-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add partial role support for manager only using web-vault v2024.12.0 #5219
Conversation
This PR needs a web-vault built from this PR dani-garcia/bw_web_builds#186 But it would be nice if some people are able to test this PR using a web-vault built from the PR linked above. |
78ab1c1
to
4b283b2
Compare
May I suggest to add more comments to the code, where your changes from this PR have to be reverted when full role support is implemented. Unless you you'll keep the compat layer even then. It is quite possible to forget to remove/change current code/behavior when the "future" changes are not close to this PR. Please ignore, if I am way off. |
ae62f5b
to
6e337c6
Compare
@tessus done :) @stefan0xC I have fixed the icon in the collapsed menu. |
de0b54c
to
0a4ffc7
Compare
As mentioned before, this PR needs a new web-vault version for which a PR can be found here: CI builds of this web-vault can be downloaded here:
|
71d90ed
to
31957cc
Compare
31957cc
to
1e71195
Compare
If this is the only PR required for the new web vault, is it possible to merge this and then release the new web vault - maybe this weekend? |
I'd rather first fix a native client issue and release a version and after that merge this. I also think it is better to first release the web-vault and then add that release to this PR. |
Thanks! I fixed it just now. |
Now that I think about it, shouldn't the create account line also be hidden? I have signups disabled. |
Also fixed now :) |
0c4fede
to
d17dc0d
Compare
I'm checking to see if we can update to v2024.12.0. There seem to be some minor changes and some endpoints added. |
Code is adjusted to support v2024.12.0 now. Not too much changed. |
a16668a
to
748a242
Compare
The native client issue has been fixed and a new version has been released. Is it possible to merge this now and release the new web-vault 2024.12.0 (or the other way around as you suggested)? |
What's the matter with you and the new web vault version? Isn't the current one working for you? If not then just try to build and run it yourself |
@stefan0xC What happens then exactly? |
The exception happened when I tried to open the Custom user member (which used to be a Manager role without edit: I'm unable to reproduce the issue. It might have been caused by using an in-between version of the web-vault... |
edc4013
to
9c74e2c
Compare
@stefan0xC & @dfunkt, i have been testing a bit more, but i can't find anything strange my self. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think I can find anything else. I mean that a Manager that does not have access to all collection will not have access to the admin console is probably expected. One question I would have left is if we should not make this a permanent change and save the manage
permission in the CollectionUser / GroupUser relations accordingly? Since that seems a bit weird to just keep deriving it. But I wonder if that's possible without implementing custom permissions as well.
I'd rather do that while implementing the other rights too. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've been using this PR for the past few weeks, no further problems to report.
- Add the custom role which replaces the manager role - Added mini-details endpoint used by v2024.11.1 These changes try to add the custom role in such a way that it stays compatible with the older manager role. It will convert a manager role into a custom role, and if a manager has `access-all` rights, it will enable the correct custom roles. Upon saving it will convert these back to the old format. What this does is making sure you are able to revert back to an older version of Vaultwarden without issues. This way we can support newer web-vault's and still be compatible with a previous Vaultwarden version if needed. In the future this needs to be changed to full role support though. Fixed the 2FA hide CSS since the order of options has changed Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
Signed-off-by: BlackDex <[email protected]>
94aec7c
to
f0836bb
Compare
f0836bb
to
ac70451
Compare
Signed-off-by: BlackDex <[email protected]>
ac70451
to
48116b0
Compare
These changes try to add the custom role in such a way that it stays compatible with the older manager role. It will convert a manager role into a custom role, and if a manager has
access-all
rights, it will enable the correct custom roles. Upon saving it will convert these back to the old format.What this does is making sure you are able to revert back to an older version of Vaultwarden without issues. This way we can support newer web-vault's and still be compatible with a previous Vaultwarden version if needed.
In the future this needs to be changed to full role support though.