gui: add API token ACLs

and the needed API token selector.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

diff --git a/www/Makefile b/www/Makefile
index 77420a5650facc0a89d445a6cc052a28d8725e14..7135df9a902efeb07c7a327a5d70f9fc01e2726f 100644 (file)
--- a/www/Makefile
+++ b/www/Makefile
@@ -6,6 +6,7 @@ IMAGES := \
 
 JSSRC=                                                 \
        form/UserSelector.js                            \
+       form/TokenSelector.js                           \
        form/RemoteSelector.js                          \
        form/DataStoreSelector.js                       \
        form/CalendarEvent.js                           \

diff --git a/www/config/ACLView.js b/www/config/ACLView.js
index d552b02972346ee503ab81850412311217758674..67bf04f81e9baab12c5e21e96da00646052d097c 100644 (file)
--- a/www/config/ACLView.js
+++ b/www/config/ACLView.js
@@ -31,19 +31,35 @@ Ext.define('PBS.config.ACLView', {
     controller: {
        xclass: 'Ext.app.ViewController',
 
-       addACL: function() {
+       addUserACL: function() {
            let me = this;
            let view = me.getView();
-            Ext.create('PBS.window.ACLEdit', {
+           Ext.create('PBS.window.ACLEdit', {
                path: view.aclPath,
+               aclType: 'user',
                listeners: {
                    destroy: function() {
                        me.reload();
                    },
                },
-            }).show();
+           }).show();
        },
 
+       addTokenACL: function() {
+           let me = this;
+           let view = me.getView();
+           Ext.create('PBS.window.ACLEdit', {
+               path: view.aclPath,
+               aclType: 'token',
+               listeners: {
+                   destroy: function() {
+                       me.reload();
+                   },
+               },
+           }).show();
+       },
+
+
        removeACL: function(btn, event, rec) {
            let me = this;
            Proxmox.Utils.API2Request({
@@ -106,10 +122,22 @@ Ext.define('PBS.config.ACLView', {
 
     tbar: [
        {
-           xtype: 'proxmoxButton',
            text: gettext('Add'),
-           handler: 'addACL',
-           selModel: false,
+           menu: {
+               xtype: 'menu',
+               items: [
+                   {
+                       text: gettext('User Permission'),
+                       iconCls: 'fa fa-fw fa-user',
+                       handler: 'addUserACL',
+                   },
+                   {
+                       text: gettext('API Token Permission'),
+                       iconCls: 'fa fa-fw fa-user-o',
+                       handler: 'addTokenACL',
+                   },
+               ],
+           },
        },
        {
            xtype: 'proxmoxStdRemoveButton',
@@ -127,7 +155,7 @@ Ext.define('PBS.config.ACLView', {
            dataIndex: 'path',
        },
        {
-           header: gettext('User/Group'),
+           header: gettext('User/Group/API Token'),
            width: 100,
            sortable: true,
            renderer: Ext.String.htmlEncode,

diff --git a/www/form/TokenSelector.js b/www/form/TokenSelector.js
new file mode 100644 (file)
index 0000000..502fe82
--- /dev/null
+++ b/www/form/TokenSelector.js
@@ -0,0 +1,72 @@
+Ext.define('PBS.form.TokenSelector', {
+    extend: 'Proxmox.form.ComboGrid',
+    alias: 'widget.pbsTokenSelector',
+
+    allowBlank: false,
+    autoSelect: false,
+    valueField: 'tokenid',
+    displayField: 'tokenid',
+
+    editable: true,
+    anyMatch: true,
+    forceSelection: true,
+
+    store: {
+       model: 'pbs-tokens',
+       params: {
+           enabled: 1,
+       },
+       sorters: 'tokenid',
+    },
+
+    initComponent: function() {
+       let me = this;
+       me.userStore = Ext.create('Ext.data.Store', {
+           model: 'pbs-users-with-tokens',
+       });
+       me.userStore.on('load', this.onLoad, this);
+       me.userStore.load();
+
+       me.callParent();
+    },
+
+    onLoad: function(store, data, success) {
+       if (!success) return;
+
+       let tokenStore = this.store;
+
+       let records = [];
+       Ext.Array.each(data, function(user) {
+       let tokens = user.data.tokens || [];
+       Ext.Array.each(tokens, function(token) {
+           let r = {};
+           r.tokenid = token.tokenid;
+           r.comment = token.comment;
+           r.expire = token.expire;
+           r.enable = token.enable;
+           records.push(r);
+       });
+       });
+
+       tokenStore.loadData(records);
+    },
+
+    listConfig: {
+       columns: [
+           {
+               header: gettext('API Token'),
+               sortable: true,
+               dataIndex: 'tokenid',
+               renderer: Ext.String.htmlEncode,
+               flex: 1,
+           },
+           {
+               header: gettext('Comment'),
+               sortable: false,
+               dataIndex: 'comment',
+               renderer: Ext.String.htmlEncode,
+               flex: 1,
+           },
+       ],
+    },
+});

diff --git a/www/window/ACLEdit.js b/www/window/ACLEdit.js
index ffeb9e814a8d85927f4832df0e992bfd223582f9..42db1ff62b8578ab8b1a75cef1a258922e5dc2e6 100644 (file)
--- a/www/window/ACLEdit.js
+++ b/www/window/ACLEdit.js
@@ -14,47 +14,62 @@ Ext.define('PBS.window.ACLEdit', {
     // caller can give a static path
     path: undefined,
 
-    subject: gettext('User Permission'),
-
-    getValues: function(dirtyOnly) {
+    initComponent: function() {
        let me = this;
-       let values = me.callParent(arguments);
 
-       if (me.path) {
-           values.path = me.path;
-       }
-       return values;
-    },
+       me.items = [];
 
-    items: [
-       {
+       me.items.push({
            xtype: 'pbsPermissionPathSelector',
            fieldLabel: gettext('Path'),
-           cbind: {
-               editable: '{!path}',
-               value: '{path}',
-           },
+           editable: !me.path,
+           value: me.path,
            name: 'path',
            allowBlank: false,
-       },
-       {
-           xtype: 'pbsUserSelector',
-           fieldLabel: gettext('User'),
-           name: 'auth_id',
-           allowBlank: false,
-       },
-       {
+       });
+
+       if (me.aclType === 'user') {
+           me.subject = gettext('User Permission');
+           me.items.push({
+               xtype: 'pbsUserSelector',
+               fieldLabel: gettext('User'),
+               name: 'auth_id',
+               allowBlank: false,
+           });
+       } else if (me.aclType === 'token') {
+           me.subject = gettext('API Token Permission');
+           me.items.push({
+               xtype: 'pbsTokenSelector',
+               fieldLabel: gettext('API Token'),
+               name: 'auth_id',
+               allowBlank: false,
+           });
+       }
+       me.items.push({
            xtype: 'pmxRoleSelector',
            name: 'role',
            value: 'NoAccess',
            fieldLabel: gettext('Role'),
-       },
-       {
+       });
+       me.items.push({
            xtype: 'proxmoxcheckbox',
            name: 'propagate',
            checked: true,
            uncheckedValue: 0,
            fieldLabel: gettext('Propagate'),
-       },
-    ],
+       });
+
+       me.callParent();
+    },
+
+    getValues: function(dirtyOnly) {
+       let me = this;
+       let values = me.callParent(arguments);
+
+       if (me.path) {
+           values.path = me.path;
+       }
+       return values;
+    },
+
 });