areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone
Blob Blame History Raw
From da57475f30f086b2420652b1aeab9e2902fb8664 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Wed, 3 Sep 2014 17:23:33 +0200
Subject: [PATCH] webui: prohibit setting rid base with ipa-trust-ad-posix type

Base RID is no longer editable for ipa-trust-ad-posix range type

Adder dialog:
- Range type selector was moved up because it affects a field above it

Details page:
- Only fields relevant to range's type are visible

https://fedorahosted.org/freeipa/ticket/4221

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 install/ui/src/freeipa/idrange.js | 77 ++++++++++++++++++++++++++++++---------
 1 file changed, 60 insertions(+), 17 deletions(-)

diff --git a/install/ui/src/freeipa/idrange.js b/install/ui/src/freeipa/idrange.js
index 12c0b288b766c059db6b844f445fb88b5821a1db..4e5dbfa00dcf80495d8a96f7fc961b9c6676691f 100644
--- a/install/ui/src/freeipa/idrange.js
+++ b/install/ui/src/freeipa/idrange.js
@@ -54,6 +54,11 @@ return {
                         'cn',
                         'iparangetype',
                         {
+                            name: 'iparangetyperaw',
+                            read_only: true,
+                            visible: false
+                        },
+                        {
                             name: 'ipabaseid',
                             label: '@i18n:objects.idrange.ipabaseid',
                             title: '@mo-param:idrange:ipabaseid:label'
@@ -80,6 +85,9 @@ return {
                         }
                     ]
                 }
+            ],
+            policies: [
+                exp.idrange_policy
             ]
         }
     ],
@@ -89,21 +97,6 @@ return {
                 name: 'cn'
             },
             {
-                name: 'ipabaseid',
-                label: '@i18n:objects.idrange.ipabaseid',
-                title: '@mo-param:idrange:ipabaseid:label'
-            },
-            {
-                name: 'ipaidrangesize',
-                label: '@i18n:objects.idrange.ipaidrangesize',
-                title: '@mo-param:idrange:ipaidrangesize:label'
-            },
-            {
-                name: 'ipabaserid',
-                label: '@i18n:objects.idrange.ipabaserid',
-                title: '@mo-param:idrange:ipabaserid:label'
-            },
-            {
                 name: 'iparangetype',
                 $type: 'radio',
                 label: '@i18n:objects.idrange.type',
@@ -125,6 +118,21 @@ return {
                 ]
             },
             {
+                name: 'ipabaseid',
+                label: '@i18n:objects.idrange.ipabaseid',
+                title: '@mo-param:idrange:ipabaseid:label'
+            },
+            {
+                name: 'ipaidrangesize',
+                label: '@i18n:objects.idrange.ipaidrangesize',
+                title: '@mo-param:idrange:ipaidrangesize:label'
+            },
+            {
+                name: 'ipabaserid',
+                label: '@i18n:objects.idrange.ipabaserid',
+                title: '@mo-param:idrange:ipabaserid:label'
+            },
+            {
                 name: 'ipasecondarybaserid',
                 label: '@i18n:objects.idrange.ipasecondarybaserid',
                 title: '@mo-param:idrange:ipasecondarybaserid:label'
@@ -147,7 +155,9 @@ IPA.idrange_adder_policy = function(spec) {
     The logic for enabling/requiring ipabaserid, ipasecondarybaserid and
     ipanttrusteddomainsid is as follows:
         1) for AD ranges (range type is ipa-ad-trust or ipa-ad-trust-posix):
-           * ipabaserid and ipanttrusteddomainsid are requred
+           * ipanttrusteddomainsid is required
+           * ipabaserid is required for ipa-ad-trust but disabled for
+             ipa-ad-trust-posix
            * ipasecondarybaserid is disabled
         2) for local ranges
            *  ipanttrusteddomainsid is disabled
@@ -206,7 +216,11 @@ IPA.idrange_adder_policy = function(spec) {
         var is_ad_range = (type_v === 'ipa-ad-trust' || type_v === 'ipa-ad-trust-posix');
 
         if (is_ad_range) {
-            require(baserid_f);
+            if (type_v === 'ipa-ad-trust') {
+                require(baserid_f);
+            } else {
+                disable(baserid_f);
+            }
             require(trusteddomainsid_f);
             disable(secondarybaserid_f);
         } else {
@@ -230,6 +244,35 @@ IPA.idrange_adder_policy = function(spec) {
     return that;
 };
 
+exp.idrange_policy = function(spec) {
+
+    spec = spec || {};
+    var that = IPA.facet_policy(spec);
+
+    that.post_load = function() {
+        var type_f = that.container.fields.get_field('iparangetyperaw');
+        var widgets = that.container.widgets;
+        var type_v = type_f.get_value()[0];
+
+        var baserid = true;
+        var secrid = true;
+        var sid = true;
+
+        if (type_v === 'ipa-local') {
+            sid = false;
+        } else if (type_v === 'ipa-ad-trust-posix') {
+            baserid = secrid = false;
+        } else if (type_v === 'ipa-ad-trust') {
+            secrid = false;
+        }
+
+        widgets.get_widget('details.ipabaserid').set_visible(baserid);
+        widgets.get_widget('details.ipasecondarybaserid').set_visible(secrid);
+        widgets.get_widget('details.ipanttrusteddomainsid').set_visible(sid);
+    };
+    return that;
+};
+
 exp.entity_spec = make_spec();
 exp.register = function() {
     var e = reg.entity;
-- 
2.1.0