jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add oauthProxy support to access restriction UI

Browse Source 
Adds 'unrestricted' access control option for apps that do not have
any auth integration

Fixes #6
This commit is contained in:
Girish Ramakrishnan
2016-09-06 17:56:31 -07:00
parent b66ba0a2c7
commit 5b9c8e517a
4 changed files with 49 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
webadmin/src/views/apps.html
+12 -6
View File
@@ -77,24 +77,30 @@
<label class="control-label">Access control</label> <label class="control-label">Access control</label>
<div class="radio"> <div class="radio">
<label> <label>
<input type="radio" ng-model="appConfigure.accessRestrictionOption" value=""> <input type="radio" ng-model="appConfigure.accessRestrictionOption" value="any">
Every Cloudron user Every Cloudron user
</label> </label>
</div> </div>
<div class="radio"> <div class="radio">
<label> <label>
<input type="radio" ng-model="appConfigure.accessRestrictionOption" value="restricted"> <input type="radio" ng-model="appConfigure.accessRestrictionOption" value="groups">
Restrict to groups Restrict to groups
</label> </label>
</div> </div>
<div class="has-error" ng-show="appConfigure.accessRestrictionOption !== '' && !appConfigure.isAccessRestrictionValid()">Select at least one group</div> <div class="has-error" ng-show="appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid()">Select at least one group</div>
<div> <div>
<div> <div>
<span ng-repeat="group in groups | ignoreAdminGroup"> <span ng-repeat="group in groups | ignoreAdminGroup">
<button class="btn btn-default" type="button" ng-disabled="appConfigure.accessRestrictionOption === ''" ng-click="appConfigureToggleGroup(group);" ng-class="{ 'btn-primary': (appConfigure.accessRestriction.groups && appConfigure.accessRestriction.groups.indexOf(group.id) !== -1) }">{{ group.name }}</button> <button class="btn btn-default" type="button" ng-disabled="appConfigure.accessRestrictionOption !== 'groups'" ng-click="appConfigureToggleGroup(group);" ng-class="{ 'btn-primary': (appConfigure.accessRestriction.groups && appConfigure.accessRestriction.groups.indexOf(group.id) !== -1) }">{{ group.name }}</button>
</span> </span>
</div> </div>
</div> </div>
<div class="radio" ng-show="appConfigure.needsOAuthProxy">
<label>
<input type="radio" ng-model="appConfigure.accessRestrictionOption" value="unrestricted">
Unrestricted
</label>
</div>
</div> </div>
<br/> <br/>
@@ -151,13 +157,13 @@
</div> </div>
<input type="password" class="form-control" ng-model="appConfigure.password" id="appConfigurePasswordInput" name="password" required> <input type="password" class="form-control" ng-model="appConfigure.password" id="appConfigurePasswordInput" name="password" required>
</div> </div>
<input class="ng-hide" type="submit" ng-disabled="appConfigureForm.$invalid || busy || (appConfigure.accessRestrictionOption !== '' && !appConfigure.isAccessRestrictionValid())"/> <input class="ng-hide" type="submit" ng-disabled="appConfigureForm.$invalid || busy || (appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid())"/>
</form> </form>
</fieldset> </fieldset>
</div> </div>
<div class="modal-footer "> <div class="modal-footer ">
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button> <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
<button type="button" class="btn btn-success" ng-click="doConfigure()" ng-disabled="appConfigureForm.$invalid || appConfigure.busy || (appConfigure.accessRestrictionOption !== '' && !appConfigure.isAccessRestrictionValid()) || !appConfigure.isAltDomainValid()"><i class="fa fa-spinner fa-pulse" ng-show="appConfigure.busy"></i> Save</button> <button type="button" class="btn btn-success" ng-click="doConfigure()" ng-disabled="appConfigureForm.$invalid || appConfigure.busy || (appConfigure.accessRestrictionOption === 'groups' && !appConfigure.isAccessRestrictionValid()) || !appConfigure.isAltDomainValid()"><i class="fa fa-spinner fa-pulse" ng-show="appConfigure.busy"></i> Save</button>
</div> </div>
</div> </div>
</div> </div>
webadmin/src/views/apps.js
+16 -5
View File
@@ -35,9 +35,10 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
keyFile: null, keyFile: null,
keyFileName: '', keyFileName: '',
memoryLimit: $scope.memoryTicks[0], memoryLimit: $scope.memoryTicks[0],
accessRestrictionOption: '', accessRestrictionOption: 'any',
accessRestriction: { users: [], groups: [] }, accessRestriction: { users: [], groups: [] },
xFrameOptions: '', xFrameOptions: '',
needsOAuthProxy: false,
isAccessRestrictionValid: function () { isAccessRestrictionValid: function () {
var tmp = $scope.appConfigure.accessRestriction; var tmp = $scope.appConfigure.accessRestriction;
@@ -92,9 +93,10 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
$scope.appConfigure.keyFile = null; $scope.appConfigure.keyFile = null;
$scope.appConfigure.keyFileName = ''; $scope.appConfigure.keyFileName = '';
$scope.appConfigure.memoryLimit = $scope.memoryTicks[0]; $scope.appConfigure.memoryLimit = $scope.memoryTicks[0];
$scope.appConfigure.accessRestrictionOption = ''; $scope.appConfigure.accessRestrictionOption = 'any';
$scope.appConfigure.accessRestriction = { users: [], groups: [] }; $scope.appConfigure.accessRestriction = { users: [], groups: [] };
$scope.appConfigure.xFrameOptions = ''; $scope.appConfigure.xFrameOptions = '';
$scope.appConfigure.needsOAuthProxy = false;
$scope.appConfigureForm.$setPristine(); $scope.appConfigureForm.$setPristine();
$scope.appConfigureForm.$setUntouched(); $scope.appConfigureForm.$setUntouched();
@@ -180,11 +182,19 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
$scope.appConfigure.location = app.altDomain || app.location; $scope.appConfigure.location = app.altDomain || app.location;
$scope.appConfigure.usingAltDomain = !!app.altDomain; $scope.appConfigure.usingAltDomain = !!app.altDomain;
$scope.appConfigure.portBindingsInfo = app.manifest.tcpPorts || {}; // Portbinding map only for information $scope.appConfigure.portBindingsInfo = app.manifest.tcpPorts || {}; // Portbinding map only for information
$scope.appConfigure.accessRestrictionOption = app.accessRestriction ? 'restricted' : ''; $scope.appConfigure.accessRestrictionOption = app.accessRestriction ? 'groups' : 'any';
$scope.appConfigure.accessRestriction = app.accessRestriction || { users: [], groups: [] }; $scope.appConfigure.accessRestriction = app.accessRestriction || { users: [], groups: [] };
$scope.appConfigure.memoryLimit = app.memoryLimit; $scope.appConfigure.memoryLimit = app.memoryLimit;
$scope.appConfigure.xFrameOptions = app.xFrameOptions.indexOf('ALLOW-FROM') === 0 ? app.xFrameOptions.split(' ')[1] : ''; $scope.appConfigure.xFrameOptions = app.xFrameOptions.indexOf('ALLOW-FROM') === 0 ? app.xFrameOptions.split(' ')[1] : '';
var manifest = app.manifest;
$scope.appConfigure.needsOAuthProxy = !(manifest.addons['ldap'] || manifest.addons['oauth'] || manifest.addons['simpleauth']);
if ($scope.appConfigure.needsOAuthProxy && !app.oauthProxy) {
$scope.appConfigure.accessRestrictionOption = 'unrestricted';
} else {
$scope.appConfigure.accessRestrictionOption = app.accessRestriction ? 'groups' : 'any';
}
// fill the portBinding structures. There might be holes in the app.portBindings, which signalizes a disabled port // fill the portBinding structures. There might be holes in the app.portBindings, which signalizes a disabled port
for (var env in $scope.appConfigure.portBindingsInfo) { for (var env in $scope.appConfigure.portBindingsInfo) {
if (app.portBindings && app.portBindings[env]) { if (app.portBindings && app.portBindings[env]) {
@@ -218,11 +228,12 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
location: $scope.appConfigure.usingAltDomain ? $scope.appConfigure.app.location : $scope.appConfigure.location, location: $scope.appConfigure.usingAltDomain ? $scope.appConfigure.app.location : $scope.appConfigure.location,
altDomain: $scope.appConfigure.usingAltDomain ? $scope.appConfigure.location : null, altDomain: $scope.appConfigure.usingAltDomain ? $scope.appConfigure.location : null,
portBindings: finalPortBindings, portBindings: finalPortBindings,
accessRestriction: !$scope.appConfigure.accessRestrictionOption ? null : $scope.appConfigure.accessRestriction, accessRestriction: $scope.appConfigure.accessRestrictionOption === 'groups' ? $scope.appConfigure.accessRestriction : null,
cert: $scope.appConfigure.certificateFile, cert: $scope.appConfigure.certificateFile,
key: $scope.appConfigure.keyFile, key: $scope.appConfigure.keyFile,
xFrameOptions: $scope.appConfigure.xFrameOptions ? ('ALLOW-FROM ' + $scope.appConfigure.xFrameOptions) : 'SAMEORIGIN', xFrameOptions: $scope.appConfigure.xFrameOptions ? ('ALLOW-FROM ' + $scope.appConfigure.xFrameOptions) : 'SAMEORIGIN',
memoryLimit: $scope.appConfigure.memoryLimit memoryLimit: $scope.appConfigure.memoryLimit,
oauthProxy: $scope.appConfigure.needsOAuthProxy && $scope.appConfigure.accessRestrictionOption !== 'unrestricted'
}; };
Client.configureApp($scope.appConfigure.app.id, $scope.appConfigure.password, data, function (error) { Client.configureApp($scope.appConfigure.app.id, $scope.appConfigure.password, data, function (error) {
webadmin/src/views/appstore.html
+10 -4
View File
@@ -43,25 +43,31 @@
<label class="control-label">Access control</label> <label class="control-label">Access control</label>
<div class="radio"> <div class="radio">
<label> <label>
<input type="radio" ng-model="appInstall.accessRestrictionOption" value=""> <input type="radio" ng-model="appInstall.accessRestrictionOption" value="any">
Every Cloudron user Every Cloudron user
</label> </label>
</div> </div>
<div class="radio"> <div class="radio">
<label> <label>
<input type="radio" ng-model="appInstall.accessRestrictionOption" value="restricted" ng-disabled="groups.length <= 1"> <input type="radio" ng-model="appInstall.accessRestrictionOption" value="groups" ng-disabled="groups.length <= 1">
Restrict to groups Restrict to groups
</label> </label>
</div> </div>
<div ng-show="groups.length <= 1">No groups available. Create groups to restrict access to them first.</div> <div ng-show="groups.length <= 1">No groups available. Create groups to restrict access to them first.</div>
<div class="has-error" ng-show="appInstall.accessRestrictionOption !== '' && !appInstall.isAccessRestrictionValid()">Select at least one group</div> <div class="has-error" ng-show="appInstall.accessRestrictionOption === 'groups' && !appInstall.isAccessRestrictionValid()">Select at least one group</div>
<div> <div>
<div> <div>
<span ng-repeat="group in groups | ignoreAdminGroup"> <span ng-repeat="group in groups | ignoreAdminGroup">
<button class="btn btn-default" type="button" ng-disabled="appInstall.accessRestrictionOption === ''" ng-click="appInstall.toggleGroup(group);" ng-class="{ 'btn-primary': (appInstall.accessRestriction.groups && appInstall.accessRestriction.groups.indexOf(group.id) !== -1) }">{{ group.name }}</button> <button class="btn btn-default" type="button" ng-disabled="appInstall.accessRestrictionOption !== 'groups'" ng-click="appInstall.toggleGroup(group);" ng-class="{ 'btn-primary': (appInstall.accessRestriction.groups && appInstall.accessRestriction.groups.indexOf(group.id) !== -1) }">{{ group.name }}</button>
</span> </span>
</div> </div>
</div> </div>
<div class="radio" ng-show="appInstall.needsOAuthProxy">
<label>
<input type="radio" ng-model="appInstall.accessRestrictionOption" value="unrestricted">
Unrestricted
</label>
</div>
</div> </div>
<br/> <br/>
webadmin/src/views/appstore.js
+11 -4
View File
@@ -34,9 +34,10 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
certificateFileName: '', certificateFileName: '',
keyFile: null, keyFile: null,
keyFileName: '', keyFileName: '',
accessRestrictionOption: '', accessRestrictionOption: 'any',
accessRestriction: { users: [], groups: [] }, accessRestriction: { users: [], groups: [] },
accessRestrictionSingleUser: null, accessRestrictionSingleUser: null,
needsOAuthProxy: false,
isAccessRestrictionValid: function () { isAccessRestrictionValid: function () {
var tmp = $scope.appInstall.accessRestriction; var tmp = $scope.appInstall.accessRestriction;
@@ -63,9 +64,10 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
$scope.appInstall.certificateFileName = ''; $scope.appInstall.certificateFileName = '';
$scope.appInstall.keyFile = null; $scope.appInstall.keyFile = null;
$scope.appInstall.keyFileName = ''; $scope.appInstall.keyFileName = '';
$scope.appInstall.accessRestrictionOption = ''; $scope.appInstall.accessRestrictionOption = 'any';
$scope.appInstall.accessRestriction = { users: [], groups: [] }; $scope.appInstall.accessRestriction = { users: [], groups: [] };
$scope.appInstall.accessRestrictionSingleUser = null; $scope.appInstall.accessRestrictionSingleUser = null;
$scope.appInstall.needsOAuthProxy = false;
$('#collapseInstallForm').collapse('hide'); $('#collapseInstallForm').collapse('hide');
$('#collapseResourceConstraint').collapse('hide'); $('#collapseResourceConstraint').collapse('hide');
@@ -104,10 +106,14 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
$scope.appInstall.portBindingsInfo = $scope.appInstall.app.manifest.tcpPorts || {}; // Portbinding map only for information $scope.appInstall.portBindingsInfo = $scope.appInstall.app.manifest.tcpPorts || {}; // Portbinding map only for information
$scope.appInstall.portBindings = {}; // This is the actual model holding the env:port pair $scope.appInstall.portBindings = {}; // This is the actual model holding the env:port pair
$scope.appInstall.portBindingsEnabled = {}; // This is the actual model holding the enabled/disabled flag $scope.appInstall.portBindingsEnabled = {}; // This is the actual model holding the enabled/disabled flag
$scope.appInstall.accessRestrictionOption = app.accessRestriction ? 'restricted' : ''; $scope.appInstall.accessRestrictionOption = app.accessRestriction ? 'groups' : 'any';
$scope.appInstall.accessRestriction = app.accessRestriction || { users: [], groups: [] }; $scope.appInstall.accessRestriction = app.accessRestriction || { users: [], groups: [] };
$scope.appInstall.accessRestrictionSingleUser = null; $scope.appInstall.accessRestrictionSingleUser = null;
var manifest = app.manifest;
$scope.appInstall.needsOAuthProxy = !(manifest.addons['ldap'] || manifest.addons['oauth'] || manifest.addons['simpleauth']);
$scope.appInstall.accessRestrictionOption = 'any';
// set default ports // set default ports
for (var env in $scope.appInstall.app.manifest.tcpPorts) { for (var env in $scope.appInstall.app.manifest.tcpPorts) {
$scope.appInstall.portBindings[env] = $scope.appInstall.app.manifest.tcpPorts[env].defaultValue || 0; $scope.appInstall.portBindings[env] = $scope.appInstall.app.manifest.tcpPorts[env].defaultValue || 0;
@@ -134,7 +140,7 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
// translate to accessRestriction object // translate to accessRestriction object
var accessRestriction = $scope.appInstall.app.manifest.singleUser ? { var accessRestriction = $scope.appInstall.app.manifest.singleUser ? {
users: [ $scope.appInstall.accessRestrictionSingleUser.id ] users: [ $scope.appInstall.accessRestrictionSingleUser.id ]
} : (!$scope.appInstall.accessRestrictionOption ? null : $scope.appInstall.accessRestriction); } : ($scope.appInstall.accessRestrictionOption === 'groups' ? $scope.appInstall.accessRestriction : null);
var data = { var data = {
location: $scope.appInstall.location || '', location: $scope.appInstall.location || '',
@@ -142,6 +148,7 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
accessRestriction: accessRestriction, accessRestriction: accessRestriction,
cert: $scope.appInstall.certificateFile, cert: $scope.appInstall.certificateFile,
key: $scope.appInstall.keyFile, key: $scope.appInstall.keyFile,
oauthProxy: $scope.appInstall.needsOAuthProxy && ($scope.appInstall.app.manifest.singleUser || $scope.appInstall.accessRestrictionOption !== 'unrestricted')
}; };
Client.installApp($scope.appInstall.app.id, $scope.appInstall.app.manifest, $scope.appInstall.app.title, data, function (error) { Client.installApp($scope.appInstall.app.id, $scope.appInstall.app.manifest, $scope.appInstall.app.title, data, function (error) {