WebUI: Certificate Mapping #400
Conversation
|
|
||
| return options; | ||
| }; | ||
|
|
There was a problem hiding this comment.
Hi @pvomacka,
thanks for the patch. Would it be possible to have a specific Add dialog window, which would allow to add Certificate mapping data with different input formats? Currently, the dialog takes the input and calls the equivalent of user-add-certmap --data, but it would also be interesting to allow the user to provide a certificate and call user-add-certmap --certificate, or allow the user to provider a subject + issuer and call user-add-certmap --subject --issuer.
There was a problem hiding this comment.
Hi @flo-renaud,
Yes, it is possible and not hard to implement. I can add it.
There was a problem hiding this comment.
@flo-renaud After some thinking I would rather remove --issuer, --subject and --certificate from user-add-certmap command. I don't like the fact that single command does several different things and I think it's confusing.
I think the idea is great but I don't know how to do it in straightforward (for the user) way.
There was a problem hiding this comment.
@dkupka @flo-renaud I would say that it would be kind of hard (especially in CLI) for users to understand which options should be used together and which can't be used together. From point of view of WebUI, there is no problem to create dialog, which allows only correct combinations of options.
There was a problem hiding this comment.
I only clicked through Pavel's testing vm and read code. The usability issues like missing examples can be handled in separate PR.
I'd let @flo-renaud or @dkupka to test if UI matches expectation from design.
There are some nitpicks and question about field in adder dialog withou server counterpar, it's up to Pavel if he sees it as something which should block this PR.
install/ui/src/freeipa/widget.js
Outdated
| /** | ||
| * Prefix of CSS class of each row. | ||
| */ | ||
| that.data_name = spec.data_name || 'default'; |
There was a problem hiding this comment.
Nitpick: Instead of 'default' should it be rather something like 'non-editable' ? Later when use in class "default-data" is too general and doesn't even add any context to the widget type.
install/ui/src/freeipa/field.js
Outdated
| // WebUI. | ||
| if (that.metadata.flags && | ||
| array.indexOf(that.metadata.flags, 'no_update') > -1 && | ||
| that.widget && !that.widget.always_writable) { |
There was a problem hiding this comment.
Should the widget reference really be part of field? Why not add the always_writable override to field itself and inherit it in widget?
| that.create_add_command = function(record) { | ||
| var command = that.entity_adder_dialog_create_add_command(record); | ||
|
|
||
| command.set_option('ipaenabledflag', true); |
There was a problem hiding this comment.
I wonder if we could do such stuff declaratively and thus avoid overriding the method. For this PR this approach is OK.
| }; | ||
|
|
||
| that.adder_dialog = certmap.custom_adder_dialog(spec); | ||
| that.adder_dialog.create_button({ |
There was a problem hiding this comment.
Could we use confirmation mixin for the adder dialog? So that you would have to define the buttons? Or if it is not possible then define a dialog class for custom_command_multivalued_widget
| { entity: 'radiusproxy' } | ||
| { entity: 'radiusproxy' }, | ||
| { | ||
| entity: 'certmaprule', |
There was a problem hiding this comment.
Maybe more a question for UX person: is the position of the menu item on good place? Right now the order is:
- Certificates
- OTP Tokens
- RADIUS Servers
- Certificate Identity Mapping Rules
Following order would be more natural to me:
- Certificates
- Certificate Identity Mapping Rules
- OTP Tokens
- RADIUS Servers
But I don't insist on it.
install/ui/test/data/ipa_init.json
Outdated
| @@ -315,6 +315,18 @@ | |||
| "view_certificate": "Certificate for ${entity} ${primary_key}", | |||
| "view_certificate_btn": "View Certificate" | |||
| }, | |||
| "certmap": { | |||
There was a problem hiding this comment.
If I'm correct, some of your other PRs no longer update this file. We've talk to remove the offline mode. So what about removing it? Or is this still used for unit tests?
There was a problem hiding this comment.
Yes, you're right. I will remove this change from current PR and will create new PR for removing offline WebUI.
| $factory: certmap.rule_adder_dialog, | ||
| fields: [ | ||
| 'cn', | ||
| 'ipacertmapissuer', |
There was a problem hiding this comment.
In your testing vm, ipacertmapissuer option doesn't exist.
| }, | ||
| 'ipacertmapissuer', | ||
| 'ipacertmapmaprule', | ||
| 'ipacertmapmatchrule', |
There was a problem hiding this comment.
Would be good if mapping and matching rules had examples written near the fields. Without reading any docs I don't have a clue what should be written there. Same in details page.
| @@ -218,6 +218,15 @@ return { | |||
| label: '@i18n:objects.cert.certificates' | |||
| }, | |||
| { | |||
| $type: 'certmap_multivalued', | |||
There was a problem hiding this comment.
Would be good if it had the question mark hint to describe what is the purpose of this field. What problem can be solved by it. I believe it is not self explanatory.
| }, | ||
| { | ||
| name: 'subject' | ||
| } |
There was a problem hiding this comment.
Example in issuer and subject would be also helpful.
There was a problem hiding this comment.
Hi @pvomacka
Thanks for the GUI!
I have inline comments related to late design changes.
Apart from that, it may be a bug in the browser but when I open a user details page, and the user doesn't have any cert map yet, the Add button is not displayed.
| $type: 'textarea', | ||
| name: 'description' | ||
| }, | ||
| 'ipacertmapissuer', |
There was a problem hiding this comment.
You can remove the ipacertmapissuer attribute as the new design doesn't define this attr any more.
| }, | ||
| { | ||
| $type: 'multivalued', | ||
| name: 'usercertificate', |
There was a problem hiding this comment.
this should be 'certificate'
| { | ||
| name: 'data', | ||
| label: '@i18n:objects.certmap.data_label', | ||
| fields: ['ipacertmapdata', 'usercertificate'], |
There was a problem hiding this comment.
This should be 'certificate'
| }, | ||
| { | ||
| $type: 'multivalued', | ||
| name: 'usercertificate', |
There was a problem hiding this comment.
This should be 'certificate'
|
Hello @flo-renaud and @pvoborni thank you for reviews, all proposed changes are done in last commits, please look at them. Thank you very much. |
|
Hi @pvomacka |
|
Hi @flo-renaud The issue about certificates is different and here is the fix: #519 |
|
In last update I changed just line 33 in certmap.js file. |
|
Hi @pvomacka |
install/ui/src/freeipa/widget.js
Outdated
| * | ||
| * @class | ||
| * @extends IPA.input_widget | ||
| */ | ||
| IPA.krb_principal_widget = function(spec) { | ||
| IPA.non_editable_row_widget = function(spec) { |
If field will have set attribute 'always_writable' to true, then
'no_update' flag will be ingored. Used in command user-{add,remove}-certmap
which needs to be writable in WebUI and also needs to be omitted from
user-mod command.
Part of: https://fedorahosted.org/freeipa/ticket/6601
Old krb-principal widget is changed to general one. And used also for ipacertmapdata in user. This widget make every line non-editable. Part of: https://fedorahosted.org/freeipa/ticket/6601
Adder dialog which is used along with custom_command_multivalued_widget. It behaivor of confirm dialog and adds fields which are necessary. Part of: https://fedorahosted.org/freeipa/ticket/6601
Add facets for certmaprule and certmapconfigure entities. https://fedorahosted.org/freeipa/ticket/6601
|
@pvoborni Thanks for review. I removed the space :) |
Add WebUI for certificate mapping
https://fedorahosted.org/freeipa/ticket/6601