Fix RBAC role system bugs and improve UX (#446)
* Fix RBAC role system bugs and improve UX - Fix user list dropdown selection in host sharing - Fix role sharing permissions to include role-based access - Fix translation template interpolation for success messages - Standardize system roles to admin and user only - Auto-assign user role to new registrations - Remove blocking confirmation dialogs in modal contexts - Add missing i18n keys for common actions - Fix button type to prevent unintended form submissions * Enhance RBAC system with UI improvements and security fixes - Move role assignment to Users tab with per-user role management - Protect system roles (admin/user) from editing and manual assignment - Simplify permission system: remove Use level, keep View and Manage - Hide Update button and Sharing tab for view-only/shared hosts - Prevent users from sharing hosts with themselves - Unify table and modal styling across admin panels - Auto-assign system roles on user registration - Add permission metadata to host interface * Add empty state message for role assignment - Display helpful message when no custom roles available - Clarify that system roles are auto-assigned - Add noCustomRolesToAssign translation in English and Chinese * fix: Prevent credential sharing errors for shared hosts - Skip credential resolution for shared hosts with credential authentication to prevent decryption errors (credentials are encrypted per-user) - Add warning alert in sharing tab when host uses credential authentication - Inform users that shared users cannot connect to credential-based hosts - Add translations for credential sharing warning (EN/ZH) This prevents authentication failures when sharing hosts configured with credential authentication while maintaining security by keeping credentials isolated per user. * feat: Improve rbac UI and fixes some bugs --------- Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com> Co-authored-by: LukeGus <bugattiguy527@gmail.com>
This commit was merged in pull request #446.
This commit is contained in:
ZacharyZcR
GitHub
@@ -387,7 +387,11 @@
|
||||
"documentation": "Documentation",
|
||||
"retry": "Retry",
|
||||
"checking": "Checking...",
|
||||
"checkingDatabase": "Checking database connection..."
|
||||
"checkingDatabase": "Checking database connection...",
|
||||
"actions": "Actions",
|
||||
"remove": "Remove",
|
||||
"revoke": "Revoke",
|
||||
"create": "Create"
|
||||
},
|
||||
"nav": {
|
||||
"home": "Home",
|
||||
@@ -1765,6 +1769,172 @@
|
||||
"ram": "RAM",
|
||||
"notAvailable": "N/A"
|
||||
},
|
||||
"rbac": {
|
||||
"shareHost": "Share Host",
|
||||
"shareHostTitle": "Share Host Access",
|
||||
"shareHostDescription": "Grant temporary or permanent access to this host",
|
||||
"targetUser": "Target User",
|
||||
"selectUser": "Select a user to share with",
|
||||
"duration": "Duration",
|
||||
"durationHours": "Duration (hours)",
|
||||
"neverExpires": "Never expires",
|
||||
"permissionLevel": "Permission Level",
|
||||
"permissionLevels": {
|
||||
"readonly": "Read-Only",
|
||||
"readonlyDesc": "Can view only, no command input",
|
||||
"restricted": "Restricted",
|
||||
"restrictedDesc": "Blocks dangerous commands (passwd, rm -rf, etc.)",
|
||||
"monitored": "Monitored",
|
||||
"monitoredDesc": "Records all commands but doesn't block (Recommended)",
|
||||
"full": "Full Access",
|
||||
"fullDesc": "No restrictions (Not recommended)"
|
||||
},
|
||||
"blockedCommands": "Blocked Commands",
|
||||
"blockedCommandsPlaceholder": "Enter commands to block, e.g., passwd, rm, dd",
|
||||
"maxSessionDuration": "Max Session Duration (minutes)",
|
||||
"createTempUser": "Create Temporary User",
|
||||
"createTempUserDesc": "Creates a restricted user on the server instead of sharing your credentials. Requires sudo access. Most secure option.",
|
||||
"expiresAt": "Expires At",
|
||||
"expiresIn": "Expires in {{hours}} hours",
|
||||
"expired": "Expired",
|
||||
"grantedBy": "Granted By",
|
||||
"accessLevel": "Access Level",
|
||||
"lastAccessed": "Last Accessed",
|
||||
"accessCount": "Access Count",
|
||||
"revokeAccess": "Revoke Access",
|
||||
"confirmRevokeAccess": "Are you sure you want to revoke access for {{username}}?",
|
||||
"hostSharedSuccessfully": "Host shared successfully with {{username}}",
|
||||
"hostAccessUpdated": "Host access updated",
|
||||
"failedToShareHost": "Failed to share host",
|
||||
"accessRevokedSuccessfully": "Access revoked successfully",
|
||||
"failedToRevokeAccess": "Failed to revoke access",
|
||||
"shared": "Shared",
|
||||
"sharedHosts": "Shared Hosts",
|
||||
"sharedWithMe": "Shared With Me",
|
||||
"noSharedHosts": "No hosts shared with you",
|
||||
"owner": "Owner",
|
||||
"viewAccessList": "View Access List",
|
||||
"accessList": "Access List",
|
||||
"noAccessGranted": "No access has been granted for this host",
|
||||
"noAccessGrantedMessage": "No users have been granted access to this host yet",
|
||||
"manageAccessFor": "Manage access for",
|
||||
"totalAccessRecords": "{{count}} access record(s)",
|
||||
"neverAccessed": "Never",
|
||||
"timesAccessed": "{{count}} time(s)",
|
||||
"daysRemaining": "{{days}} day(s)",
|
||||
"hoursRemaining": "{{hours}} hour(s)",
|
||||
"expired": "Expired",
|
||||
"failedToFetchAccessList": "Failed to fetch access list",
|
||||
"currentAccess": "Current Access",
|
||||
"securityWarning": "Security Warning",
|
||||
"securityWarningMessage": "Sharing credentials gives the user full access to perform any operations on the server, including changing passwords and deleting files. Only share with trusted users.",
|
||||
"tempUserRecommended": "We recommend enabling 'Create Temporary User' for better security.",
|
||||
"roleManagement": "Role Management",
|
||||
"manageRoles": "Manage Roles",
|
||||
"manageRolesFor": "Manage roles for {{username}}",
|
||||
"assignRole": "Assign Role",
|
||||
"removeRole": "Remove Role",
|
||||
"userRoles": "User Roles",
|
||||
"permissions": "Permissions",
|
||||
"systemRole": "System Role",
|
||||
"customRole": "Custom Role",
|
||||
"roleAssignedSuccessfully": "Role assigned to {{username}} successfully",
|
||||
"failedToAssignRole": "Failed to assign role",
|
||||
"roleRemovedSuccessfully": "Role removed from {{username}} successfully",
|
||||
"failedToRemoveRole": "Failed to remove role",
|
||||
"cannotRemoveSystemRole": "Cannot remove system role",
|
||||
"cannotShareWithSelf": "Cannot share host with yourself",
|
||||
"noCustomRolesToAssign": "No custom roles available. System roles are auto-assigned.",
|
||||
"credentialSharingWarning": "Credential Authentication Not Supported for Sharing",
|
||||
"credentialSharingWarningDescription": "This host uses credential-based authentication. Shared users will not be able to connect because credentials are encrypted per-user and cannot be shared. Please use password or key-based authentication for hosts you intend to share.",
|
||||
"auditLogs": "Audit Logs",
|
||||
"viewAuditLogs": "View Audit Logs",
|
||||
"action": "Action",
|
||||
"resourceType": "Resource Type",
|
||||
"resourceName": "Resource Name",
|
||||
"timestamp": "Timestamp",
|
||||
"ipAddress": "IP Address",
|
||||
"userAgent": "User Agent",
|
||||
"success": "Success",
|
||||
"failed": "Failed",
|
||||
"details": "Details",
|
||||
"noAuditLogs": "No audit logs available",
|
||||
"sessionRecordings": "Session Recordings",
|
||||
"viewRecording": "View Recording",
|
||||
"downloadRecording": "Download Recording",
|
||||
"dangerousCommand": "Dangerous Command Detected",
|
||||
"commandBlocked": "Command Blocked",
|
||||
"terminateSession": "Terminate Session",
|
||||
"sessionTerminated": "Session terminated by host owner",
|
||||
"sharedAccessExpired": "Your shared access to this host has expired",
|
||||
"sharedAccessExpiresIn": "Shared access expires in {{hours}} hours",
|
||||
"roles": {
|
||||
"label": "Roles",
|
||||
"admin": "Administrator",
|
||||
"user": "User"
|
||||
},
|
||||
"createRole": "Create Role",
|
||||
"editRole": "Edit Role",
|
||||
"roleName": "Role Name",
|
||||
"displayName": "Display Name",
|
||||
"description": "Description",
|
||||
"assignRoles": "Assign Roles",
|
||||
"userRoleAssignment": "User-Role Assignment",
|
||||
"selectUserPlaceholder": "Select a user",
|
||||
"searchUsers": "Search users...",
|
||||
"noUserFound": "No user found",
|
||||
"currentRoles": "Current Roles",
|
||||
"noRolesAssigned": "No roles assigned",
|
||||
"assignNewRole": "Assign New Role",
|
||||
"selectRolePlaceholder": "Select a role",
|
||||
"searchRoles": "Search roles...",
|
||||
"noRoleFound": "No role found",
|
||||
"assign": "Assign",
|
||||
"roleCreatedSuccessfully": "Role created successfully",
|
||||
"roleUpdatedSuccessfully": "Role updated successfully",
|
||||
"roleDeletedSuccessfully": "Role deleted successfully",
|
||||
"failedToLoadRoles": "Failed to load roles",
|
||||
"failedToSaveRole": "Failed to save role",
|
||||
"failedToDeleteRole": "Failed to delete role",
|
||||
"roleDisplayNameRequired": "Role display name is required",
|
||||
"roleNameRequired": "Role name is required",
|
||||
"roleNameHint": "Use lowercase letters, numbers, underscores, and hyphens only",
|
||||
"displayNamePlaceholder": "Developer",
|
||||
"descriptionPlaceholder": "Software developers and engineers",
|
||||
"confirmDeleteRole": "Delete Role",
|
||||
"confirmDeleteRoleDescription": "Are you sure you want to delete the role '{{name}}'? This action cannot be undone.",
|
||||
"confirmRemoveRole": "Remove Role",
|
||||
"confirmRemoveRoleDescription": "Are you sure you want to remove this role from the user?",
|
||||
"editRoleDescription": "Update role information",
|
||||
"createRoleDescription": "Create a new custom role for grouping users",
|
||||
"assignRolesDescription": "Manage role assignments for users",
|
||||
"noRoles": "No roles found",
|
||||
"selectRole": "Select Role",
|
||||
"type": "Type",
|
||||
"user": "User",
|
||||
"role": "Role",
|
||||
"saveHostFirst": "Save Host First",
|
||||
"saveHostFirstDescription": "Please save the host before configuring sharing settings.",
|
||||
"shareWithUser": "Share with User",
|
||||
"shareWithRole": "Share with Role",
|
||||
"share": "Share",
|
||||
"target": "Target",
|
||||
"expires": "Expires",
|
||||
"never": "Never",
|
||||
"noAccessRecords": "No access records found",
|
||||
"sharedSuccessfully": "Shared successfully",
|
||||
"failedToShare": "Failed to share",
|
||||
"confirmRevokeAccessDescription": "Are you sure you want to revoke this access?",
|
||||
"hours": "hours",
|
||||
"sharing": "Sharing",
|
||||
"selectUserAndRole": "Please select both a user and a role",
|
||||
"view": "View Only",
|
||||
"viewDesc": "Can view and connect to the host in read-only mode",
|
||||
"use": "Use",
|
||||
"useDesc": "Can use the host normally but cannot modify host configuration",
|
||||
"manage": "Manage",
|
||||
"manageDesc": "Full control including modifying host configuration and sharing settings"
|
||||
},
|
||||
"commandPalette": {
|
||||
"searchPlaceholder": "Search for hosts or quick actions...",
|
||||
"recentActivity": "Recent Activity",
|
||||
@@ -1788,4 +1958,4 @@
|
||||
"close": "Close",
|
||||
"hostManager": "Host Manager"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user