dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Fix RBAC role system bugs and improve UX (#446)

Browse Source 
* Fix RBAC role system bugs and improve UX

- Fix user list dropdown selection in host sharing
- Fix role sharing permissions to include role-based access
- Fix translation template interpolation for success messages
- Standardize system roles to admin and user only
- Auto-assign user role to new registrations
- Remove blocking confirmation dialogs in modal contexts
- Add missing i18n keys for common actions
- Fix button type to prevent unintended form submissions

* Enhance RBAC system with UI improvements and security fixes

- Move role assignment to Users tab with per-user role management
- Protect system roles (admin/user) from editing and manual assignment
- Simplify permission system: remove Use level, keep View and Manage
- Hide Update button and Sharing tab for view-only/shared hosts
- Prevent users from sharing hosts with themselves
- Unify table and modal styling across admin panels
- Auto-assign system roles on user registration
- Add permission metadata to host interface

* Add empty state message for role assignment

- Display helpful message when no custom roles available
- Clarify that system roles are auto-assigned
- Add noCustomRolesToAssign translation in English and Chinese

* fix: Prevent credential sharing errors for shared hosts

- Skip credential resolution for shared hosts with credential authentication
  to prevent decryption errors (credentials are encrypted per-user)
- Add warning alert in sharing tab when host uses credential authentication
- Inform users that shared users cannot connect to credential-based hosts
- Add translations for credential sharing warning (EN/ZH)

This prevents authentication failures when sharing hosts configured
with credential authentication while maintaining security by keeping
credentials isolated per user.

* feat: Improve rbac UI and fixes some bugs

---------

Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com>
Co-authored-by: LukeGus <bugattiguy527@gmail.com>
This commit was merged in pull request #446.
This commit is contained in:
ZacharyZcR
2025-12-20 10:13:36 +08:00
committed by GitHub
parent 1f168c6f97
commit 94651107c1
20 changed files with 4389 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
src/locales/en/translation.json
View File

@@ -387,7 +387,11 @@
"documentation": "Documentation",
"retry": "Retry",
"checking": "Checking...",
"checkingDatabase": "Checking database connection..."
"checkingDatabase": "Checking database connection...",
"actions": "Actions",
"remove": "Remove",
"revoke": "Revoke",
"create": "Create"
},
"nav": {
"home": "Home",
@@ -1765,6 +1769,172 @@
"ram": "RAM",
"notAvailable": "N/A"
},
"rbac": {
"shareHost": "Share Host",
"shareHostTitle": "Share Host Access",
"shareHostDescription": "Grant temporary or permanent access to this host",
"targetUser": "Target User",
"selectUser": "Select a user to share with",
"duration": "Duration",
"durationHours": "Duration (hours)",
"neverExpires": "Never expires",
"permissionLevel": "Permission Level",
"permissionLevels": {
"readonly": "Read-Only",
"readonlyDesc": "Can view only, no command input",
"restricted": "Restricted",
"restrictedDesc": "Blocks dangerous commands (passwd, rm -rf, etc.)",
"monitored": "Monitored",
"monitoredDesc": "Records all commands but doesn't block (Recommended)",
"full": "Full Access",
"fullDesc": "No restrictions (Not recommended)"
},
"blockedCommands": "Blocked Commands",
"blockedCommandsPlaceholder": "Enter commands to block, e.g., passwd, rm, dd",
"maxSessionDuration": "Max Session Duration (minutes)",
"createTempUser": "Create Temporary User",
"createTempUserDesc": "Creates a restricted user on the server instead of sharing your credentials. Requires sudo access. Most secure option.",
"expiresAt": "Expires At",
"expiresIn": "Expires in {{hours}} hours",
"expired": "Expired",
"grantedBy": "Granted By",
"accessLevel": "Access Level",
"lastAccessed": "Last Accessed",
"accessCount": "Access Count",
"revokeAccess": "Revoke Access",
"confirmRevokeAccess": "Are you sure you want to revoke access for {{username}}?",
"hostSharedSuccessfully": "Host shared successfully with {{username}}",
"hostAccessUpdated": "Host access updated",
"failedToShareHost": "Failed to share host",
"accessRevokedSuccessfully": "Access revoked successfully",
"failedToRevokeAccess": "Failed to revoke access",
"shared": "Shared",
"sharedHosts": "Shared Hosts",
"sharedWithMe": "Shared With Me",
"noSharedHosts": "No hosts shared with you",
"owner": "Owner",
"viewAccessList": "View Access List",
"accessList": "Access List",
"noAccessGranted": "No access has been granted for this host",
"noAccessGrantedMessage": "No users have been granted access to this host yet",
"manageAccessFor": "Manage access for",
"totalAccessRecords": "{{count}} access record(s)",
"neverAccessed": "Never",
"timesAccessed": "{{count}} time(s)",
"daysRemaining": "{{days}} day(s)",
"hoursRemaining": "{{hours}} hour(s)",
"expired": "Expired",
"failedToFetchAccessList": "Failed to fetch access list",
"currentAccess": "Current Access",
"securityWarning": "Security Warning",
"securityWarningMessage": "Sharing credentials gives the user full access to perform any operations on the server, including changing passwords and deleting files. Only share with trusted users.",
"tempUserRecommended": "We recommend enabling 'Create Temporary User' for better security.",
"roleManagement": "Role Management",
"manageRoles": "Manage Roles",
"manageRolesFor": "Manage roles for {{username}}",
"assignRole": "Assign Role",
"removeRole": "Remove Role",
"userRoles": "User Roles",
"permissions": "Permissions",
"systemRole": "System Role",
"customRole": "Custom Role",
"roleAssignedSuccessfully": "Role assigned to {{username}} successfully",
"failedToAssignRole": "Failed to assign role",
"roleRemovedSuccessfully": "Role removed from {{username}} successfully",
"failedToRemoveRole": "Failed to remove role",
"cannotRemoveSystemRole": "Cannot remove system role",
"cannotShareWithSelf": "Cannot share host with yourself",
"noCustomRolesToAssign": "No custom roles available. System roles are auto-assigned.",
"credentialSharingWarning": "Credential Authentication Not Supported for Sharing",
"credentialSharingWarningDescription": "This host uses credential-based authentication. Shared users will not be able to connect because credentials are encrypted per-user and cannot be shared. Please use password or key-based authentication for hosts you intend to share.",
"auditLogs": "Audit Logs",
"viewAuditLogs": "View Audit Logs",
"action": "Action",
"resourceType": "Resource Type",
"resourceName": "Resource Name",
"timestamp": "Timestamp",
"ipAddress": "IP Address",
"userAgent": "User Agent",
"success": "Success",
"failed": "Failed",
"details": "Details",
"noAuditLogs": "No audit logs available",
"sessionRecordings": "Session Recordings",
"viewRecording": "View Recording",
"downloadRecording": "Download Recording",
"dangerousCommand": "Dangerous Command Detected",
"commandBlocked": "Command Blocked",
"terminateSession": "Terminate Session",
"sessionTerminated": "Session terminated by host owner",
"sharedAccessExpired": "Your shared access to this host has expired",
"sharedAccessExpiresIn": "Shared access expires in {{hours}} hours",
"roles": {
"label": "Roles",
"admin": "Administrator",
"user": "User"
},
"createRole": "Create Role",
"editRole": "Edit Role",
"roleName": "Role Name",
"displayName": "Display Name",
"description": "Description",
"assignRoles": "Assign Roles",
"userRoleAssignment": "User-Role Assignment",
"selectUserPlaceholder": "Select a user",
"searchUsers": "Search users...",
"noUserFound": "No user found",
"currentRoles": "Current Roles",
"noRolesAssigned": "No roles assigned",
"assignNewRole": "Assign New Role",
"selectRolePlaceholder": "Select a role",
"searchRoles": "Search roles...",
"noRoleFound": "No role found",
"assign": "Assign",
"roleCreatedSuccessfully": "Role created successfully",
"roleUpdatedSuccessfully": "Role updated successfully",
"roleDeletedSuccessfully": "Role deleted successfully",
"failedToLoadRoles": "Failed to load roles",
"failedToSaveRole": "Failed to save role",
"failedToDeleteRole": "Failed to delete role",
"roleDisplayNameRequired": "Role display name is required",
"roleNameRequired": "Role name is required",
"roleNameHint": "Use lowercase letters, numbers, underscores, and hyphens only",
"displayNamePlaceholder": "Developer",
"descriptionPlaceholder": "Software developers and engineers",
"confirmDeleteRole": "Delete Role",
"confirmDeleteRoleDescription": "Are you sure you want to delete the role '{{name}}'? This action cannot be undone.",
"confirmRemoveRole": "Remove Role",
"confirmRemoveRoleDescription": "Are you sure you want to remove this role from the user?",
"editRoleDescription": "Update role information",
"createRoleDescription": "Create a new custom role for grouping users",
"assignRolesDescription": "Manage role assignments for users",
"noRoles": "No roles found",
"selectRole": "Select Role",
"type": "Type",
"user": "User",
"role": "Role",
"saveHostFirst": "Save Host First",
"saveHostFirstDescription": "Please save the host before configuring sharing settings.",
"shareWithUser": "Share with User",
"shareWithRole": "Share with Role",
"share": "Share",
"target": "Target",
"expires": "Expires",
"never": "Never",
"noAccessRecords": "No access records found",
"sharedSuccessfully": "Shared successfully",
"failedToShare": "Failed to share",
"confirmRevokeAccessDescription": "Are you sure you want to revoke this access?",
"hours": "hours",
"sharing": "Sharing",
"selectUserAndRole": "Please select both a user and a role",
"view": "View Only",
"viewDesc": "Can view and connect to the host in read-only mode",
"use": "Use",
"useDesc": "Can use the host normally but cannot modify host configuration",
"manage": "Manage",
"manageDesc": "Full control including modifying host configuration and sharing settings"
},
"commandPalette": {
"searchPlaceholder": "Search for hosts or quick actions...",
"recentActivity": "Recent Activity",
@@ -1788,4 +1958,4 @@
"close": "Close",
"hostManager": "Host Manager"
}
}
}

172
src/locales/zh/translation.json
View File

@@ -386,6 +386,10 @@
"retry": "重试",
"checking": "检查中...",
"checkingDatabase": "正在检查数据库连接...",
"actions": "操作",
"remove": "移除",
"revoke": "撤销",
"create": "创建",
"saving": "保存中...",
"version": "Version"
},
@@ -1764,6 +1768,172 @@
"ram": "内存",
"notAvailable": "不可用"
},
"rbac": {
"shareHost": "分享主机",
"shareHostTitle": "分享主机访问权限",
"shareHostDescription": "授予临时或永久访问此主机的权限",
"targetUser": "目标用户",
"selectUser": "选择要分享的用户",
"duration": "时长",
"durationHours": "时长(小时)",
"neverExpires": "永不过期",
"permissionLevel": "权限级别",
"permissionLevels": {
"readonly": "只读",
"readonlyDesc": "仅可查看,无法输入命令",
"restricted": "受限",
"restrictedDesc": "阻止危险命令passwd、rm -rf等",
"monitored": "监控",
"monitoredDesc": "记录所有命令但不阻止(推荐)",
"full": "完全访问",
"fullDesc": "无任何限制(不推荐)"
},
"blockedCommands": "阻止的命令",
"blockedCommandsPlaceholder": "输入要阻止的命令passwd, rm, dd",
"maxSessionDuration": "最大会话时长(分钟)",
"createTempUser": "创建临时用户",
"createTempUserDesc": "在服务器上创建受限用户而不是共享您的凭据。需要sudo权限。最安全的选项。",
"expiresAt": "过期时间",
"expiresIn": "{{hours}}小时后过期",
"expired": "已过期",
"grantedBy": "授予者",
"accessLevel": "访问级别",
"lastAccessed": "最后访问",
"accessCount": "访问次数",
"revokeAccess": "撤销访问",
"confirmRevokeAccess": "确定要撤销{{username}}的访问权限吗?",
"hostSharedSuccessfully": "已成功与{{username}}分享主机",
"hostAccessUpdated": "主机访问已更新",
"failedToShareHost": "分享主机失败",
"accessRevokedSuccessfully": "访问权限已成功撤销",
"failedToRevokeAccess": "撤销访问失败",
"shared": "共享",
"sharedHosts": "共享主机",
"sharedWithMe": "与我共享",
"noSharedHosts": "没有与您共享的主机",
"owner": "所有者",
"viewAccessList": "查看访问列表",
"accessList": "访问列表",
"noAccessGranted": "此主机尚未授予任何访问权限",
"noAccessGrantedMessage": "还没有用户被授予此主机的访问权限",
"manageAccessFor": "管理访问权限",
"totalAccessRecords": "{{count}} 条访问记录",
"neverAccessed": "从未访问",
"timesAccessed": "{{count}} 次",
"daysRemaining": "{{days}} 天",
"hoursRemaining": "{{hours}} 小时",
"expired": "已过期",
"failedToFetchAccessList": "获取访问列表失败",
"currentAccess": "当前访问",
"securityWarning": "安全警告",
"securityWarningMessage": "分享凭据会让用户完全访问服务器并执行任何操作,包括更改密码和删除文件。仅与受信任的用户共享。",
"tempUserRecommended": "我们建议启用'创建临时用户'以获得更好的安全性。",
"roleManagement": "角色管理",
"manageRoles": "管理角色",
"manageRolesFor": "管理 {{username}} 的角色",
"assignRole": "分配角色",
"removeRole": "移除角色",
"userRoles": "用户角色",
"permissions": "权限",
"systemRole": "系统角色",
"customRole": "自定义角色",
"roleAssignedSuccessfully": "已成功为{{username}}分配角色",
"failedToAssignRole": "分配角色失败",
"roleRemovedSuccessfully": "已成功从{{username}}移除角色",
"failedToRemoveRole": "移除角色失败",
"cannotRemoveSystemRole": "无法移除系统角色",
"cannotShareWithSelf": "不能与自己共享主机",
"noCustomRolesToAssign": "没有可用的自定义角色。系统角色已自动分配。",
"credentialSharingWarning": "不支持共享使用凭据认证的主机",
"credentialSharingWarningDescription": "此主机使用凭据认证。由于凭据是按用户加密的无法共享,共享用户将无法连接。请为计划共享的主机使用密码或密钥认证。",
"auditLogs": "审计日志",
"viewAuditLogs": "查看审计日志",
"action": "操作",
"resourceType": "资源类型",
"resourceName": "资源名称",
"timestamp": "时间戳",
"ipAddress": "IP地址",
"userAgent": "用户代理",
"success": "成功",
"failed": "失败",
"details": "详情",
"noAuditLogs": "无可用审计日志",
"sessionRecordings": "会话录制",
"viewRecording": "查看录制",
"downloadRecording": "下载录制",
"dangerousCommand": "检测到危险命令",
"commandBlocked": "命令已阻止",
"terminateSession": "终止会话",
"sessionTerminated": "会话已被主机所有者终止",
"sharedAccessExpired": "您对此主机的共享访问权限已过期",
"sharedAccessExpiresIn": "共享访问将在{{hours}}小时后过期",
"roles": {
"label": "角色",
"admin": "管理员",
"user": "用户"
},
"createRole": "创建角色",
"editRole": "编辑角色",
"roleName": "角色名称",
"displayName": "显示名称",
"description": "描述",
"assignRoles": "分配角色",
"userRoleAssignment": "用户角色分配",
"selectUserPlaceholder": "选择用户",
"searchUsers": "搜索用户...",
"noUserFound": "未找到用户",
"currentRoles": "当前角色",
"noRolesAssigned": "未分配角色",
"assignNewRole": "分配新角色",
"selectRolePlaceholder": "选择角色",
"searchRoles": "搜索角色...",
"noRoleFound": "未找到角色",
"assign": "分配",
"roleCreatedSuccessfully": "角色创建成功",
"roleUpdatedSuccessfully": "角色更新成功",
"roleDeletedSuccessfully": "角色删除成功",
"failedToLoadRoles": "加载角色失败",
"failedToSaveRole": "保存角色失败",
"failedToDeleteRole": "删除角色失败",
"roleDisplayNameRequired": "角色显示名称是必需的",
"roleNameRequired": "角色名称是必需的",
"roleNameHint": "仅使用小写字母、数字、下划线和连字符",
"displayNamePlaceholder": "开发者",
"descriptionPlaceholder": "软件开发人员和工程师",
"confirmDeleteRole": "删除角色",
"confirmDeleteRoleDescription": "确定要删除角色'{{name}}'吗?此操作无法撤销。",
"confirmRemoveRole": "移除角色",
"confirmRemoveRoleDescription": "确定要从用户中移除此角色吗?",
"editRoleDescription": "更新角色信息",
"createRoleDescription": "创建新的自定义角色以分组用户",
"assignRolesDescription": "管理用户的角色分配",
"noRoles": "未找到角色",
"selectRole": "选择角色",
"type": "类型",
"user": "用户",
"role": "角色",
"saveHostFirst": "请先保存主机",
"saveHostFirstDescription": "请先保存主机后再配置分享设置。",
"shareWithUser": "与用户分享",
"shareWithRole": "与角色分享",
"share": "分享",
"target": "目标",
"expires": "过期时间",
"never": "永不",
"noAccessRecords": "未找到访问记录",
"sharedSuccessfully": "分享成功",
"failedToShare": "分享失败",
"confirmRevokeAccessDescription": "确定要撤销此访问权限吗?",
"hours": "小时",
"sharing": "分享",
"selectUserAndRole": "请选择用户和角色",
"view": "仅查看",
"viewDesc": "可以查看和连接主机,但仅限只读模式",
"use": "使用",
"useDesc": "可以正常使用主机,但不能修改主机配置",
"manage": "管理",
"manageDesc": "完全控制,包括修改主机配置和分享设置"
},
"commandPalette": {
"searchPlaceholder": "搜索主机或快速操作...",
"recentActivity": "最近活动",
@@ -1787,4 +1957,4 @@
"close": "关闭",
"hostManager": "主机管理器"
}
}
}