[Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Alexander Bokovoy
abokovoy at redhat.com
Sat May 4 06:04:00 UTC 2013
On Sat, 04 May 2013, Alexander Bokovoy wrote:
> On Fri, 03 May 2013, Sumit Bose wrote:
>> On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
>>> Hi!
>>>
>>> Attached are patches to allow resolving SIDs in Web UI in external
>>> membership panel for groups. Please see more detailed description in the
>>> main patch.
>>>
>>> I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
>>> should be simple.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3302
>>>
>>> Since framework doesn't allow to hide commands from CLI, underlying
>>> command is usable from CLI too:
>>> # ipa trust-resolve --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
>>> Name: enterprise read-only domain controllers at ad.lan
>>> SID: S-1-5-21-3502988750-125904550-3683905862-498
>>>
>>> Name: administrator at ad.lan
>>> SID: S-1-5-21-3502988750-125904550-3683905862-500
>>>
>>> Name: domain admins at ad.lan
>>> SID: S-1-5-21-3502988750-125904550-3683905862-512
>>>
>>> --
>>> / Alexander Bokovoy
>>> + try:
>>> + sids = map(lambda x: str(x), options['sids'])
>>> + xlate = pysss_nss_idmap.getnamebysid(sids)
>>
>> The latest version, which is already committed to sssd, return a dict.
>> The output of ipa trust-resolve now look like:
>>
>> [root at ipa18-devel ~]# ipa trust-resolve --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
>> Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
>> SID: S-1-5-21-3090815309-2627318493-3395719201-500
>>
>> Name: {'type': 2, 'name': u'enterprise read-only domain controllers at ad18.ipa18.devel'}
>> SID: S-1-5-21-3090815309-2627318493-3395719201-498
>>
>> Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
>> SID: S-1-5-21-3090815309-2627318493-3395719201-513
>>
>>> + for sid in xlate:
>>> + entry = dict()
>>> + entry['sid'] = [unicode(sid)]
>>> + entry['name'] = [unicode(xlate[sid])]
>>
>> I think you need entry['name'] = [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
>> here.
> Fixed, thanks!
> I also added type conversion to a text (user, group, both). The type is not shown by default
> in CLI but is available through --all option. We might consider using it
> in Web UI for visual hint about the name nature.
>
>> I tried with firefox, but the SIDs of the external members are not
>> resolved. Do I have to clean any firefox cache?
> No, you do not. When picking up changes from my development VM, I
> omitted one chunk in group.js where sid_facet was actually taken in use.
> Without that one nothing is used.
>
> Updated patch 0103 is attached, tested against sssd in ipa-devel repo
> which already includes your patches.
... and here is rebase of install/ui/src/freeipa to Web UI refactoring
branch, to help testing on top of Petr's changes. With this patch SID
resolving works in new Web UI.
There are probably some changes that could further be removed, I haven't
looked into greater detail.
Please note that attached patch only covers parts in
install/ui/src/freeipa, you'd still need to add plugin changes from
ipalib/plugins/trust.py.
--
/ Alexander Bokovoy
-------------- next part --------------
diff --git a/install/ui/src/freeipa/association.js b/install/ui/src/freeipa/association.js
index d33ec87..cd76b7e 100644
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@@ -23,6 +23,7 @@
* the AssociationList elements; IT NEEDS IT'S OWN CODE! */
define([
+ 'dojo/Deferred',
'./ipa',
'./jquery',
'./navigation',
@@ -31,7 +32,7 @@ define([
'./text',
'./search',
'./dialog'],
- function(IPA, $, navigation, phases, reg, text) {
+ function(Deferred, IPA, $, navigation, phases, reg, text) {
IPA.associator = function (spec) {
@@ -1364,6 +1365,49 @@ IPA.attribute_facet = function(spec, no_init) {
return that;
};
+IPA.sid_facet = function(spec, no_init) {
+
+ spec.name = spec.name || 'sid_facet';
+
+ var that = IPA.attribute_facet(spec, no_init);
+
+ that.load_records = function(value) {
+ var xlate = {}
+ var sidxlate_command = IPA.command({
+ entity: 'trust',
+ method: 'resolve',
+ options: {
+ sids: '',
+ },
+ });
+ sidxlate_command.on_success = function(data, text_status, xhr) {
+ for(var i=0; i< data.result.result.length; i++) {
+ var entry = data.result.result[i]
+ if (entry.sid[0] in xlate) {
+ xlate[entry.sid[0]].resolve(entry.name[0]);
+ }
+ }
+ };
+ that.table.empty();
+
+ var sids = new Array();
+ for(var i=0; i< value.length; i++) {
+ var sid = value[i][that.attribute];
+ var deferred = new Deferred();
+ deferred.temp = sid;
+ value[i][that.attribute] = deferred;
+ xlate[sid] = deferred;
+ sids.push(sid)
+ that.add_record(value[i]);
+ };
+ sidxlate_command.options.sids = sids;
+ sidxlate_command.execute();
+ };
+
+ return that;
+};
+
+
IPA.attr_read_only_evaluator = function(spec) {
spec.name = spec.name || 'attr_read_only_evaluator';
diff --git a/install/ui/src/freeipa/entity.js b/install/ui/src/freeipa/entity.js
index 427d300..d437346 100644
--- a/install/ui/src/freeipa/entity.js
+++ b/install/ui/src/freeipa/entity.js
@@ -323,6 +323,14 @@ exp.entity_builder =IPA.entity_builder = function(entity) {
return that;
};
+ that.sid_facet = function(spec) {
+
+ spec.type = spec.type || 'sid';
+
+ that.facet(spec);
+
+ return that;
+ };
that.standard_association_facets = function(spec) {
spec = spec || {};
@@ -662,4 +670,4 @@ registry.builder.post_ops.push(
exp.entity_post_ops.deleter_dialog);
return exp;
-});
\ No newline at end of file
+});
diff --git a/install/ui/src/freeipa/facet.js b/install/ui/src/freeipa/facet.js
index f9510e7..ed508e7 100644
--- a/install/ui/src/freeipa/facet.js
+++ b/install/ui/src/freeipa/facet.js
@@ -1576,6 +1576,20 @@ exp.facet_preops = {
}));
return spec;
+ },
+
+ sid: function(spec, context) {
+
+ var entity = context.entity;
+ su.context_entity(spec, context);
+
+ spec.title = spec.title || entity.metadata.label_singular;
+ spec.label = spec.label || entity.metadata.label_singular;
+
+ var attr_metadata = IPA.get_entity_param(entity.name, spec.attribute);
+ spec.tab_label = spec.tab_label || attr_metadata.label;
+
+ return spec;
}
};
@@ -1621,6 +1635,14 @@ exp.register_facets = function() {
exp.facet_preops.attribute
]
});
+
+ f.register({
+ type: 'sid',
+ factory: IPA.sid_facet,
+ pre_ops: [
+ exp.facet_preops.sid
+ ]
+ });
};
exp.action = IPA.action = function(spec) {
diff --git a/install/ui/src/freeipa/group.js b/install/ui/src/freeipa/group.js
index 0408d0b..eba965f 100644
--- a/install/ui/src/freeipa/group.js
+++ b/install/ui/src/freeipa/group.js
@@ -111,7 +111,7 @@ return {
name: 'member_group'
},
{
- $type: 'attribute',
+ $type: 'sid',
name: 'member_external',
attribute: 'ipaexternalmember',
tab_label: 'External',
@@ -280,4 +280,4 @@ exp.register = function() {
phases.on('registration', exp.register);
return exp;
-});
\ No newline at end of file
+});
diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js
index 0fe046e..8f1208e 100644
--- a/install/ui/src/freeipa/widget.js
+++ b/install/ui/src/freeipa/widget.js
@@ -1404,9 +1404,6 @@ IPA.column = function (spec) {
}
that.setup = function(container, record, suppress_link) {
-
- container.empty();
-
var value = record[that.name];
var type;
if (that.formatter) {
@@ -1414,7 +1411,34 @@ IPA.column = function (spec) {
value = that.formatter.format(value);
type = that.formatter.type;
}
+
+ var promise, temp = '';
+ if (value && typeof value.then === 'function') promise = value;
+ if (value && value.promise && typeof value.promise.then === 'function') {
+ promise = value.promise;
+ temp = value.temp || '';
+ }
+
+ if (promise) {
+ var fulfilled = false;
+ promise.then(function(val) {
+ fulfilled = true;
+ that.set_value(container, val, type, suppress_link);
+ });
+
+ if (fulfilled) return;
+ // val obj can contain temporal value which is displayed
+ // until promise is fulfilled
+ value = temp;
+ }
+
+ that.set_value(container, value, type, suppress_link);
+ };
+
+ that.set_value = function(container, value, type, suppress_link) {
+
value = value ? value.toString() : '';
+ container.empty();
var c;
if (that.link && !suppress_link) {
More information about the Freeipa-devel
mailing list