[Freeipa-devel] [PATCH] 543 Trust domains Web UI
Martin Kosek
mkosek at redhat.com
Tue Jan 21 11:29:59 UTC 2014
On 01/21/2014 10:43 AM, Alexander Bokovoy wrote:
> On Tue, 21 Jan 2014, Petr Vobornik wrote:
>> On 20.1.2014 18:01, Alexander Bokovoy wrote:
>>> On Fri, 17 Jan 2014, Petr Vobornik wrote:
>>>> Note: this version of the patch is especially prepared for ipa-3-3
>>>> branch.
>>>>
>>>> Add Web UI counterpart of following CLI commands:
>>>>
>>>> * trust-fetch-domains Refresh list of the domains associated with the
>>>> trust
>>>> * trustdomain-del Remove infromation about the domain associated with
>>>> the trust.
>>>> * trustdomain-disable Disable use of IPA resources by the domain of
>>>> the trust
>>>> * trustdomain-enable Allow use of IPA resources by the domain of the
>>>> trust
>>>> * trustdomain-find Search domains of the trust
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/4119
>>> ACK functionally, everything works for me.
>>>
>>> I wonder if you could make UI a bit smarter and prevent enable/disable
>>> actions for the forest root trusted domain. Right now selecting it for
>>> 'disable' will show you an error telling that disabling root domain is
>>> not possible.
>>>
>>>
>>
>> Some enhancement could be done in this area. Similar "issue" is also present
>> when enabling/disabling already enabled/disabled items (not just in trusted
>> domains but also in users, HBAC and SUDO rules... pages).
>>
>> But what should be the ideal behavior?
>>
>> We must take into considerations facts as follows:
>> - button which executes the action is enabled/disabled based on user selection
>> - user can select multiple items
>> - some of those items are suitable for the action (e.g., disabled items for
>> enable action), some not (disabled for disable).
>> - backend will tell us what succeeded and what not
>>
>> Current behavior:
>> - action button is enabled when user selects any item
>> - after action execution, user is told, if some or all items were not
>> suitable (the action was not performed for them).
>>
>> If server behaves correctly this UI behavior should not cause any harm.
>>
>> Some possible enhancements are:
>> 1. Do not enable action button if all selected items are not suitable for the
>> action. If some are suitable, continue with current behavior
>>
>> 2. If some of selected items are not suitable, show a warning dialog which
>> will list items for which the action will be executed and items for which it
>> won't be. After confirmation, request will be sent only with suitable items.
>>
>> 3. Do not enable action button if some selected item is not suitable.
>>
>> #1 and #2 can be combined. I'm not a fan of #3; sounds more like a drawback.
>>
>> Do you have something similar in mind?
> #1 and #2 would require either embedding knowledge about specific items in Web
> UI or extending metadata we have about commands. In both cases it looks
> a bit weird as it is not a metadata per se. I'm not even sure we can
> maintain it properly in all cases.
>
>> Anyway I don't think this is a material for IPA 3.3. If you agree, I will
>> open a new ticket and also ask Kyle for his option on this topic.
> Yes, it is something for future but given options you presented I don't
> see much future in it...
>
Ok. I pushed Petr's patch to master, ipa-3-3.
Martin
More information about the Freeipa-devel
mailing list