Users settings page (replaces standalone users app)#750
Open
cyberb wants to merge 20 commits into
Open
Conversation
… + authelia mail claim + dev stub
…, /home/<user>, loginShell, givenName)
…p chips (syncloud hidden), last-admin lock
…roup create/assign
…e, backend+stub reject blank) + e2e
… jest unit tests for users list/edit screens
…te confirmation dialog (+ e2e/jest)
… from anchor styling)
…red endpoints Mirror the backend's per-endpoint admin checks in the UI: routes whose data comes only from AdminSecuredHandle endpoints (access, internalmemory, storage, updates, backup, certificate, certificate/log, health) now carry meta.admin and their Settings tiles render only for admins. Pages served via SecuredHandle (network, support, logs, customproxy, system) and the mixed read-secured/write-admin pages (activation, twofactor, locale) stay visible to regular users.
Jest Settings.spec asserts the tile gating both ways (non-admin sees locale/twofactor and the user-facing tiles, never the admin tiles; admin sees all). Playwright 11-nonadmin-settings creates a non-admin user via the platform CLI, logs in, and confirms locale and two-factor open while admin tiles (storage, users) are absent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a built-in Users settings page to the platform UI, replacing the need for the standalone
userssnap app (ldap-user-manager). Everything is managed directly against the platform's OpenLDAP via the Go backend.Features:
syncloudposix group (the platform's admin group). Guards against removing the last admin.<username>@<device-domain>, or a custom address that must be a valid email. Editable per existing user.syncloudadmin group is managed via the dedicated admin switch and excluded from the group list).mail: mailin the Authelia LDAP attribute mapping so apps that require theemailclaim can log in (previously the claim was never emitted).Backend (
backend/)auth/ldap.go: newListUsers,SetUserEmail,ListGroups,AddGroup,RemoveGroup,SetGroupMember,SetAdmin,ResolveEmail(default/validate, never empty).AddUsernow takes an email.DomainProviderinjected for the default-domain.rest/backend.go:/rest/users,/rest/users/{add,remove,email,admin},/rest/groups,/rest/groups/{add,remove,member}— all admin-secured.ioc, CLIuser add --emailupdated. Unit tests for email resolution.Frontend (
web/platform/)views/Users.vue, route, Settings tile, i18n keys across all 10 locales.src/stub/api.js) implements the new endpoints so the page works without a backend (npm run dev).Tests
auth/rest/iocpass. NewResolveEmailunit tests.specs/10-users.spec.ts— add user (default email), edit email, admin switch, group create + membership, removal.Notes
usersapp is intentionally left untouched; decommissioning it in the store is a separate effort.