Enable more acl options

dashboard/src/components/AccessControl.vue

@@ -1,7 +1,9 @@
 <template>
   <div>
     <FormGroup>
-    <label>{{ $t('app.accessControl.userManagement.dashboardVisibility') }} <sup><a href="https://docs.cloudron.io/apps/#dashboard-visibility" class="help" target="_blank"><i class="fa fa-question-circle"></i></a></sup></label>
+      <label v-show="cloudronAuth && !manifest.addons.email">{{ $t('appstore.installDialog.userManagement') }} <sup><a href="https://docs.cloudron.io/apps/#access-restriction" class="help" target="_blank"><i class="fa fa-question-circle"></i></a></sup></label>
+      <label v-show="!cloudronAuth || manifest.addons.email">{{ $t('app.accessControl.userManagement.dashboardVisibility') }} <sup><a href="https://docs.cloudron.io/apps/#dashboard-visibility" class="help" target="_blank"><i class="fa fa-question-circle"></i></a></sup></label>
+      <Radiobutton v-model="accessRestrictionOption" :value="OPTIONS.NOSSO" v-if="optionalSso" :label="$t('appstore.installDialog.userManagementLeaveToApp')"/>
       <Radiobutton v-model="accessRestrictionOption" :value="OPTIONS.ANY" :label="$t('app.accessControl.userManagement.visibleForAllUsers')"/>
       <Radiobutton v-model="accessRestrictionOption" :value="OPTIONS.RESTRICT" :label="$t('app.accessControl.userManagement.visibleForSelected')"/>
     </FormGroup>
@@ -21,7 +23,7 @@
 
 <script setup>
 
-import { ref, onMounted, watch } from 'vue';
+import { ref, reactive, onMounted, watch } from 'vue';
 import { FormGroup, Radiobutton, MultiSelect } from 'pankow';
 import UsersModel from '../models/UsersModel.js';
 import GroupsModel from '../models/GroupsModel.js';
@@ -31,20 +33,42 @@ const API_ORIGIN = import.meta.env.VITE_API_ORIGIN ? import.meta.env.VITE_API_OR
 const OPTIONS = Object.freeze({
   ANY: 'any',
   RESTRICTED: 'restricted',
+  NOSSO: 'nosso',
 });
 
 const usersModel = UsersModel.create(API_ORIGIN, localStorage.token);
 const groupsModel = GroupsModel.create(API_ORIGIN, localStorage.token);
 
+const props = defineProps([ 'manifest', 'error' ]);
+
 const accessRestrictionOption = ref(OPTIONS.ANY);
-const accessRestriction = ref({ users: [], groups: [] });
+const accessRestriction = reactive({ users: [], groups: [] });
 const users = ref([]);
 const groups = ref([]);
 const model = defineModel({ type: Object });
 
+const optionalSso = !!props.manifest.optionalSso;
+const cloudronAuth = (props.manifest.addons['ldap'] || props.manifest.addons['oidc'] || props.manifest.addons['proxyAuth']);
+
+function updateModelValue(option, userGroups) {
+  if (option === OPTIONS.ANY) {
+    model.value = true;
+  } else if (option === OPTIONS.NOSSO) {
+    model.value = false;
+  } else {
+    model.value = {
+      users: userGroups.users.map(u => u.id),
+      groups: userGroups.groups.map(g => g.id),
+    };
+  }
+}
+
 watch(accessRestrictionOption, (value) => {
-  if (value === OPTIONS.ANY) model.value = null;
-  else model.value = accessRestriction.value;
+  updateModelValue(value, accessRestrictionOption);
+});
+
+watch(accessRestriction, (value) => {
+  updateModelValue(accessRestrictionOption.value, value);
 });
 
 onMounted(async () => {