Thomas Lamprecht 09f1f28800 ui: ACL view: fix path filtering
and add some comments about actual behavior of those config
properties..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2020-11-10 07:33:20 +01:00

206 lines
4.3 KiB
JavaScript

Ext.define('pmx-acls', {
extend: 'Ext.data.Model',
fields: [
'path', 'ugid', 'ugid_type', 'roleid', 'propagate',
{
name: 'aclid',
calculate: function(data) {
return `${data.path} for ${data.ugid} - ${data.roleid}`;
},
},
],
idProperty: 'aclid',
proxy: {
type: 'proxmox',
url: '/api2/json/access/acl',
},
});
Ext.define('PBS.config.ACLView', {
extend: 'Ext.grid.GridPanel',
alias: 'widget.pbsACLView',
title: gettext('Permissions'),
// Show only those permissions, which can affect this and children paths.
// That means that also higher up, "shorter" paths are included, as those
// can have a say in the rights on the asked path.
aclPath: undefined,
// tell API to only return ACLs matching exactly the aclPath config.
aclExact: undefined,
controller: {
xclass: 'Ext.app.ViewController',
addUserACL: function() {
let me = this;
let view = me.getView();
Ext.create('PBS.window.ACLEdit', {
path: view.aclPath,
aclType: 'user',
listeners: {
destroy: function() {
me.reload();
},
},
}).show();
},
addTokenACL: function() {
let me = this;
let view = me.getView();
Ext.create('PBS.window.ACLEdit', {
path: view.aclPath,
aclType: 'token',
listeners: {
destroy: function() {
me.reload();
},
},
}).show();
},
removeACL: function(btn, event, rec) {
let me = this;
Proxmox.Utils.API2Request({
url: '/access/acl',
method: 'PUT',
params: {
'delete': 1,
path: rec.data.path,
role: rec.data.roleid,
'auth-id': rec.data.ugid,
},
callback: function() {
me.reload();
},
failure: function(response, opts) {
Ext.Msg.alert(gettext('Error'), response.htmlStatus);
},
});
},
reload: function() { this.getView().getStore().rstore.load(); },
init: function(view) {
let proxy = view.getStore().rstore.getProxy();
let params = {};
if (typeof view.aclPath === "string") {
let pathFilter = Ext.create('Ext.util.Filter', {
filterPath: view.aclPath,
filterAtoms: view.aclPath.split('/'),
filterFn: function(item) {
let me = this;
let path = item.data.path;
if (path === "/" || path === me.filterPath) {
return true;
} else if (path.length > me.filterPath.length) {
return path.startsWith(me.filterPath + '/');
}
let pathAtoms = path.split('/');
let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);
for (let i = 1; i < commonLength; i++) {
if (me.filterAtoms[i] !== pathAtoms[i]) {
return false;
}
}
return true;
},
});
view.getStore().addFilter(pathFilter);
}
if (view.aclExact !== undefined) {
if (view.aclPath !== undefined) {
params.path = view.aclPath;
}
params.exact = view.aclExact;
}
proxy.setExtraParams(params);
Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
},
control: {
'#': { // view
activate: function() {
this.getView().getStore().rstore.startUpdate();
},
deactivate: function() {
this.getView().getStore().rstore.stopUpdate();
},
},
},
},
store: {
type: 'diff',
autoDestroy: true,
autoDestroyRstore: true,
sorters: 'aclid',
rstore: {
type: 'update',
storeid: 'pmx-acls',
model: 'pmx-acls',
interval: 5000,
},
},
tbar: [
{
text: gettext('Add'),
menu: {
xtype: 'menu',
items: [
{
text: gettext('User Permission'),
iconCls: 'fa fa-fw fa-user',
handler: 'addUserACL',
},
{
text: gettext('API Token Permission'),
iconCls: 'fa fa-fw fa-user-o',
handler: 'addTokenACL',
},
],
},
},
{
xtype: 'proxmoxStdRemoveButton',
handler: 'removeACL',
callback: 'reload',
},
],
columns: [
{
header: gettext('Path'),
width: 250,
sortable: true,
renderer: Ext.String.htmlEncode,
dataIndex: 'path',
},
{
header: gettext('User/Group/API Token'),
width: 200,
sortable: true,
renderer: Ext.String.htmlEncode,
dataIndex: 'ugid',
},
{
header: gettext('Role'),
width: 200,
sortable: true,
dataIndex: 'roleid',
},
{
header: gettext('Propagate'),
flex: 1, // last element flex looks better
sortable: true,
renderer: Proxmox.Utils.format_boolean,
dataIndex: 'propagate',
},
],
});