Author: jfthomps Date: Wed Jul 19 20:30:16 2017 New Revision: 1802429 URL: http://svn.apache.org/viewvc?rev=1802429&view=rev Log: VCL-277 - Add support for images to join Active Directory domains VCL-867 - Active Directory Authentication for Windows VM's
fixed problem of having access to manage an image that has an AD Domain set without having access to the AD Domain addomain.php: modified submitToggleDeleteResourceExtra: clear addomainAdmin/manageGroup when deleting an AD Domain image.php: -modified addEditDialogHTML: removed some logic of what fields are enabled/disabled - a user may not have access to any AD Domains, but have access to an image with an AD Domain set; in this case, the user needs to have access to unset the AD Domain -modified AJeditResource: added section pass along additional AD Domain information, including if the user has access to the AD Domain set for the image -modified validateResourceData: added extra logic for checking AD Domain items image.js: -modified inlineEditResourceCB: added logic on what should be enabled for editing based on user's access to AD Domain items -modified saveResourceCB: added code to remove an AD Domain option that may have been added for a specific image when the user didn't directly have access to that AD Domain -modified toggleADauth: added call to selectADauth -added selectADauth Modified: vcl/trunk/web/.ht-inc/addomain.php vcl/trunk/web/.ht-inc/image.php vcl/trunk/web/js/resources/image.js Modified: vcl/trunk/web/.ht-inc/addomain.php URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1802429&r1=1802428&r2=1802429&view=diff ============================================================================== --- vcl/trunk/web/.ht-inc/addomain.php (original) +++ vcl/trunk/web/.ht-inc/addomain.php Wed Jul 19 20:30:16 2017 @@ -140,6 +140,12 @@ class ADdomain extends Resource { function submitToggleDeleteResourceExtra($rscid, $deleted=0) { $data = $this->getData(array('rscid' => $rscid)); deleteSecretKeys($data[$rscid]['secretid']); + + # clear user resource cache for this type + $key = getKey(array(array($this->restype . "Admin"), array("manageGroup"), 0, 1, 0, 0)); + unset($_SESSION['userresources'][$key]); + $key = getKey(array(array($this->restype . "Admin"), array("manageGroup"), 0, 0, 0, 0)); + unset($_SESSION['userresources'][$key]); } ///////////////////////////////////////////////////////////////////////////// Modified: vcl/trunk/web/.ht-inc/image.php URL: http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/image.php?rev=1802429&r1=1802428&r2=1802429&view=diff ============================================================================== --- vcl/trunk/web/.ht-inc/image.php (original) +++ vcl/trunk/web/.ht-inc/image.php Wed Jul 19 20:30:16 2017 @@ -454,19 +454,16 @@ class Image extends Resource { # AD authentication $h .= "<div class=\"boxedoptions hidden\" id=\"imageadauthbox\">\n"; # enable toggle - $vals = getUserResources(array('addomainAdmin'), array("manageGroup")); - $extra = array(); - if(count($vals['addomain']) == 0) - $extra['disabled'] = 'true'; - $extra['onChange'] = 'toggleADauth();'; + $extra = array('onChange' => 'toggleADauth();'); $h .= labeledFormItem('adauthenable', i('Use AD Authentication'), 'check', '', '', '', '', '', $extra); # AD domain - $disabled = array('disabled' => 'true'); - $h .= labeledFormItem('addomainid', i('AD Domain'), 'select', $vals['addomain'], '', '', '', '', $disabled); + $vals = getUserResources(array('addomainAdmin'), array("manageGroup")); + $extra = array('onChange' => 'selectADauth();'); + $h .= labeledFormItem('addomainid', i('AD Domain'), 'select', $vals['addomain'], '', '', '', '', $extra); # base OU $reg = '^([Oo][Uu])=[^,]+(,([Oo][Uu])=[^,]+)*$'; $errmsg = i("Invalid base OU; do not include DC components"); - $h .= labeledFormItem('baseou', i('Base OU'), 'text', $reg, 0, '', $errmsg, '', $disabled, '230px', helpIcon('baseouhelp')); + $h .= labeledFormItem('baseou', i('Base OU'), 'text', $reg, 0, '', $errmsg, '', '', '230px', helpIcon('baseouhelp')); $h .= "</div>\n"; # boxedoptions # subimages @@ -678,6 +675,7 @@ class Image extends Resource { /// ///////////////////////////////////////////////////////////////////////////// function AJeditResource() { + global $user; $imageid = processInputVar('rscid', ARG_NUMERIC); $images = getUserResources(array("imageAdmin"), array('administer'), 0, 1); if(! array_key_exists($imageid, $images['image'])) { @@ -697,6 +695,28 @@ class Image extends Resource { if($data['minram'] < 512) $data['minram'] = 512; + # addomain + $cdata['addomainvals'] = array(); + if(in_array("addomainAdmin", $user["privileges"])) { + $vals = getUserResources(array('addomainAdmin'), array("manageGroup")); + $data['addomainvals'] = $vals['addomain']; + $cdata['addomainvals'] = $data['addomainvals']; + if(! is_null($data['addomain']) && + ! in_array($data['addomain'], $data['addomainvals'])) { + $data['addomainvals'][$data['addomainid']] = $data['addomain']; + $data['extraaddomainid'] = $data['addomainid']; + $data['extraaddomainou'] = $data['baseOU']; + $cdata['extraaddomainid'] = $data['addomainid']; + $cdata['extraaddomainou'] = $data['baseOU']; + } + } + elseif(! is_null($data['addomain'])) { + $data['addomainvals'][$data['addomainid']] = $data['addomain']; + $data['extraaddomainid'] = $data['addomainid']; + $data['extraaddomainou'] = $data['baseOU']; + $cdata['extraaddomainid'] = $data['addomainid']; + } + # revisions $data['revisionHTML'] = $this->getRevisionHTML($imageid); @@ -1728,12 +1748,20 @@ class Image extends Resource { if($return['adauthenabled'] != 0 && $return['adauthenabled'] != 1) $return['adauthenabled'] = 0; if($return['adauthenabled'] == 1) { - $vals = getUserResources(array('addomainAdmin'), array("manageGroup")); - if(! array_key_exists($return['addomainid'], $vals['addomain'])) { + $vals = getContinuationVar('addomainvals'); + $extraaddomainid = getContinuationVar('extraaddomainid', 0); + $extraaddomainou = getContinuationVar('extraaddomainou', ''); + if(! array_key_exists($return['addomainid'], $vals) && + $return['addomainid'] != $extraaddomainid) { $return['error'] = 1; $errormsg[] = i("Invalid AD Domain submitted"); } - if(! preg_match('/^([Oo][Uu])=[^,]+(,([Oo][Uu])=[^,]+)*$/', $return['baseou'])) { + if($extraaddomainid && $return['addomainid'] == $extraaddomainid && + $return['baseou'] != $extraaddomainou) { + $return['error'] = 1; + $errormsg[] = i("Base OU cannot be changed for the selected AD Domain"); + } + elseif(! preg_match('/^([Oo][Uu])=[^,]+(,([Oo][Uu])=[^,]+)*$/', $return['baseou'])) { $return['error'] = 1; $errormsg[] = i("Invalid Base OU submitted, must start with OU="); } Modified: vcl/trunk/web/js/resources/image.js URL: http://svn.apache.org/viewvc/vcl/trunk/web/js/resources/image.js?rev=1802429&r1=1802428&r2=1802429&view=diff ============================================================================== --- vcl/trunk/web/js/resources/image.js (original) +++ vcl/trunk/web/js/resources/image.js Wed Jul 19 20:30:16 2017 @@ -75,15 +75,26 @@ function inlineEditResourceCB(data, ioAr dijit.byId('connectmethodttd').set('href', data.items.data.connectmethodurl); if(data.items.data.ostype == 'windows') { dojo.removeClass('imageadauthbox', 'hidden'); - if(data.items.data.adauthenabled) { + var advalcnt = Object.keys(data.items.data.addomainvals).length; + if(data.items.data.addomainid != null) { dijit.byId('adauthenable').set('checked', true); + if('extraaddomainid' in data.items.data) { + var option = {value: data.items.data.extraaddomainid, label: data.items.data.addomain}; + dijit.byId('addomainid').addOption([option]); + dijit.byId('addomainid').extraaddomainid = data.items.data.extraaddomainid; + dijit.byId('addomainid').extraaddomainou = data.items.data.extraaddomainou; + } dijit.byId('addomainid').set('value', data.items.data.addomainid); dijit.byId('baseou').set('value', data.items.data.baseOU); + if(advalcnt == 1 && ('extraaddomainid' in data.items.data)) + dijit.byId('baseou').set('disabled', true); } else { dijit.byId('adauthenable').set('checked', false); dijit.byId('addomainid').reset(); dijit.byId('baseou').reset(); + if(advalcnt == 0) + dijit.byId('adauthenable').set('disabled', true); } } else { @@ -359,6 +370,11 @@ function saveResourceCB(data, ioArgs) { dijit.byId('reload').reset(); dijit.byId('addeditdlg').hide(); dojo.byId('addeditdlgerrmsg').innerHTML = ''; + if('extraaddomainid' in dijit.byId('addomainid')) { + dijit.byId('addomainid').removeOption({value: dijit.byId('addomainid').extraaddomainid}); + delete dijit.byId('addomainid').extraaddomainid; + delete dijit.byId('addomainid').extraaddomainou; + } dijit.registry.filter(function(widget, index){return widget.id.match(/^comments/);}).forEach(function(widget) {widget.destroy();}); setTimeout(function() {dijit.byId('addeditbtn').set('disabled', false);}, 250); } @@ -825,4 +841,16 @@ function toggleADauth() { dijit.byId('addomainid').set('disabled', true); dijit.byId('baseou').set('disabled', true); } + selectADauth(); +} + +function selectADauth() { + var obj = dijit.byId('addomainid'); + if('extraaddomainid' in obj && obj.get('value') == obj.extraaddomainid) { + dijit.byId('baseou').set('value', obj.extraaddomainou); + dijit.byId('baseou').set('disabled', true); + } + else if(dijit.byId('adauthenable').checked) { + dijit.byId('baseou').set('disabled', false); + } }