-
Notifications
You must be signed in to change notification settings - Fork 754
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
System: Access: migrate Users and Groups to MVC/API #8046
base: master
Are you sure you want to change the base?
Conversation
Things I notice while testing (not complete, will be edited) /ui/auth/user
/ui/auth/groups
/ui/auth/priv
Here is a diff for the last issue:
|
55fc551
to
2399b66
Compare
Thank you. I think the main issue is not the Redirect error, its that when saving any "ID" in "System: Access: Privileges", the E.g. after saving ID
When doing this with the page-all ID, all privileges are stripped and as root you are immediately thrown out of the WebGUI. Thats what I expect from the evidence. |
@Monviech ok, this 496191c should be the cause of the redirect issue. This did trigger me about being able to update the admins group, if I'm not mistaking you could drop these in the old software as well, but when you do, you might render the root user "useless", which might be something we should guard against. |
@AdSchellevis Hey this worked, the privilege is still there after saving page-all. Really nice work thanks. |
@Monviech thanks for testing, we're getting close to something mergable :) |
@AdSchellevis I clicked some more and it happened again:
I have added the The above is the diff what happend afterwards. Adding and removing the admin group from any privilege ID will cause this. |
@Monviech I'll put it on my list to test this as well, sounds like we still have an issue somewhere |
496191c
to
0f5fc99
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm okay with this. Everything I tried seems to do the correct thing now.
Thank you :)
…mma separated member lists. If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g. <member>1</member> <member>12</member> will convert to: <member>1,12</member> using this commit we support both for areas where these are being read.
* add initial boilerplate * unpack `<priv/>` field on first access * unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField * add apikey grid in user management view * change isset() to !empty() for users disabled flag in backend code * move user atributes into dialog * hook PrivField type to \OPNsense\Core\ACL() * refactor Auth/API to use new User class * otp seed logic with simple api call to generate new seeds and some JS glue for the frontend * uid autonumber field * language selector using get_locale_list() via configd (cached) * add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible. * ExpiresField for custom date parsing, supporting previous input formats as well. * group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models * add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager. * add getUserPrivs() to model so we can fetch a full list of privs for a user * show user icons, long this might be less relevant * add addApiKeyAction() to create a new api key for a user (by name) * download new api key from user view * implement hashing when setting a new (or scrabled) password * use new "auth sync user" event to trigger local user db changes * in API authenticator keep createKey and dropKey as stubs to the new model implementation * prevent removal of "system" users (root) * hook ACL and Menu * add Group administration using the same logic as users * cleanup unused * add System: Access: Privileges to manage and change user and group privileges
review comments from @Monviech * "Create and Download API Key for this user" refresh apikeys bootgrid * "Users" bootgrid, add some columns * rename "Username" to "Group Name" in group edit * Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns
0f5fc99
to
544c216
Compare
Initial draft for #7904