| commit | ce7db82c9582c4dac04ac81d9af6b557ae7965e3 | [log] [tgz] |
|---|---|---|
| author | Paul Fertser <fercerpav@gmail.com> | Fri Jul 05 11:04:04 2024 +0000 |
| committer | Paul Fertser <fercerpav@gmail.com> | Thu Nov 07 20:16:56 2024 +0000 |
| tree | 82ae65bb48ccb9df7d75ef6d95c1f43c54be9fb1 | |
| parent | 918526f20c16a05c261a56814657942a707323dd [diff] |
Retrieve role information the Redfish standard way Currently webui-vue has a hardcoded list of pages and sidebar menu items restricted to a specific Redfish role (from a predefined default set). To disallow navigating to restricted pages and to hide disallowed menu items the application needs to know the roles assigned to the session. bmcweb only implements a single role identity per session so the Roles array returned within a Session object always has just one element. This patch changes the mechanism used to retrieve the current role from buggy direct query to AccountService (which can only return information about BMC local users) to extracting it from standard Redfish Session object. In case the role is not available (e.g. when backend implementation predates #Session.v1_7_0.Session) the application assumes Administrator role which is meant as a best effort to continue working given the circumstances. This doesn't pose a security risk because all validation is always performed by the backend itself, so the worst that can happen is end user getting error messages trying to access something without enough privileges. Tested: logging in and out of accounts with different roles without reloading the page, observing the list of queries made, the role variable assignments and presence of the menu items depending on account, navigating to different pages. Also tested reloading the page and confirmed the correct role was retrieved without going through login again. Also tested deleting and mangling localStorage variable sessionURI prior to doing page reload, in those cases redirect to login page was observed. Change-Id: I8b6c84060a987489cc1d35c46c1b00618a88b607 Signed-off-by: Paul Fertser <fercerpav@gmail.com>
webui-vue is a web-based user interface for the OpenBMC firmware stack built on Vue.js.
phosphor-webui was built on AngularJS and AngularJS went End of Life on June 30, 2021. This repository is its replacement.
A few, mostly minor, features remain for feature parity. See GitHub Issues label:phosphor-webui-feature-parity for the complete list.
As mentioned, this application is built using Vue.js, a modern open-source Model-View-ViewModel JavaScript framework supported by an active community and strong documentation. It has been architected to allow organizations to easily update the theme to support their brand. This rewrite takes advantage of front-end development best practices and does not suffer from some of the anti-patterns that exist in phosphor-webui today.
It is recommended you switch from phosphor-webui if you haven't already.
webui-vue has the following additional features:
The documentation for coding standards and components is located in the docs directory. It is created using the VuePress static site generator. Information about how to write documentation can be found on the VuePress website.