mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2025-08-03 09:44:41 +02:00
Auth/OpenID: Implement Permissions via OpenID
* Ability to set group * Ability to set more advanced permissions * Modified TextInputWithLabel to provide an ability to specify a different placeholder then the name
This commit is contained in:
parent
8e5b7504ae
commit
56f1bfef50
5 changed files with 210 additions and 8 deletions
|
@ -70,17 +70,42 @@
|
|||
<p class="pl-4 text-sm text-gray-300 mt-5">{{ $strings.LabelMatchExistingUsersByDescription }}</p>
|
||||
</div>
|
||||
|
||||
<div class="flex items-center py-4 px-1">
|
||||
<div class="flex items-center py-4 px-1 w-full">
|
||||
<ui-toggle-switch labeledBy="auto-redirect-toggle" v-model="newAuthSettings.authOpenIDAutoLaunch" :disabled="savingSettings" />
|
||||
<p id="auto-redirect-toggle" class="pl-4 whitespace-nowrap">{{ $strings.LabelAutoLaunch }}</p>
|
||||
<p class="pl-4 text-sm text-gray-300" v-html="$strings.LabelAutoLaunchDescription" />
|
||||
</div>
|
||||
|
||||
<div class="flex items-center py-4 px-1">
|
||||
<div class="flex items-center py-4 px-1 w-full">
|
||||
<ui-toggle-switch labeledBy="auto-register-toggle" v-model="newAuthSettings.authOpenIDAutoRegister" :disabled="savingSettings" />
|
||||
<p id="auto-register-toggle" class="pl-4 whitespace-nowrap">{{ $strings.LabelAutoRegister }}</p>
|
||||
<p class="pl-4 text-sm text-gray-300">{{ $strings.LabelAutoRegisterDescription }}</p>
|
||||
</div>
|
||||
|
||||
<div class="flex items-center pt-6 pb-1 px-1 w-full">Leave the following options empty to disable advanced group and permissions assignment, automatically assigning 'User' group then.</div>
|
||||
<div class="flex items-center mb-2">
|
||||
<div class="w-96">
|
||||
<ui-text-input-with-label ref="openidGroupClaim" v-model="newAuthSettings.authOpenIDGroupClaim" :disabled="savingSettings" :placeholder="'groups'" :label="'Group Claim'" />
|
||||
</div>
|
||||
<p class="pl-4 text-sm text-gray-300 mt-5">
|
||||
Name of the OpenID claim that contains a list of the user's groups. Commonly referred to as <code>groups</code>. <b>If configured</b>, the application will automatically assign roles based on the user's group memberships, provided that these groups are named case-insensitively 'admin', 'user', or 'guest' in the claim. The claim should contain a list, and if a user belongs to
|
||||
multiple groups, the application will assign the role corresponding to the highest level of access. If no group matches, access will be denied.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
<div class="flex mb-2">
|
||||
<div class="w-96 pt-6">
|
||||
<ui-text-input-with-label ref="openidAdvancedPermsClaim" v-model="newAuthSettings.authOpenIDAdvancedPermsClaim" :disabled="savingSettings" :placeholder="'abspermissions'" :label="'Advanced Permission Claim'" />
|
||||
</div>
|
||||
<div class="pl-4 text-sm text-gray-300 mt-5 flex-column">
|
||||
<p class="">
|
||||
Name of the OpenID claim that contains advanced permissions for user actions within the application which will apply to non-admin roles (<b>if configured</b>). If the claim is missing from the response, access to ABS will be denied. If a single option is missing, it will be treated as <code>false</code>. Ensure the identity provider's claim matches the expected structure:
|
||||
</p>
|
||||
<pre class="text-pre-wrap mt-2"
|
||||
>{{ newAuthSettings.authOpenIDSamplePermissions }}
|
||||
</pre>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</transition>
|
||||
</div>
|
||||
|
@ -222,6 +247,22 @@ export default {
|
|||
}
|
||||
})
|
||||
}
|
||||
|
||||
function isValidClaim(claim) {
|
||||
if (claim === '') return true
|
||||
|
||||
const pattern = new RegExp('^[a-zA-Z][a-zA-Z0-9_-]*$', 'i')
|
||||
return pattern.test(claim)
|
||||
}
|
||||
if (!isValidClaim(this.newAuthSettings.authOpenIDGroupClaim)) {
|
||||
this.$toast.error('Group Claim: Invalid claim name')
|
||||
isValid = false
|
||||
}
|
||||
if (!isValidClaim(this.newAuthSettings.authOpenIDAdvancedPermsClaim)) {
|
||||
this.$toast.error('Advanced Permission Claim: Invalid claim name')
|
||||
isValid = false
|
||||
}
|
||||
|
||||
return isValid
|
||||
},
|
||||
async saveSettings() {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue