From acad3c4d5c4347cb7b1404ce6343d01cfd980732 Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 19 Oct 2023 14:53:56 +0200 Subject: [PATCH] core/rbac: fix missing field when removing perm, add delete from object page (#7226) * make object permissions deletable from the object page Signed-off-by: Jens Langhammer * fix error when removing object permissions form user/role page Signed-off-by: Jens Langhammer * upgrade translation Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- .../admin/roles/RolePermissionObjectTable.ts | 3 +- .../UserAssignedObjectPermissionsTable.ts | 3 +- .../elements/rbac/ObjectPermissionsPage.ts | 1 + .../rbac/RoleObjectPermissionTable.ts | 32 ++++++++ .../rbac/UserObjectPermissionTable.ts | 37 +++++++++ web/xliff/de.xlf | 28 ++++++- web/xliff/en.xlf | 28 ++++++- web/xliff/es.xlf | 28 ++++++- web/xliff/fr.xlf | 29 +++++-- web/xliff/pl.xlf | 28 ++++++- web/xliff/pseudo-LOCALE.xlf | 29 +++++-- web/xliff/tr.xlf | 28 ++++++- web/xliff/zh-Hans.xlf | 75 ++++++++++++------- web/xliff/zh-Hant.xlf | 28 ++++++- web/xliff/zh_TW.xlf | 28 ++++++- 15 files changed, 337 insertions(+), 68 deletions(-) diff --git a/web/src/admin/roles/RolePermissionObjectTable.ts b/web/src/admin/roles/RolePermissionObjectTable.ts index e8a71963a..44bdf1183 100644 --- a/web/src/admin/roles/RolePermissionObjectTable.ts +++ b/web/src/admin/roles/RolePermissionObjectTable.ts @@ -8,7 +8,7 @@ import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement, property } from "lit/decorators.js"; -import { ExtraRoleObjectPermission, RbacApi } from "@goauthentik/api"; +import { ExtraRoleObjectPermission, ModelEnum, RbacApi } from "@goauthentik/api"; @customElement("ak-role-permissions-object-table") export class RolePermissionObjectTable extends Table { @@ -64,6 +64,7 @@ export class RolePermissionObjectTable extends Table patchedPermissionAssignRequest: { permissions: [`${item.appLabel}.${item.codename}`], objectPk: item.objectPk, + model: `${item.appLabel}.${item.model}` as ModelEnum, }, }); }} diff --git a/web/src/admin/users/UserAssignedObjectPermissionsTable.ts b/web/src/admin/users/UserAssignedObjectPermissionsTable.ts index 2b5589dc4..8e63ae8bb 100644 --- a/web/src/admin/users/UserAssignedObjectPermissionsTable.ts +++ b/web/src/admin/users/UserAssignedObjectPermissionsTable.ts @@ -8,7 +8,7 @@ import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement, property } from "lit/decorators.js"; -import { ExtraUserObjectPermission, RbacApi } from "@goauthentik/api"; +import { ExtraUserObjectPermission, ModelEnum, RbacApi } from "@goauthentik/api"; @customElement("ak-user-assigned-object-permissions-table") export class UserAssignedObjectPermissionsTable extends Table { @@ -60,6 +60,7 @@ export class UserAssignedObjectPermissionsTable extends Table
> { const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByRolesList({ page: page, @@ -72,6 +75,35 @@ export class RoleAssignedObjectPermissionTable extends Table`; } + renderToolbarSelected(): TemplateResult { + const disabled = this.selectedElements.length < 1; + return html` { + return [{ key: msg("Permission"), value: item.name }]; + }} + .delete=${(item: RoleAssignedObjectPermission) => { + return new RbacApi( + DEFAULT_CONFIG, + ).rbacPermissionsAssignedByRolesUnassignPartialUpdate({ + uuid: item.rolePk, + patchedPermissionAssignRequest: { + objectPk: this.objectPk?.toString(), + model: this.model, + permissions: item.permissions.map((perm) => { + return `${perm.appLabel}.${perm.codename}`; + }), + }, + }); + }} + > + + `; + } + row(item: RoleAssignedObjectPermission): TemplateResult[] { const baseRow = [html` ${item.name}`]; this.modelPermissions?.results.forEach((perm) => { diff --git a/web/src/elements/rbac/UserObjectPermissionTable.ts b/web/src/elements/rbac/UserObjectPermissionTable.ts index 3c52ca1e6..a746447cc 100644 --- a/web/src/elements/rbac/UserObjectPermissionTable.ts +++ b/web/src/elements/rbac/UserObjectPermissionTable.ts @@ -1,5 +1,6 @@ import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config"; import { PaginatedResponse, Table, TableColumn } from "@goauthentik/app/elements/table/Table"; +import "@goauthentik/elements/forms/DeleteBulkForm"; import "@goauthentik/elements/forms/ModalForm"; import "@goauthentik/elements/rbac/UserObjectPermissionForm"; import "@patternfly/elements/pf-tooltip/pf-tooltip.js"; @@ -27,6 +28,8 @@ export class UserAssignedObjectPermissionTable extends Table> { const perms = await new RbacApi(DEFAULT_CONFIG).rbacPermissionsAssignedByUsersList({ page: page, @@ -72,6 +75,40 @@ export class UserAssignedObjectPermissionTable extends Table`; } + renderToolbarSelected(): TemplateResult { + const disabled = + this.selectedElements.length < 1 || + this.selectedElements.filter((item) => item.isSuperuser).length > 0; + return html` !item.isSuperuser)} + .metadata=${(item: UserAssignedObjectPermission) => { + return [{ key: msg("Permission"), value: item.name }]; + }} + .delete=${(item: UserAssignedObjectPermission) => { + if (item.isSuperuser) { + return Promise.resolve(); + } + return new RbacApi( + DEFAULT_CONFIG, + ).rbacPermissionsAssignedByUsersUnassignPartialUpdate({ + id: item.pk, + patchedPermissionAssignRequest: { + objectPk: this.objectPk?.toString(), + model: this.model, + permissions: item.permissions.map((perm) => { + return `${perm.appLabel}.${perm.codename}`; + }), + }, + }); + }} + > + + `; + } + row(item: UserAssignedObjectPermission): TemplateResult[] { const baseRow = [html` ${item.username} `]; this.modelPermissions?.results.forEach((perm) => { diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 732e38e11..9c81bd837 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -1719,10 +1719,6 @@ Applications Anwendungen - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Externe Anwendungen, die Authentik als Identitätsanbieter verwenden und Protokolle wie OAuth2 und SAML verwenden. Hier werden alle Anwendungen angezeigt; auch diejenigen, auf die Sie keinen Zugriff haben. - Provider Type Anbietertyp @@ -5984,6 +5980,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index 7cf38b6b7..8f2f42b75 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -1815,10 +1815,6 @@ Applications Applications - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Provider Type Provider Type @@ -6266,6 +6262,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index 308666c0a..08477da67 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -1691,10 +1691,6 @@ Applications Aplicaciones - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Aplicaciones externas que usan authentik como proveedor de identidad, utilizando protocolos como OAuth2 y SAML. Aquí se muestran todas las aplicaciones, incluso aquellas a las que no puede acceder. - Provider Type Tipo de proveedor @@ -5899,6 +5895,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index 15eb5b863..ac905389c 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -2261,11 +2261,6 @@ Il y a jour(s) Applications Applications - - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Applications externes qui utilisent authentik comme fournisseur d'identité, en utilisant des protocoles comme OAuth2 et SAML. Toutes les applications sont affichées ici, même celles auxquelles vous n'avez pas accéder. - Provider Type @@ -7842,6 +7837,30 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index 62823319b..5938a0e53 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -1747,10 +1747,6 @@ Applications Aplikacje - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Aplikacje zewnętrzne, które używają authentik jako dostawcy tożsamości, wykorzystując protokoły takie jak OAuth2 i SAML. Tutaj wyświetlane są wszystkie aplikacje, nawet te, do których nie masz dostępu. - Provider Type Typ dostawcy @@ -6107,6 +6103,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index 3c033e526..66ae3312c 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -2241,11 +2241,6 @@ Applications Àƥƥĺĩćàţĩōńś - - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - Ēxţēŕńàĺ Àƥƥĺĩćàţĩōńś ŵĥĩćĥ ũśē àũţĥēńţĩķ àś Ĩďēńţĩţŷ-Ƥŕōvĩďēŕ, ũţĩĺĩźĩńĝ ƥŕōţōćōĺś ĺĩķē ŌÀũţĥ2 àńď ŚÀMĹ. Àĺĺ àƥƥĺĩćàţĩōńś àŕē śĥōŵń ĥēŕē, ēvēń ōńēś ŷōũ ćàńńōţ àććēśś. - Provider Type @@ -7808,4 +7803,28 @@ Bindings to groups/users are checked against the user of the event. Role Info Ŕōĺē Ĩńƒō + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard + diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index 0d8e200a7..a92c5e669 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -1690,10 +1690,6 @@ Applications Uygulamalar - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - OAuth2 ve SAML gibi protokolleri kullanan Kimlik Sağlayıcı olarak authentik'i kullanan Harici Uygulamalar. Tüm uygulamalar burada gösterilir, erişemediğiniz uygulamalar bile. - Provider Type Sağlayıcı Türü @@ -5892,6 +5888,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index c7b81983e..d6a14c3dd 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -1,4 +1,4 @@ - + @@ -613,9 +613,9 @@ - The URL "" was not found. - 未找到 URL " - "。 + The URL "" was not found. + 未找到 URL " + "。 @@ -1067,8 +1067,8 @@ - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 @@ -1809,8 +1809,8 @@ - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 @@ -2262,11 +2262,6 @@ Applications 应用程序 - - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - 利用 OAuth2 和 SAML 等协议,使用 authentik 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 - Provider Type @@ -3028,8 +3023,8 @@ doesn't pass when either or both of the selected options are equal or above the - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' @@ -3821,8 +3816,8 @@ doesn't pass when either or both of the selected options are equal or above the - When using an external logging solution for archiving, this can be set to "minutes=5". - 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 + When using an external logging solution for archiving, this can be set to "minutes=5". + 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 @@ -3831,8 +3826,8 @@ doesn't pass when either or both of the selected options are equal or above the - Format: "weeks=3;days=2;hours=3,seconds=2". - 格式:"weeks=3;days=2;hours=3,seconds=2"。 + Format: "weeks=3;days=2;hours=3,seconds=2". + 格式:"weeks=3;days=2;hours=3,seconds=2"。 @@ -4028,10 +4023,10 @@ doesn't pass when either or both of the selected options are equal or above the - Are you sure you want to update ""? + Are you sure you want to update ""? 您确定要更新 - " - " 吗? + " + " 吗? @@ -5127,7 +5122,7 @@ doesn't pass when either or both of the selected options are equal or above the - A "roaming" authenticator, like a YubiKey + A "roaming" authenticator, like a YubiKey 像 YubiKey 这样的“漫游”身份验证器 @@ -5462,10 +5457,10 @@ doesn't pass when either or both of the selected options are equal or above the - ("", of type ) + ("", of type ) - (" - ",类型为 + (" + ",类型为 @@ -5514,7 +5509,7 @@ doesn't pass when either or both of the selected options are equal or above the - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. 如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。 @@ -7870,7 +7865,31 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) 伪区域(测试用) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard - \ No newline at end of file + diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index 9db16c2f6..a338b32ba 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -1704,10 +1704,6 @@ Applications 应用程序 - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - 使用 authentik 作为身份提供程序的外部应用程序,利用 OAuth2 和 SAML 等协议。此处显示了所有应用程序,甚至是您无法访问的应用程序。 - Provider Type 提供商类型 @@ -5940,6 +5936,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index 52e66eca3..56799306e 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -1704,10 +1704,6 @@ Applications 应用程序 - - External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - 使用 authentik 作为身份提供程序的外部应用程序,利用 OAuth2 和 SAML 等协议。此处显示了所有应用程序,甚至是您无法访问的应用程序。 - Provider Type 提供商类型 @@ -5939,6 +5935,30 @@ Bindings to groups/users are checked against the user of the event. Pseudolocale (for testing) + + + Create With Wizard + + + One hint, 'New Application Wizard', is currently hidden + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + + + Deny message + + + Message shown when this stage is run. + + + Open Wizard + + + Demo Wizard + + + Run the demo wizard