[Freeipa-devel] [PATCH] 264-265 Web UI:Certificate pages

Wed Mar 6 15:51:59 UTC 2013

Updated patch 264 attached. 265 was rebased. See comments below.

On 03/06/2013 12:33 AM, Endi Sukma Dewata wrote:
> On 2/22/2013 10:43 AM, Petr Vobornik wrote:
>> Note: static json files for testing and such will be updated soon (there
>> were several patch which changes API. I rather want to do one mass
>> regeneration than several minor ones in a short period of time.
>>
>>
>> 1) [PATCH] Web UI:Certificate pages
>>
>> Following pages were added to Web UI:
>>   * certificated details
>>   * certificate search
>>
>> Certificate is not regular object so it gets no metadata. Therefore
>> artificial metadata were created for it to allow usage of search and
>> details facet.
>>
>> Search and details facet were modified to allow removing of
>> add/remove/update/reset buttons - certificates have no mod operation and
>> they are not added by standard means.
>>
>> User can revoke and restore certificated in details facet.
>>
>> https://fedorahosted.org/freeipa/ticket/3419
>
> I have some comments. Some of these can be postponed for future
> enhancements.
>
> 1. As previously discussed, the cert-find is only available with Dogtag
> CA, so the Certificates page should be disabled with self-signed CA. But
> if self-signed CA is dropped, then it's not necessary to disable the
> Certificates page. We may need to keep the ticket open until this is
> resolved one way or another.
>

Seems that the drop will land in different release. I disabled it 
similar way as in DNS. I didn't test it. Do you have installation 
without dogtag?

> 2. Right now the fields in the cert details page are editable although
> there is no Update button. If you change the value an Undo button will
> appear. If you try to leave the page it will show the Unsaved Changes
> dialog. Since there's no cert-mod operation these fields should not be
> editable.
>
> 3. In the cert details page if you revoke the cert it will work but an
> error will appear below the revocation reason field saying 'Must be an
> integer'.

#2, #3: I forget to tell you, that this patch also depends on my patch 
#261 - Fix handling of no_update flag in Web UI. Sorry. It should fix 
it. It was pushed to master today.

>
> 4. I think showing an empty revocation reason field on a valid cert is
> kind of weird. It might be better to create a Status section with two
> fields: status and revocation reason. If status is valid the revocation
> reason will be empty or hidden. If revoked then the reason will appear
> below the status.

Fixed it by hiding the row.

Showing the status is separate issue. I would like to avoid computing it 
in web ui - IIUIC it depends also on valid-until and similar fields. 
Cert-show command doesn't include the status.

>
> 5. In host/service details page the View link can be changed to go to
> the cert details page instead of showing a dialog box.

Do we want to do it?

>
> 6. It would be better to organize the fields in the cert details page
> like the cert view dialog in host/service details page.

Switched MD5fp. with SHA1fp.

Do you also want to split subject and issuer as in the dialog and moved 
the fields to different sections?

Currently the order is the same as in dialog except serial numbers. I 
kept them on top because issuer and subject may be very long and they 
can clash with the action panel if placed on top.

>
> 7. Certificate can be added/revoked/restored via certificate pages and
> host/service details pages. We need to make sure that if you do an
> operation on one page, the other pages won't show outdated information.

Fixed.

>
>> 2) [PATCH] Web UI:Choose different search option for cert-find
>>
>> This extends certificate search page by search option select. Therefore
>> the search is not restricted to 'subject'.
>>
>> It should be replaced by https://fedorahosted.org/freeipa/ticket/191 in
>> a future.
>>
>> https://fedorahosted.org/freeipa/ticket/3419
>
> 8. The revocation reason takes an integer. Probably the search field
> should change into a drop down list showing all available reasons.
>
> 9. The date options take a certain format (YYYY-MM-DD), so we should
> show the format probably as greyed text in the search field.
>
> 10. The current design only allows specifying one option at a time. Some
> of these options are meant to be used as a pair because they represent a
> range (min & max serial number). How about creating an Advanced Search
> dialog that shows all search options in separate fields so they can be
> combined? The basic search field can remain simple like the search field
> in other entities and it will search the cert subject only.
>

8-10: I agree, but I don't want to complicate the patch. Originally this 
patch shouldn't really exist. Original agreement was that the search 
will be fixed to 'subject' field and that it should be replaced with 
proper implementation of #191 later. I made this patch to give users at 
least some options. Main obstacle is that there are more pressing issues 
for April release.

> 11. The list of search options is a drop down list, but it's surrounded
> by a rounded box like the text field next to it. This might be just a
> personal preference but I'm not sure if it's an appropriate look for a
> drop down list.
>

It's just border radius. When I disable it it looks kinda inconsistent, 
weirder.
-- 
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0264-1-Web-UI-Certificate-pages.patch
Type: text/x-patch
Size: 27117 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130306/fb7eaece/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0265-1-Web-UI-Choose-different-search-option-for-cert-find.patch
Type: text/x-patch
Size: 10430 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130306/fb7eaece/attachment-0001.bin>