System: Access: migrate Users and Groups to MVC/API #8046
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Things I notice while testing (not complete, will be edited) /ui/auth/user
/ui/auth/groups
/ui/auth/priv
Here is a diff for the last issue: |
AdSchellevis
force-pushed
the
fr7904_usermanagement
branch
from
55fc551
to
2399b66
Compare
AdSchellevis
added a commit
that referenced
this pull request
Nov 13, 2024
|
Thank you. I think the main issue is not the Redirect error, its that when saving any "ID" in "System: Access: Privileges", the E.g. after saving ID When doing this with the page-all ID, all privileges are stripped and as root you are immediately thrown out of the WebGUI. Thats what I expect from the evidence. |
|
@Monviech ok, this 496191c should be the cause of the redirect issue. This did trigger me about being able to update the admins group, if I'm not mistaking you could drop these in the old software as well, but when you do, you might render the root user "useless", which might be something we should guard against. |
|
@AdSchellevis Hey this worked, the privilege is still there after saving page-all. Really nice work thanks. |
|
@Monviech thanks for testing, we're getting close to something mergable :) |
|
@AdSchellevis I clicked some more and it happened again: I have added the The above is the diff what happend afterwards. Adding and removing the admin group from any privilege ID will cause this. |
|
@Monviech I'll put it on my list to test this as well, sounds like we still have an issue somewhere |
|
I'll force push the change, stupid me: |
AdSchellevis
added a commit
that referenced
this pull request
Nov 13, 2024
AdSchellevis
force-pushed
the
fr7904_usermanagement
branch
from
496191c
to
0f5fc99
Compare
Monviech
approved these changes
Nov 14, 2024
…mma separated member lists. If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g. <member>1</member> <member>12</member> will convert to: <member>1,12</member> using this commit we support both for areas where these are being read.
* add initial boilerplate * unpack `<priv/>` field on first access * unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField * add apikey grid in user management view * change isset() to !empty() for users disabled flag in backend code * move user atributes into dialog * hook PrivField type to \OPNsense\Core\ACL() * refactor Auth/API to use new User class * otp seed logic with simple api call to generate new seeds and some JS glue for the frontend * uid autonumber field * language selector using get_locale_list() via configd (cached) * add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible. * ExpiresField for custom date parsing, supporting previous input formats as well. * group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models * add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager. * add getUserPrivs() to model so we can fetch a full list of privs for a user * show user icons, long this might be less relevant * add addApiKeyAction() to create a new api key for a user (by name) * download new api key from user view * implement hashing when setting a new (or scrabled) password * use new "auth sync user" event to trigger local user db changes * in API authenticator keep createKey and dropKey as stubs to the new model implementation * prevent removal of "system" users (root) * hook ACL and Menu * add Group administration using the same logic as users * cleanup unused * add System: Access: Privileges to manage and change user and group privileges
review comments from @Monviech * "Create and Download API Key for this user" refresh apikeys bootgrid * "Users" bootgrid, add some columns * rename "Username" to "Group Name" in group edit * Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns
AdSchellevis
force-pushed
the
fr7904_usermanagement
branch
from
0f5fc99
to
544c216
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Initial draft for #7904