-
Notifications
You must be signed in to change notification settings - Fork 649
Add sudo mode for admins #8210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Add sudo mode for admins #8210
Changes from all commits
Commits
Show all changes
12 commits
Select commit
Hold shift + click to select a range
0d54679
session: add a concept of sudo mode
LawnGnome 4455ac8
header: add a menu item for admins to enter and leave sudo mode
LawnGnome 185bf3e
user-avatar: add a `sudo` argument that displays a wizard hat
LawnGnome 1e85bd0
components: add a `PrivilegedAction` component
LawnGnome 2891f1b
version-list: use the new `PrivilegedAction` component
LawnGnome 662dd31
header: use a constant for the sudo session duration
LawnGnome e9d51bd
header: remove `!important` and fix up selector
LawnGnome 173c32e
session: migrate sudo tracking to a task
LawnGnome 80b4a8d
user-avatar: revert back to `main`
LawnGnome 620cdb6
header: add sudo indicator
LawnGnome 78c0f77
session: use isAdmin
LawnGnome a5c3387
privileged-action: use a fieldset instead of JS to disable children
LawnGnome File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,21 @@ | ||
import { action } from '@ember/object'; | ||
import { inject as service } from '@ember/service'; | ||
import Component from '@glimmer/component'; | ||
|
||
// Six hours. | ||
const SUDO_SESSION_DURATION_MS = 6 * 60 * 60 * 1000; | ||
|
||
export default class Header extends Component { | ||
/** @type {import("../services/session").default} */ | ||
@service session; | ||
|
||
@action | ||
enableSudo() { | ||
this.session.setSudo(SUDO_SESSION_DURATION_MS); | ||
} | ||
|
||
@action | ||
disableSudo() { | ||
this.session.setSudo(0); | ||
} | ||
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
{{#if this.isPrivileged}} | ||
<div> | ||
{{yield}} | ||
</div> | ||
{{else if this.canBePrivileged}} | ||
{{#if (has-block 'placeholder')}} | ||
<div> | ||
{{yield to='placeholder'}} | ||
</div> | ||
{{else}} | ||
<div local-class='placeholder'> | ||
<fieldset disabled="disabled"> | ||
{{yield}} | ||
</fieldset> | ||
<EmberTooltip> | ||
You must enable admin actions before you can perform this operation. | ||
</EmberTooltip> | ||
</div> | ||
{{/if}} | ||
{{else}} | ||
<div> | ||
{{#if (has-block 'unprivileged')}} | ||
{{yield to='unprivileged'}} | ||
{{/if}} | ||
</div> | ||
{{/if}} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
import { inject as service } from '@ember/service'; | ||
import Component from '@glimmer/component'; | ||
|
||
/** | ||
* A component that wraps elements (probably mostly buttons in practice) that | ||
* can be used to perform potentially privileged actions. | ||
* | ||
* This component requires a `userAuthorised` property, which must be a | ||
* `boolean` indicating whether the user is authorised for this action. Admin | ||
* rights need not be taken into account. | ||
* | ||
* If the current user is an admin and they have enabled sudo mode, then they | ||
* are always allowed to perform the action, regardless of the return value of | ||
* `userAuthorised`. | ||
* | ||
* There are three content blocks supported by this component: | ||
* | ||
* - `default`: required; this is displayed when the user is authorised to | ||
* perform the action. | ||
* - `placeholder`: this is displayed when the user _could_ be authorised to | ||
* perform the action (that is, they're an admin but have not | ||
* enabled sudo mode), but currently cannot perform the action. | ||
* If omitted, the `default` block is used with all form | ||
* controls disabled and a tooltip added. | ||
* - `unprivileged`: this is displayed when the user is not able to perform this | ||
* action, and cannot be authorised to do so. If omitted, an | ||
* empty block will be used. | ||
* | ||
* Note that all blocks will be output with a wrapping `<div>` for technical | ||
* reasons, so be sure to style accordingly if necessary. | ||
*/ | ||
export default class PrivilegedAction extends Component { | ||
/** @type {import("../services/session").default} */ | ||
@service session; | ||
|
||
/** @return {boolean} */ | ||
get isPrivileged() { | ||
return this.session.isSudoEnabled || this.args.userAuthorised; | ||
} | ||
|
||
/** @return {boolean} */ | ||
get canBePrivileged() { | ||
return !this.args.userAuthorised && this.session.currentUser?.is_admin && !this.session.isSudoEnabled; | ||
} | ||
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
.placeholder { | ||
fieldset { | ||
border: 0; | ||
margin: 0; | ||
padding: 0; | ||
} | ||
|
||
fieldset[disabled] { | ||
cursor: not-allowed; | ||
|
||
[disabled] { | ||
cursor: not-allowed; | ||
} | ||
|
||
button, | ||
.yellow-button, | ||
.tan-button { | ||
/* This duplicates the styles in .button[disabled] as there's no | ||
* obvious way to compose them, given the target selectors. */ | ||
background: linear-gradient(to bottom, var(--bg-color-top-light) 0%, var(--bg-color-bottom-light) 100%); | ||
color: var(--disabled-text-color); | ||
cursor: not-allowed; | ||
} | ||
} | ||
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.