diff --git a/app/app/components/customize/auth-settings.js b/app/app/components/customize/auth-settings.js index 78c59a2b..3a679cf2 100644 --- a/app/app/components/customize/auth-settings.js +++ b/app/app/components/customize/auth-settings.js @@ -35,7 +35,9 @@ export default Ember.Component.extend(NotifierMixin, { publicKey: '', adminUser: '', adminPassword: '', - group: '' + group: '', + disableLogout: false, + defaultPermissionAddSpace: false }, didReceiveAttrs() { @@ -55,6 +57,8 @@ export default Ember.Component.extend(NotifierMixin, { } else { config = JSON.parse(config); config.publicKey = encoding.Base64.decode(config.publicKey); + config.defaultPermissionAddSpace = config.hasOwnProperty('defaultPermissionAddSpace') ? config.defaultPermissionAddSpace : false; + config.disableLogout = config.hasOwnProperty('disableLogout') ? config.disableLogout : true; } this.set('keycloakConfig', config); @@ -113,6 +117,8 @@ export default Ember.Component.extend(NotifierMixin, { config.group = is.undefined(config.group) ? '' : config.group.trim(); config.adminUser = config.adminUser.trim(); config.adminPassword = config.adminPassword.trim(); + config.defaultPermissionAddSpace = config.hasOwnProperty('defaultPermissionAddSpace') ? config.defaultPermissionAddSpace : true; + config.disableLogout = config.hasOwnProperty('disableLogout') ? config.disableLogout : true; if (is.endWith(config.url, '/')) { config.url = config.url.substring(0, config.url.length-1); diff --git a/app/app/components/layout/zone-navigation.js b/app/app/components/layout/zone-navigation.js index e144d573..a734a1d1 100644 --- a/app/app/components/layout/zone-navigation.js +++ b/app/app/components/layout/zone-navigation.js @@ -11,6 +11,7 @@ import Ember from 'ember'; import netUtil from '../../utils/net'; +import constants from '../../utils/constants'; import TooltipMixin from '../../mixins/tooltip'; const { @@ -31,18 +32,25 @@ export default Ember.Component.extend(TooltipMixin, { }, pinned: service(), pins: [], + enableLogout: true, init() { this._super(...arguments); - if (this.get("session.authenticated")) { - this.get("session.session.content.authenticated.user.accounts").forEach((account) => { + if (this.get("session.authenticated") && this.get("session.user.id") !== '0') { + this.get("session.user.accounts").forEach((account) => { // TODO: do not mutate account.active here account.active = account.orgId === this.get("appMeta.orgId"); }); } this.set('pins', this.get('pinned').get('pins')); + + if (this.get('appMeta.authProvider') === constants.AuthProvider.Keycloak) { + let config = this.get('appMeta.authConfig'); + config = JSON.parse(config); + this.set('enableLogout', !config.disableLogout); + } }, didReceiveAttrs() { @@ -88,7 +96,7 @@ export default Ember.Component.extend(TooltipMixin, { if (this.get('session.isAdmin')) { this.addTooltip(document.getElementById("workspace-settings")); } - if (this.get("session.authenticated")) { + if (this.get("session.authenticated") && this.get('enableLogout')) { this.addTooltip(document.getElementById("workspace-logout")); } else { this.addTooltip(document.getElementById("workspace-login")); diff --git a/app/app/templates/components/customize/auth-settings.hbs b/app/app/templates/components/customize/auth-settings.hbs index 26e4cbed..c957f87a 100644 --- a/app/app/templates/components/customize/auth-settings.hbs +++ b/app/app/templates/components/customize/auth-settings.hbs @@ -50,6 +50,22 @@
Used to connect with Keycloak and sync users with Documize
{{input id="keycloak-admin-password" type="password" value=keycloakConfig.adminPassword class=(if KeycloakAdminPasswordError 'error')}} +
+ +
Hide the logout button for Keycloak users
+
+ {{input type="checkbox" checked=keycloakConfig.disableLogout}} + +
+
+
+ +
Determine if Keycloak sync'ed users permission to add new spaces
+
+ {{input type="checkbox" checked=keycloakConfig.defaultPermissionAddSpace}} + +
+
{{/if}}
save
diff --git a/app/app/templates/components/layout/zone-navigation.hbs b/app/app/templates/components/layout/zone-navigation.hbs index 6b761676..cf773a13 100644 --- a/app/app/templates/components/layout/zone-navigation.hbs +++ b/app/app/templates/components/layout/zone-navigation.hbs @@ -51,13 +51,15 @@ {{/link-to}} -
  • - {{#link-to 'auth.logout'}} -
    - exit_to_app -
    - {{/link-to}} -
    • + {{#if enableLogout}} +
  • + {{#link-to 'auth.logout'}} +
    + exit_to_app +
    + {{/link-to}} +
    • + {{/if}} {{else}}
  • {{#link-to 'auth.login'}} diff --git a/core/api/endpoint/keycloak.go b/core/api/endpoint/keycloak.go index 58e46bb8..cecadf5c 100644 --- a/core/api/endpoint/keycloak.go +++ b/core/api/endpoint/keycloak.go @@ -122,7 +122,7 @@ func AuthenticateKeycloak(w http.ResponseWriter, r *http.Request) { user.Salt = util.GenerateSalt() user.Password = util.GeneratePassword(util.GenerateRandomPassword(), user.Salt) - err = addUser(p, &user) + err = addUser(p, &user, ac.DefaultPermissionAddSpace) if err != nil { writeServerError(w, method, err) return @@ -256,7 +256,7 @@ func SyncKeycloak(w http.ResponseWriter, r *http.Request) { // Insert new users into Documize for _, u := range insert { - err = addUser(p, &u) + err = addUser(p, &u, c.DefaultPermissionAddSpace) } result.Message = fmt.Sprintf("Keycloak sync'ed %d users, %d new additions", len(kcUsers), len(insert)) @@ -265,7 +265,7 @@ func SyncKeycloak(w http.ResponseWriter, r *http.Request) { } // Helper method to setup user account in Documize using Keycloak provided user data. -func addUser(p request.Persister, u *entity.User) (err error) { +func addUser(p request.Persister, u *entity.User, addSpace bool) (err error) { // only create account if not dupe addUser := true addAccount := true @@ -312,7 +312,7 @@ func addUser(p request.Persister, u *entity.User) (err error) { var a entity.Account a.UserID = userID a.OrgID = p.Context.OrgID - a.Editor = true + a.Editor = addSpace a.Admin = false accountID := util.UniqueID() a.RefID = accountID @@ -483,13 +483,15 @@ type keycloakAuthRequest struct { // Keycloak server configuration type keycloakConfig struct { - URL string `json:"url"` - Realm string `json:"realm"` - ClientID string `json:"clientId"` - PublicKey string `json:"publicKey"` - AdminUser string `json:"adminUser"` - AdminPassword string `json:"adminPassword"` - Group string `json:"group"` + URL string `json:"url"` + Realm string `json:"realm"` + ClientID string `json:"clientId"` + PublicKey string `json:"publicKey"` + AdminUser string `json:"adminUser"` + AdminPassword string `json:"adminPassword"` + Group string `json:"group"` + DisableLogout bool `json:"disableLogout"` + DefaultPermissionAddSpace bool `json:"defaultPermissionAddSpace"` } // keycloakAPIAuth is returned when authenticating with Keycloak REST API.