From 14c23c3e87811a787d9a1cf77d808be9ab1aa1c8 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 02:09:31 +0100 Subject: [PATCH 01/33] web/admin: fix duplicate RBAC preview banner on permission modal Signed-off-by: Jens Langhammer --- web/src/admin/roles/RoleViewPage.ts | 2 +- web/src/elements/rbac/ObjectPermissionModal.ts | 1 + web/src/elements/rbac/ObjectPermissionsPage.ts | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/web/src/admin/roles/RoleViewPage.ts b/web/src/admin/roles/RoleViewPage.ts index 8cc2e5d081b6..0ee33102b8ba 100644 --- a/web/src/admin/roles/RoleViewPage.ts +++ b/web/src/admin/roles/RoleViewPage.ts @@ -148,7 +148,7 @@ export class RoleViewPage extends AKElement { data-tab-title="${msg("Permissions")}" model=${RbacPermissionsAssignedByUsersListModelEnum.RbacRole} objectPk=${this._role.pk} - .showBanner=${false} + .embedded=${true} > `; } diff --git a/web/src/elements/rbac/ObjectPermissionModal.ts b/web/src/elements/rbac/ObjectPermissionModal.ts index e50be6b8290f..64bab6097ad7 100644 --- a/web/src/elements/rbac/ObjectPermissionModal.ts +++ b/web/src/elements/rbac/ObjectPermissionModal.ts @@ -38,6 +38,7 @@ export class ObjectPermissionsPageForm extends ModelForm { .model=${this.model} .objectPk=${this.objectPk} slot="form" + .embedded=${true} > `; } diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index a9ebd4d7aa44..8edf05510000 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -24,14 +24,14 @@ export class ObjectPermissionPage extends AKElement { objectPk?: string | number; @property({ type: Boolean }) - showBanner = true; + embedded = false; static get styles(): CSSResult[] { return [PFBase, PFGrid, PFPage, PFCard, PFBanner]; } render(): TemplateResult { - return html`${this.showBanner + return html`${!this.embedded ? html`
${msg("RBAC is in preview.")} ${msg("Send us feedback!")} From 5bc94e66e7f094e080f4a0b939b8e7dc6e69bce6 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 02:10:42 +0100 Subject: [PATCH 02/33] switch non-embedded permission page to use vertical tabs Signed-off-by: Jens Langhammer --- web/src/elements/rbac/ObjectPermissionsPage.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index 8edf05510000..1f48a5dd18dc 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -37,7 +37,7 @@ export class ObjectPermissionPage extends AKElement { ${msg("Send us feedback!")}
` : html``} - +
Date: Thu, 25 Jan 2024 02:11:59 +0100 Subject: [PATCH 03/33] fix some leftover html? Signed-off-by: Jens Langhammer --- web/src/admin/users/UserViewPage.ts | 64 +++++++++++------------------ 1 file changed, 24 insertions(+), 40 deletions(-) diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index ddc9e92ba768..a95794f44a67 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -227,46 +227,30 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) { renderRecoveryButtons(user: User) { return html`
- - ${msg("Update password")} - ${msg("Update password")} - - - - requestRecoveryLink(user)} - > - - ${msg("Create Recovery Link")} - - - ${user.email ? renderRecoveryEmailRequest(user) : nothing} -
- - - - - `; + + ${msg("Update password")} + ${msg("Update password")} + + + + requestRecoveryLink(user)} + > + + ${msg("Create Recovery Link")} + + + ${user.email ? renderRecoveryEmailRequest(user) : nothing} + `; } renderBody() { From 1f90869cbd9f542b1d809fc56ba797a309fd067d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 02:19:11 +0100 Subject: [PATCH 04/33] move stuff into vertical subtab Signed-off-by: Jens Langhammer --- web/src/admin/users/UserViewPage.ts | 100 ++++++++++++++++------------ 1 file changed, 57 insertions(+), 43 deletions(-) diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index a95794f44a67..dcc02405c53d 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -36,7 +36,7 @@ import "@goauthentik/elements/user/SessionList"; import "@goauthentik/elements/user/UserConsentList"; import { msg, str } from "@lit/localize"; -import { css, html, nothing } from "lit"; +import { TemplateResult, css, html, nothing } from "lit"; import { customElement, property, state } from "lit/decorators.js"; import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; @@ -253,6 +253,59 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) { `; } + renderTabCredentials(user: User): TemplateResult { + return html` + +
+
+
+ + +
+
+
+
+
+
+ +
+
+
+
+
+
+ + +
+
+
+
+
+
+ +
+
+
+ + `; + } + renderBody() { if (!this.user) { return nothing; @@ -310,18 +363,6 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) {
-
-
-
- - -
-
-
-
-
- -
-
-
-
-
-
- - -
-
-
-
-
-
- -
-
+ ${this.renderTabCredentials(this.user)}
Date: Thu, 25 Jan 2024 02:25:39 +0100 Subject: [PATCH 05/33] show all of users permission tabs on one main tab Signed-off-by: Jens Langhammer --- web/src/admin/users/UserViewPage.ts | 35 +---------------- .../elements/rbac/ObjectPermissionsPage.ts | 39 +++++++++++++++++++ 2 files changed, 40 insertions(+), 34 deletions(-) diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index dcc02405c53d..5330859a9850 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -3,8 +3,6 @@ import "@goauthentik/admin/users/UserActiveForm"; import "@goauthentik/admin/users/UserChart"; import "@goauthentik/admin/users/UserForm"; import "@goauthentik/admin/users/UserPasswordForm"; -import "@goauthentik/app/admin/users/UserAssignedGlobalPermissionsTable"; -import "@goauthentik/app/admin/users/UserAssignedObjectPermissionsTable"; import { renderRecoveryEmailRequest, requestRecoveryLink, @@ -397,39 +395,8 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) { data-tab-title="${msg("Permissions")}" model=${RbacPermissionsAssignedByUsersListModelEnum.CoreUser} objectPk=${this.user.pk} - > -
-
- ${msg("RBAC is in preview.")} - ${msg("Send us feedback!")} -
-
-
-
-
- ${msg("Assigned global permissions")} -
-
- - -
-
-
-
- ${msg("Assigned object permissions")} -
-
- - -
-
-
-
-
+ `; } } diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index 1f48a5dd18dc..6f89629535d6 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -1,3 +1,5 @@ +import "@goauthentik/app/admin/users/UserAssignedGlobalPermissionsTable"; +import "@goauthentik/app/admin/users/UserAssignedObjectPermissionsTable"; import { AKElement } from "@goauthentik/app/elements/Base"; import "@goauthentik/app/elements/rbac/RoleObjectPermissionTable"; import "@goauthentik/app/elements/rbac/UserObjectPermissionTable"; @@ -38,6 +40,43 @@ export class ObjectPermissionPage extends AKElement { ` : html``} + ${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser + ? html` +
+
+
+
+
+ ${msg("Assigned global permissions")} +
+
+ + +
+
+
+
+ ${msg("Assigned object permissions")} +
+
+ + +
+
+
+
+
+ ` + : html``} +
Date: Thu, 25 Jan 2024 02:35:19 +0100 Subject: [PATCH 06/33] rework role page to match user page Signed-off-by: Jens Langhammer --- web/src/admin/roles/RoleViewPage.ts | 141 ++++++++++-------- .../elements/rbac/ObjectPermissionsPage.ts | 43 +++++- 2 files changed, 115 insertions(+), 69 deletions(-) diff --git a/web/src/admin/roles/RoleViewPage.ts b/web/src/admin/roles/RoleViewPage.ts index 0ee33102b8ba..7c04d609b186 100644 --- a/web/src/admin/roles/RoleViewPage.ts +++ b/web/src/admin/roles/RoleViewPage.ts @@ -1,21 +1,19 @@ import "@goauthentik/admin/groups/RelatedGroupList"; -import "@goauthentik/app/admin/roles/RolePermissionGlobalTable"; -import "@goauthentik/app/admin/roles/RolePermissionObjectTable"; +import "@goauthentik/admin/roles/RoleForm"; import "@goauthentik/app/elements/rbac/ObjectPermissionsPage"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EVENT_REFRESH } from "@goauthentik/common/constants"; import "@goauthentik/components/events/ObjectChangelog"; import "@goauthentik/components/events/UserEvents"; import { AKElement } from "@goauthentik/elements/Base"; -import "@goauthentik/elements/CodeMirror"; import "@goauthentik/elements/PageHeader"; import "@goauthentik/elements/Tabs"; +import "@goauthentik/elements/forms/ModalForm"; import { msg, str } from "@lit/localize"; import { CSSResult, TemplateResult, css, html } from "lit"; import { customElement, property, state } from "lit/decorators.js"; -import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; import PFCard from "@patternfly/patternfly/components/Card/card.css"; import PFContent from "@patternfly/patternfly/components/Content/content.css"; @@ -53,7 +51,6 @@ export class RoleViewPage extends AKElement { PFContent, PFCard, PFDescriptionList, - PFBanner, css` .pf-c-description-list__description ak-action-button { margin-right: 6px; @@ -87,69 +84,81 @@ export class RoleViewPage extends AKElement { if (!this._role) { return html``; } - return html`
- ${msg("RBAC is in preview.")} - ${msg("Send us feedback!")} -
- -
-
-
-
${msg("Role Info")}
-
-
-
-
- ${msg("Name")} -
-
-
- ${this._role.name} -
-
-
-
-
-
-
-
- ${msg("Assigned global permissions")} -
-
- -
+ return html` +
+
+
+
${msg("Role Info")}
+
+
+
+
+ ${msg("Name")} +
+
+
+ ${this._role.name} +
+
+
+
+
+ ${msg("Edit")} +
+
+
+ + ${msg("Update")} + ${msg("Update Role")} + + + + +
+
+
+
-
-
- ${msg("Assigned object permissions")} -
-
- -
+
+
+
${msg("Changelog")}
+
+ +
-
- - `; +
+
+ + `; } } diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index 6f89629535d6..d5595b057db6 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -1,3 +1,5 @@ +import "@goauthentik/app/admin/roles/RolePermissionGlobalTable"; +import "@goauthentik/app/admin/roles/RolePermissionObjectTable"; import "@goauthentik/app/admin/users/UserAssignedGlobalPermissionsTable"; import "@goauthentik/app/admin/users/UserAssignedObjectPermissionsTable"; import { AKElement } from "@goauthentik/app/elements/Base"; @@ -76,7 +78,42 @@ export class ObjectPermissionPage extends AKElement { ` : html``} - + ${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole + ? html` +
+
+
+
+
+ ${msg("Assigned global permissions")} +
+
+ + +
+
+
+
+ ${msg("Assigned object permissions")} +
+
+ + +
+
+
+
+
+ ` + : html``}
-
User Object Permissions
+
${msg("User Object Permissions")}
-
Role Object Permissions
+
${msg("Role Object Permissions")}
Date: Thu, 25 Jan 2024 02:39:03 +0100 Subject: [PATCH 07/33] use separate tabs Signed-off-by: Jens Langhammer --- .../elements/rbac/ObjectPermissionsPage.ts | 104 ++++++++++-------- 1 file changed, 56 insertions(+), 48 deletions(-) diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index d5595b057db6..fc7172a1afc8 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -45,33 +45,37 @@ export class ObjectPermissionPage extends AKElement { ${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser ? html`
-
-
-
- ${msg("Assigned global permissions")} -
-
- - -
+
+
+ ${msg("Assigned global permissions")}
-
-
- ${msg("Assigned object permissions")} -
-
- - -
+
+ + +
+
+
+
+
+
+
+
+ ${msg("Assigned object permissions")} +
+
+ +
@@ -81,33 +85,37 @@ export class ObjectPermissionPage extends AKElement { ${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole ? html`
+
+
+
+ ${msg("Assigned global permissions")} +
+
+ + +
+
+
+
+
-
-
-
- ${msg("Assigned global permissions")} -
-
- - -
+
+
+ ${msg("Assigned object permissions")}
-
-
- ${msg("Assigned object permissions")} -
-
- - -
+
+ +
From 3a19e259f414bf11b285d3eeb3607709cdf8d5cc Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 02:42:39 +0100 Subject: [PATCH 08/33] rename role permission tables to match user tables Signed-off-by: Jens Langhammer --- ....ts => RoleAssignedGlobalPermissionsTable.ts} | 4 ++-- ...e.ts => RoleAssignedObjectPermissionTable.ts} | 4 ++-- web/src/elements/rbac/ObjectPermissionsPage.ts | 16 ++++++++-------- web/xliff/de.xlf | 3 --- web/xliff/en.xlf | 3 --- web/xliff/es.xlf | 3 --- web/xliff/fr.xlf | 4 ---- web/xliff/ko.xlf | 4 ---- web/xliff/nl.xlf | 3 --- web/xliff/pl.xlf | 3 --- web/xliff/pseudo-LOCALE.xlf | 4 ---- web/xliff/tr.xlf | 3 --- web/xliff/zh-CN.xlf | 3 --- web/xliff/zh-Hans.xlf | 4 ---- web/xliff/zh-Hant.xlf | 3 --- web/xliff/zh_TW.xlf | 4 ---- 16 files changed, 12 insertions(+), 56 deletions(-) rename web/src/admin/roles/{RolePermissionGlobalTable.ts => RoleAssignedGlobalPermissionsTable.ts} (95%) rename web/src/admin/roles/{RolePermissionObjectTable.ts => RoleAssignedObjectPermissionTable.ts} (95%) diff --git a/web/src/admin/roles/RolePermissionGlobalTable.ts b/web/src/admin/roles/RoleAssignedGlobalPermissionsTable.ts similarity index 95% rename from web/src/admin/roles/RolePermissionGlobalTable.ts rename to web/src/admin/roles/RoleAssignedGlobalPermissionsTable.ts index a5df368019c9..6b260e893420 100644 --- a/web/src/admin/roles/RolePermissionGlobalTable.ts +++ b/web/src/admin/roles/RoleAssignedGlobalPermissionsTable.ts @@ -11,8 +11,8 @@ import { ifDefined } from "lit/directives/if-defined.js"; import { Permission, RbacApi } from "@goauthentik/api"; -@customElement("ak-role-permissions-global-table") -export class RolePermissionGlobalTable extends Table { +@customElement("ak-role-assigned-global-permissions-table") +export class RoleAssignedGlobalPermissionsTable extends Table { @property() roleUuid?: string; diff --git a/web/src/admin/roles/RolePermissionObjectTable.ts b/web/src/admin/roles/RoleAssignedObjectPermissionTable.ts similarity index 95% rename from web/src/admin/roles/RolePermissionObjectTable.ts rename to web/src/admin/roles/RoleAssignedObjectPermissionTable.ts index 7a73647a0c3f..68c9fe681e1f 100644 --- a/web/src/admin/roles/RolePermissionObjectTable.ts +++ b/web/src/admin/roles/RoleAssignedObjectPermissionTable.ts @@ -10,8 +10,8 @@ import { customElement, property } from "lit/decorators.js"; import { ExtraRoleObjectPermission, ModelEnum, RbacApi } from "@goauthentik/api"; -@customElement("ak-role-permissions-object-table") -export class RolePermissionObjectTable extends Table { +@customElement("ak-role-assigned-object-permissions-table") +export class RoleAssignedObjectPermissionTable extends Table { @property() roleUuid?: string; diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index fc7172a1afc8..b6e3fa401543 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -1,5 +1,5 @@ -import "@goauthentik/app/admin/roles/RolePermissionGlobalTable"; -import "@goauthentik/app/admin/roles/RolePermissionObjectTable"; +import "@goauthentik/app/admin/roles/RoleAssignedGlobalPermissionsTable"; +import "@goauthentik/app/admin/roles/RoleAssignedObjectPermissionTable"; import "@goauthentik/app/admin/users/UserAssignedGlobalPermissionsTable"; import "@goauthentik/app/admin/users/UserAssignedObjectPermissionsTable"; import { AKElement } from "@goauthentik/app/elements/Base"; @@ -94,10 +94,10 @@ export class ObjectPermissionPage extends AKElement { ${msg("Assigned global permissions")}
- - +
@@ -112,10 +112,10 @@ export class ObjectPermissionPage extends AKElement { ${msg("Assigned object permissions")}
- - +
diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 3cbc435dbc67..c8b5f6463c76 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -5834,9 +5834,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index 47f29f0199e6..a10bcfd5ca49 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -6109,9 +6109,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index 272c77ba26e6..cc1d7d5cd682 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -5750,9 +5750,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index 707de6732115..8390f4cdf007 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -7666,10 +7666,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti User doesn't have view permission so description cannot be retrieved. L'utilisateur n'a pas les permissions de lecture, la description ne peut donc pas être récupérée. - - Assigned permissions - Permissions assignées - Assigned global permissions Permissions globales assignées diff --git a/web/xliff/ko.xlf b/web/xliff/ko.xlf index 327496cba78e..807b68ee2aa0 100644 --- a/web/xliff/ko.xlf +++ b/web/xliff/ko.xlf @@ -7629,10 +7629,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. 사용자에게 보기 권한이 없으므로 설명을 검색할 수 없습니다. - - Assigned permissions - 할당된 권한 - Assigned global permissions 전역 권한 할당 diff --git a/web/xliff/nl.xlf b/web/xliff/nl.xlf index 7a89e1b617fc..d110a99833a9 100644 --- a/web/xliff/nl.xlf +++ b/web/xliff/nl.xlf @@ -7769,9 +7769,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de Create Recovery Link - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index 82add95df1f4..a281e1d5aa6b 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -5957,9 +5957,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index a98dfdf1d6ff..518d82033f83 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -7609,10 +7609,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. Ũśēŕ ďōēśń'ţ ĥàvē vĩēŵ ƥēŕmĩśśĩōń śō ďēśćŕĩƥţĩōń ćàńńōţ ƀē ŕēţŕĩēvēď. - - Assigned permissions - Àśśĩĝńēď ƥēŕmĩśśĩōńś - Assigned global permissions Àśśĩĝńēď ĝĺōƀàĺ ƥēŕmĩśśĩōńś diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index e65f44756e99..d44ded562eed 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -5743,9 +5743,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/zh-CN.xlf b/web/xliff/zh-CN.xlf index 549f65ebb245..d0bcd1f9f421 100644 --- a/web/xliff/zh-CN.xlf +++ b/web/xliff/zh-CN.xlf @@ -3169,9 +3169,6 @@ doesn't pass when either or both of the selected options are equal or above the MFA Authenticators - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index ad33d700cda2..16917d2a3aed 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -7668,10 +7668,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. 用户不具有查看权限,所以无法获取描述。 - - Assigned permissions - 分配的权限 - Assigned global permissions 分配的全局权限 diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index c3f469614888..bf1d0fc17a7e 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -5791,9 +5791,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. - - Assigned permissions - Assigned global permissions diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index 95bc2a23ab16..afe9d0e26814 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -7602,10 +7602,6 @@ Bindings to groups/users are checked against the user of the event. User doesn't have view permission so description cannot be retrieved. 使用者沒有讀取權限,所以無法取得描述。 - - Assigned permissions - 已分配的權限 - Assigned global permissions 已分配的全域權限 From 5661ab31b34df886b5a6a50aeb6316434a975271 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 11:12:40 +0100 Subject: [PATCH 09/33] rename to credentials and tokens Signed-off-by: Jens Langhammer --- web/src/admin/users/UserViewPage.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index 5330859a9850..5f5499899e6e 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -251,9 +251,9 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) { `; } - renderTabCredentials(user: User): TemplateResult { + renderTabCredentialsToken(user: User): TemplateResult { return html` - +
- ${this.renderTabCredentials(this.user)} + ${this.renderTabCredentialsToken(this.user)}
Date: Thu, 25 Jan 2024 11:22:32 +0100 Subject: [PATCH 10/33] add country icon to session list Signed-off-by: Jens Langhammer --- web/src/elements/user/SessionList.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/web/src/elements/user/SessionList.ts b/web/src/elements/user/SessionList.ts index c7bb548b24c5..051626661bbb 100644 --- a/web/src/elements/user/SessionList.ts +++ b/web/src/elements/user/SessionList.ts @@ -3,6 +3,7 @@ import { uiConfig } from "@goauthentik/common/ui/config"; import "@goauthentik/elements/forms/DeleteBulkForm"; import { PaginatedResponse } from "@goauthentik/elements/table/Table"; import { Table, TableColumn } from "@goauthentik/elements/table/Table"; +import getUnicodeFlagIcon from "country-flag-icons/unicode"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; @@ -66,7 +67,11 @@ export class AuthenticatedSessionList extends Table { row(item: AuthenticatedSession): TemplateResult[] { return [ html`
- ${item.current ? html`${msg("(Current session)")} ` : html``}${item.lastIp} + ${item.current ? html`${msg("(Current session)")} ` : html``} + ${item.lastIp} + ${item.geoIp?.country + ? html` ${getUnicodeFlagIcon(item.geoIp.country)} ` + : html``}
${item.userAgent.userAgent?.family}, ${item.userAgent.os?.family}`, html`${item.expires?.toLocaleString()}`, From a2a99dbf9cc819aa568838797d0999a72cca4b6d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 11:22:49 +0100 Subject: [PATCH 11/33] add oauth access token list Signed-off-by: Jens Langhammer --- web/src/admin/users/UserViewPage.ts | 20 +++- web/src/components/events/ObjectChangelog.ts | 2 +- web/src/elements/oauth/UserAccessTokenList.ts | 93 +++++++++++++++++++ ...RefreshList.ts => UserRefreshTokenList.ts} | 4 +- 4 files changed, 112 insertions(+), 7 deletions(-) create mode 100644 web/src/elements/oauth/UserAccessTokenList.ts rename web/src/elements/oauth/{UserRefreshList.ts => UserRefreshTokenList.ts} (96%) diff --git a/web/src/admin/users/UserViewPage.ts b/web/src/admin/users/UserViewPage.ts index 5f5499899e6e..aaf85bfb2834 100644 --- a/web/src/admin/users/UserViewPage.ts +++ b/web/src/admin/users/UserViewPage.ts @@ -29,7 +29,8 @@ import "@goauthentik/elements/Tabs"; import "@goauthentik/elements/buttons/ActionButton"; import "@goauthentik/elements/buttons/SpinnerButton"; import "@goauthentik/elements/forms/ModalForm"; -import "@goauthentik/elements/oauth/UserRefreshList"; +import "@goauthentik/app/elements/oauth/UserRefreshTokenList"; +import "@goauthentik/app/elements/oauth/UserAccessTokenList"; import "@goauthentik/elements/user/SessionList"; import "@goauthentik/elements/user/UserConsentList"; @@ -277,6 +278,18 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) {
+
+
+
+ + +
+
+
- - + +
@@ -386,7 +399,6 @@ export class UserViewPage extends WithCapabilitiesConfig(AKElement) {
${this.renderTabCredentialsToken(this.user)}
diff --git a/web/src/components/events/ObjectChangelog.ts b/web/src/components/events/ObjectChangelog.ts index 9901b1b1e128..5c453ee33290 100644 --- a/web/src/components/events/ObjectChangelog.ts +++ b/web/src/components/events/ObjectChangelog.ts @@ -46,7 +46,7 @@ export class ObjectChangelog extends Table { let modelName = this._targetModelName; let appName = this.targetModelApp; if (this._targetModelName.indexOf(".") !== -1) { - const parts = this._targetModelName.split("."); + const parts = this._targetModelName.split(".", 1); appName = parts[0]; modelName = parts[1]; } diff --git a/web/src/elements/oauth/UserAccessTokenList.ts b/web/src/elements/oauth/UserAccessTokenList.ts new file mode 100644 index 000000000000..3ae870a1972b --- /dev/null +++ b/web/src/elements/oauth/UserAccessTokenList.ts @@ -0,0 +1,93 @@ +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import { uiConfig } from "@goauthentik/common/ui/config"; +import "@goauthentik/components/ak-status-label"; +import "@goauthentik/elements/forms/DeleteBulkForm"; +import { PaginatedResponse } from "@goauthentik/elements/table/Table"; +import { Table, TableColumn } from "@goauthentik/elements/table/Table"; + +import { msg } from "@lit/localize"; +import { CSSResult, TemplateResult, html } from "lit"; +import { customElement, property } from "lit/decorators.js"; + +import PFFlex from "@patternfly/patternfly/layouts/Flex/flex.css"; + +import { ExpiringBaseGrantModel, Oauth2Api, TokenModel } from "@goauthentik/api"; + +@customElement("ak-user-oauth-access-token-list") +export class UserOAuthAccessTokenList extends Table { + expandable = true; + + @property({ type: Number }) + userId?: number; + + static get styles(): CSSResult[] { + return super.styles.concat(PFFlex); + } + + async apiEndpoint(page: number): Promise> { + return new Oauth2Api(DEFAULT_CONFIG).oauth2AccessTokensList({ + user: this.userId, + ordering: "expires", + page: page, + pageSize: (await uiConfig()).pagination.perPage, + }); + } + + checkbox = true; + order = "-expires"; + + columns(): TableColumn[] { + return [ + new TableColumn(msg("Provider"), "provider"), + new TableColumn(msg("Revoked?"), "revoked"), + new TableColumn(msg("Expires"), "expires"), + new TableColumn(msg("Scopes"), "scope"), + ]; + } + + renderExpanded(item: TokenModel): TemplateResult { + return html` +
+
+
+

${msg("ID Token")}

+ 
${item.idToken}
+
+
+
+ + + `; + } + + renderToolbarSelected(): TemplateResult { + const disabled = this.selectedElements.length < 1; + return html` { + return new Oauth2Api(DEFAULT_CONFIG).oauth2RefreshTokensUsedByList({ + id: item.pk, + }); + }} + .delete=${(item: ExpiringBaseGrantModel) => { + return new Oauth2Api(DEFAULT_CONFIG).oauth2RefreshTokensDestroy({ + id: item.pk, + }); + }} + > + + `; + } + + row(item: TokenModel): TemplateResult[] { + return [ + html` ${item.provider?.name} `, + html``, + html`${item.expires?.toLocaleString()}`, + html`${item.scope.join(", ")}`, + ]; + } +} diff --git a/web/src/elements/oauth/UserRefreshList.ts b/web/src/elements/oauth/UserRefreshTokenList.ts similarity index 96% rename from web/src/elements/oauth/UserRefreshList.ts rename to web/src/elements/oauth/UserRefreshTokenList.ts index 327ad6eaf88e..906947235030 100644 --- a/web/src/elements/oauth/UserRefreshList.ts +++ b/web/src/elements/oauth/UserRefreshTokenList.ts @@ -13,8 +13,8 @@ import PFFlex from "@patternfly/patternfly/layouts/Flex/flex.css"; import { ExpiringBaseGrantModel, Oauth2Api, TokenModel } from "@goauthentik/api"; -@customElement("ak-user-oauth-refresh-list") -export class UserOAuthRefreshList extends Table { +@customElement("ak-user-oauth-refresh-token-list") +export class UserOAuthRefreshTokenList extends Table { expandable = true; @property({ type: Number }) From b5e18e5c4d33a8dbc4216834631bb9dea1894e9a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 11:49:32 +0100 Subject: [PATCH 12/33] add helper to get relative time Signed-off-by: Jens Langhammer --- web/src/common/utils.ts | 22 ++++++++++++++++++++++ web/src/elements/user/SessionList.ts | 5 ++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/web/src/common/utils.ts b/web/src/common/utils.ts index 2b88f43ddff1..3333830ae7d5 100644 --- a/web/src/common/utils.ts +++ b/web/src/common/utils.ts @@ -149,3 +149,25 @@ export function adaptCSS(sheet: AdaptableStylesheet[]): CSSStyleSheet[]; export function adaptCSS(sheet: AdaptableStylesheet | AdaptableStylesheet[]): AdaptedStylesheets { return Array.isArray(sheet) ? sheet.map(_adaptCSS) : _adaptCSS(sheet); } + +const _timeUnits = new Map([ + ["year", 24 * 60 * 60 * 1000 * 365], + ["month", (24 * 60 * 60 * 1000 * 365) / 12], + ["day", 24 * 60 * 60 * 1000], + ["hour", 60 * 60 * 1000], + ["minute", 60 * 1000], + ["second", 1000], +]); + +export function getRelativeTime(d1: Date, d2: Date = new Date()): string { + const rtf = new Intl.RelativeTimeFormat("default", { numeric: "auto" }); + const elapsed = d1.getTime() - d2.getTime(); + + // "Math.abs" accounts for both "past" & "future" scenarios + for (const [key, value] of _timeUnits) { + if (Math.abs(elapsed) > value || key == "second") { + return rtf.format(Math.round(elapsed / value), key); + } + } + return rtf.format(Math.round(elapsed / 1000), "second"); +} diff --git a/web/src/elements/user/SessionList.ts b/web/src/elements/user/SessionList.ts index 051626661bbb..5e1619f0725c 100644 --- a/web/src/elements/user/SessionList.ts +++ b/web/src/elements/user/SessionList.ts @@ -10,6 +10,7 @@ import { TemplateResult, html } from "lit"; import { customElement, property } from "lit/decorators.js"; import { AuthenticatedSession, CoreApi } from "@goauthentik/api"; +import { getRelativeTime } from "@goauthentik/app/common/utils"; @customElement("ak-user-session-list") export class AuthenticatedSessionList extends Table { @@ -32,6 +33,7 @@ export class AuthenticatedSessionList extends Table { columns(): TableColumn[] { return [ new TableColumn(msg("Last IP"), "last_ip"), + new TableColumn(msg("Last used"), "last_used"), new TableColumn(msg("Expires"), "expires"), ]; } @@ -74,7 +76,8 @@ export class AuthenticatedSessionList extends Table { : html``} ${item.userAgent.userAgent?.family}, ${item.userAgent.os?.family}`, - html`${item.expires?.toLocaleString()}`, + html`
${getRelativeTime(item.lastUsed)}
${item.lastUsed?.toLocaleString()}`, + html`
${getRelativeTime(item.expires || new Date())}
${item.expires?.toLocaleString()}`, ]; } } From f7082d564bc4de2115d48287db5012b950b7db1e Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 11:49:42 +0100 Subject: [PATCH 13/33] use pfdivider Signed-off-by: Jens Langhammer --- web/src/admin/admin-overview/AdminOverviewPage.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/web/src/admin/admin-overview/AdminOverviewPage.ts b/web/src/admin/admin-overview/AdminOverviewPage.ts index 9b79f5334da6..2ef6387ba406 100644 --- a/web/src/admin/admin-overview/AdminOverviewPage.ts +++ b/web/src/admin/admin-overview/AdminOverviewPage.ts @@ -19,6 +19,7 @@ import { CSSResult, TemplateResult, css, html } from "lit"; import { customElement, state } from "lit/decorators.js"; import PFContent from "@patternfly/patternfly/components/Content/content.css"; +import PFDivider from "@patternfly/patternfly/components/Divider/divider.css"; import PFList from "@patternfly/patternfly/components/List/list.css"; import PFPage from "@patternfly/patternfly/components/Page/page.css"; import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css"; @@ -41,6 +42,7 @@ export class AdminOverviewPage extends AKElement { PFPage, PFContent, PFList, + PFDivider, css` .row-divider { margin-top: -4px; @@ -155,7 +157,7 @@ export class AdminOverviewPage extends AKElement {
-
+
-
+
Date: Thu, 25 Jan 2024 11:53:20 +0100 Subject: [PATCH 14/33] replace plain hr with pf-c-divider Signed-off-by: Jens Langhammer --- web/src/admin/admin-overview/DashboardUserPage.ts | 4 +++- .../admin/providers/oauth2/OAuth2ProviderViewPage.ts | 4 +++- web/src/admin/users/UserViewPage.ts | 9 +++------ web/src/elements/user/SessionList.ts | 12 +++++++----- web/src/flow/sources/plex/PlexLoginInit.ts | 5 +++-- .../flow/stages/access_denied/AccessDeniedStage.ts | 4 +++- 6 files changed, 22 insertions(+), 16 deletions(-) diff --git a/web/src/admin/admin-overview/DashboardUserPage.ts b/web/src/admin/admin-overview/DashboardUserPage.ts index b3829ed6a8e4..811adef3d7b6 100644 --- a/web/src/admin/admin-overview/DashboardUserPage.ts +++ b/web/src/admin/admin-overview/DashboardUserPage.ts @@ -8,6 +8,7 @@ import { CSSResult, TemplateResult, css, html } from "lit"; import { customElement } from "lit/decorators.js"; import PFContent from "@patternfly/patternfly/components/Content/content.css"; +import PFDivider from "@patternfly/patternfly/components/Divider/divider.css"; import PFList from "@patternfly/patternfly/components/List/list.css"; import PFPage from "@patternfly/patternfly/components/Page/page.css"; import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css"; @@ -22,6 +23,7 @@ export class DashboardUserPage extends AKElement { PFPage, PFContent, PFList, + PFDivider, css` .row-divider { margin-top: -4px; @@ -60,7 +62,7 @@ export class DashboardUserPage extends AKElement {
-
+
-
+
-
+
${this.renderTabCredentialsToken(this.user)}
{ @@ -72,12 +72,14 @@ export class AuthenticatedSessionList extends Table { ${item.current ? html`${msg("(Current session)")} ` : html``} ${item.lastIp} ${item.geoIp?.country - ? html` ${getUnicodeFlagIcon(item.geoIp.country)} ` - : html``} + ? html` ${getUnicodeFlagIcon(item.geoIp.country)} ` + : html``} ${item.userAgent.userAgent?.family}, ${item.userAgent.os?.family}`, - html`
${getRelativeTime(item.lastUsed)}
${item.lastUsed?.toLocaleString()}`, - html`
${getRelativeTime(item.expires || new Date())}
${item.expires?.toLocaleString()}`, + html`
${getRelativeTime(item.lastUsed)}
+ ${item.lastUsed?.toLocaleString()}`, + html`
${getRelativeTime(item.expires || new Date())}
+ ${item.expires?.toLocaleString()}`, ]; } } diff --git a/web/src/flow/sources/plex/PlexLoginInit.ts b/web/src/flow/sources/plex/PlexLoginInit.ts index 7ac10a648d3f..aea8689a530d 100644 --- a/web/src/flow/sources/plex/PlexLoginInit.ts +++ b/web/src/flow/sources/plex/PlexLoginInit.ts @@ -10,6 +10,7 @@ import { TemplateResult, html } from "lit"; import { customElement, state } from "lit/decorators.js"; import PFButton from "@patternfly/patternfly/components/Button/button.css"; +import PFDivider from "@patternfly/patternfly/components/Divider/divider.css"; import PFForm from "@patternfly/patternfly/components/Form/form.css"; import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; import PFLogin from "@patternfly/patternfly/components/Login/login.css"; @@ -32,7 +33,7 @@ export class PlexLoginInit extends BaseStage< authUrl?: string; static get styles(): CSSResult[] { - return [PFBase, PFLogin, PFForm, PFFormControl, PFButton, PFTitle]; + return [PFBase, PFLogin, PFForm, PFFormControl, PFButton, PFTitle, PFDivider]; } async firstUpdated(): Promise { @@ -76,7 +77,7 @@ export class PlexLoginInit extends BaseStage< header=${msg("Waiting for authentication...")} > -
+

${msg("If no Plex popup opens, click the button below.")}

+ + `; + } + + renderBody() { if (!this._role) { - return html``; + return nothing; } + return html`
${msg("Role Info")}
-
-
-
- ${msg("Name")} -
-
-
- ${this._role.name} -
-
-
-
-
- ${msg("Edit")} -
-
-
- - ${msg("Update")} - ${msg("Update Role")} - - - - -
-
-
-
+ ${renderDescriptionList([ + [msg("Name"), this._role.name], + [msg("Edit"), this.renderUpdateControl(this._role)], + ])}
` - : html``} + : nothing} ${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser - ? html` -
-
-
-
- ${msg("Assigned global permissions")} -
-
- - -
-
-
-
-
-
-
-
- ${msg("Assigned object permissions")} -
-
- - -
-
-
-
- ` - : html``} + ? this.renderCoreUser() + : nothing} ${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole - ? html` -
-
-
-
- ${msg("Assigned global permissions")} -
-
- - -
-
-
-
-
-
-
-
- ${msg("Assigned object permissions")} -
-
- - -
-
-
-
- ` - : html``} + ? this.renderRbacRole() + : nothing}
`; } + + renderCoreUser() { + return html` +
+
+
+
${msg("Assigned global permissions")}
+
+ + +
+
+
+
+
+
+
+
${msg("Assigned object permissions")}
+
+ + +
+
+
+
+ `; + } + + renderRbacRole() { + return html` +
+
+
+
${msg("Assigned global permissions")}
+
+ + +
+
+
+
+
+
+
+
${msg("Assigned object permissions")}
+
+ + +
+
+
+
+ `; + } } From 74aa0d501626a6b6ffd4514859892d6643e7011d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 19:58:45 +0100 Subject: [PATCH 27/33] fix prettier Signed-off-by: Jens Langhammer --- web/.prettierignore | 1 + web/.storybook/css-import-maps.ts | 3 --- web/scripts/build-storybook-import-maps.ts | 6 +----- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/web/.prettierignore b/web/.prettierignore index 51b2d6c4b9dc..d9aec48258cc 100644 --- a/web/.prettierignore +++ b/web/.prettierignore @@ -11,3 +11,4 @@ src/locales/ storybook-static/ # Prettier breaks the tsconfig file tsconfig.json +.storybook/css-import-maps* diff --git a/web/.storybook/css-import-maps.ts b/web/.storybook/css-import-maps.ts index 402f0cd1eac3..5415a2b272b0 100644 --- a/web/.storybook/css-import-maps.ts +++ b/web/.storybook/css-import-maps.ts @@ -1,5 +1,3 @@ - - // THIS IS A GENERATED FILE. DO NOT EDIT BY HAND. // // This file is generated by the build-storybook-import-maps script in the UI's base directory. @@ -78,4 +76,3 @@ const cssImportMaps = rawCssImportMaps.reduce((acc, line) => ( export { cssImportMaps }; export default cssImportMaps; - diff --git a/web/scripts/build-storybook-import-maps.ts b/web/scripts/build-storybook-import-maps.ts index d0d4cf7f85fd..75ef3e3f5d8f 100644 --- a/web/scripts/build-storybook-import-maps.ts +++ b/web/scripts/build-storybook-import-maps.ts @@ -2,7 +2,6 @@ import fs from "fs"; import path from "path"; import { fileURLToPath } from "url"; - const __dirname = fileURLToPath(new URL(".", import.meta.url)); // eslint-disable-next-line @typescript-eslint/no-explicit-any @@ -64,9 +63,7 @@ function getTheImportLines(importPaths: string[]) { const importPaths = getTheSourceFiles(); const importLines = getTheImportLines(importPaths); -const outputFile = ` - -// THIS IS A GENERATED FILE. DO NOT EDIT BY HAND. +const outputFile = `// THIS IS A GENERATED FILE. DO NOT EDIT BY HAND. // // This file is generated by the build-storybook-import-maps script in the UI's base directory. // This is a *hack* to work around an inconsistency in the way rollup, vite, and storybook @@ -86,7 +83,6 @@ const cssImportMaps = rawCssImportMaps.reduce( export { cssImportMaps }; export default cssImportMaps; - `; fs.writeFileSync(path.join(__dirname, "..", ".storybook", "css-import-maps.ts"), outputFile, { From a592828d7641c217525a3c63663b97cdcd3472b5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 19:58:49 +0100 Subject: [PATCH 28/33] fix outpost form Signed-off-by: Jens Langhammer --- web/src/admin/outposts/OutpostForm.ts | 42 +++++++++++++++------------ 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/web/src/admin/outposts/OutpostForm.ts b/web/src/admin/outposts/OutpostForm.ts index 4895bc22c703..eeae589233ca 100644 --- a/web/src/admin/outposts/OutpostForm.ts +++ b/web/src/admin/outposts/OutpostForm.ts @@ -230,25 +230,29 @@ export class OutpostForm extends ModelForm { ${msg("Advanced settings")} - - -

- ${msg("Set custom attributes using YAML or JSON.")} -

-

- ${msg("See more here:")}  - ${msg("Documentation")} -

- +
+ + +

+ ${msg("Set custom attributes using YAML or JSON.")} +

+

+ ${msg("See more here:")}  + ${msg("Documentation")} +

+ +
`; } } From db7be235494ff960e93d270167114ec132c40c6c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 20:06:21 +0100 Subject: [PATCH 29/33] fix more flaky tests Signed-off-by: Jens Langhammer --- authentik/tenants/tests/test_recovery.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/authentik/tenants/tests/test_recovery.py b/authentik/tenants/tests/test_recovery.py index 572753b89350..bc90a38a79cf 100644 --- a/authentik/tenants/tests/test_recovery.py +++ b/authentik/tenants/tests/test_recovery.py @@ -70,7 +70,7 @@ def test_create_key(self): body = loads(response.content.decode()) token = Token.objects.get(intent=TokenIntents.INTENT_RECOVERY, user=self.user) self.assertIn(token.key, body["url"]) - self.assertEqual(len(Token.objects.all()), 1) + self.assertEqual(len(Token.objects.filter(intent=TokenIntents.INTENT_RECOVERY)), 1) @CONFIG.patch("outposts.disable_embedded_outpost", True) @CONFIG.patch("tenants.enabled", True) @@ -86,4 +86,4 @@ def test_create_key_invalid(self): headers=HEADERS, ) self.assertEqual(response.status_code, 404) - self.assertEqual(len(Token.objects.all()), 0) + self.assertEqual(len(Token.objects.filter(intent=TokenIntents.INTENT_RECOVERY)), 0) From a3feefe7c7b6a203cb36e1216ed04b6e44b6ef2b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 20:09:28 +0100 Subject: [PATCH 30/33] re-create locale Signed-off-by: Jens Langhammer --- web/xliff/zh-Hans.xlf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index d3338242574f..54d454d77d81 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -8379,6 +8379,18 @@ Bindings to groups/users are checked against the user of the event. OAuth Access Tokens + + Credentials / Tokens + + + This feature requires an enterprise license. + + + Last used + + + OAuth Access Tokens + Credentials / Tokens From 6354a25900a5ffafa7f8c2da5e4bdecb3d29e48f Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 23:45:59 +0100 Subject: [PATCH 31/33] add some description for different permission views Signed-off-by: Jens Langhammer --- .../elements/rbac/ObjectPermissionsPage.ts | 26 +++++++++++++++++++ web/xliff/de.xlf | 15 +++++++++++ web/xliff/en.xlf | 15 +++++++++++ web/xliff/es.xlf | 15 +++++++++++ web/xliff/fr.xlf | 15 +++++++++++ web/xliff/ko.xlf | 15 +++++++++++ web/xliff/nl.xlf | 15 +++++++++++ web/xliff/pl.xlf | 15 +++++++++++ web/xliff/pseudo-LOCALE.xlf | 15 +++++++++++ web/xliff/tr.xlf | 15 +++++++++++ web/xliff/zh-CN.xlf | 15 +++++++++++ web/xliff/zh-Hans.xlf | 15 +++++++++++ web/xliff/zh-Hant.xlf | 15 +++++++++++ web/xliff/zh_TW.xlf | 15 +++++++++++ 14 files changed, 221 insertions(+) diff --git a/web/src/elements/rbac/ObjectPermissionsPage.ts b/web/src/elements/rbac/ObjectPermissionsPage.ts index d9d5de45a22a..a9bfbc14d23e 100644 --- a/web/src/elements/rbac/ObjectPermissionsPage.ts +++ b/web/src/elements/rbac/ObjectPermissionsPage.ts @@ -56,6 +56,9 @@ export class ObjectPermissionPage extends AKElement {
${msg("User Object Permissions")}
+
+ ${msg("Permissions set on users which affect this object.")} +
${msg("Role Object Permissions")}
+
+ ${msg("Permissions set on roles which affect this object.")} +
${msg("Assigned global permissions")}
+
+ ${msg( + "Permissions assigned to this user which affect all object instances of a given type.", + )} +
${msg("Assigned object permissions")}
+
+ ${msg( + "Permissions assigned to this user affecting specific object instances.", + )} +
${msg("Assigned global permissions")}
+
+ ${msg( + "Permissions assigned to this role which affect all object instances of a given type.", + )} +
${msg("Assigned object permissions")}
+
+ ${msg( + "Permissions assigned to this user affecting specific object instances.", + )} +
Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index ca2b51d4e795..692e5ff2712f 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -6643,6 +6643,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index fc506e09dd2b..bbdccb38daa3 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -6288,6 +6288,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index 75e69980facf..dcd40e929780 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -8368,6 +8368,21 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/ko.xlf b/web/xliff/ko.xlf index afbf1f1232c4..b9ef7b21caa0 100644 --- a/web/xliff/ko.xlf +++ b/web/xliff/ko.xlf @@ -8238,6 +8238,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/nl.xlf b/web/xliff/nl.xlf index ab5c4fdc7cc1..2f86986d4a56 100644 --- a/web/xliff/nl.xlf +++ b/web/xliff/nl.xlf @@ -8081,6 +8081,21 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index a2a57d702d95..652eff4c4b31 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -6495,6 +6495,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index e142a9fdb45e..d49470c14d90 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -8215,4 +8215,19 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. + diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index a198c70c6b13..5c4b77f30896 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -6281,6 +6281,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/zh-CN.xlf b/web/xliff/zh-CN.xlf index 46c2d416b55b..be9998976ec0 100644 --- a/web/xliff/zh-CN.xlf +++ b/web/xliff/zh-CN.xlf @@ -5191,6 +5191,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. + diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index 54d454d77d81..5f5e2c6ab655 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -8393,6 +8393,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index c97cd1b37b91..0ff8d6376e40 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -6329,6 +6329,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index 323f90aa1ffb..df46c9afffff 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -8199,6 +8199,21 @@ Bindings to groups/users are checked against the user of the event. Credentials / Tokens + + + Permissions set on users which affect this object. + + + Permissions set on roles which affect this object. + + + Permissions assigned to this user which affect all object instances of a given type. + + + Permissions assigned to this user affecting specific object instances. + + + Permissions assigned to this role which affect all object instances of a given type. From 5a6547785d141b8c240bafe16bf59ec5bb8c836c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 25 Jan 2024 23:54:54 +0100 Subject: [PATCH 32/33] fix system task search Signed-off-by: Jens Langhammer --- web/src/admin/system-tasks/SystemTaskListPage.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/admin/system-tasks/SystemTaskListPage.ts b/web/src/admin/system-tasks/SystemTaskListPage.ts index d8a223453407..4b1c7c6f5046 100644 --- a/web/src/admin/system-tasks/SystemTaskListPage.ts +++ b/web/src/admin/system-tasks/SystemTaskListPage.ts @@ -32,7 +32,7 @@ export class SystemTaskListPage extends TablePage { expandable = true; searchEnabled(): boolean { - return false; + return true; } @property() From 96d13a3ba335a8c79029496ee58e373b832f7f5c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 26 Jan 2024 17:07:12 +0100 Subject: [PATCH 33/33] update docs Signed-off-by: Jens Langhammer --- .../access-control/manage_permissions.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/website/docs/user-group-role/access-control/manage_permissions.md b/website/docs/user-group-role/access-control/manage_permissions.md index c4a924c38a9b..49d6c05bcb7a 100644 --- a/website/docs/user-group-role/access-control/manage_permissions.md +++ b/website/docs/user-group-role/access-control/manage_permissions.md @@ -9,22 +9,20 @@ Refer to the following topics for instructions to view and manage permissions. You can view all permissions that are assigned to a user, group, role, flow, or stage. -### View user, group, and role permissions +### View user and role permissions -To view _object_ permissions for a specific user, role, or group: +To view _object_ permissions for a specific user or role: 1. Go to the Admin interface and navigate to **Directory**. -2. Select either **Users**, **Groups**, or **Roles** -3. Select a specific user/group/role by clicking on the name (this opens the details page). -4. Click the **Assigned Permissions** tab at the top of the page (to the right of the **Permissions** tab). -5. Scroll down to see both the global and object-level permissions. - -:::info -Note that groups do not have global permissions. -::: +2. Select either **Users** or **Roles** +3. Select a specific user/role by clicking on the name (this opens the details page). +4. Click the **Permissions** tab at the top of the page +5. Select the **Assigned global permissions** sub-tab to see global permissions and the **Assigned object permissions** sub-tab to see the object-level permissions. ### View flow permissions +\_These instructions apply to all objects that have a detail page, which can be accessed by clicking on the name in the list page.\_\_ + 1. Go to the Admin interface and navigate to **Flows and Stages -> Flows**. 2. Click the name of the flow (this opens the details page). 3. Click the **Permissions** tab at the top of the page. @@ -32,6 +30,8 @@ Note that groups do not have global permissions. ### View stage permissions +\_These instructions apply to all objects that **do not** have a detail page.\_\_ + 1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**. 2. On the row for the specific stage whose permissions you want to view, click the lock icon. 3. On the **Update Permissions** tab, you can view the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.