Author: jfthomps
Date: Wed Jul 19 20:30:16 2017
New Revision: 1802429
URL: http://svn.apache.org/viewvc?rev=1802429&view=rev
Log:
VCL-277 - Add support for images to join Active Directory domains
VCL-867 - Active Directory Authentication for Windows VM's
fixed problem of having access to manage an image that has an AD Domain set
without having access to the AD Domain
addomain.php: modified submitToggleDeleteResourceExtra: clear
addomainAdmin/manageGroup when deleting an AD Domain
image.php:
-modified addEditDialogHTML: removed some logic of what fields are
enabled/disabled - a user may not have access to any AD Domains, but have
access to an image with an AD Domain set; in this case, the user needs to have
access to unset the AD Domain
-modified AJeditResource: added section pass along additional AD Domain
information, including if the user has access to the AD Domain set for the image
-modified validateResourceData: added extra logic for checking AD Domain items
image.js:
-modified inlineEditResourceCB: added logic on what should be enabled for
editing based on user's access to AD Domain items
-modified saveResourceCB: added code to remove an AD Domain option that may
have been added for a specific image when the user didn't directly have access
to that AD Domain
-modified toggleADauth: added call to selectADauth
-added selectADauth
Modified:
vcl/trunk/web/.ht-inc/addomain.php
vcl/trunk/web/.ht-inc/image.php
vcl/trunk/web/js/resources/image.js
Modified: vcl/trunk/web/.ht-inc/addomain.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1802429&r1=1802428&r2=1802429&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Wed Jul 19 20:30:16 2017
@@ -140,6 +140,12 @@ class ADdomain extends Resource {
function submitToggleDeleteResourceExtra($rscid, $deleted=0) {
$data = $this->getData(array('rscid' => $rscid));
deleteSecretKeys($data[$rscid]['secretid']);
+
+ # clear user resource cache for this type
+ $key = getKey(array(array($this->restype . "Admin"),
array("manageGroup"), 0, 1, 0, 0));
+ unset($_SESSION['userresources'][$key]);
+ $key = getKey(array(array($this->restype . "Admin"),
array("manageGroup"), 0, 0, 0, 0));
+ unset($_SESSION['userresources'][$key]);
}
/////////////////////////////////////////////////////////////////////////////
Modified: vcl/trunk/web/.ht-inc/image.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/image.php?rev=1802429&r1=1802428&r2=1802429&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/image.php (original)
+++ vcl/trunk/web/.ht-inc/image.php Wed Jul 19 20:30:16 2017
@@ -454,19 +454,16 @@ class Image extends Resource {
# AD authentication
$h .= "<div class=\"boxedoptions hidden\"
id=\"imageadauthbox\">\n";
# enable toggle
- $vals = getUserResources(array('addomainAdmin'),
array("manageGroup"));
- $extra = array();
- if(count($vals['addomain']) == 0)
- $extra['disabled'] = 'true';
- $extra['onChange'] = 'toggleADauth();';
+ $extra = array('onChange' => 'toggleADauth();');
$h .= labeledFormItem('adauthenable', i('Use AD
Authentication'), 'check', '', '', '', '', '', $extra);
# AD domain
- $disabled = array('disabled' => 'true');
- $h .= labeledFormItem('addomainid', i('AD Domain'), 'select',
$vals['addomain'], '', '', '', '', $disabled);
+ $vals = getUserResources(array('addomainAdmin'),
array("manageGroup"));
+ $extra = array('onChange' => 'selectADauth();');
+ $h .= labeledFormItem('addomainid', i('AD Domain'), 'select',
$vals['addomain'], '', '', '', '', $extra);
# base OU
$reg = '^([Oo][Uu])=[^,]+(,([Oo][Uu])=[^,]+)*$';
$errmsg = i("Invalid base OU; do not include DC components");
- $h .= labeledFormItem('baseou', i('Base OU'), 'text', $reg, 0,
'', $errmsg, '', $disabled, '230px', helpIcon('baseouhelp'));
+ $h .= labeledFormItem('baseou', i('Base OU'), 'text', $reg, 0,
'', $errmsg, '', '', '230px', helpIcon('baseouhelp'));
$h .= "</div>\n"; # boxedoptions
# subimages
@@ -678,6 +675,7 @@ class Image extends Resource {
///
/////////////////////////////////////////////////////////////////////////////
function AJeditResource() {
+ global $user;
$imageid = processInputVar('rscid', ARG_NUMERIC);
$images = getUserResources(array("imageAdmin"),
array('administer'), 0, 1);
if(! array_key_exists($imageid, $images['image'])) {
@@ -697,6 +695,28 @@ class Image extends Resource {
if($data['minram'] < 512)
$data['minram'] = 512;
+ # addomain
+ $cdata['addomainvals'] = array();
+ if(in_array("addomainAdmin", $user["privileges"])) {
+ $vals = getUserResources(array('addomainAdmin'),
array("manageGroup"));
+ $data['addomainvals'] = $vals['addomain'];
+ $cdata['addomainvals'] = $data['addomainvals'];
+ if(! is_null($data['addomain']) &&
+ ! in_array($data['addomain'],
$data['addomainvals'])) {
+ $data['addomainvals'][$data['addomainid']] =
$data['addomain'];
+ $data['extraaddomainid'] = $data['addomainid'];
+ $data['extraaddomainou'] = $data['baseOU'];
+ $cdata['extraaddomainid'] = $data['addomainid'];
+ $cdata['extraaddomainou'] = $data['baseOU'];
+ }
+ }
+ elseif(! is_null($data['addomain'])) {
+ $data['addomainvals'][$data['addomainid']] =
$data['addomain'];
+ $data['extraaddomainid'] = $data['addomainid'];
+ $data['extraaddomainou'] = $data['baseOU'];
+ $cdata['extraaddomainid'] = $data['addomainid'];
+ }
+
# revisions
$data['revisionHTML'] = $this->getRevisionHTML($imageid);
@@ -1728,12 +1748,20 @@ class Image extends Resource {
if($return['adauthenabled'] != 0 && $return['adauthenabled'] !=
1)
$return['adauthenabled'] = 0;
if($return['adauthenabled'] == 1) {
- $vals = getUserResources(array('addomainAdmin'),
array("manageGroup"));
- if(! array_key_exists($return['addomainid'],
$vals['addomain'])) {
+ $vals = getContinuationVar('addomainvals');
+ $extraaddomainid =
getContinuationVar('extraaddomainid', 0);
+ $extraaddomainou =
getContinuationVar('extraaddomainou', '');
+ if(! array_key_exists($return['addomainid'], $vals) &&
+ $return['addomainid'] != $extraaddomainid) {
$return['error'] = 1;
$errormsg[] = i("Invalid AD Domain submitted");
}
- if(!
preg_match('/^([Oo][Uu])=[^,]+(,([Oo][Uu])=[^,]+)*$/', $return['baseou'])) {
+ if($extraaddomainid && $return['addomainid'] ==
$extraaddomainid &&
+ $return['baseou'] != $extraaddomainou) {
+ $return['error'] = 1;
+ $errormsg[] = i("Base OU cannot be changed for
the selected AD Domain");
+ }
+ elseif(!
preg_match('/^([Oo][Uu])=[^,]+(,([Oo][Uu])=[^,]+)*$/', $return['baseou'])) {
$return['error'] = 1;
$errormsg[] = i("Invalid Base OU submitted,
must start with OU=");
}
Modified: vcl/trunk/web/js/resources/image.js
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/js/resources/image.js?rev=1802429&r1=1802428&r2=1802429&view=diff
==============================================================================
--- vcl/trunk/web/js/resources/image.js (original)
+++ vcl/trunk/web/js/resources/image.js Wed Jul 19 20:30:16 2017
@@ -75,15 +75,26 @@ function inlineEditResourceCB(data, ioAr
dijit.byId('connectmethodttd').set('href',
data.items.data.connectmethodurl);
if(data.items.data.ostype == 'windows') {
dojo.removeClass('imageadauthbox', 'hidden');
- if(data.items.data.adauthenabled) {
+ var advalcnt =
Object.keys(data.items.data.addomainvals).length;
+ if(data.items.data.addomainid != null) {
dijit.byId('adauthenable').set('checked', true);
+ if('extraaddomainid' in data.items.data) {
+ var option = {value:
data.items.data.extraaddomainid, label: data.items.data.addomain};
+
dijit.byId('addomainid').addOption([option]);
+
dijit.byId('addomainid').extraaddomainid = data.items.data.extraaddomainid;
+
dijit.byId('addomainid').extraaddomainou = data.items.data.extraaddomainou;
+ }
dijit.byId('addomainid').set('value',
data.items.data.addomainid);
dijit.byId('baseou').set('value',
data.items.data.baseOU);
+ if(advalcnt == 1 && ('extraaddomainid' in
data.items.data))
+ dijit.byId('baseou').set('disabled',
true);
}
else {
dijit.byId('adauthenable').set('checked',
false);
dijit.byId('addomainid').reset();
dijit.byId('baseou').reset();
+ if(advalcnt == 0)
+
dijit.byId('adauthenable').set('disabled', true);
}
}
else {
@@ -359,6 +370,11 @@ function saveResourceCB(data, ioArgs) {
dijit.byId('reload').reset();
dijit.byId('addeditdlg').hide();
dojo.byId('addeditdlgerrmsg').innerHTML = '';
+ if('extraaddomainid' in dijit.byId('addomainid')) {
+ dijit.byId('addomainid').removeOption({value:
dijit.byId('addomainid').extraaddomainid});
+ delete dijit.byId('addomainid').extraaddomainid;
+ delete dijit.byId('addomainid').extraaddomainou;
+ }
dijit.registry.filter(function(widget, index){return
widget.id.match(/^comments/);}).forEach(function(widget) {widget.destroy();});
setTimeout(function() {dijit.byId('addeditbtn').set('disabled',
false);}, 250);
}
@@ -825,4 +841,16 @@ function toggleADauth() {
dijit.byId('addomainid').set('disabled', true);
dijit.byId('baseou').set('disabled', true);
}
+ selectADauth();
+}
+
+function selectADauth() {
+ var obj = dijit.byId('addomainid');
+ if('extraaddomainid' in obj && obj.get('value') == obj.extraaddomainid)
{
+ dijit.byId('baseou').set('value', obj.extraaddomainou);
+ dijit.byId('baseou').set('disabled', true);
+ }
+ else if(dijit.byId('adauthenable').checked) {
+ dijit.byId('baseou').set('disabled', false);
+ }
}
