From dc3d5411a7bd2afd84ed5d4b8f1e86a48f0fc962 Mon Sep 17 00:00:00 2001 From: Yoshie Muranaka Date: Fri, 17 Apr 2020 09:39:41 -0700 Subject: Add LDAP role groups table Adds ability to add, edit, and delete RemoteRoleMapping objects from the GUI. Role group table functionality includes sort, single row edit and delete, and batch delete. Signed-off-by: Yoshie Muranaka Change-Id: Id9168c90b78a6f4090ab0ab3e37e74b8cd821d54 --- src/store/modules/AccessControl/LdapStore.js | 117 +++++++++++++++++++++++++-- 1 file changed, 112 insertions(+), 5 deletions(-) (limited to 'src/store') diff --git a/src/store/modules/AccessControl/LdapStore.js b/src/store/modules/AccessControl/LdapStore.js index 54fbbccd..7b5d853d 100644 --- a/src/store/modules/AccessControl/LdapStore.js +++ b/src/store/modules/AccessControl/LdapStore.js @@ -1,5 +1,6 @@ import api from '@/store/api'; import i18n from '@/i18n'; +import { find } from 'lodash'; const LdapStore = { namespaced: true, @@ -11,7 +12,8 @@ const LdapStore = { bindDn: null, baseDn: null, userAttribute: null, - groupsAttribute: null + groupsAttribute: null, + roleGroups: [] }, activeDirectory: { serviceEnabled: null, @@ -19,13 +21,23 @@ const LdapStore = { bindDn: null, baseDn: null, userAttribute: null, - groupsAttribute: null + groupsAttribute: null, + roleGroups: [] } }, getters: { isServiceEnabled: state => state.isServiceEnabled, ldap: state => state.ldap, - activeDirectory: state => state.activeDirectory + activeDirectory: state => state.activeDirectory, + isActiveDirectoryEnabled: state => { + return state.activeDirectory.serviceEnabled; + }, + enabledRoleGroups: (state, getters) => { + const serviceType = getters.isActiveDirectoryEnabled + ? 'activeDirectory' + : 'ldap'; + return state[serviceType].roleGroups; + } }, mutations: { setServiceEnabled: (state, serviceEnabled) => @@ -36,7 +48,8 @@ const LdapStore = { ServiceEnabled, ServiceAddresses, Authentication = {}, - LDAPService: { SearchSettings = {} } = {} + LDAPService: { SearchSettings = {} } = {}, + RemoteRoleMapping = [] } ) => { state.ldap.serviceAddress = ServiceAddresses[0]; @@ -45,6 +58,7 @@ const LdapStore = { state.ldap.bindDn = Authentication.Username; state.ldap.userAttribute = SearchSettings.UsernameAttribute; state.ldap.groupsAttribute = SearchSettings.GroupsAttribute; + state.ldap.roleGroups = RemoteRoleMapping; }, setActiveDirectoryProperties: ( state, @@ -52,7 +66,8 @@ const LdapStore = { ServiceEnabled, ServiceAddresses, Authentication = {}, - LDAPService: { SearchSettings = {} } = {} + LDAPService: { SearchSettings = {} } = {}, + RemoteRoleMapping = [] } ) => { state.activeDirectory.serviceEnabled = ServiceEnabled; @@ -61,6 +76,7 @@ const LdapStore = { state.activeDirectory.baseDn = SearchSettings.BaseDistinguishedNames[0]; state.activeDirectory.userAttribute = SearchSettings.UsernameAttribute; state.activeDirectory.groupsAttribute = SearchSettings.GroupsAttribute; + state.activeDirectory.roleGroups = RemoteRoleMapping; } }, actions: { @@ -149,6 +165,97 @@ const LdapStore = { } else { return await dispatch('saveLdapSettings', data); } + }, + async addNewRoleGroup( + { dispatch, getters }, + { groupName, groupPrivilege } + ) { + const data = {}; + const enabledRoleGroups = getters['enabledRoleGroups']; + const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled']; + const RemoteRoleMapping = [ + ...enabledRoleGroups, + { + LocalRole: groupPrivilege, + RemoteGroup: groupName + } + ]; + if (isActiveDirectoryEnabled) { + data.ActiveDirectory = { RemoteRoleMapping }; + } else { + data.LDAP = { RemoteRoleMapping }; + } + return await api + .patch('/redfish/v1/AccountService', data) + .then(() => dispatch('getAccountSettings')) + .then(() => + i18n.t('pageLdap.toast.successAddRoleGroup', { + groupName + }) + ) + .catch(error => { + console.log(error); + throw new Error(i18n.t('pageLdap.toast.errorAddRoleGroup')); + }); + }, + async saveRoleGroup({ dispatch, getters }, { groupName, groupPrivilege }) { + const data = {}; + const enabledRoleGroups = getters['enabledRoleGroups']; + const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled']; + const RemoteRoleMapping = enabledRoleGroups.map(group => { + if (group.RemoteGroup === groupName) { + return { + RemoteGroup: groupName, + LocalRole: groupPrivilege + }; + } else { + return {}; + } + }); + if (isActiveDirectoryEnabled) { + data.ActiveDirectory = { RemoteRoleMapping }; + } else { + data.LDAP = { RemoteRoleMapping }; + } + return await api + .patch('/redfish/v1/AccountService', data) + .then(() => dispatch('getAccountSettings')) + .then(() => + i18n.t('pageLdap.toast.successSaveRoleGroup', { groupName }) + ) + .catch(error => { + console.log(error); + throw new Error(i18n.t('pageLdap.toast.errorSaveRoleGroup')); + }); + }, + async deleteRoleGroup({ dispatch, getters }, { roleGroups = [] }) { + const data = {}; + const enabledRoleGroups = getters['enabledRoleGroups']; + const isActiveDirectoryEnabled = getters['isActiveDirectoryEnabled']; + const RemoteRoleMapping = enabledRoleGroups.map(group => { + if (find(roleGroups, { groupName: group.RemoteGroup })) { + return null; + } else { + return {}; + } + }); + if (isActiveDirectoryEnabled) { + data.ActiveDirectory = { RemoteRoleMapping }; + } else { + data.LDAP = { RemoteRoleMapping }; + } + return await api + .patch('/redfish/v1/AccountService', data) + .then(() => dispatch('getAccountSettings')) + .then(() => + i18n.tc('pageLdap.toast.successDeleteRoleGroup', roleGroups.length) + ) + .catch(error => { + console.log(error); + throw new Error( + i18n.tc('pageLdap.toast.errorDeleteRoleGroup', roleGroups.length) + ); + }); } } }; -- cgit v1.2.3