[proxmox-backup.git] / www / config / ACLView.js

Ext.define('pmx-acls', {
    extend: 'Ext.data.Model',
    fields: [
	'path', 'ugid', 'ugid_type', 'roleid', 'propagate',
	{
	    name: 'aclid',
	    calculate: function(data) {
		return `${data.path} for ${data.ugid} - ${data.roleid}`;
	    },
	},
    ],
    idProperty: 'aclid',
    proxy: {
	type: 'proxmox',
	url: '/api2/json/access/acl',
    },
});

Ext.define('PBS.config.ACLView', {
    extend: 'Ext.grid.GridPanel',
    alias: 'widget.pbsACLView',

    title: gettext('Permissions'),

    // Show only those permissions, which can affect this and children paths.
    // That means that also higher up, "shorter" paths are included, as those
    // can have a say in the rights on the asked path.
    aclPath: undefined,

    // tell API to only return ACLs matching exactly the aclPath config.
    aclExact: undefined,

    controller: {
	xclass: 'Ext.app.ViewController',

	addUserACL: function() {
	    let me = this;
	    let view = me.getView();
	    Ext.create('PBS.window.ACLEdit', {
		path: view.aclPath,
		aclType: 'user',
		listeners: {
		    destroy: function() {
			me.reload();
		    },
		},
	    }).show();
	},

	addTokenACL: function() {
	    let me = this;
	    let view = me.getView();
	    Ext.create('PBS.window.ACLEdit', {
		path: view.aclPath,
		aclType: 'token',
		listeners: {
		    destroy: function() {
			me.reload();
		    },
		},
	    }).show();
	},


	removeACL: function(btn, event, rec) {
	    let me = this;
	    Proxmox.Utils.API2Request({
		url: '/access/acl',
		method: 'PUT',
		params: {
		    'delete': 1,
		    path: rec.data.path,
		    role: rec.data.roleid,
		    'auth-id': rec.data.ugid,
		},
		callback: function() {
		    me.reload();
		},
		failure: function(response, opts) {
		    Ext.Msg.alert(gettext('Error'), response.htmlStatus);
		},
	    });
	},

	reload: function() { this.getView().getStore().rstore.load(); },

	init: function(view) {
	    let proxy = view.getStore().rstore.getProxy();

	    let params = {};
	    if (typeof view.aclPath === "string") {
		let pathFilter = Ext.create('Ext.util.Filter', {
		    filterPath: view.aclPath,
		    filterAtoms: view.aclPath.split('/'),
		    filterFn: function(item) {
			let me = this;
			let path = item.data.path;
			if (path === "/" || path === me.filterPath) {
			    return true;
			} else if (path.length > me.filterPath.length) {
			    return path.startsWith(me.filterPath + '/');
			}
			let pathAtoms = path.split('/');
			let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);
			for (let i = 1; i < commonLength; i++) {
			    if (me.filterAtoms[i] !== pathAtoms[i]) {
				return false;
			    }
			}
			return true;
		    },
		});
		view.getStore().addFilter(pathFilter);
	    }
	    if (view.aclExact !== undefined) {
		if (view.aclPath !== undefined) {
		    params.path = view.aclPath;
		}
		params.exact = view.aclExact;
	    }

	    proxy.setExtraParams(params);
	    Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
	},
	control: {
	    '#': { // view
		activate: function() {
		    this.getView().getStore().rstore.startUpdate();
		},
		deactivate: function() {
		    this.getView().getStore().rstore.stopUpdate();
		},
	    },
	},
    },

    store: {
	type: 'diff',
	autoDestroy: true,
	autoDestroyRstore: true,
	sorters: 'aclid',
	rstore: {
	    type: 'update',
	    storeid: 'pmx-acls',
	    model: 'pmx-acls',
	    interval: 5000,
	},
    },

    tbar: [
	{
	    text: gettext('Add'),
	    menu: {
		xtype: 'menu',
		items: [
		    {
			text: gettext('User Permission'),
			iconCls: 'fa fa-fw fa-user',
			handler: 'addUserACL',
		    },
		    {
			text: gettext('API Token Permission'),
			iconCls: 'fa fa-fw fa-user-o',
			handler: 'addTokenACL',
		    },
		],
	    },
	},
	{
	    xtype: 'proxmoxStdRemoveButton',
	    handler: 'removeACL',
	    callback: 'reload',
	},
    ],

    columns: [
	{
	    header: gettext('Path'),
	    width: 250,
	    sortable: true,
	    renderer: Ext.String.htmlEncode,
	    dataIndex: 'path',
	},
	{
	    header: gettext('User/Group/API Token'),
	    width: 200,
	    sortable: true,
	    renderer: Ext.String.htmlEncode,
	    dataIndex: 'ugid',
	},
	{
	    header: gettext('Role'),
	    width: 200,
	    sortable: true,
	    dataIndex: 'roleid',
	},
	{
	    header: gettext('Propagate'),
	    flex: 1, // last element flex looks better
	    sortable: true,
	    renderer: Proxmox.Utils.format_boolean,
	    dataIndex: 'propagate',
	},
    ],
});
Commit	Line	Data
0542cfdf DC	1	Ext.define('pmx-acls', {
	2	extend: 'Ext.data.Model',
	3	fields: [
	4	'path', 'ugid', 'ugid_type', 'roleid', 'propagate',
	5	{
	6	name: 'aclid',
	7	calculate: function(data) {
bfa0146c	8	return `${data.path} for ${data.ugid} - ${data.roleid}`;
0542cfdf DC	9	},
	10	},
	11	],
	12	idProperty: 'aclid',
	13	proxy: {
	14	type: 'proxmox',
	15	url: '/api2/json/access/acl',
	16	},
	17	});
	18
	19	Ext.define('PBS.config.ACLView', {
	20	extend: 'Ext.grid.GridPanel',
	21	alias: 'widget.pbsACLView',
	22
ee1458b6	23	title: gettext('Permissions'),
0542cfdf	24
09f1f288 TL	25	// Show only those permissions, which can affect this and children paths.
	26	// That means that also higher up, "shorter" paths are included, as those
	27	// can have a say in the rights on the asked path.
0542cfdf	28	aclPath: undefined,
09f1f288 TL	29
09f1f288 TL	30	// tell API to only return ACLs matching exactly the aclPath config.
0542cfdf DC	31	aclExact: undefined,
	32
	33	controller: {
	34	xclass: 'Ext.app.ViewController',
	35
184a3763	36	addUserACL: function() {
0542cfdf DC	37	let me = this;
0542cfdf DC	38	let view = me.getView();
184a3763	39	Ext.create('PBS.window.ACLEdit', {
0542cfdf	40	path: view.aclPath,
184a3763	41	aclType: 'user',
0542cfdf DC	42	listeners: {
	43	destroy: function() {
	44	me.reload();
	45	},
	46	},
184a3763	47	}).show();
0542cfdf DC	48	},
0542cfdf DC	49
184a3763 FG	50	addTokenACL: function() {
	51	let me = this;
	52	let view = me.getView();
	53	Ext.create('PBS.window.ACLEdit', {
	54	path: view.aclPath,
	55	aclType: 'token',
	56	listeners: {
	57	destroy: function() {
	58	me.reload();
	59	},
	60	},
	61	}).show();
	62	},
	63
	64
0542cfdf DC	65	removeACL: function(btn, event, rec) {
	66	let me = this;
	67	Proxmox.Utils.API2Request({
65b0cea6	68	url: '/access/acl',
0542cfdf DC	69	method: 'PUT',
	70	params: {
	71	'delete': 1,
	72	path: rec.data.path,
	73	role: rec.data.roleid,
8b600f99	74	'auth-id': rec.data.ugid,
0542cfdf DC	75	},
	76	callback: function() {
	77	me.reload();
	78	},
65b0cea6	79	failure: function(response, opts) {
0542cfdf DC	80	Ext.Msg.alert(gettext('Error'), response.htmlStatus);
	81	},
	82	});
	83	},
	84
	85	reload: function() { this.getView().getStore().rstore.load(); },
	86
	87	init: function(view) {
	88	let proxy = view.getStore().rstore.getProxy();
	89
	90	let params = {};
09f1f288	91	if (typeof view.aclPath === "string") {
f3b4820d FG	92	let pathFilter = Ext.create('Ext.util.Filter', {
f3b4820d FG	93	filterPath: view.aclPath,
09f1f288	94	filterAtoms: view.aclPath.split('/'),
f3b4820d FG	95	filterFn: function(item) {
f3b4820d FG	96	let me = this;
09f1f288 TL	97	let path = item.data.path;
	98	if (path === "/" \|\| path === me.filterPath) {
	99	return true;
	100	} else if (path.length > me.filterPath.length) {
	101	return path.startsWith(me.filterPath + '/');
	102	}
	103	let pathAtoms = path.split('/');
	104	let commonLength = Math.min(pathAtoms.length, me.filterAtoms.length);
	105	for (let i = 1; i < commonLength; i++) {
	106	if (me.filterAtoms[i] !== pathAtoms[i]) {
	107	return false;
	108	}
f3b4820d	109	}
09f1f288	110	return true;
f3b4820d FG	111	},
	112	});
	113	view.getStore().addFilter(pathFilter);
0542cfdf DC	114	}
0542cfdf DC	115	if (view.aclExact !== undefined) {
f3b4820d FG	116	if (view.aclPath !== undefined) {
	117	params.path = view.aclPath;
	118	}
0542cfdf DC	119	params.exact = view.aclExact;
0542cfdf DC	120	}
f3b4820d	121
0542cfdf	122	proxy.setExtraParams(params);
12710fd3	123	Proxmox.Utils.monStoreErrors(view, view.getStore().rstore);
0542cfdf	124	},
ed216fd7 TL	125	control: {
	126	'#': { // view
	127	activate: function() {
	128	this.getView().getStore().rstore.startUpdate();
	129	},
	130	deactivate: function() {
	131	this.getView().getStore().rstore.stopUpdate();
	132	},
	133	},
	134	},
0542cfdf DC	135	},
	136
	137	store: {
	138	type: 'diff',
	139	autoDestroy: true,
	140	autoDestroyRstore: true,
bfa0146c	141	sorters: 'aclid',
0542cfdf DC	142	rstore: {
	143	type: 'update',
	144	storeid: 'pmx-acls',
	145	model: 'pmx-acls',
0542cfdf DC	146	interval: 5000,
	147	},
	148	},
	149
	150	tbar: [
	151	{
0542cfdf	152	text: gettext('Add'),
184a3763 FG	153	menu: {
	154	xtype: 'menu',
	155	items: [
	156	{
	157	text: gettext('User Permission'),
	158	iconCls: 'fa fa-fw fa-user',
	159	handler: 'addUserACL',
	160	},
	161	{
	162	text: gettext('API Token Permission'),
	163	iconCls: 'fa fa-fw fa-user-o',
	164	handler: 'addTokenACL',
	165	},
	166	],
	167	},
0542cfdf DC	168	},
	169	{
	170	xtype: 'proxmoxStdRemoveButton',
	171	handler: 'removeACL',
	172	callback: 'reload',
	173	},
	174	],
	175
	176	columns: [
	177	{
	178	header: gettext('Path'),
ba2e4b15	179	width: 250,
0542cfdf DC	180	sortable: true,
	181	renderer: Ext.String.htmlEncode,
	182	dataIndex: 'path',
	183	},
	184	{
184a3763	185	header: gettext('User/Group/API Token'),
54adea36	186	width: 200,
0542cfdf DC	187	sortable: true,
	188	renderer: Ext.String.htmlEncode,
	189	dataIndex: 'ugid',
	190	},
	191	{
	192	header: gettext('Role'),
54adea36	193	width: 200,
0542cfdf DC	194	sortable: true,
	195	dataIndex: 'roleid',
	196	},
	197	{
	198	header: gettext('Propagate'),
ba2e4b15	199	flex: 1, // last element flex looks better
0542cfdf DC	200	sortable: true,
	201	renderer: Proxmox.Utils.format_boolean,
	202	dataIndex: 'propagate',
	203	},
	204	],
0542cfdf	205	});