]> git.proxmox.com Git - pve-manager.git/blob - www/manager6/grid/FirewallOptions.js
projects / pve-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ui: firewall: refactor privilege checks and prevent double click
[pve-manager.git] / www / manager6 / grid / FirewallOptions.js
1 Ext.define('PVE.FirewallOptions', {
2 extend: 'Proxmox.grid.ObjectGrid',
3 alias: ['widget.pveFirewallOptions'],
4
5 fwtype: undefined, // 'dc', 'node' or 'vm'
6
7 base_url: undefined,
8
9 initComponent: function() {
10 var me = this;
11
12 if (!me.base_url) {
13 throw "missing base_url configuration";
14 }
15
16 if (me.fwtype === 'dc' || me.fwtype === 'node' || me.fwtype === 'vm') {
17 if (me.fwtype === 'node') {
18 me.cwidth1 = 250;
19 }
20 } else {
21 throw "unknown firewall option type";
22 }
23
24 let caps = Ext.state.Manager.get('GuiCap');
25 let canEdit = caps.vms['VM.Config.Network'] || caps.dc['Sys.Modify'] || caps.nodes['Sys.Modify'];
26
27 me.rows = {};
28
29 var add_boolean_row = function(name, text, defaultValue) {
30 me.add_boolean_row(name, text, { defaultValue: defaultValue });
31 };
32 var add_integer_row = function(name, text, minValue, labelWidth) {
33 me.add_integer_row(name, text, {
34 minValue: minValue,
35 deleteEmpty: true,
36 labelWidth: labelWidth,
37 renderer: function(value) {
38 if (value === undefined) {
39 return Proxmox.Utils.defaultText;
40 }
41
42 return value;
43 },
44 });
45 };
46
47 var add_log_row = function(name, labelWidth) {
48 me.rows[name] = {
49 header: name,
50 required: true,
51 defaultValue: 'nolog',
52 editor: {
53 xtype: 'proxmoxWindowEdit',
54 subject: name,
55 fieldDefaults: { labelWidth: labelWidth || 100 },
56 items: {
57 xtype: 'pveFirewallLogLevels',
58 name: name,
59 fieldLabel: name,
60 },
61 },
62 };
63 };
64
65 if (me.fwtype === 'node') {
66 me.rows.enable = {
67 required: true,
68 defaultValue: 1,
69 header: gettext('Firewall'),
70 renderer: Proxmox.Utils.format_boolean,
71 editor: {
72 xtype: 'pveFirewallEnableEdit',
73 defaultValue: 1,
74 },
75 };
76 add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
77 add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
78 add_boolean_row('ndp', 'NDP', 1);
79 add_integer_row('nf_conntrack_max', 'nf_conntrack_max', 32768, 120);
80 add_integer_row('nf_conntrack_tcp_timeout_established',
81 'nf_conntrack_tcp_timeout_established', 7875, 250);
82 add_log_row('log_level_in');
83 add_log_row('log_level_out');
84 add_log_row('tcp_flags_log_level', 120);
85 add_log_row('smurf_log_level');
86 } else if (me.fwtype === 'vm') {
87 me.rows.enable = {
88 required: true,
89 defaultValue: 0,
90 header: gettext('Firewall'),
91 renderer: Proxmox.Utils.format_boolean,
92 editor: {
93 xtype: 'pveFirewallEnableEdit',
94 defaultValue: 0,
95 },
96 };
97 add_boolean_row('dhcp', 'DHCP', 1);
98 add_boolean_row('ndp', 'NDP', 1);
99 add_boolean_row('radv', gettext('Router Advertisement'), 0);
100 add_boolean_row('macfilter', gettext('MAC filter'), 1);
101 add_boolean_row('ipfilter', gettext('IP filter'), 0);
102 add_log_row('log_level_in');
103 add_log_row('log_level_out');
104 } else if (me.fwtype === 'dc') {
105 add_boolean_row('enable', gettext('Firewall'), 0);
106 add_boolean_row('ebtables', 'ebtables', 1);
107 me.rows.log_ratelimit = {
108 header: gettext('Log rate limit'),
109 required: true,
110 defaultValue: gettext('Default') + ' (enable=1,rate1/second,burst=5)',
111 editor: {
112 xtype: 'pveFirewallLograteEdit',
113 defaultValue: 'enable=1',
114 },
115 };
116 }
117
118 if (me.fwtype === 'dc' || me.fwtype === 'vm') {
119 me.rows.policy_in = {
120 header: gettext('Input Policy'),
121 required: true,
122 defaultValue: 'DROP',
123 editor: {
124 xtype: 'proxmoxWindowEdit',
125 subject: gettext('Input Policy'),
126 items: {
127 xtype: 'pveFirewallPolicySelector',
128 name: 'policy_in',
129 value: 'DROP',
130 fieldLabel: gettext('Input Policy'),
131 },
132 },
133 };
134
135 me.rows.policy_out = {
136 header: gettext('Output Policy'),
137 required: true,
138 defaultValue: 'ACCEPT',
139 editor: {
140 xtype: 'proxmoxWindowEdit',
141 subject: gettext('Output Policy'),
142 items: {
143 xtype: 'pveFirewallPolicySelector',
144 name: 'policy_out',
145 value: 'ACCEPT',
146 fieldLabel: gettext('Output Policy'),
147 },
148 },
149 };
150 }
151
152 var edit_btn = new Ext.Button({
153 text: gettext('Edit'),
154 disabled: true,
155 handler: function() { me.run_editor(); },
156 });
157
158 var set_button_status = function() {
159 var sm = me.getSelectionModel();
160 var rec = sm.getSelection()[0];
161
162 if (!rec) {
163 edit_btn.disable();
164 return;
165 }
166 var rowdef = me.rows[rec.data.key];
167 if (canEdit) {
168 edit_btn.setDisabled(!rowdef.editor);
169 }
170 };
171
172 Ext.apply(me, {
173 url: "/api2/json" + me.base_url,
174 tbar: [edit_btn],
175 editorConfig: {
176 url: '/api2/extjs/' + me.base_url,
177 },
178 listeners: {
179 itemdblclick: () => { if (canEdit) { me.run_editor(); } },
180 selectionchange: set_button_status,
181 },
182 });
183
184 me.callParent();
185
186 me.on('activate', me.rstore.startUpdate);
187 me.on('destroy', me.rstore.stopUpdate);
188 me.on('deactivate', me.rstore.stopUpdate);
189 },
190 });
191
192
193 Ext.define('PVE.FirewallLogLevels', {
194 extend: 'Proxmox.form.KVComboBox',
195 alias: ['widget.pveFirewallLogLevels'],
196
197 name: 'log',
198 fieldLabel: gettext('Log level'),
199 value: 'nolog',
200 comboItems: [['nolog', 'nolog'], ['emerg', 'emerg'], ['alert', 'alert'],
201 ['crit', 'crit'], ['err', 'err'], ['warning', 'warning'],
202 ['notice', 'notice'], ['info', 'info'], ['debug', 'debug']],
203 });
The Proxmox VE Management API and Web UI