Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI
On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 ACK functionally, everything works for me. I wonder if you could make UI a bit smarter and prevent enable/disable actions for the forest root trusted domain. Right now selecting it for 'disable' will show you an error telling that disabling root domain is not possible. Some enhancement could be done in this area. Similar issue is also present when enabling/disabling already enabled/disabled items (not just in trusted domains but also in users, HBAC and SUDO rules... pages). But what should be the ideal behavior? We must take into considerations facts as follows: - button which executes the action is enabled/disabled based on user selection - user can select multiple items - some of those items are suitable for the action (e.g., disabled items for enable action), some not (disabled for disable). - backend will tell us what succeeded and what not Current behavior: - action button is enabled when user selects any item - after action execution, user is told, if some or all items were not suitable (the action was not performed for them). If server behaves correctly this UI behavior should not cause any harm. Some possible enhancements are: 1. Do not enable action button if all selected items are not suitable for the action. If some are suitable, continue with current behavior 2. If some of selected items are not suitable, show a warning dialog which will list items for which the action will be executed and items for which it won't be. After confirmation, request will be sent only with suitable items. 3. Do not enable action button if some selected item is not suitable. #1 and #2 can be combined. I'm not a fan of #3; sounds more like a drawback. Do you have something similar in mind? Anyway I don't think this is a material for IPA 3.3. If you agree, I will open a new ticket and also ask Kyle for his option on this topic. -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI
On Tue, 21 Jan 2014, Petr Vobornik wrote: On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 ACK functionally, everything works for me. I wonder if you could make UI a bit smarter and prevent enable/disable actions for the forest root trusted domain. Right now selecting it for 'disable' will show you an error telling that disabling root domain is not possible. Some enhancement could be done in this area. Similar issue is also present when enabling/disabling already enabled/disabled items (not just in trusted domains but also in users, HBAC and SUDO rules... pages). But what should be the ideal behavior? We must take into considerations facts as follows: - button which executes the action is enabled/disabled based on user selection - user can select multiple items - some of those items are suitable for the action (e.g., disabled items for enable action), some not (disabled for disable). - backend will tell us what succeeded and what not Current behavior: - action button is enabled when user selects any item - after action execution, user is told, if some or all items were not suitable (the action was not performed for them). If server behaves correctly this UI behavior should not cause any harm. Some possible enhancements are: 1. Do not enable action button if all selected items are not suitable for the action. If some are suitable, continue with current behavior 2. If some of selected items are not suitable, show a warning dialog which will list items for which the action will be executed and items for which it won't be. After confirmation, request will be sent only with suitable items. 3. Do not enable action button if some selected item is not suitable. #1 and #2 can be combined. I'm not a fan of #3; sounds more like a drawback. Do you have something similar in mind? #1 and #2 would require either embedding knowledge about specific items in Web UI or extending metadata we have about commands. In both cases it looks a bit weird as it is not a metadata per se. I'm not even sure we can maintain it properly in all cases. Anyway I don't think this is a material for IPA 3.3. If you agree, I will open a new ticket and also ask Kyle for his option on this topic. Yes, it is something for future but given options you presented I don't see much future in it... -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI
On 01/21/2014 10:43 AM, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Petr Vobornik wrote: On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 ACK functionally, everything works for me. I wonder if you could make UI a bit smarter and prevent enable/disable actions for the forest root trusted domain. Right now selecting it for 'disable' will show you an error telling that disabling root domain is not possible. Some enhancement could be done in this area. Similar issue is also present when enabling/disabling already enabled/disabled items (not just in trusted domains but also in users, HBAC and SUDO rules... pages). But what should be the ideal behavior? We must take into considerations facts as follows: - button which executes the action is enabled/disabled based on user selection - user can select multiple items - some of those items are suitable for the action (e.g., disabled items for enable action), some not (disabled for disable). - backend will tell us what succeeded and what not Current behavior: - action button is enabled when user selects any item - after action execution, user is told, if some or all items were not suitable (the action was not performed for them). If server behaves correctly this UI behavior should not cause any harm. Some possible enhancements are: 1. Do not enable action button if all selected items are not suitable for the action. If some are suitable, continue with current behavior 2. If some of selected items are not suitable, show a warning dialog which will list items for which the action will be executed and items for which it won't be. After confirmation, request will be sent only with suitable items. 3. Do not enable action button if some selected item is not suitable. #1 and #2 can be combined. I'm not a fan of #3; sounds more like a drawback. Do you have something similar in mind? #1 and #2 would require either embedding knowledge about specific items in Web UI or extending metadata we have about commands. In both cases it looks a bit weird as it is not a metadata per se. I'm not even sure we can maintain it properly in all cases. Anyway I don't think this is a material for IPA 3.3. If you agree, I will open a new ticket and also ask Kyle for his option on this topic. Yes, it is something for future but given options you presented I don't see much future in it... Ok. I pushed Petr's patch to master, ipa-3-3. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI
On 21.1.2014 10:43, Alexander Bokovoy wrote: On Tue, 21 Jan 2014, Petr Vobornik wrote: On 20.1.2014 18:01, Alexander Bokovoy wrote: On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 ACK functionally, everything works for me. I wonder if you could make UI a bit smarter and prevent enable/disable actions for the forest root trusted domain. Right now selecting it for 'disable' will show you an error telling that disabling root domain is not possible. Some enhancement could be done in this area. Similar issue is also present when enabling/disabling already enabled/disabled items (not just in trusted domains but also in users, HBAC and SUDO rules... pages). But what should be the ideal behavior? We must take into considerations facts as follows: - button which executes the action is enabled/disabled based on user selection - user can select multiple items - some of those items are suitable for the action (e.g., disabled items for enable action), some not (disabled for disable). - backend will tell us what succeeded and what not Current behavior: - action button is enabled when user selects any item - after action execution, user is told, if some or all items were not suitable (the action was not performed for them). If server behaves correctly this UI behavior should not cause any harm. Some possible enhancements are: 1. Do not enable action button if all selected items are not suitable for the action. If some are suitable, continue with current behavior 2. If some of selected items are not suitable, show a warning dialog which will list items for which the action will be executed and items for which it won't be. After confirmation, request will be sent only with suitable items. 3. Do not enable action button if some selected item is not suitable. #1 and #2 can be combined. I'm not a fan of #3; sounds more like a drawback. Do you have something similar in mind? #1 and #2 would require either embedding knowledge about specific items in Web UI or extending metadata we have about commands. In both cases it looks a bit weird as it is not a metadata per se. I'm not even sure we can maintain it properly in all cases. Anyway I don't think this is a material for IPA 3.3. If you agree, I will open a new ticket and also ask Kyle for his option on this topic. Yes, it is something for future but given options you presented I don't see much future in it... It's feasible. For standard enable/disable it could more or less declarative. The root domain case will require more embedding of specific logic. I guess it's OK, not everything can/should be driven by metadata. Anyway here's a ticket https://fedorahosted.org/freeipa/ticket/4129 (beer exchange candidate) -- Petr Vobornik ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 543 Trust domains Web UI
On Fri, 17 Jan 2014, Petr Vobornik wrote: Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 ACK functionally, everything works for me. I wonder if you could make UI a bit smarter and prevent enable/disable actions for the forest root trusted domain. Right now selecting it for 'disable' will show you an error telling that disabling root domain is not possible. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 543 Trust domains Web UI
Note: this version of the patch is especially prepared for ipa-3-3 branch. Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 -- Petr Vobornik From 152aaf52f7daaf50ae44a4761849603756c186d1 Mon Sep 17 00:00:00 2001 From: Petr Vobornik pvobo...@redhat.com Date: Wed, 15 Jan 2014 18:01:02 +0100 Subject: [PATCH] Trust domains Web UI Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119 --- install/ui/src/freeipa/search.js | 11 +++--- install/ui/src/freeipa/trust.js| 68 ++ install/ui/test/data/ipa_init.json | 1 + ipalib/plugins/internal.py | 1 + 4 files changed, 77 insertions(+), 4 deletions(-) diff --git a/install/ui/src/freeipa/search.js b/install/ui/src/freeipa/search.js index c2e678a35e7d7d5179c1b766eea88599710593c3..3f7fdf9b1e6716c73e0657dc678abe332f6fc8c0 100644 --- a/install/ui/src/freeipa/search.js +++ b/install/ui/src/freeipa/search.js @@ -470,20 +470,23 @@ IPA.batch_items_action = function(spec) { that.execute_action = function(facet, on_success, on_error) { var entity = facet.managed_entity; -var pkeys = facet.get_selected_values(); +var selected_keys = facet.get_selected_values(); +var pkeys = facet.get_pkeys(); +if (!pkeys[0]) pkeys = []; // correction for search facet that.batch = IPA.batch_command({ name: entity.name + '_batch_'+ that.method, on_success: that.get_on_success(facet, on_success) }); -for (var i=0; ipkeys.length; i++) { -var pkey = pkeys[i]; +for (var i=0; iselected_keys.length; i++) { +var item_keys = pkeys.splice(0); +item_keys.push(selected_keys[i]); var command = IPA.command({ entity: entity.name, method: that.method, -args: [pkey] +args: item_keys }); that.batch.add_command(command); diff --git a/install/ui/src/freeipa/trust.js b/install/ui/src/freeipa/trust.js index 2653d3e67c2c5591f000e32c43a3a5878eef28fd..51f2000b47fd7943cb9a200c9bec7ebd3459178a 100644 --- a/install/ui/src/freeipa/trust.js +++ b/install/ui/src/freeipa/trust.js @@ -48,6 +48,7 @@ return { dest_facet: 'search' } ], +facet_groups: [ 'settings', 'trustdomain' ], facets: [ { $type: 'search', @@ -56,6 +57,63 @@ return { ] }, { +$type: 'nested_search', +$pre_ops: [ +// trustdomain-add is hidden, remove add button +{ $del: [[ 'control_buttons', [{ name: 'add'}] ]] } +], +nested_entity: 'trustdomain', +facet_group: 'trustdomain', +name: 'domains', +label: '@mo:trustdomain.label', +tab_label: '@mo:trustdomain.label', +search_all_entries: true, +actions: [ +{ +$type: 'batch_disable' +}, +{ +$type: 'batch_enable' +}, +{ +$type: 'object', +name: 'fetch', +label: '@i18n:objects.trust.fetch_domains', +method: 'fetch_domains' +} +], +control_buttons: [ +{ +name: 'disable', +label: '@i18n:buttons.disable', +icon: 'fa-minus' +}, +{ +name: 'enable', +label: '@i18n:buttons.enable', +icon: 'fa-check' +}, +{ +name: 'fetch', +label: '@i18n:objects.trust.fetch_domains', +icon: 'fa-download' +} +], +columns: [ +{ +name: 'cn', +link: false +}, +{ +name: 'domain_enabled', +label: '@i18n:status.label', +formatter: