proxmox-backup/www/config/ACLView.js

Ext.define('pmx-acls', {
    extend: 'Ext.data.Model',
    fields: [
	'path', 'ugid', 'ugid_type', 'roleid', 'propagate',
	{
	    name: 'aclid',
	    calculate: function(data) {
		return `${data.path} for ${data.ugid} - ${data.roleid}`;
	    },
	},
    ],
    idProperty: 'aclid',
    proxy: {
	type: 'proxmox',
	url: '/api2/json/access/acl',
    },
});

Ext.define('PBS.config.ACLView', {
    extend: 'Ext.grid.GridPanel',
    alias: 'widget.pbsACLView',

    title: gettext('Permissions'),

    // Show only those permissions, which can affect this and children paths.
    // That means that also higher up, "shorter" paths are included, as those
    // can have a say in the rights on the asked path.
    aclPath: undefined,

    // tell API to only return ACLs matching exactly the aclPath config.
    aclExact: undefined,

    controller: {
	xclass: 'Ext.app.ViewController',

	addUserACL: function() {
	    let me = this;
	    let view = me.getView();
	    Ext.create('PBS.window.ACLEdit', {
		path: view.aclPath,
		aclType: 'user',
		listeners: {
		    destroy: function() {
			me.reload();
		    },
		},
	    }).show();
	},

	addTokenACL: function() {
	    let me = this;
	    let view = me.getView();
	    Ext.create('PBS.window.ACLEdit', {
		path: view.aclPath,
		aclType: 'token',
		listeners: {
		    destroy: function() {
			me.reload();
		    },
		},
	    }).show();
	},


	removeACL: function(btn, event, rec) {
	    let me = this;
	    Proxmox.Utils.API2Request({
		url: '/access/acl',
		method: 'PUT',
		params: {
		    'delete': 1,
		    path: rec.data.path,
		    role: rec.data.roleid,
		    'auth-id': rec.data.ugid,
		},
		callback: function() {
		    me.reload();
		},
		failure: function(response, opts) {
		    Ext.Msg.alert(gettext('Error'), response.htmlStatus);
		},
	    });
	},

	reload: function() { this.getView().getStore().rstore.load(); },

	init: function(view) {
	    let proxy = view.getStore().rstore.getProxy();

	    let params = {};
	    if (typeof view.aclPath === "string") {
		let pathFilter = Ext.create('Ext.util.Filter', {
		    filterPath: view.aclPath,
		    filterAtoms: view.aclPath.split('/'),
		    filterFn: function(item) {
			let me = this;
			let path = item.data.path;
			if (path === "/" || path === me.filterPath) {
			    return true;
			} else if (path.length > me.filterPath.length) {
			    return path.startsWith(me.filterPath + '/');
			}
			let pathAtoms = path.split('/');
			let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);
			for (let i = 1; i < commonLength; i++) {
			    if (me.filterAtoms[i] !== pathAtoms[i]) {
				return false;
			    }
			}
			return true;
		    },
		});
		view.getStore().addFilter(pathFilter);
	    }
	    if (view.aclExact !== undefined) {
		if (view.aclPath !== undefined) {
		    params.path = view.aclPath;
		}
		params.exact = view.aclExact;
	    }

	    proxy.setExtraParams(params);
	    Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
	},
	control: {
	    '#': { // view
		activate: function() {
		    this.getView().getStore().rstore.startUpdate();
		},
		deactivate: function() {
		    this.getView().getStore().rstore.stopUpdate();
		},
	    },
	},
    },

    store: {
	type: 'diff',
	autoDestroy: true,
	autoDestroyRstore: true,
	sorters: 'aclid',
	rstore: {
	    type: 'update',
	    storeid: 'pmx-acls',
	    model: 'pmx-acls',
	    interval: 5000,
	},
    },

    tbar: [
	{
	    text: gettext('Add'),
	    menu: {
		xtype: 'menu',
		items: [
		    {
			text: gettext('User Permission'),
			iconCls: 'fa fa-fw fa-user',
			handler: 'addUserACL',
		    },
		    {
			text: gettext('API Token Permission'),
			iconCls: 'fa fa-fw fa-user-o',
			handler: 'addTokenACL',
		    },
		],
	    },
	},
	{
	    xtype: 'proxmoxStdRemoveButton',
	    handler: 'removeACL',
	    callback: 'reload',
	},
    ],

    columns: [
	{
	    header: gettext('Path'),
	    width: 250,
	    sortable: true,
	    renderer: Ext.String.htmlEncode,
	    dataIndex: 'path',
	},
	{
	    header: gettext('User/Group/API Token'),
	    width: 200,
	    sortable: true,
	    renderer: Ext.String.htmlEncode,
	    dataIndex: 'ugid',
	},
	{
	    header: gettext('Role'),
	    width: 200,
	    sortable: true,
	    dataIndex: 'roleid',
	},
	{
	    header: gettext('Propagate'),
	    flex: 1, // last element flex looks better
	    sortable: true,
	    renderer: Proxmox.Utils.format_boolean,
	    dataIndex: 'propagate',
	},
    ],
});
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`Ext.define('pmx-acls', {`
			`extend: 'Ext.data.Model',`
			`fields: [`
			`'path', 'ugid', 'ugid_type', 'roleid', 'propagate',`
			`{`
			`name: 'aclid',`
			`calculate: function(data) {`
ui: acls: include roleid into id and sort by it this fixes missing acls on the gui Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-22 12:51:44 +00:00			return `${data.path} for ${data.ugid} - ${data.roleid}`;
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`},`
			`},`
			`],`
			`idProperty: 'aclid',`
			`proxy: {`
			`type: 'proxmox',`
			`url: '/api2/json/access/acl',`
			`},`
			`});`

			`Ext.define('PBS.config.ACLView', {`
			`extend: 'Ext.grid.GridPanel',`
			`alias: 'widget.pbsACLView',`

fixup 2020-05-20 11:26:41 +00:00			`title: gettext('Permissions'),`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 06:33:14 +00:00			`// Show only those permissions, which can affect this and children paths.`
			`// That means that also higher up, "shorter" paths are included, as those`
			`// can have a say in the rights on the asked path.`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`aclPath: undefined,`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 06:33:14 +00:00
			`// tell API to only return ACLs matching exactly the aclPath config.`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`aclExact: undefined,`

			`controller: {`
			`xclass: 'Ext.app.ViewController',`

gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`addUserACL: function() {`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`let me = this;`
			`let view = me.getView();`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`Ext.create('PBS.window.ACLEdit', {`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`path: view.aclPath,`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`aclType: 'user',`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`listeners: {`
			`destroy: function() {`
			`me.reload();`
			`},`
			`},`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`}).show();`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`},`

gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`addTokenACL: function() {`
			`let me = this;`
			`let view = me.getView();`
			`Ext.create('PBS.window.ACLEdit', {`
			`path: view.aclPath,`
			`aclType: 'token',`
			`listeners: {`
			`destroy: function() {`
			`me.reload();`
			`},`
			`},`
			`}).show();`
			`},`


ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`removeACL: function(btn, event, rec) {`
			`let me = this;`
			`Proxmox.Utils.API2Request({`
ui: some eslint auto-fixes Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-09-25 16:29:42 +00:00			`url: '/access/acl',`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`method: 'PUT',`
			`params: {`
			`'delete': 1,`
			`path: rec.data.path,`
			`role: rec.data.roleid,`
api: replace auth_id with auth-id in parameters, and fix up the completion for the ACL update parameter. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-30 14:18:41 +00:00			`'auth-id': rec.data.ugid,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`},`
			`callback: function() {`
			`me.reload();`
			`},`
ui: some eslint auto-fixes Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-09-25 16:29:42 +00:00			`failure: function(response, opts) {`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`Ext.Msg.alert(gettext('Error'), response.htmlStatus);`
			`},`
			`});`
			`},`

			`reload: function() { this.getView().getStore().rstore.load(); },`

			`init: function(view) {`
			`let proxy = view.getStore().rstore.getProxy();`

			`let params = {};`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 06:33:14 +00:00			`if (typeof view.aclPath === "string") {`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 13:47:38 +00:00			`let pathFilter = Ext.create('Ext.util.Filter', {`
			`filterPath: view.aclPath,`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 06:33:14 +00:00			`filterAtoms: view.aclPath.split('/'),`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 13:47:38 +00:00			`filterFn: function(item) {`
			`let me = this;`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 06:33:14 +00:00			`let path = item.data.path;`
			`if (path === "/" \|\| path === me.filterPath) {`
			`return true;`
			`} else if (path.length > me.filterPath.length) {`
			`return path.startsWith(me.filterPath + '/');`
			`}`
			`let pathAtoms = path.split('/');`
			`let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);`
			`for (let i = 1; i < commonLength; i++) {`
			`if (me.filterAtoms[i] !== pathAtoms[i]) {`
			`return false;`
			`}`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 13:47:38 +00:00			`}`
ui: ACL view: fix path filtering and add some comments about actual behavior of those config properties.. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-11-10 06:33:14 +00:00			`return true;`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 13:47:38 +00:00			`},`
			`});`
			`view.getStore().addFilter(pathFilter);`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`}`
			`if (view.aclExact !== undefined) {`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 13:47:38 +00:00			`if (view.aclPath !== undefined) {`
			`params.path = view.aclPath;`
			`}`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`params.exact = view.aclExact;`
			`}`
www: show more ACLs in datastore panel since just the ACLs defined on the exact datastore path don't give anywhere near a complete picture of who has access to it. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-11-09 13:47:38 +00:00
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`proxy.setExtraParams(params);`
ui: add missing monStoreErrors to actually show api errors on the list call Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-26 10:23:26 +00:00			`Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`},`
ui: acl view: only update if component is activated Avoid triggering non-required background updates during browsing a datastores content or statistics panels. They're not expensive, but I do not like such behavior at all (having traveled with trains and spotty network to often) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-05-26 16:58:19 +00:00			`control: {`
			`'#': { // view`
			`activate: function() {`
			`this.getView().getStore().rstore.startUpdate();`
			`},`
			`deactivate: function() {`
			`this.getView().getStore().rstore.stopUpdate();`
			`},`
			`},`
			`},`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`},`

			`store: {`
			`type: 'diff',`
			`autoDestroy: true,`
			`autoDestroyRstore: true,`
ui: acls: include roleid into id and sort by it this fixes missing acls on the gui Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-22 12:51:44 +00:00			`sorters: 'aclid',`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`rstore: {`
			`type: 'update',`
			`storeid: 'pmx-acls',`
			`model: 'pmx-acls',`
			`interval: 5000,`
			`},`
			`},`

			`tbar: [`
			`{`
			`text: gettext('Add'),`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`menu: {`
			`xtype: 'menu',`
			`items: [`
			`{`
			`text: gettext('User Permission'),`
			`iconCls: 'fa fa-fw fa-user',`
			`handler: 'addUserACL',`
			`},`
			`{`
			`text: gettext('API Token Permission'),`
			`iconCls: 'fa fa-fw fa-user-o',`
			`handler: 'addTokenACL',`
			`},`
			`],`
			`},`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`},`
			`{`
			`xtype: 'proxmoxStdRemoveButton',`
			`handler: 'removeACL',`
			`callback: 'reload',`
			`},`
			`],`

			`columns: [`
			`{`
			`header: gettext('Path'),`
ui: improve ACL view layout Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-10-31 10:33:31 +00:00			`width: 250,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`sortable: true,`
			`renderer: Ext.String.htmlEncode,`
			`dataIndex: 'path',`
			`},`
			`{`
gui: add API token ACLs and the needed API token selector. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com> 2020-10-28 10:07:27 +00:00			`header: gettext('User/Group/API Token'),`
ui: ACL view: do not save grid state Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-10-31 10:36:48 +00:00			`width: 200,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`sortable: true,`
			`renderer: Ext.String.htmlEncode,`
			`dataIndex: 'ugid',`
			`},`
			`{`
			`header: gettext('Role'),`
ui: ACL view: do not save grid state Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-10-31 10:36:48 +00:00			`width: 200,`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`sortable: true,`
			`dataIndex: 'roleid',`
			`},`
			`{`
			`header: gettext('Propagate'),`
ui: improve ACL view layout Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-10-31 10:33:31 +00:00			`flex: 1, // last element flex looks better`
ui: add ACL panel to Configuration Signed-off-by: Dominik Csapak <d.csapak@proxmox.com> 2020-05-20 10:15:37 +00:00			`sortable: true,`
			`renderer: Proxmox.Utils.format_boolean,`
			`dataIndex: 'propagate',`
			`},`
			`],`
			`});`