@ -69,41 +69,40 @@ export class RelatedUserAdd extends Form<{ users: number[] }> {
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`${this.group?.isSuperuser ? html`` : html``}
|
||||
<ak-form-element-horizontal label=${msg("Users to add")} name="users">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-group-member-select-table
|
||||
.confirm=${(items: User[]) => {
|
||||
this.usersToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Add users")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-group-member-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.usersToAdd.map((user) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${ifDefined(user.pk)}
|
||||
@remove=${() => {
|
||||
const idx = this.usersToAdd.indexOf(user);
|
||||
this.usersToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${UserOption(user)}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
return html` <ak-form-element-horizontal label=${msg("Users to add")} name="users">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-group-member-select-table
|
||||
.confirm=${(items: User[]) => {
|
||||
this.usersToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Add users")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-group-member-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.usersToAdd.map((user) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${ifDefined(user.pk)}
|
||||
@remove=${() => {
|
||||
const idx = this.usersToAdd.indexOf(user);
|
||||
this.usersToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${UserOption(user)}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
</ak-form-element-horizontal>`;
|
||||
</div>
|
||||
</ak-form-element-horizontal>`;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
88
web/src/admin/users/UserAssignedGlobalPermissionsTable.ts
Normal file
88
web/src/admin/users/UserAssignedGlobalPermissionsTable.ts
Normal file
@ -0,0 +1,88 @@
|
||||
import "@goauthentik/admin/users/UserPermissionForm";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@goauthentik/elements/forms/ModalForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
import { ifDefined } from "lit/directives/if-defined.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-assigned-global-permissions-table")
|
||||
export class UserAssignedGlobalPermissionsTable extends Table<Permission> {
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
checkbox = true;
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<Permission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
||||
user: this.userId || 0,
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: Permission[]): [string, Permission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderObjectCreate(): TemplateResult {
|
||||
return html`
|
||||
<ak-forms-modal>
|
||||
<span slot="submit"> ${msg("Assign")} </span>
|
||||
<span slot="header"> ${msg("Assign permission to user")} </span>
|
||||
<ak-user-permission-form userId=${ifDefined(this.userId)} slot="form">
|
||||
</ak-user-permission-form>
|
||||
<button slot="trigger" class="pf-c-button pf-m-primary">
|
||||
${msg("Assign permission")}
|
||||
</button>
|
||||
</ak-forms-modal>
|
||||
`;
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: Permission) => {
|
||||
return [{ key: msg("Permission"), value: item.name }];
|
||||
}}
|
||||
.delete=${(item: Permission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByUsersUnassignPartialUpdate({
|
||||
id: this.userId || 0,
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: Permission): TemplateResult[] {
|
||||
return [html`${item.modelVerbose}`, html`${item.name}`, html`✓`];
|
||||
}
|
||||
}
|
||||
90
web/src/admin/users/UserAssignedObjectPermissionsTable.ts
Normal file
90
web/src/admin/users/UserAssignedObjectPermissionsTable.ts
Normal file
@ -0,0 +1,90 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config";
|
||||
import { groupBy } from "@goauthentik/app/common/utils";
|
||||
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table";
|
||||
import "@goauthentik/elements/forms/DeleteBulkForm";
|
||||
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { ExtraUserObjectPermission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-assigned-object-permissions-table")
|
||||
export class UserAssignedObjectPermissionsTable extends Table<ExtraUserObjectPermission> {
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
checkbox = true;
|
||||
|
||||
apiEndpoint(page: number): Promise<PaginatedResponse<ExtraUserObjectPermission>> {
|
||||
return new RbacApi(DEFAULT_CONFIG).rbacPermissionsUsersList({
|
||||
userId: this.userId || 0,
|
||||
page: page,
|
||||
ordering: this.order,
|
||||
search: this.search,
|
||||
});
|
||||
}
|
||||
|
||||
groupBy(items: ExtraUserObjectPermission[]): [string, ExtraUserObjectPermission[]][] {
|
||||
return groupBy(items, (obj) => {
|
||||
return obj.appLabelVerbose;
|
||||
});
|
||||
}
|
||||
|
||||
columns(): TableColumn[] {
|
||||
return [
|
||||
new TableColumn("Model", "model"),
|
||||
new TableColumn("Permission", ""),
|
||||
new TableColumn("Object", ""),
|
||||
new TableColumn(""),
|
||||
];
|
||||
}
|
||||
|
||||
renderToolbarSelected(): TemplateResult {
|
||||
const disabled = this.selectedElements.length < 1;
|
||||
return html`<ak-forms-delete-bulk
|
||||
objectLabel=${msg("Permission(s)")}
|
||||
.objects=${this.selectedElements}
|
||||
.metadata=${(item: ExtraUserObjectPermission) => {
|
||||
return [
|
||||
{ key: msg("Permission"), value: item.name },
|
||||
{ key: msg("Object"), value: item.objectDescription || item.objectPk },
|
||||
];
|
||||
}}
|
||||
.delete=${(item: ExtraUserObjectPermission) => {
|
||||
return new RbacApi(
|
||||
DEFAULT_CONFIG,
|
||||
).rbacPermissionsAssignedByUsersUnassignPartialUpdate({
|
||||
id: this.userId || 0,
|
||||
patchedPermissionAssignRequest: {
|
||||
permissions: [`${item.appLabel}.${item.codename}`],
|
||||
objectPk: item.objectPk,
|
||||
},
|
||||
});
|
||||
}}
|
||||
>
|
||||
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
||||
${msg("Delete")}
|
||||
</button>
|
||||
</ak-forms-delete-bulk>`;
|
||||
}
|
||||
|
||||
row(item: ExtraUserObjectPermission): TemplateResult[] {
|
||||
return [
|
||||
html`${item.modelVerbose}`,
|
||||
html`${item.name}`,
|
||||
html`${item.objectDescription
|
||||
? html`${item.objectDescription}`
|
||||
: html`<pf-tooltip
|
||||
position="top"
|
||||
content=${msg(
|
||||
"User doesn't have view permission so description cannot be retrieved.",
|
||||
)}
|
||||
>
|
||||
<pre>${item.objectPk}</pre>
|
||||
</pf-tooltip>`}`,
|
||||
html`✓`,
|
||||
];
|
||||
}
|
||||
}
|
||||
@ -10,8 +10,8 @@ import { customElement, property } from "lit/decorators.js";
|
||||
|
||||
import { AuthenticatorsApi, Device } from "@goauthentik/api";
|
||||
|
||||
@customElement("ak-user-device-list")
|
||||
export class UserDeviceList extends Table<Device> {
|
||||
@customElement("ak-user-device-table")
|
||||
export class UserDeviceTable extends Table<Device> {
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
88
web/src/admin/users/UserPermissionForm.ts
Normal file
88
web/src/admin/users/UserPermissionForm.ts
Normal file
@ -0,0 +1,88 @@
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/chips/Chip";
|
||||
import "@goauthentik/elements/chips/ChipGroup";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
import "@goauthentik/elements/rbac/PermissionSelectModal";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
import { TemplateResult, html } from "lit";
|
||||
import { customElement, property, state } from "lit/decorators.js";
|
||||
|
||||
import { Permission, RbacApi } from "@goauthentik/api";
|
||||
|
||||
interface UserPermissionAssign {
|
||||
permissions: string[];
|
||||
}
|
||||
|
||||
@customElement("ak-user-permission-form")
|
||||
export class UserPermissionForm extends ModelForm<UserPermissionAssign, number> {
|
||||
@state()
|
||||
permissionsToAdd: Permission[] = [];
|
||||
|
||||
@property({ type: Number })
|
||||
userId?: number;
|
||||
|
||||
async load(): Promise<void> {}
|
||||
|
||||
loadInstance(): Promise<UserPermissionAssign> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
|
||||
getSuccessMessage(): string {
|
||||
return msg("Successfully assigned permission.");
|
||||
}
|
||||
|
||||
async send(data: UserPermissionAssign): Promise<unknown> {
|
||||
await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersAssignCreate({
|
||||
id: this.userId || 0,
|
||||
permissionAssignRequest: {
|
||||
permissions: data.permissions,
|
||||
},
|
||||
});
|
||||
this.permissionsToAdd = [];
|
||||
return;
|
||||
}
|
||||
|
||||
renderForm(): TemplateResult {
|
||||
return html`<form class="pf-c-form pf-m-horizontal">
|
||||
<ak-form-element-horizontal label=${msg("Permissions to add")} name="permissions">
|
||||
<div class="pf-c-input-group">
|
||||
<ak-rbac-permission-select-table
|
||||
.confirm=${(items: Permission[]) => {
|
||||
this.permissionsToAdd = items;
|
||||
this.requestUpdate();
|
||||
return Promise.resolve();
|
||||
}}
|
||||
>
|
||||
<button slot="trigger" class="pf-c-button pf-m-control" type="button">
|
||||
<pf-tooltip position="top" content=${msg("Select permissions")}>
|
||||
<i class="fas fa-plus" aria-hidden="true"></i>
|
||||
</pf-tooltip>
|
||||
</button>
|
||||
</ak-rbac-permission-select-table>
|
||||
<div class="pf-c-form-control">
|
||||
<ak-chip-group>
|
||||
${this.permissionsToAdd.map((permission) => {
|
||||
return html`<ak-chip
|
||||
.removable=${true}
|
||||
value=${`${permission.appLabel}.${permission.codename}`}
|
||||
@remove=${() => {
|
||||
const idx = this.permissionsToAdd.indexOf(permission);
|
||||
this.permissionsToAdd.splice(idx, 1);
|
||||
this.requestUpdate();
|
||||
}}
|
||||
>
|
||||
${permission.name}
|
||||
</ak-chip>`;
|
||||
})}
|
||||
</ak-chip-group>
|
||||
</div>
|
||||
</div>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
@ -3,7 +3,10 @@ import "@goauthentik/admin/users/UserActiveForm";
|
||||
import "@goauthentik/admin/users/UserChart";
|
||||
import "@goauthentik/admin/users/UserForm";
|
||||
import "@goauthentik/admin/users/UserPasswordForm";
|
||||
import "@goauthentik/app/admin/users/UserAssignedGlobalPermissionsTable";
|
||||
import "@goauthentik/app/admin/users/UserAssignedObjectPermissionsTable";
|
||||
import { me } from "@goauthentik/app/common/users";
|
||||
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
|
||||
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
||||
import { EVENT_REFRESH } from "@goauthentik/common/constants";
|
||||
import { MessageLevel } from "@goauthentik/common/messages";
|
||||
@ -35,12 +38,17 @@ import PFPage from "@patternfly/patternfly/components/Page/page.css";
|
||||
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
|
||||
import PFBase from "@patternfly/patternfly/patternfly-base.css";
|
||||
import PFDisplay from "@patternfly/patternfly/utilities/Display/display.css";
|
||||
import PFFlex from "@patternfly/patternfly/utilities/Flex/flex.css";
|
||||
import PFSizing from "@patternfly/patternfly/utilities/Sizing/sizing.css";
|
||||
|
||||
import { CapabilitiesEnum, CoreApi, SessionUser, User } from "@goauthentik/api";
|
||||
import {
|
||||
CapabilitiesEnum,
|
||||
CoreApi,
|
||||
RbacPermissionsAssignedByUsersListModelEnum,
|
||||
SessionUser,
|
||||
User,
|
||||
} from "@goauthentik/api";
|
||||
|
||||
import "./UserDevicesList";
|
||||
import "./UserDevicesTable";
|
||||
|
||||
@customElement("ak-user-view")
|
||||
export class UserViewPage extends AKElement {
|
||||
@ -68,7 +76,6 @@ export class UserViewPage extends AKElement {
|
||||
return [
|
||||
PFBase,
|
||||
PFPage,
|
||||
PFFlex,
|
||||
PFButton,
|
||||
PFDisplay,
|
||||
PFGrid,
|
||||
@ -443,7 +450,35 @@ export class UserViewPage extends AKElement {
|
||||
>
|
||||
<div class="pf-c-card">
|
||||
<div class="pf-c-card__body">
|
||||
<ak-user-device-list userId=${this.user.pk}> </ak-user-device-list>
|
||||
<ak-user-device-table userId=${this.user.pk}> </ak-user-device-table>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
<ak-rbac-object-permission-page
|
||||
slot="page-permissions"
|
||||
data-tab-title="${msg("Permissions")}"
|
||||
model=${RbacPermissionsAssignedByUsersListModelEnum.CoreUser}
|
||||
objectPk=${this.user.pk}
|
||||
></ak-rbac-object-permission-page>
|
||||
<section
|
||||
slot="page-mfa-assigned-permissions"
|
||||
data-tab-title="${msg("Assigned permissions")}"
|
||||
class="pf-c-page__main-section pf-m-no-padding-mobile"
|
||||
>
|
||||
<div class="pf-l-grid pf-m-gutter">
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${msg("Assigned global permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-user-assigned-global-permissions-table userId=${this.user.pk}>
|
||||
</ak-user-assigned-global-permissions-table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
|
||||
<div class="pf-c-card__title">${msg("Assigned object permissions")}</div>
|
||||
<div class="pf-c-card__body">
|
||||
<ak-user-assigned-object-permissions-table userId=${this.user.pk}>
|
||||
</ak-user-assigned-object-permissions-table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</section>
|
||||
|
||||
Reference in New Issue
Block a user