proxmox-backup/www/config/ACLView.js

Ext.define('pmx-acls', {
    extend: 'Ext.data.Model',
    fields: [
	'path', 'ugid', 'ugid_type', 'roleid', 'propagate',
	{
	    name: 'aclid',
	    calculate: function(data) {
		return `${data.path} for ${data.ugid} - ${data.roleid}`;
	    },
	},
    ],
    idProperty: 'aclid',
    proxy: {
	type: 'proxmox',
	url: '/api2/json/access/acl',
    },
});

Ext.define('PBS.config.ACLView', {
    extend: 'Ext.grid.GridPanel',
    alias: 'widget.pbsACLView',

    title: gettext('Permissions'),

    // Show only those permissions, which can affect this and children paths.
    // That means that also higher up, "shorter" paths are included, as those
    // can have a say in the rights on the asked path.
    aclPath: undefined,

    // tell API to only return ACLs matching exactly the aclPath config.
    aclExact: undefined,

    controller: {
	xclass: 'Ext.app.ViewController',

	addUserACL: function() {
	    let me = this;
	    let view = me.getView();
	    Ext.create('PBS.window.ACLEdit', {
		path: view.aclPath,
		aclType: 'user',
		datastore: view.datastore,
		listeners: {
		    destroy: () => me.reload(),
		},
	    }).show();
	},

	addTokenACL: function() {
	    let me = this;
	    let view = me.getView();
	    Ext.create('PBS.window.ACLEdit', {
		path: view.aclPath,
		aclType: 'token',
		datastore: view.datastore,
		listeners: {
		    destroy: () => me.reload(),
		},
	    }).show();
	},


	removeACL: function(btn, event, rec) {
	    let me = this;
	    Proxmox.Utils.API2Request({
		url: '/access/acl',
		method: 'PUT',
		params: {
		    'delete': 1,
		    path: rec.data.path,
		    role: rec.data.roleid,
		    'auth-id': rec.data.ugid,
		},
		callback: function() {
		    me.reload();
		},
		failure: function(response, opts) {
		    Ext.Msg.alert(gettext('Error'), response.htmlStatus);
		},
	    });
	},

	reload: function() { this.getView().getStore().rstore.load(); },

	init: function(view) {
	    let proxy = view.getStore().rstore.getProxy();

	    let params = {};
	    if (typeof view.aclPath === "string") {
		let pathFilter = Ext.create('Ext.util.Filter', {
		    filterPath: view.aclPath,
		    filterAtoms: view.aclPath.split('/'),
		    filterFn: function(item) {
			let me = this;
			let path = item.data.path;
			if (path === "/" || path === me.filterPath) {
			    return true;
			} else if (path.length > me.filterPath.length) {
			    return path.startsWith(me.filterPath + '/');
			}
			let pathAtoms = path.split('/');
			let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);
			for (let i = 1; i < commonLength; i++) {
			    if (me.filterAtoms[i] !== pathAtoms[i]) {
				return false;
			    }
			}
			return true;
		    },
		});
		view.getStore().addFilter(pathFilter);
	    }
	    if (view.aclExact !== undefined) {
		if (view.aclPath !== undefined) {
		    params.path = view.aclPath;
		}
		params.exact = view.aclExact;
	    }

	    proxy.setExtraParams(params);
	    Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
	},
	control: {
	    '#': { // view
		activate: function() {
		    this.getView().getStore().rstore.startUpdate();
		},
		deactivate: function() {
		    this.getView().getStore().rstore.stopUpdate();
		},
	    },
	},
    },

    store: {
	type: 'diff',
	autoDestroy: true,
	autoDestroyRstore: true,
	sorters: 'aclid',
	rstore: {
	    type: 'update',
	    storeid: 'pmx-acls',
	    model: 'pmx-acls',
	    interval: 5000,
	},
    },

    tbar: [
	{
	    text: gettext('Add'),
	    menu: {
		xtype: 'menu',
		items: [
		    {
			text: gettext('User Permission'),
			iconCls: 'fa fa-fw fa-user',
			handler: 'addUserACL',
		    },
		    {
			text: gettext('API Token Permission'),
			iconCls: 'fa fa-fw fa-user-o',
			handler: 'addTokenACL',
		    },
		],
	    },
	},
	{
	    xtype: 'proxmoxStdRemoveButton',
	    handler: 'removeACL',
	    callback: 'reload',
	},
    ],

    columns: [
	{
	    header: gettext('Path'),
	    minWidth: 250,
	    flex: 4,
	    sortable: true,
	    renderer: Ext.String.htmlEncode,
	    dataIndex: 'path',
	},
	{
	    header: gettext('User/Group/API Token'),
	    width: 200,
	    sortable: true,
	    renderer: Ext.String.htmlEncode,
	    dataIndex: 'ugid',
	},
	{
	    header: gettext('Role'),
	    width: 200,
	    sortable: true,
	    dataIndex: 'roleid',
	},
	{
	    header: gettext('Propagate'),
	    flex: 9, // last element flex looks better
	    sortable: true,
	    renderer: Proxmox.Utils.format_boolean,
	    dataIndex: 'propagate',
	},
    ],
});
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`Ext.define('pmx-acls', {`
			`extend: 'Ext.data.Model',`
			`fields: [`
			`'path', 'ugid', 'ugid_type', 'roleid', 'propagate',`
			`{`
			`name: 'aclid',`
			`calculate: function(data) {`
ui: acls: include roleid into id and sort by it this fixes missing acls on the gui Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-22 14:51:44 +02:00			return `${data.path} for ${data.ugid} - ${data.roleid}`;
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`
			`},`
			`],`
			`idProperty: 'aclid',`
			`proxy: {`
			`type: 'proxmox',`
			`url: '/api2/json/access/acl',`
			`},`
			`});`

			`Ext.define('PBS.config.ACLView', {`
			`extend: 'Ext.grid.GridPanel',`
			`alias: 'widget.pbsACLView',`

fixup 2020-05-20 13:26:41 +02:00			`title: gettext('Permissions'),`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 07:33:14 +01:00			`// Show only those permissions, which can affect this and children paths.`
			`// That means that also higher up, "shorter" paths are included, as those`
			`// can have a say in the rights on the asked path.`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`aclPath: undefined,`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 07:33:14 +01:00
			`// tell API to only return ACLs matching exactly the aclPath config.`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`aclExact: undefined,`

			`controller: {`
			`xclass: 'Ext.app.ViewController',`

gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`addUserACL: function() {`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`let me = this;`
			`let view = me.getView();`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`Ext.create('PBS.window.ACLEdit', {`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`path: view.aclPath,`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`aclType: 'user',`
ui: datastore permissions: allow ACL path edit & query namespaces Without namespaces this had not much use, but now that we can have permissions below we should allow so. For convenience also query the namsepaces here and add them to the list of available ACL paths, the read-dir shouldn't be that expensive (albeit, we could cache them in the frontend) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-05-18 18:09:15 +02:00			`datastore: view.datastore,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`listeners: {`
ui: small style cleanups/refactoring Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-05-18 18:04:16 +02:00			`destroy: () => me.reload(),`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`}).show();`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`

gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`addTokenACL: function() {`
			`let me = this;`
			`let view = me.getView();`
			`Ext.create('PBS.window.ACLEdit', {`
			`path: view.aclPath,`
			`aclType: 'token',`
ui: datastore permissions: allow ACL path edit & query namespaces Without namespaces this had not much use, but now that we can have permissions below we should allow so. For convenience also query the namsepaces here and add them to the list of available ACL paths, the read-dir shouldn't be that expensive (albeit, we could cache them in the frontend) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-05-18 18:09:15 +02:00			`datastore: view.datastore,`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`listeners: {`
ui: small style cleanups/refactoring Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-05-18 18:04:16 +02:00			`destroy: () => me.reload(),`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`},`
			`}).show();`
			`},`


ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`removeACL: function(btn, event, rec) {`
			`let me = this;`
			`Proxmox.Utils.API2Request({`
ui: some eslint auto-fixes Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-09-25 18:29:42 +02:00			`url: '/access/acl',`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`method: 'PUT',`
			`params: {`
			`'delete': 1,`
			`path: rec.data.path,`
			`role: rec.data.roleid,`
api: replace auth_id with auth-id in parameters, and fix up the completion for the ACL update parameter. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-30 15:18:41 +01:00			`'auth-id': rec.data.ugid,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`
			`callback: function() {`
			`me.reload();`
			`},`
ui: some eslint auto-fixes Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-09-25 18:29:42 +02:00			`failure: function(response, opts) {`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`Ext.Msg.alert(gettext('Error'), response.htmlStatus);`
			`},`
			`});`
			`},`

			`reload: function() { this.getView().getStore().rstore.load(); },`

			`init: function(view) {`
			`let proxy = view.getStore().rstore.getProxy();`

			`let params = {};`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 07:33:14 +01:00			`if (typeof view.aclPath === "string") {`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 14:47:38 +01:00			`let pathFilter = Ext.create('Ext.util.Filter', {`
			`filterPath: view.aclPath,`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 07:33:14 +01:00			`filterAtoms: view.aclPath.split('/'),`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 14:47:38 +01:00			`filterFn: function(item) {`
			`let me = this;`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 07:33:14 +01:00			`let path = item.data.path;`
			`if (path === "/" \|\| path === me.filterPath) {`
			`return true;`
			`} else if (path.length > me.filterPath.length) {`
			`return path.startsWith(me.filterPath + '/');`
			`}`
			`let pathAtoms = path.split('/');`
			`let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);`
			`for (let i = 1; i < commonLength; i++) {`
			`if (me.filterAtoms[i] !== pathAtoms[i]) {`
			`return false;`
			`}`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 14:47:38 +01:00			`}`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 07:33:14 +01:00			`return true;`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 14:47:38 +01:00			`},`
			`});`
			`view.getStore().addFilter(pathFilter);`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`}`
			`if (view.aclExact !== undefined) {`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 14:47:38 +01:00			`if (view.aclPath !== undefined) {`
			`params.path = view.aclPath;`
			`}`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`params.exact = view.aclExact;`
			`}`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 14:47:38 +01:00
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`proxy.setExtraParams(params);`
ui: add missing monStoreErrors to actually show api errors on the list call Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-26 12:23:26 +02:00			`Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`
ui: acl view: only update if component is activated Avoid triggering non-required background updates during browsing a datastores content or statistics panels. They're not expensive, but I do not like such behavior at all (having traveled with trains and spotty network to often) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-05-26 18:58:19 +02:00			`control: {`
			`'#': { // view`
			`activate: function() {`
			`this.getView().getStore().rstore.startUpdate();`
			`},`
			`deactivate: function() {`
			`this.getView().getStore().rstore.stopUpdate();`
			`},`
			`},`
			`},`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`

			`store: {`
			`type: 'diff',`
			`autoDestroy: true,`
			`autoDestroyRstore: true,`
ui: acls: include roleid into id and sort by it this fixes missing acls on the gui Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-22 14:51:44 +02:00			`sorters: 'aclid',`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`rstore: {`
			`type: 'update',`
			`storeid: 'pmx-acls',`
			`model: 'pmx-acls',`
			`interval: 5000,`
			`},`
			`},`

			`tbar: [`
			`{`
			`text: gettext('Add'),`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`menu: {`
			`xtype: 'menu',`
			`items: [`
			`{`
			`text: gettext('User Permission'),`
			`iconCls: 'fa fa-fw fa-user',`
			`handler: 'addUserACL',`
			`},`
			`{`
			`text: gettext('API Token Permission'),`
			`iconCls: 'fa fa-fw fa-user-o',`
			`handler: 'addTokenACL',`
			`},`
			`],`
			`},`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`},`
			`{`
			`xtype: 'proxmoxStdRemoveButton',`
			`handler: 'removeACL',`
			`callback: 'reload',`
			`},`
			`],`

			`columns: [`
			`{`
			`header: gettext('Path'),`
ui: acl view: make path column flex, but enforce minWidth with namespaces the paths can get pretty complex, so make the path column take some flex space too, but not too much to avoid making it look odd for the short paths we have otherwise Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-05-18 18:22:16 +02:00			`minWidth: 250,`
			`flex: 4,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`sortable: true,`
			`renderer: Ext.String.htmlEncode,`
			`dataIndex: 'path',`
			`},`
			`{`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 11:07:27 +01:00			`header: gettext('User/Group/API Token'),`
ui: ACL view: do not save grid state Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-10-31 11:36:48 +01:00			`width: 200,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`sortable: true,`
			`renderer: Ext.String.htmlEncode,`
			`dataIndex: 'ugid',`
			`},`
			`{`
			`header: gettext('Role'),`
ui: ACL view: do not save grid state Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-10-31 11:36:48 +01:00			`width: 200,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`sortable: true,`
			`dataIndex: 'roleid',`
			`},`
			`{`
			`header: gettext('Propagate'),`
ui: acl view: make path column flex, but enforce minWidth with namespaces the paths can get pretty complex, so make the path column take some flex space too, but not too much to avoid making it look odd for the short paths we have otherwise Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2022-05-18 18:22:16 +02:00			`flex: 9, // last element flex looks better`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 12:15:37 +02:00			`sortable: true,`
			`renderer: Proxmox.Utils.format_boolean,`
			`dataIndex: 'propagate',`
			`},`
			`],`
			`});`