Complete API token authz UI flows
This commit is contained in:
+127
-11
@@ -129,7 +129,22 @@ func (u *ui) ensureAPIPolicyRemoveClickables(count int) []widget.Clickable {
|
||||
return clicks
|
||||
}
|
||||
|
||||
func (u *ui) ensureAPIPolicyEditClickables(count int) []widget.Clickable {
|
||||
if count <= 0 {
|
||||
u.apiPolicyEdits = nil
|
||||
return nil
|
||||
}
|
||||
if len(u.apiPolicyEdits) == count {
|
||||
return u.apiPolicyEdits
|
||||
}
|
||||
clicks := make([]widget.Clickable, count)
|
||||
copy(clicks, u.apiPolicyEdits)
|
||||
u.apiPolicyEdits = clicks
|
||||
return clicks
|
||||
}
|
||||
|
||||
func (u *ui) loadSelectedAPITokenIntoEditor() {
|
||||
u.selectedAPIPolicyIndex = -1
|
||||
token, ok := u.selectedAPIToken()
|
||||
if !ok {
|
||||
u.apiTokenSecret = ""
|
||||
@@ -143,6 +158,7 @@ func (u *ui) loadSelectedAPITokenIntoEditor() {
|
||||
u.apiPolicyAllow.Value = true
|
||||
u.apiPolicyGroupScope = true
|
||||
u.apiPolicyGroupScopeW.Value = true
|
||||
u.ensureAPIPolicyEditClickables(0)
|
||||
u.ensureAPIPolicyRemoveClickables(0)
|
||||
return
|
||||
}
|
||||
@@ -154,6 +170,7 @@ func (u *ui) loadSelectedAPITokenIntoEditor() {
|
||||
u.apiTokenExpiresAt.SetText("")
|
||||
}
|
||||
u.apiTokenDisabled.Value = token.Disabled
|
||||
u.ensureAPIPolicyEditClickables(len(token.Policies))
|
||||
u.ensureAPIPolicyRemoveClickables(len(token.Policies))
|
||||
}
|
||||
|
||||
@@ -250,14 +267,10 @@ func parseAPIPolicyOperation(text string) (apitokens.Operation, error) {
|
||||
return "", fmt.Errorf("unknown API operation %q", text)
|
||||
}
|
||||
|
||||
func (u *ui) addAPIPolicyRuleAction() error {
|
||||
token, ok := u.selectedAPIToken()
|
||||
if !ok {
|
||||
return fmt.Errorf("no API token selected")
|
||||
}
|
||||
func (u *ui) apiPolicyRuleFromEditor() (apitokens.PolicyRule, error) {
|
||||
operation, err := parseAPIPolicyOperation(u.apiPolicyOperation.Text())
|
||||
if err != nil {
|
||||
return err
|
||||
return apitokens.PolicyRule{}, err
|
||||
}
|
||||
rule := apitokens.PolicyRule{
|
||||
Operation: operation,
|
||||
@@ -270,16 +283,28 @@ func (u *ui) addAPIPolicyRuleAction() error {
|
||||
if u.apiPolicyGroupScope {
|
||||
path := parsePath(u.apiPolicyPath.Text())
|
||||
if len(path) == 0 {
|
||||
return fmt.Errorf("policy path is required for group scope")
|
||||
return apitokens.PolicyRule{}, fmt.Errorf("policy path is required for group scope")
|
||||
}
|
||||
rule.Resource = apitokens.Resource{Kind: apitokens.ResourceGroup, Path: path}
|
||||
} else {
|
||||
entryID := strings.TrimSpace(u.apiPolicyEntryID.Text())
|
||||
if entryID == "" {
|
||||
return fmt.Errorf("entry id is required for entry scope")
|
||||
return apitokens.PolicyRule{}, fmt.Errorf("entry id is required for entry scope")
|
||||
}
|
||||
rule.Resource = apitokens.Resource{Kind: apitokens.ResourceEntry, EntryID: entryID}
|
||||
}
|
||||
return rule, nil
|
||||
}
|
||||
|
||||
func (u *ui) addAPIPolicyRuleAction() error {
|
||||
token, ok := u.selectedAPIToken()
|
||||
if !ok {
|
||||
return fmt.Errorf("no API token selected")
|
||||
}
|
||||
rule, err := u.apiPolicyRuleFromEditor()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if !uiHasPolicyRule(token.Policies, rule) {
|
||||
token.Policies = append(token.Policies, rule)
|
||||
}
|
||||
@@ -290,6 +315,63 @@ func (u *ui) addAPIPolicyRuleAction() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *ui) editAPIPolicyRuleAction(index int) error {
|
||||
token, ok := u.selectedAPIToken()
|
||||
if !ok {
|
||||
return fmt.Errorf("no API token selected")
|
||||
}
|
||||
if index < 0 || index >= len(token.Policies) {
|
||||
return fmt.Errorf("policy index %d out of range", index)
|
||||
}
|
||||
rule := token.Policies[index]
|
||||
u.selectedAPIPolicyIndex = index
|
||||
u.apiPolicyOperation.SetText(string(rule.Operation))
|
||||
u.apiPolicyAllow.Value = rule.Effect == apitokens.EffectAllow
|
||||
if rule.Resource.Kind == apitokens.ResourceEntry {
|
||||
u.apiPolicyGroupScope = false
|
||||
u.apiPolicyGroupScopeW.Value = false
|
||||
u.apiPolicyEntryID.SetText(strings.TrimSpace(rule.Resource.EntryID))
|
||||
u.apiPolicyPath.SetText("")
|
||||
return nil
|
||||
}
|
||||
u.apiPolicyGroupScope = true
|
||||
u.apiPolicyGroupScopeW.Value = true
|
||||
u.apiPolicyPath.SetText(strings.Join(rule.Resource.Path, " / "))
|
||||
u.apiPolicyEntryID.SetText("")
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *ui) saveAPIPolicyRuleAction() error {
|
||||
token, ok := u.selectedAPIToken()
|
||||
if !ok {
|
||||
return fmt.Errorf("no API token selected")
|
||||
}
|
||||
index := u.selectedAPIPolicyIndex
|
||||
if index < 0 || index >= len(token.Policies) {
|
||||
return fmt.Errorf("no API policy rule selected")
|
||||
}
|
||||
rule, err := u.apiPolicyRuleFromEditor()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for i, existing := range token.Policies {
|
||||
if i != index && uiHasPolicyRule([]apitokens.PolicyRule{existing}, rule) {
|
||||
token.Policies = append(token.Policies[:index], token.Policies[index+1:]...)
|
||||
if err := u.state.UpsertAPIToken(token); err != nil {
|
||||
return err
|
||||
}
|
||||
u.loadSelectedAPITokenIntoEditor()
|
||||
return nil
|
||||
}
|
||||
}
|
||||
token.Policies[index] = rule
|
||||
if err := u.state.UpsertAPIToken(token); err != nil {
|
||||
return err
|
||||
}
|
||||
u.loadSelectedAPITokenIntoEditor()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *ui) apiPolicyGroupPathSummary() string {
|
||||
path := parsePath(u.apiPolicyPath.Text())
|
||||
if len(path) == 0 {
|
||||
@@ -357,6 +439,11 @@ func (u *ui) removeAPIPolicyRuleAction(index int) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *ui) cancelAPIPolicyEditAction() error {
|
||||
u.loadSelectedAPITokenIntoEditor()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *ui) apiAuditEvents() []apiaudit.Event {
|
||||
if u.auditLog == nil {
|
||||
return nil
|
||||
@@ -749,8 +836,10 @@ func (u *ui) auditQuickFilterButton(gtx layout.Context, click *widget.Clickable,
|
||||
|
||||
func (u *ui) apiTokenDetailPanel(gtx layout.Context) layout.Dimensions {
|
||||
token, ok := u.selectedAPIToken()
|
||||
editClicks := u.ensureAPIPolicyEditClickables(0)
|
||||
removeClicks := u.ensureAPIPolicyRemoveClickables(0)
|
||||
if ok {
|
||||
editClicks = u.ensureAPIPolicyEditClickables(len(token.Policies))
|
||||
removeClicks = u.ensureAPIPolicyRemoveClickables(len(token.Policies))
|
||||
}
|
||||
rows := []layout.Widget{
|
||||
@@ -918,6 +1007,10 @@ func (u *ui) apiTokenDetailPanel(gtx layout.Context) layout.Dimensions {
|
||||
return layout.Flex{Alignment: layout.Middle}.Layout(gtx,
|
||||
layout.Flexed(1, detailLine(u.theme, "Effect", effect)),
|
||||
layout.Rigid(layout.Spacer{Width: unit.Dp(12)}.Layout),
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
return tonedButton(gtx, u.theme, &editClicks[index], "Edit")
|
||||
}),
|
||||
layout.Rigid(layout.Spacer{Width: unit.Dp(6)}.Layout),
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
return tonedButton(gtx, u.theme, &removeClicks[index], "Remove")
|
||||
}),
|
||||
@@ -951,15 +1044,23 @@ func (u *ui) apiTokenDetailPanel(gtx layout.Context) layout.Dimensions {
|
||||
rows = append(rows,
|
||||
func(gtx layout.Context) layout.Dimensions {
|
||||
return card(gtx, func(gtx layout.Context) layout.Dimensions {
|
||||
actionLabel := "Add Rule"
|
||||
title := "Policy Composer"
|
||||
description := "Rules are evaluated per operation. Explicit deny rules override allow rules."
|
||||
if 0 <= u.selectedAPIPolicyIndex {
|
||||
actionLabel = "Save Rule"
|
||||
title = "Policy Editor"
|
||||
description = "Editing an existing rule. Save the updated scope or cancel to return to a blank composer."
|
||||
}
|
||||
return layout.Flex{Axis: layout.Vertical}.Layout(gtx,
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
lbl := material.Label(u.theme, unit.Sp(14), "Policy Composer")
|
||||
lbl := material.Label(u.theme, unit.Sp(14), title)
|
||||
lbl.Color = accentColor
|
||||
return lbl.Layout(gtx)
|
||||
}),
|
||||
layout.Rigid(layout.Spacer{Height: unit.Dp(4)}.Layout),
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
lbl := material.Label(u.theme, unit.Sp(12), "Rules are evaluated per operation. Explicit deny rules override allow rules.")
|
||||
lbl := material.Label(u.theme, unit.Sp(12), description)
|
||||
lbl.Color = mutedColor
|
||||
return lbl.Layout(gtx)
|
||||
}),
|
||||
@@ -1014,7 +1115,22 @@ func (u *ui) apiTokenDetailPanel(gtx layout.Context) layout.Dimensions {
|
||||
}),
|
||||
layout.Rigid(layout.Spacer{Height: unit.Dp(8)}.Layout),
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
return tonedButton(gtx, u.theme, &u.addAPIPolicyRule, "Add Rule")
|
||||
return layout.Flex{Spacing: layout.SpaceStart}.Layout(gtx,
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
if 0 <= u.selectedAPIPolicyIndex {
|
||||
return tonedButton(gtx, u.theme, &u.saveAPIPolicyRule, actionLabel)
|
||||
}
|
||||
return tonedButton(gtx, u.theme, &u.addAPIPolicyRule, actionLabel)
|
||||
}),
|
||||
layout.Rigid(func(gtx layout.Context) layout.Dimensions {
|
||||
if u.selectedAPIPolicyIndex < 0 {
|
||||
return layout.Dimensions{}
|
||||
}
|
||||
return layout.Inset{Left: unit.Dp(6)}.Layout(gtx, func(gtx layout.Context) layout.Dimensions {
|
||||
return tonedButton(gtx, u.theme, &u.cancelAPIPolicyEdit, "Cancel Edit")
|
||||
})
|
||||
}),
|
||||
)
|
||||
}),
|
||||
)
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user