dd625d57df
* main: (213 commits) website/docs: configuration: fix typo in kubectl command (#10492) website/integrations: fix typo in minio instructions (#10500) web: bump @typescript-eslint/eslint-plugin from 7.5.0 to 7.16.0 in /tests/wdio (#10496) website: bump prettier from 3.3.2 to 3.3.3 in /website (#10493) core: bump ruff from 0.5.1 to 0.5.2 (#10494) web: bump @typescript-eslint/parser from 7.5.0 to 7.16.0 in /tests/wdio (#10495) web: bump eslint-plugin-sonarjs from 0.25.1 to 1.0.3 in /tests/wdio (#10498) web: bump prettier from 3.3.2 to 3.3.3 in /tests/wdio (#10497) web: bump pseudolocale from 2.0.0 to 2.1.0 in /web (#10499) core: bump goauthentik.io/api/v3 from 3.2024061.1 to 3.2024061.2 (#10491) web: bump API Client version (#10488) flows: remove stage challenge type (#10476) core: bump github.com/redis/go-redis/v9 from 9.5.3 to 9.5.4 (#10469) core: bump goauthentik.io/api/v3 from 3.2024060.6 to 3.2024061.1 (#10470) web: bump the babel group across 1 directory with 2 updates (#10471) web: bump the storybook group across 1 directory with 7 updates (#10472) core: bump coverage from 7.5.4 to 7.6.0 (#10473) website/docs: air gapped: clarify .env usage at the top for Kubernetes installations (#10447) website/docs: air gapped: update "see configuration" wording (#10448) website/docs: Add Kubernetes Bootstrap Instructions (#9541) ...
130 lines
5.0 KiB
TypeScript
130 lines
5.0 KiB
TypeScript
import "@goauthentik/admin/rbac/RoleObjectPermissionForm";
|
|
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
|
|
import "@goauthentik/elements/forms/DeleteBulkForm";
|
|
import "@goauthentik/elements/forms/ModalForm";
|
|
import { PaginatedResponse, Table, TableColumn } from "@goauthentik/elements/table/Table";
|
|
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
|
|
|
|
import { msg } from "@lit/localize";
|
|
import { TemplateResult, html } from "lit";
|
|
import { customElement, property, state } from "lit/decorators.js";
|
|
import { ifDefined } from "lit/directives/if-defined.js";
|
|
|
|
import {
|
|
PaginatedPermissionList,
|
|
RbacApi,
|
|
RbacPermissionsAssignedByRolesListModelEnum,
|
|
RoleAssignedObjectPermission,
|
|
} from "@goauthentik/api";
|
|
|
|
@customElement("ak-rbac-role-object-permission-table")
|
|
export class RoleAssignedObjectPermissionTable extends Table<RoleAssignedObjectPermission> {
|
|
@property()
|
|
model?: RbacPermissionsAssignedByRolesListModelEnum;
|
|
|
|
@property()
|
|
objectPk?: string | number;
|
|
|
|
@state()
|
|
modelPermissions?: PaginatedPermissionList;
|
|
|
|
checkbox = true;
|
|
clearOnRefresh = true;
|
|
|
|
async apiEndpoint(): Promise<PaginatedResponse<RoleAssignedObjectPermission>> {
|
|
const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesList({
|
|
...(await this.defaultEndpointConfig()),
|
|
// TODO: better default
|
|
model: this.model || RbacPermissionsAssignedByRolesListModelEnum.CoreUser,
|
|
objectPk: this.objectPk?.toString(),
|
|
});
|
|
const [appLabel, modelName] = (this.model || "").split(".");
|
|
const modelPermissions = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsList({
|
|
contentTypeModel: modelName,
|
|
contentTypeAppLabel: appLabel,
|
|
ordering: "codename",
|
|
});
|
|
modelPermissions.results = modelPermissions.results.filter((value) => {
|
|
return !value.codename.startsWith("add_");
|
|
});
|
|
this.modelPermissions = modelPermissions;
|
|
return perms;
|
|
}
|
|
|
|
columns(): TableColumn[] {
|
|
const baseColumns = [new TableColumn(msg("User"), "user")];
|
|
// We don't check pagination since models shouldn't need to have that many permissions?
|
|
this.modelPermissions?.results.forEach((perm) => {
|
|
baseColumns.push(new TableColumn(perm.name, perm.codename));
|
|
});
|
|
return baseColumns;
|
|
}
|
|
|
|
renderObjectCreate(): TemplateResult {
|
|
return html`<ak-forms-modal>
|
|
<span slot="submit"> ${msg("Assign")} </span>
|
|
<span slot="header"> ${msg("Assign permission to role")} </span>
|
|
<ak-rbac-role-object-permission-form
|
|
model=${ifDefined(this.model)}
|
|
objectPk=${ifDefined(this.objectPk)}
|
|
slot="form"
|
|
>
|
|
</ak-rbac-role-object-permission-form>
|
|
<button slot="trigger" class="pf-c-button pf-m-primary">
|
|
${msg("Assign to new role")}
|
|
</button>
|
|
</ak-forms-modal>`;
|
|
}
|
|
|
|
renderToolbarSelected(): TemplateResult {
|
|
const disabled = this.selectedElements.length < 1;
|
|
return html`<ak-forms-delete-bulk
|
|
objectLabel=${msg("Permission(s)")}
|
|
.objects=${this.selectedElements}
|
|
.metadata=${(item: RoleAssignedObjectPermission) => {
|
|
return [{ key: msg("Permission"), value: item.name }];
|
|
}}
|
|
.delete=${(item: RoleAssignedObjectPermission) => {
|
|
return new RbacApi(
|
|
DEFAULT_CONFIG,
|
|
).rbacPermissionsAssignedByRolesUnassignPartialUpdate({
|
|
uuid: item.rolePk,
|
|
patchedPermissionAssignRequest: {
|
|
objectPk: this.objectPk?.toString(),
|
|
model: this.model,
|
|
permissions: item.permissions.map((perm) => {
|
|
return `${perm.appLabel}.${perm.codename}`;
|
|
}),
|
|
},
|
|
});
|
|
}}
|
|
>
|
|
<button ?disabled=${disabled} slot="trigger" class="pf-c-button pf-m-danger">
|
|
${msg("Delete")}
|
|
</button>
|
|
</ak-forms-delete-bulk>`;
|
|
}
|
|
|
|
row(item: RoleAssignedObjectPermission): TemplateResult[] {
|
|
const baseRow = [html` <a href="#/identity/roles/${item.rolePk}">${item.name}</a>`];
|
|
this.modelPermissions?.results.forEach((perm) => {
|
|
const granted =
|
|
item.permissions.filter((uperm) => uperm.codename === perm.codename).length > 0;
|
|
baseRow.push(
|
|
html`${granted
|
|
? html`<pf-tooltip position="top" content=${msg("Directly assigned")}
|
|
><i class="fas fa-check pf-m-success"></i
|
|
></pf-tooltip>`
|
|
: html`<i class="fas fa-times pf-m-danger"></i>`} `,
|
|
);
|
|
});
|
|
return baseRow;
|
|
}
|
|
}
|
|
|
|
declare global {
|
|
interface HTMLElementTagNameMap {
|
|
"ak-rbac-role-object-permission-table": RoleAssignedObjectPermissionTable;
|
|
}
|
|
}
|