web: abstract rootInterface()?.config?.capabilities.includes() into .can()#7737
Merged
kensternberg-authentik merged 15 commits intomainfrom Jan 8, 2024
Merged
web: abstract rootInterface()?.config?.capabilities.includes() into .can()#7737kensternberg-authentik merged 15 commits intomainfrom
rootInterface()?.config?.capabilities.includes() into .can()#7737kensternberg-authentik merged 15 commits intomainfrom
Conversation
… into a single accessor,
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.
Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:
``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```
into:
``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```
It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.
The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:
Symbol(): {
cacheTimeout: 300
cacheTimeoutFlows: 300
cacheTimeoutPolicies: 300
cacheTimeoutReputation: 300
capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
}
Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.
The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.
The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.
Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:
TODO:
``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #7737 +/- ##
===========================================
+ Coverage 43.71% 92.29% +48.58%
===========================================
Files 588 608 +20
Lines 29200 30230 +1030
===========================================
+ Hits 12764 27900 +15136
+ Misses 16436 2330 -14106
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
* main: (22 commits) stages/email: improve error handling for incorrect template syntax (#7758) core: bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8 (#7768) website: bump postcss from 8.4.31 to 8.4.32 in /website (#7770) web: bump the eslint group in /tests/wdio with 1 update (#7773) website: bump @types/react from 18.2.39 to 18.2.41 in /website (#7769) web: bump the eslint group in /web with 1 update (#7772) website: fix typos in example URLs (#7774) root: include ca-certificates in container (#7763) root: don't show warning when app has no URLs to import (#7765) web: revert storybook (#7764) web: bump the eslint group in /web with 2 updates (#7730) website: bump @types/react from 18.2.38 to 18.2.39 in /website (#7720) web: bump the storybook group in /web with 5 updates (#7750) website/blog: fix email syntax (#7753) web: bump the wdio group in /tests/wdio with 3 updates (#7751) web: bump the babel group in /web with 3 updates (#7741) web: bump the sentry group in /web with 2 updates (#7747) web: bump pyright from 1.1.337 to 1.1.338 in /web (#7743) website: bump the docusaurus group in /website with 9 updates (#7746) web: bump rollup from 4.6.0 to 4.6.1 in /web (#7748) ...
…odel," essentially an architectural description.
✅ Deploy Preview for authentik ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
* dev: web: bump API Client version (#7803) events: add graph for event volume (#7639) website/docs: change links to point to our YouTube (#7794) web: bump core-js from 3.33.3 to 3.34.0 in /web (#7796) core: bump golang from 1.21.4-bookworm to 1.21.5-bookworm (#7798) web: bump the wdio group in /tests/wdio with 4 updates (#7799) web/admin: revise wizard form handling (#7331) web: bump the eslint group in /tests/wdio with 2 updates (#7783) web: bump the sentry group in /web with 2 updates (#7784) web: bump the eslint group in /web with 2 updates (#7785) web: bump chart.js from 4.4.0 to 4.4.1 in /web (#7786) website: bump @types/react from 18.2.41 to 18.2.42 in /website (#7787) website: bump react-tooltip from 5.24.0 to 5.25.0 in /website (#7788) outposts/ldap: avoid nil ptr deref in MemorySearcher (#7767)
* dev: blueprints: improve file change handler (#7813) web/user: fix search not updating app (#7825) web: bump the storybook group in /web with 5 updates (#7819) core: compile backend translations (#7827) translate: Updates for file locale/en/LC_MESSAGES/django.po in de (#7812) core: bump github.com/go-openapi/strfmt from 0.21.8 to 0.21.9 (#7814) ci: bump actions/stale from 8 to 9 (#7815) web: bump the wdio group in /tests/wdio with 1 update (#7816) translate: Updates for file web/xliff/en.xlf in zh_CN (#7820) web: bump the sentry group in /web with 2 updates (#7817) web: bump vite-tsconfig-paths from 4.2.1 to 4.2.2 in /web (#7818) translate: Updates for file web/xliff/en.xlf in zh-Hans (#7821) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#7822) translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#7823) web: bump typescript from 5.3.2 to 5.3.3 in /web (#7806) website: bump typescript from 5.3.2 to 5.3.3 in /website (#7807) web: bump typescript from 5.3.2 to 5.3.3 in /tests/wdio (#7808) core: bump goauthentik.io/api/v3 from 3.2023104.1 to 3.2023104.2 (#7809) ci: bump actions/setup-go from 4 to 5
* dev: web/flows: show logo in card (#7824)
* main: scripts: postgres, redis: only listen on localhost (#7849) website: bump @types/react from 18.2.42 to 18.2.43 in /website (#7840) web: bump ts-node from 10.9.1 to 10.9.2 in /tests/wdio (#7846) core: bump github.com/go-openapi/runtime from 0.26.0 to 0.26.2 (#7841) website: bump prettier from 3.1.0 to 3.1.1 in /website (#7839) web: bump the esbuild group in /web with 2 updates (#7842) web: bump rollup from 4.6.1 to 4.7.0 in /web (#7843) web: bump prettier from 3.1.0 to 3.1.1 in /web (#7844) web: bump the wdio group in /tests/wdio with 2 updates (#7845) web: bump prettier from 3.1.0 to 3.1.1 in /tests/wdio (#7847) translate: Updates for file web/xliff/en.xlf in fr (#7851) translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#7850) core: bump python from 3.12.0-slim-bookworm to 3.12.1-slim-bookworm web/flows: update flow background (#7833) web/flows: fix logo height (#7834) Fix cache related image build issues
BeryJu
approved these changes
Dec 11, 2023
… into a single accessor,
`authentikConfig`, that can be mixed into any AKElement object that requires access to it.
Since access to `rootInterface()?.config?` is _universally_ used for a single (and repetitive)
boolean check, a separate accessor has been provided that converts all calls of the form:
``` javascript
rootInterface()?.config?.capabilities.includes(CapabilitiesEnum.CanImpersonate)
```
into:
``` javascript
this.can(CapabilitiesEnum.CanImpersonate)
```
It does this via a Mixin, `WithCapabilitiesConfig`, which understands that these calls only make
sense in the context of a running, fully configured authentik instance, and that their purpose is to
inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable
turning a function call into a method; we should make it explicit that this is a relationship
between components.
The mixin has a single single field, `[WCC.capabilitiesConfig]`, where its association with the
upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict
unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger
shows it only as:
Symbol(): {
cacheTimeout: 300
cacheTimeoutFlows: 300
cacheTimeoutPolicies: 300
cacheTimeoutReputation: 300
capabilities: (5) ['can_save_media', 'can_geo_ip', 'can_impersonate', 'can_debug', 'is_enterprise']
}
Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual
private fields, this is the best we can do; it does guarantee that field name collisions are
impossible, which is a win.
The mixin takes a second optional boolean; setting this to true will cause any web component using
the mixin to automatically schedule a re-render if the capabilities list changes.
The mixin is also generic; despite the "...into a Lit-Context" in the title, the internals of the
Mixin can be replaced with anything so long as the signature of `.can()` is preserved.
Because this work builds off the work I did to give the Sidebar access to the configuration without
ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be
necessary for the following:
TODO:
``` javascript
rootInterface()?.uiConfig;
rootInterface()?.tenant;
me();
```
…odel," essentially an architectural description.
…' into web/config-provider * refs/remotes/origin/web/config-provider: web: Jens requested that subscription be by default, and it's the right call. web: prettier had opinions about the README web: Added a README with a description of the applications' "mental model," essentially an architectural description. This commit abstracts access to the object `rootInterface()?.config?` into a single accessor, `authentikConfig`, that can be mixed into any AKElement object that requires access to it.
Contributor
authentik translations instructionsThanks for your pull request! authentik translations are handled using Transifex. Please edit translations over there and they'll be included automatically. |
- Also, removed redundant check.
Contributor
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-web-config-provider-1704738119-bed67b9
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sFor arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-web-config-provider-1704738119-bed67b9-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-web-config-provider-1704738119-bed67b9For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-web-config-provider-1704738119-bed67b9-arm64Afterwards, run the upgrade commands from the latest release notes. |
kensternberg-authentik
added a commit
that referenced
this pull request
Jan 8, 2024
* main: (146 commits) web: abstract `rootInterface()?.config?.capabilities.includes()` into `.can()` (#7737) web: update some locale details (#8090) web: bump the eslint group in /web with 2 updates (#8082) web: bump rollup from 4.9.2 to 4.9.4 in /web (#8083) core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085) web: bump the eslint group in /tests/wdio with 2 updates (#8086) website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088) stages/user_login: only set last_ip in session if a binding is given (#8074) providers/oauth2: fix missing nonce in token endpoint not being saved (#8073) core: bump goauthentik.io/api/v3 from 3.2023105.3 to 3.2023105.5 (#8066) providers/oauth2: fix missing nonce in id_token (#8072) rbac: fix error when looking up permissions for now uninstalled apps (#8068) web/flows: fix device picker incorrect foreground color (#8067) translate: Updates for file web/xliff/en.xlf in zh_CN (#8061) translate: Updates for file web/xliff/en.xlf in zh-Hans (#8062) website: bump postcss from 8.4.32 to 8.4.33 in /website (#8063) web: bump the sentry group in /web with 2 updates (#8064) core: bump golang.org/x/sync from 0.5.0 to 0.6.0 (#8065) website/docs: add link to our example flows (#8052) providers/oauth2: offline access (#8026) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Jan 8, 2024
…2a-branded * web/config-provider-2-tenant: (146 commits) web: abstract `rootInterface()?.config?.capabilities.includes()` into `.can()` (#7737) web: update some locale details (#8090) web: bump the eslint group in /web with 2 updates (#8082) web: bump rollup from 4.9.2 to 4.9.4 in /web (#8083) core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085) web: bump the eslint group in /tests/wdio with 2 updates (#8086) website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088) stages/user_login: only set last_ip in session if a binding is given (#8074) providers/oauth2: fix missing nonce in token endpoint not being saved (#8073) core: bump goauthentik.io/api/v3 from 3.2023105.3 to 3.2023105.5 (#8066) providers/oauth2: fix missing nonce in id_token (#8072) rbac: fix error when looking up permissions for now uninstalled apps (#8068) web/flows: fix device picker incorrect foreground color (#8067) translate: Updates for file web/xliff/en.xlf in zh_CN (#8061) translate: Updates for file web/xliff/en.xlf in zh-Hans (#8062) website: bump postcss from 8.4.32 to 8.4.33 in /website (#8063) web: bump the sentry group in /web with 2 updates (#8064) core: bump golang.org/x/sync from 0.5.0 to 0.6.0 (#8065) website/docs: add link to our example flows (#8052) providers/oauth2: offline access (#8026) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Jan 8, 2024
* dev: (131 commits) web: Replace calls to `rootInterface()?.tenant?` with a contextual `this.tenant` object (#7778) web: abstract `rootInterface()?.config?.capabilities.includes()` into `.can()` (#7737) web: update some locale details (#8090) web: bump the eslint group in /web with 2 updates (#8082) web: bump rollup from 4.9.2 to 4.9.4 in /web (#8083) core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085) web: bump the eslint group in /tests/wdio with 2 updates (#8086) website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088) stages/user_login: only set last_ip in session if a binding is given (#8074) providers/oauth2: fix missing nonce in token endpoint not being saved (#8073) core: bump goauthentik.io/api/v3 from 3.2023105.3 to 3.2023105.5 (#8066) providers/oauth2: fix missing nonce in id_token (#8072) rbac: fix error when looking up permissions for now uninstalled apps (#8068) web/flows: fix device picker incorrect foreground color (#8067) translate: Updates for file web/xliff/en.xlf in zh_CN (#8061) translate: Updates for file web/xliff/en.xlf in zh-Hans (#8062) website: bump postcss from 8.4.32 to 8.4.33 in /website (#8063) web: bump the sentry group in /web with 2 updates (#8064) core: bump golang.org/x/sync from 0.5.0 to 0.6.0 (#8065) website/docs: add link to our example flows (#8052) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Jan 8, 2024
* dev: web: Replace calls to `rootInterface()?.tenant?` with a contextual `this.tenant` object (#7778) web: abstract `rootInterface()?.config?.capabilities.includes()` into `.can()` (#7737) web: update some locale details (#8090) web: bump the eslint group in /web with 2 updates (#8082) web: bump rollup from 4.9.2 to 4.9.4 in /web (#8083) core: bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#8085) web: bump the eslint group in /tests/wdio with 2 updates (#8086) website: bump @types/react from 18.2.46 to 18.2.47 in /website (#8088) stages/user_login: only set last_ip in session if a binding is given (#8074) providers/oauth2: fix missing nonce in token endpoint not being saved (#8073) core: bump goauthentik.io/api/v3 from 3.2023105.3 to 3.2023105.5 (#8066) providers/oauth2: fix missing nonce in id_token (#8072) rbac: fix error when looking up permissions for now uninstalled apps (#8068) web/flows: fix device picker incorrect foreground color (#8067) translate: Updates for file web/xliff/en.xlf in zh_CN (#8061) translate: Updates for file web/xliff/en.xlf in zh-Hans (#8062) website: bump postcss from 8.4.32 to 8.4.33 in /website (#8063) web: bump the sentry group in /web with 2 updates (#8064) core: bump golang.org/x/sync from 0.5.0 to 0.6.0 (#8065)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Details
This commit abstracts access to the object
rootInterface()?.config?into a single accessor,authentikConfig, that can be mixed into any AKElement object that requires access to it.Since access to
rootInterface()?.config?is universally used for a single (and repetitive) boolean check, a separate accessor has been provided that converts all calls of the form:into:
It does this via a Mixin,
WithCapabilitiesConfig, which understands that these calls only make sense in the context of a running, fully configured authentik instance, and that their purpose is to inform authentik components of a user’s capabilities. The latter is why I don’t feel uncomfortable turning a function call into a method; we should make it explicit that this is a relationship between components.The mixin has a single single field,
[WCC.capabilitiesConfig], where its association with the upper-level configuration is made. If that syntax looks peculiar to you, good! I’ve used an explict unique symbol as the field name; it is inaccessable an innumerable in the object list. The debugger shows it only as:Since you can’t reference it by identity, you can’t write to it. Until every browser supports actual private fields, this is the best we can do; it does guarantee that field name collisions are impossible, which is a win.
The mixin takes a second optional boolean; setting this to true will cause any web component using the mixin to automatically schedule a re-render if the capabilities list changes.
The mixin is also generic; despite the “…into a Lit-Context” in the title, the internals of the Mixin can be replaced with anything so long as the signature of
.can()is preserved.Because this work builds off the work I did to give the Sidebar access to the configuration without ad-hoc retrieval or prop-drilling, it wasn’t necessary to create a new context for it. That will be necessary for the following:
TODO:
NOTE: mixing in both accessors won't break anything, but you'll have two copies of the context in any object that does.
If you truly need both (so far, no one does), use the older
.includessyntax on the rootConfigobject.Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been made
make web)make i18n-extract)If applicable
make website)