Univention Bugzilla – Bug 42175
add user interface to add links to the UCS overview/portal site
Last modified: 2017-04-04 18:30:02 CEST
There should be a graphical user interface to add links to the new portal site.
The entries should be stored in LDAP, e.g. by a new handler settings/... w.r.t. the hostname where the links/entries should be displayed. There should be a migration script for the current ucs/web/overview/entries/ UCR variables.
It should be configurable who can see which links. My idea for this approach is to use the current UMC operation sets and UMC policies for this. Are there other opinions? Does anything speak against this? Alex opinion was that the name "UMC operation set" is irritating. Maybe we can rename this? Otherwise we need to create a new object class + schema for this.
*** Bug 40626 has been marked as a duplicate of this bug. ***
New LDAP schema in univention-ldap (13.0.3-7) New UDM handlers in univention-directory-manager-modules (12.0.14-5) (and) univention-directory-manager-modules (12.0.14-6) Listener scripts write the UDM objects into json: univention-portal (1.0.6-6) settings/portal and settings/portal_entry are new UDM modules which are dumped into /usr/share/univention-portal/portal.json Should implement important parts of https://mail.univention.de/appsuite/#!!&app=io.ox/office/text&folder=1206&id=1206/1698
As discussed, after updating my system, the portal is empty. I can even not add a new portal entry since the list of UDM objects does not contain "Portal: Entry" when navigating with the LDAP module to cn=univention/cn=portal when clicking "Add".
When adding "superordinate = 'settings/cn'" to portal.py and portal_entry.py, I can add new entries via the LDAP navigation. When adding a new portal entry, the field "category" is a text box. IMHO, this should better be a combo box.
Some other things that I noticed: * I do not understand what "Language code (e.g. en_US) - Text" means. This happens to exist 2 times ATM. I would add a title pane "Display name" and "Description" in which each widget will be placed. It is also not clear that en_US is a mandatory entry. Therefor it might even be better to have a text box "Display name" and than below separately a multi input for the translations. In code, I would vote for the following layout: layout = [ Tab(_('General'), _('Entry options'), layout=[ Group(_('General'), layout=[ ["name", "category"], ["portal"], ["icon"], ]), Group(_('Display name'), layout=[ ["displayName], ["displayNameL10n"], ]), Group(_('Description'), layout=[ ["description"], ["descriptionL10n"], ]), Group(_('Link'), layout=[ ["link"], ]), Group(_('Advanced'), layout=[ ["activated"], ["authRestriction"], ["favorite"], ]), ]), ] * The same idea should be applied to setting/portal: layout = [ Tab(_('General'), _('Portal options'), layout=[ Group(_('Name'), layout=[ ["name"], ]), Group(_('Display name'), layout=[ ["displayName"], ["displayNameL10n"], ]), Group(_('Appearance'), layout=[ ["background"], ]), Group(_('General Content'), layout=[ ["showMenu"], ["showSearch"], ["showLogin"], ["showApps"], ["showServers"], ]), ]), ] * "Upload certificate" → this might not be the correct syntax. This upload button is quite confusing. If it does not exist yet, we should add a syntax with a proper label for uploading a SVG icon. * UMC should consist of two portal entries. One with the label "System and domain settings" pointing to "/univention/management" and being visible on master + backup. The other one with the label "System settings" which is visible on all other roles. This means that the JavaScript code needs to be able to handle relative links. The UCR handler needs to ignore UMC entries. * The UCR handler should ignore the entries for root certificate as well as certificate revocation list (see Bug 43695). * I added the function umc/tools::isIPAddress() which uses the same reg exps as you added to main.js. This check will be used more often in the future, I guess ;) .
I fixed the LDAP ACL's: univention-ldap (13.0.4-1): r77247 | Bug #42175: ACLs for Portal Entries r77246 | Bug #42175: ACLs for Portal Entries
When opening the module there is a pop up: Die folgenden leeren Eigenschaften wurdem im Formular auf Vorgabewerte gesetzt. Die Werte werden beim Speichern angewendet. Allgemein - Erweitert - Authorisation: Visible for Admins only Can you set a default value? Or add an empty value if possible.
After removing a portal the portal entries still have a reference in univentionPortalEntryPortal to the not anymore existing settings/portal object: univention-ldapsearch univentionObjectType=settings/portal_entry univentionPortalEntryPortal → The references should be removed. → If it's the last reference for a link the link should also be removed. I personally would like the superordinate approach more, so that there exists the following LDAP structure: cn=portal,cn=univention,dc=base * cn=global,cn=portal,cn=univention,dc=base * * cn=umc,cn=global,cn=portal,cn=univention,dc=base * * cn=app1,cn=global,cn=portal,cn=univention,dc=base * cn=DC-Slave1,cn=portal,cn=univention,dc=base * * cn=umc,cn=global,cn=portal,cn=univention,dc=base * * cn=app2,cn=global,cn=portal,cn=univention,dc=base This would fix also the reference problem when removing/renaming/moving the portal.
Fixed description and widgets. I added default values where appropriate. UMC is blacklisted in the UCR module. A dedicated UMC link is generated in the joinscript - one for DC Master + Backup, one for the other roles. All entries still lie in cn=portal. It would be convenient for moving and deleting, but I am not sure whether this is a real world issue. Maybe portals are never removed. It would also require additional work in LDAP, UDM, Portal und App Center. Last but not least, changing an entry (which I assume is more common than changing a portal) would require a change in each of the copied entries unless one adds additional logic.
Looks good on a first look. Some quick first impressions what should remains to be done: * The portal.json may not be cached by the browser - i reinstalled a domain and got the cached portal.json from the old domain * missing small icon udm-settings-portal.png in LDAP view * uploaded backgrounds for portals are not written correctly for the json: background = '/portal/icons/backgrounds/%s.png'. missing /univention/. In a quick test with a modified portal.json the background image was not loaded by the browser (no request) * Maybe more of a umc issue: An uploaded SVG is not displayed in the UMC, but correctly handled by the implementation.
* new bug?: The Portal name is not evaluated and displayed by the JS code, it is always 'Univention Portal' * portal entry: path to image is not correct in json, same as for 'portal' image links * The favorite attribute should probably not be available for entries, see bug #42234 * There seems to be no way of sorting the entries, as it was previously possible with UCRVs overview/../priority?
As discussed: * The show* attributes are currently not evaluated in JavaScript. For now it will be sufficient to evaluate showLogin * The portal "local" should only show locally installed Apps * The portal "local" needs an management entry which points to the portal "domain" * The portal "local" should use as title "Startsite for {hostname}" * In the portal title, it should be possible to write {hostname} or {domainname} which are expanded to the corresponding values.
(In reply to Erik Damrose from comment #12) > Looks good on a first look. Some quick first impressions what should remains > to be done: > > * The portal.json may not be cached by the browser - i reinstalled a domain > and got the cached portal.json from the old domain Needs to be examined. Could not reproduce, but yes, there is no no-cache mechanism. > * missing small icon udm-settings-portal.png in LDAP view Done > * uploaded backgrounds for portals are not written correctly for the json: > background = '/portal/icons/backgrounds/%s.png'. missing /univention/. In a > quick test with a modified portal.json the background image was not loaded > by the browser (no request) Fixed path. Image loading: Bug#43670 and Bug#42235 > * Maybe more of a umc issue: An uploaded SVG is not displayed in the UMC, > but correctly handled by the implementation. Yes, I will open a Bug. (In reply to Erik Damrose from comment #13) > * new bug?: The Portal name is not evaluated and displayed by the JS code, > it is always 'Univention Portal' Done. > * portal entry: path to image is not correct in json, same as for 'portal' > image links Done. > * The favorite attribute should probably not be available for entries, see > bug #42234 Yes, removed. > * There seems to be no way of sorting the entries, as it was previously > possible with UCRVs overview/../priority? Not for now. And maybe never. (In reply to Alexander Kläser from comment #14) > As discussed: > * The show* attributes are currently not evaluated in JavaScript. For now it > will > be sufficient to evaluate showLogin Can you give me a hint how to achieve this? Could not figure out how to access the menu. > * The portal "local" should only show locally installed Apps > * The portal "local" needs an management entry which points to the portal > "domain" > * The portal "local" should use as title "Startsite for {hostname}" > * In the portal title, it should be possible to write {hostname} or > {domainname} > which are expanded to the corresponding values. Done all of that. Still REOPENED for the open issues.
Updating from 4.1-4 to 4.2-0, the portal join script failed to executed. I observed the following error in the join.log: > RUNNING 35univention-portal.inst > 2017-03-10 11:31:04.593529457+01:00 (in joinscript_init) > Object exists: cn=portal,cn=univention,dc=univention,dc=intranet > Object exists: cn=portal,cn=custom attributes,cn=univention,dc=univention,dc=intranet > Object exists: cn=domain,cn=portal,cn=univention,dc=univention,dc=intranet > /usr/lib/univention-install/35univention-portal.inst: 138: /usr/lib/univention-install/35univention-portal.inst: Syntax error: Unterminated quoted string Running the script via bash -x , everything was fine, though.
... OK, running dash -x fails... the following line is not working with dash: echo $'"fr_FR" "page d\'accueil pour {hostname}"'
(In reply to Dirk Wiesenthal from comment #15) > (In reply to Erik Damrose from comment #12) > > Looks good on a first look. Some quick first impressions what should remains > > to be done: > > > > * The portal.json may not be cached by the browser - i reinstalled a domain > > and got the cached portal.json from the old domain > > Needs to be examined. Could not reproduce, but yes, there is no no-cache > mechanism. We had similar issues in 4.1/4.0 with the ucs-overview site which needed to read the JSON file with all entries to be rendered. Have a look at the apache config in: ucs-4.1-4/services/univention-apache/conffiles/etc/apache2/conf.d/ucs.conf Essentially you need to adjust the caching information which is sent to the browser: <FilesMatch "(entries|languages).json"> Header set Cache-Control "max-age=0, must-revalidate, no-cache, no-store" </FilesMatch>
I fixed the joinscript quoting issue (comment 16+17), because a rejoin failed. r77575 univention-portal 1.0.8-3A~4.2.0.201703101407
Caching has been implemented in univention-portal (1.0.8-4) (via /etc/apache2/ucs-sites.conf.d/portal.conf) As discussed, all show* attributes in settings/portal are now dormant. I have removed them from the list of UDM attributes (at least from layout). univention-directory-manager-modules 12.0.14-11A~4.2.0.201703131751
I spotted the following line in main.js l. 114: > if (! onlyOneKind) { Should that be not rather: > (!onlyOneKind.length) { ... as ![] === false in JS (In reply to Dirk Wiesenthal from comment #20) > [...] > As discussed, all show* attributes in settings/portal are now dormant. I > have removed them from the list of UDM attributes (at least from layout). > univention-directory-manager-modules 12.0.14-11A~4.2.0.201703131751 AFAIS, the domain portal should not show locally installed apps by default, but only Apps which are installed in the whole domain.
(In reply to Alexander Kläser from comment #21) > I spotted the following line in main.js l. 114: > > if (! onlyOneKind) { > Should that be not rather: > > (!onlyOneKind.length) { > ... as ![] === false in JS > var onlyOneKind = array.every() -> boolean > (In reply to Dirk Wiesenthal from comment #20) > > [...] > > As discussed, all show* attributes in settings/portal are now dormant. I > > have removed them from the list of UDM attributes (at least from layout). > > univention-directory-manager-modules 12.0.14-11A~4.2.0.201703131751 > > AFAIS, the domain portal should not show locally installed apps by default, > but only Apps which are installed in the whole domain. The domain portal does in fact not show installed Apps. 35univention-portal.inst: [...] univention-directory-manager settings/portal create "$@" --ignore_exists \ [...] --set showApps=FALSE \ This is implemented. The comment on this bug was just wrong.
Created attachment 8543 [details] Icon for portal
I created bug #43928 for updating entries upon moving / deleting OK: missing small icon udm-settings-portal.png in LDAP view >> * Maybe more of a umc issue: An uploaded SVG is not displayed in the UMC, >> but correctly handled by the implementation. > Yes, I will open a Bug. Did you? I could not find one, and the issue persists. I created bug #43930 OK: The Portal name is not evaluated and displayed by the JS code, it is always 'Univention Portal' OK: portal entry: path to image is not correct in json, same as for 'portal' image links OK: The favorite attribute should probably not be available for entries, see bug #42234 OK~ There seems to be no way of sorting the entries, as it was previously possible with UCRVs overview/../priority? I created bug #43933 to separate the feature discussion OK: The portal "local" should only show locally installed Apps OK: The portal "local" should use as title "Startsite for {hostname}" OK: In the portal title, it should be possible to write {hostname} or {domainname} which are expanded to the corresponding values. OK: JSON caching has been implemented OK: The domain portal does in fact not show installed Apps. OK: Icon for portal is shown Reopen: The portal "local" needs an management entry which points to the portal "domain" Currently, this is configured by configuring old ucs-overview variables, why not create a udm object directly? The way it is now, re-executing the joinscript if the ucs-local-to-domain object is missing fails, because on execution the object will not be recreated: all ucr set calls are conditional (ucr set k?value). Reopen: backgrounds are accepted and written correctly to json and filesystem, but are not loaded. I just saw that there is another bug for portal backgrounds, please coordinate with assignee of bug #42235 Reopen: The show* attributes are currently not evaluated in JavaScript. For now it will be sufficient to evaluate showLogin This is currently not clear to me: What should happen if 'showLogin' is set? * Currently it can not be set for a portal * I can configure 'Visible for authenticated users' for portal entries, but such entries are always visible (e.g. server overview) Reopen: Icons for 'installed services' are shown, but not for installed apps that are shown in the 'Administration' category, e.g. Nagios
The join script 35univention-portal.inst overwrites an existing setting of "computers/$role"→portal, effectively removing a custom portal, if the join script was ever rerun.
if [ "$server_role" = "domaincontroller_master" -o "$role" = "domaincontroller_backup" ]; then UCS_PORTAL="cn=domain,cn=portal,cn=univention,$ldap_base" else UCS_PORTAL="cn=local,cn=portal,cn=univention,$ldap_base" fi CURRENT_PORTAL=$(univention-ldapsearch -LLL -b "cn=computers,$ldap_base" "cn=$hostname" univentionComputerPortal | ldapsearch-wrapper | egrep -v ^dn: | cut -f 2 -d ' ') if [ "$CURRENT_PORTAL" = "$UCS_PORTAL" ]; then # computer portal unchanged from original udm "computers/$server_role" modify "$@" --dn="$ldap_hostdn" \ --set portal="$UCS_PORTAL" || die fi
(In reply to Daniel Tröder from comment #26) > CURRENT_PORTAL=$(univention-ldapsearch -LLL -b "cn=computers,$ldap_base" This won't work with UCS@school because the computers aren't in cn=computers,$ldap_base.
It's just incomplete and untested example code - not ready for production. It must also test for unset CURRENT_PORTAL [ -z ] etc.
As discussed, instead of the search filter -b "$ldap_hostdn" can be used directly.
As discussed, icons, background have had separate bugs. showLogin will not be supported. It has been removed from the UDM form. (Not from LDAP, though) I have fixed the joinscript to not overwrite existing portal DNs in univention-portal 1.0.10-10A~4.2.0.201703271700 Using ucr set k?v is the same as using udm ... create ignore_exists. It is better to not overwrite the values of an object. A script to "sync" UCRVs with settings/portal_entry objects would be nice, though. I will open a bug for that.
(In reply to Dirk Wiesenthal from comment #30) > As discussed, icons, background have had separate bugs. Yes. > showLogin will not be supported. It has been removed from the UDM form. (Not > from LDAP, though) Yes. > I have fixed the joinscript to not overwrite existing portal DNs in > univention-portal 1.0.10-10A~4.2.0.201703271700 Two issues: 1) That doesn't work. I've added set -x: -------------------------------------------------------------------------------- ++ sed -n -e 's/^ portal: \(.*\)$/\1/p' ++ univention-directory-manager computers/domaincontroller_master list --filter cn=master421 + set_portal=None + '[' -z None ']' -------------------------------------------------------------------------------- So, if the entry is not set, UDM shows None. 2) If I open a backup, slave or member after updating to UCS 4.2, a portal is automatically added by UMC. --------------------------------------------------------------------------- The following empty properties were set to default values in the form. These values will be applied when saving. [Advanced settings] - Portal - Portal: domain --------------------------------------------------------------------------- So, after updating the DC master to UCS 4.2, I get this message for every time a open one UCS server object which haven't been updated. I think, you have to add an empty value. If you are using settings/syntax this might help: root@master421:~# udm settings/syntax | grep -i empty addEmptyValue Add an empty value to choice list root@master421:~# > Using ucr set k?v is the same as using udm ... create ignore_exists. It is > better to not overwrite the values of an object. A script to "sync" UCRVs > with settings/portal_entry objects would be nice, though. I will open a bug > for that. Yes
Fixed in univention-portal 1.0.10-13A~4.2.0.201703281009 and univention-directory-manager-modules 12.0.16-3A~4.2.0.201703281005 Already published.
OK, works now.
UCS 4.2 has been released: https://docs.software-univention.de/release-notes-4.2-0-en.html https://docs.software-univention.de/release-notes-4.2-0-de.html If this error occurs again, please use "Clone This Bug".