trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

web/admin: migrate policybinding form 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-03-31 19:15:28 +02:00
parent 3124b0f39c
commit e476186cbc
8 changed files with 208 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
authentik/admin/tests/test_policy_binding.py
View File

@ -1,43 +0,0 @@
"""admin tests"""
from uuid import uuid4
from django import forms
from django.test import TestCase
from django.test.client import RequestFactory
from authentik.admin.views.policies_bindings import PolicyBindingCreateView
from authentik.core.models import Application
from authentik.policies.forms import PolicyBindingForm
class TestPolicyBindingView(TestCase):
"""Generic admin tests"""
def setUp(self):
self.factory = RequestFactory()
def test_without_get_param(self):
"""Test PolicyBindingCreateView without get params"""
request = self.factory.get("/")
view = PolicyBindingCreateView(request=request)
self.assertEqual(view.get_initial(), {})
def test_with_params_invalid(self):
"""Test PolicyBindingCreateView with invalid get params"""
request = self.factory.get("/", {"target": uuid4()})
view = PolicyBindingCreateView(request=request)
self.assertEqual(view.get_initial(), {})
def test_with_params(self):
"""Test PolicyBindingCreateView with get params"""
target = Application.objects.create(name="test")
request = self.factory.get("/", {"target": target.pk.hex})
view = PolicyBindingCreateView(request=request)
self.assertEqual(view.get_initial(), {"target": target, "order": 0})
self.assertTrue(
isinstance(
PolicyBindingForm(initial={"target": "foo"}).fields["target"].widget,
forms.HiddenInput,
)
)

12
authentik/admin/urls.py
View File

@ -4,7 +4,6 @@ from django.urls import path
from authentik.admin.views import (
outposts_service_connections,
policies,
policies_bindings,
property_mappings,
providers,
sources,
@ -27,17 +26,6 @@ urlpatterns = [
policies.PolicyUpdateView.as_view(),
name="policy-update",
),
# Policy bindings
path(
"policies/bindings/create/",
policies_bindings.PolicyBindingCreateView.as_view(),
name="policy-binding-create",
),
path(
"policies/bindings/<uuid:pk>/update/",
policies_bindings.PolicyBindingUpdateView.as_view(),
name="policy-binding-update",
),
# Providers
path(
"providers/create/",

67
authentik/admin/views/policies_bindings.py
View File

@ -1,67 +0,0 @@
"""authentik PolicyBinding administration"""
from typing import Any
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import (
PermissionRequiredMixin as DjangoPermissionRequiredMixin,
)
from django.contrib.messages.views import SuccessMessageMixin
from django.db.models import Max
from django.urls import reverse_lazy
from django.utils.translation import gettext as _
from django.views.generic import UpdateView
from guardian.mixins import PermissionRequiredMixin
from authentik.lib.views import CreateAssignPermView
from authentik.policies.forms import PolicyBindingForm
from authentik.policies.models import PolicyBinding, PolicyBindingModel
class PolicyBindingCreateView(
SuccessMessageMixin,
LoginRequiredMixin,
DjangoPermissionRequiredMixin,
CreateAssignPermView,
):
"""Create new PolicyBinding"""
model = PolicyBinding
permission_required = "authentik_policies.add_policybinding"
form_class = PolicyBindingForm
template_name = "generic/create.html"
success_url = reverse_lazy("authentik_core:if-admin")
success_message = _("Successfully created PolicyBinding")
def get_initial(self) -> dict[str, Any]:
if "target" in self.request.GET:
initial_target_pk = self.request.GET["target"]
targets = PolicyBindingModel.objects.filter(
pk=initial_target_pk
).select_subclasses()
if not targets.exists():
return {}
max_order = PolicyBinding.objects.filter(target=targets.first()).aggregate(
Max("order")
)["order__max"]
if not isinstance(max_order, int):
max_order = -1
return {"target": targets.first(), "order": max_order + 1}
return super().get_initial()
class PolicyBindingUpdateView(
SuccessMessageMixin,
LoginRequiredMixin,
PermissionRequiredMixin,
UpdateView,
):
"""Update policybinding"""
model = PolicyBinding
permission_required = "authentik_policies.change_policybinding"
form_class = PolicyBindingForm
template_name = "generic/update.html"
success_url = reverse_lazy("authentik_core:if-admin")
success_message = _("Successfully updated PolicyBinding")

3
authentik/flows/transfer/common.py
View File

@ -29,6 +29,9 @@ def get_attrs(obj: SerializerModel) -> dict[str, Any]:
for to_remove_name in to_remove:
if to_remove_name in data:
data.pop(to_remove_name)
for key in list(data.keys()):
if key.endswith("_obj"):
data.pop(key)
return data

10
authentik/policies/api/bindings.py
View File

@ -35,7 +35,7 @@ class PolicyBindingModelForeignKey(PrimaryKeyRelatedField):
# checks the PK of PolicyBindingModel (for example),
# but we get given the Primary Key of the inheriting class
for model in self.get_queryset().select_subclasses().all():
if str(model.pk) == data:
if str(model.pk) == str(data):
return model
# as a fallback we still try a direct lookup
return self.get_queryset().get_subclass(pk=data)
@ -82,7 +82,13 @@ class PolicyBindingSerializer(ModelSerializer):
def validate(self, data: OrderedDict) -> OrderedDict:
"""Check that either policy, group or user is set."""
count = sum([bool(data["policy"]), bool(data["group"]), bool(data["user"])])
count = sum(
[
bool(data.get("policy", None)),
bool(data.get("group", None)),
bool(data.get("user", None)),
]
)
invalid = count > 1
empty = count < 1
if invalid:

4
web/src/api/legacy.ts
View File

@ -4,10 +4,6 @@ export class AdminURLManager {
return `/administration/policies/${rest}`;
}
static policyBindings(rest: string): string {
return `/administration/policies/bindings/${rest}`;
}
static providers(rest: string): string {
return `/administration/providers/${rest}`;
}

87
web/src/pages/policies/BoundPoliciesList.ts
View File

@ -16,6 +16,9 @@ import { AdminURLManager } from "../../api/legacy";
import "../../elements/forms/ModalForm";
import "../groups/GroupForm";
import "../users/UserForm";
import "./PolicyBindingForm";
import { ifDefined } from "lit-html/directives/if-defined";
@customElement("ak-bound-policies-list")
export class BoundPoliciesList extends Table<PolicyBinding> {
@ -43,11 +46,11 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
getPolicyUserGroupRow(item: PolicyBinding): string {
if (item.policy) {
return gettext(`Policy ${item.policy.name}`);
return gettext(`Policy ${item.policyObj?.name}`);
} else if (item.group) {
return gettext(`Group ${item.group.name}`);
return gettext(`Group ${item.groupObj?.name}`);
} else if (item.user) {
return gettext(`User ${item.user.name}`);
return gettext(`User ${item.userObj?.name}`);
} else {
return gettext("");
}
@ -55,7 +58,7 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
getObjectEditButton(item: PolicyBinding): TemplateResult {
if (item.policy) {
return html`<ak-modal-button href="${AdminURLManager.policies(`${item.policy?.policyUuid}/update/`)}">
return html`<ak-modal-button href="${AdminURLManager.policies(`${item.policy}/update/`)}">
<ak-spinner-button slot="trigger" class="pf-m-secondary">
${gettext("Edit Policy")}
</ak-spinner-button>
@ -69,19 +72,26 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
<span slot="header">
${gettext("Update Group")}
</span>
<ak-group-form slot="form" .group=${item.group}>
<ak-group-form slot="form" .group=${item.groupObj}>
</ak-group-form>
<button slot="trigger" class="pf-c-button pf-m-primary">
${gettext("Edit Group")}
</button>
</ak-forms-modal>`;
} else if (item.user) {
return html`<ak-modal-button href="${AdminURLManager.policies(`${item.user?.id}/update/`)}">
<ak-spinner-button slot="trigger" class="pf-m-secondary">
${gettext("Edit User")}
</ak-spinner-button>
<div slot="modal"></div>
</ak-modal-button>`;
return html`<ak-forms-modal>
<span slot="submit">
${gettext("Update")}
</span>
<span slot="header">
${gettext("Update User")}
</span>
<ak-user-form slot="form" .user=${item.userObj}>
</ak-user-form>
<button slot="trigger" class="pf-m-secondary pf-c-button">
${gettext("Edit")}
</button>
</ak-forms-modal>`;
} else {
return html``;
}
@ -95,12 +105,19 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
html`${item.timeout}`,
html`
${this.getObjectEditButton(item)}
<ak-modal-button href="${AdminURLManager.policyBindings(`${item.pk}/update/`)}">
<ak-spinner-button slot="trigger" class="pf-m-secondary">
<ak-forms-modal>
<span slot="submit">
${gettext("Update")}
</span>
<span slot="header">
${gettext("Update Binding")}
</span>
<ak-policy-binding-form slot="form" .binding=${item} targetPk=${ifDefined(this.target)}>
</ak-policy-binding-form>
<button slot="trigger" class="pf-c-button pf-m-secondary">
${gettext("Edit Binding")}
</ak-spinner-button>
<div slot="modal"></div>
</ak-modal-button>
</button>
</ak-forms-modal>
<ak-forms-delete
.obj=${item}
objectLabel=${gettext("Policy binding")}
@ -122,12 +139,19 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
${gettext("No policies are currently bound to this object.")}
</div>
<div slot="primary">
<ak-modal-button href=${AdminURLManager.policyBindings(`create/?target=${this.target}`)}>
<ak-spinner-button slot="trigger" class="pf-m-primary">
${gettext("Bind Policy")}
</ak-spinner-button>
<div slot="modal"></div>
</ak-modal-button>
<ak-forms-modal>
<span slot="submit">
${gettext("Create")}
</span>
<span slot="header">
${gettext("Create Binding")}
</span>
<ak-policy-binding-form slot="form" targetPk=${ifDefined(this.target)}>
</ak-policy-binding-form>
<button slot="trigger" class="pf-c-button pf-m-primary">
${gettext("Create Binding")}
</button>
</ak-forms-modal>
</div>
</ak-empty-state>`);
}
@ -154,12 +178,19 @@ export class BoundPoliciesList extends Table<PolicyBinding> {
}), html`<ak-spinner></ak-spinner>`)}
</ul>
</ak-dropdown>
<ak-modal-button href=${AdminURLManager.policyBindings(`create/?target=${this.target}`)}>
<ak-spinner-button slot="trigger" class="pf-m-primary">
${gettext("Bind Policy")}
</ak-spinner-button>
<div slot="modal"></div>
</ak-modal-button>
<ak-forms-modal>
<span slot="submit">
${gettext("Create")}
</span>
<span slot="header">
${gettext("Create Binding")}
</span>
<ak-policy-binding-form slot="form" targetPk=${ifDefined(this.target)}>
</ak-policy-binding-form>
<button slot="trigger" class="pf-c-button pf-m-primary">
${gettext("Create Binding")}
</button>
</ak-forms-modal>
${super.renderToolbar()}
`;
}

138
web/src/pages/policies/PolicyBindingForm.ts Normal file
View File

@ -0,0 +1,138 @@
import { CoreApi, PoliciesApi, Policy, PolicyBinding } from "authentik-api";
import { gettext } from "django";
import { customElement, property } from "lit-element";
import { html, TemplateResult } from "lit-html";
import { DEFAULT_CONFIG } from "../../api/Config";
import { Form } from "../../elements/forms/Form";
import { until } from "lit-html/directives/until";
import { ifDefined } from "lit-html/directives/if-defined";
import { groupBy } from "../../utils";
import "../../elements/forms/HorizontalFormElement";
@customElement("ak-policy-binding-form")
export class PolicyBindingForm extends Form<PolicyBinding> {
@property({attribute: false})
binding?: PolicyBinding;
@property()
targetPk?: string;
getSuccessMessage(): string {
if (this.binding) {
return gettext("Successfully updated binding.");
} else {
return gettext("Successfully created binding.");
}
}
async customValidate(form: PolicyBinding): Promise<PolicyBinding> {
return form;
}
send = (data: PolicyBinding): Promise<PolicyBinding> => {
if (this.binding) {
return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsUpdate({
policyBindingUuid: this.binding.pk || "",
data: data
});
} else {
return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsCreate({
data: data
});
}
};
groupPolicies(policies: Policy[]): TemplateResult {
return html`
${groupBy<Policy>(policies, (p => p.verboseName || "")).map(([group, policies]) => {
return html`<optgroup label=${group}>
${policies.map(p => {
const selected = (this.binding?.policy === p.pk);
return html`<option ?selected=${selected} value=${ifDefined(p.pk)}>${p.name}</option>`;
})}
</optgroup>`;
})}
`;
}
getOrder(): Promise<number> {
if (this.binding) {
return Promise.resolve(this.binding.order);
}
return new PoliciesApi(DEFAULT_CONFIG).policiesBindingsList({
target: this.targetPk || "",
}).then(bindings => {
const orders = bindings.results.map(binding => binding.order);
return Math.max(...orders) + 1;
});
}
renderForm(): TemplateResult {
return html`<form class="pf-c-form pf-m-horizontal">
<ak-form-element-horizontal
label=${gettext("Policy")}
name="policy">
<select class="pf-c-form-control">
<option value="" ?selected=${this.binding?.policy === undefined}>---------</option>
${until(new PoliciesApi(DEFAULT_CONFIG).policiesAllList({
ordering: "pk"
}).then(policies => {
return this.groupPolicies(policies.results);
}), html``)}
</select>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${gettext("Group")}
name="group">
<select class="pf-c-form-control">
<option value="" ?selected=${this.binding?.group === undefined}>---------</option>
${until(new CoreApi(DEFAULT_CONFIG).coreGroupsList({
ordering: "pk"
}).then(groups => {
return groups.results.map(group => {
return html`<option value=${ifDefined(group.pk)} ?selected=${group.pk === this.binding?.group}>${group.name}</option>`;
});
}), html``)}
</select>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${gettext("User")}
name="user">
<select class="pf-c-form-control">
<option value="" ?selected=${this.binding?.user === undefined}>---------</option>
${until(new CoreApi(DEFAULT_CONFIG).coreUsersList({
ordering: "pk"
}).then(users => {
return users.results.map(user => {
return html`<option value=${ifDefined(user.pk)} ?selected=${user.pk === this.binding?.user}>${user.name}</option>`;
});
}), html``)}
</select>
</ak-form-element-horizontal>
<input required name="target" type="hidden" value=${ifDefined(this.binding?.target || this.targetPk)}>
<ak-form-element-horizontal name="enabled">
<div class="pf-c-check">
<input type="checkbox" class="pf-c-check__input" ?checked=${this.binding?.enabled || true}>
<label class="pf-c-check__label">
${gettext("Enabled")}
</label>
</div>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${gettext("Order")}
?required=${true}
name="order">
<input type="number" value="${until(this.getOrder(), this.binding?.order)}" class="pf-c-form-control" required>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${gettext("Timeout")}
?required=${true}
name="timeout">
<input type="number" value="${this.binding?.timeout || 30}" class="pf-c-form-control" required>
</ak-form-element-horizontal>
</form>`;
}
}