dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

Fix RBAC role system bugs and improve UX (#446)

Browse Source 
* Fix RBAC role system bugs and improve UX

- Fix user list dropdown selection in host sharing
- Fix role sharing permissions to include role-based access
- Fix translation template interpolation for success messages
- Standardize system roles to admin and user only
- Auto-assign user role to new registrations
- Remove blocking confirmation dialogs in modal contexts
- Add missing i18n keys for common actions
- Fix button type to prevent unintended form submissions

* Enhance RBAC system with UI improvements and security fixes

- Move role assignment to Users tab with per-user role management
- Protect system roles (admin/user) from editing and manual assignment
- Simplify permission system: remove Use level, keep View and Manage
- Hide Update button and Sharing tab for view-only/shared hosts
- Prevent users from sharing hosts with themselves
- Unify table and modal styling across admin panels
- Auto-assign system roles on user registration
- Add permission metadata to host interface

* Add empty state message for role assignment

- Display helpful message when no custom roles available
- Clarify that system roles are auto-assigned
- Add noCustomRolesToAssign translation in English and Chinese

* fix: Prevent credential sharing errors for shared hosts

- Skip credential resolution for shared hosts with credential authentication
  to prevent decryption errors (credentials are encrypted per-user)
- Add warning alert in sharing tab when host uses credential authentication
- Inform users that shared users cannot connect to credential-based hosts
- Add translations for credential sharing warning (EN/ZH)

This prevents authentication failures when sharing hosts configured
with credential authentication while maintaining security by keeping
credentials isolated per user.

* feat: Improve rbac UI and fixes some bugs

---------

Co-authored-by: Luke Gustafson <88517757+LukeGus@users.noreply.github.com>
Co-authored-by: LukeGus <bugattiguy527@gmail.com>
This commit was merged in pull request #446.
This commit is contained in:
ZacharyZcR
2025-12-20 10:13:36 +08:00
committed by GitHub
parent 1f168c6f97
commit 94651107c1
20 changed files with 4389 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
src/locales/zh/translation.json
View File

@@ -386,6 +386,10 @@
"retry": "重试",
"checking": "检查中...",
"checkingDatabase": "正在检查数据库连接...",
"actions": "操作",
"remove": "移除",
"revoke": "撤销",
"create": "创建",
"saving": "保存中...",
"version": "Version"
},
@@ -1764,6 +1768,172 @@
"ram": "内存",
"notAvailable": "不可用"
},
"rbac": {
"shareHost": "分享主机",
"shareHostTitle": "分享主机访问权限",
"shareHostDescription": "授予临时或永久访问此主机的权限",
"targetUser": "目标用户",
"selectUser": "选择要分享的用户",
"duration": "时长",
"durationHours": "时长(小时)",
"neverExpires": "永不过期",
"permissionLevel": "权限级别",
"permissionLevels": {
"readonly": "只读",
"readonlyDesc": "仅可查看,无法输入命令",
"restricted": "受限",
"restrictedDesc": "阻止危险命令passwd、rm -rf等",
"monitored": "监控",
"monitoredDesc": "记录所有命令但不阻止(推荐)",
"full": "完全访问",
"fullDesc": "无任何限制(不推荐)"
},
"blockedCommands": "阻止的命令",
"blockedCommandsPlaceholder": "输入要阻止的命令passwd, rm, dd",
"maxSessionDuration": "最大会话时长(分钟)",
"createTempUser": "创建临时用户",
"createTempUserDesc": "在服务器上创建受限用户而不是共享您的凭据。需要sudo权限。最安全的选项。",
"expiresAt": "过期时间",
"expiresIn": "{{hours}}小时后过期",
"expired": "已过期",
"grantedBy": "授予者",
"accessLevel": "访问级别",
"lastAccessed": "最后访问",
"accessCount": "访问次数",
"revokeAccess": "撤销访问",
"confirmRevokeAccess": "确定要撤销{{username}}的访问权限吗?",
"hostSharedSuccessfully": "已成功与{{username}}分享主机",
"hostAccessUpdated": "主机访问已更新",
"failedToShareHost": "分享主机失败",
"accessRevokedSuccessfully": "访问权限已成功撤销",
"failedToRevokeAccess": "撤销访问失败",
"shared": "共享",
"sharedHosts": "共享主机",
"sharedWithMe": "与我共享",
"noSharedHosts": "没有与您共享的主机",
"owner": "所有者",
"viewAccessList": "查看访问列表",
"accessList": "访问列表",
"noAccessGranted": "此主机尚未授予任何访问权限",
"noAccessGrantedMessage": "还没有用户被授予此主机的访问权限",
"manageAccessFor": "管理访问权限",
"totalAccessRecords": "{{count}} 条访问记录",
"neverAccessed": "从未访问",
"timesAccessed": "{{count}} 次",
"daysRemaining": "{{days}} 天",
"hoursRemaining": "{{hours}} 小时",
"expired": "已过期",
"failedToFetchAccessList": "获取访问列表失败",
"currentAccess": "当前访问",
"securityWarning": "安全警告",
"securityWarningMessage": "分享凭据会让用户完全访问服务器并执行任何操作,包括更改密码和删除文件。仅与受信任的用户共享。",
"tempUserRecommended": "我们建议启用'创建临时用户'以获得更好的安全性。",
"roleManagement": "角色管理",
"manageRoles": "管理角色",
"manageRolesFor": "管理 {{username}} 的角色",
"assignRole": "分配角色",
"removeRole": "移除角色",
"userRoles": "用户角色",
"permissions": "权限",
"systemRole": "系统角色",
"customRole": "自定义角色",
"roleAssignedSuccessfully": "已成功为{{username}}分配角色",
"failedToAssignRole": "分配角色失败",
"roleRemovedSuccessfully": "已成功从{{username}}移除角色",
"failedToRemoveRole": "移除角色失败",
"cannotRemoveSystemRole": "无法移除系统角色",
"cannotShareWithSelf": "不能与自己共享主机",
"noCustomRolesToAssign": "没有可用的自定义角色。系统角色已自动分配。",
"credentialSharingWarning": "不支持共享使用凭据认证的主机",
"credentialSharingWarningDescription": "此主机使用凭据认证。由于凭据是按用户加密的无法共享,共享用户将无法连接。请为计划共享的主机使用密码或密钥认证。",
"auditLogs": "审计日志",
"viewAuditLogs": "查看审计日志",
"action": "操作",
"resourceType": "资源类型",
"resourceName": "资源名称",
"timestamp": "时间戳",
"ipAddress": "IP地址",
"userAgent": "用户代理",
"success": "成功",
"failed": "失败",
"details": "详情",
"noAuditLogs": "无可用审计日志",
"sessionRecordings": "会话录制",
"viewRecording": "查看录制",
"downloadRecording": "下载录制",
"dangerousCommand": "检测到危险命令",
"commandBlocked": "命令已阻止",
"terminateSession": "终止会话",
"sessionTerminated": "会话已被主机所有者终止",
"sharedAccessExpired": "您对此主机的共享访问权限已过期",
"sharedAccessExpiresIn": "共享访问将在{{hours}}小时后过期",
"roles": {
"label": "角色",
"admin": "管理员",
"user": "用户"
},
"createRole": "创建角色",
"editRole": "编辑角色",
"roleName": "角色名称",
"displayName": "显示名称",
"description": "描述",
"assignRoles": "分配角色",
"userRoleAssignment": "用户角色分配",
"selectUserPlaceholder": "选择用户",
"searchUsers": "搜索用户...",
"noUserFound": "未找到用户",
"currentRoles": "当前角色",
"noRolesAssigned": "未分配角色",
"assignNewRole": "分配新角色",
"selectRolePlaceholder": "选择角色",
"searchRoles": "搜索角色...",
"noRoleFound": "未找到角色",
"assign": "分配",
"roleCreatedSuccessfully": "角色创建成功",
"roleUpdatedSuccessfully": "角色更新成功",
"roleDeletedSuccessfully": "角色删除成功",
"failedToLoadRoles": "加载角色失败",
"failedToSaveRole": "保存角色失败",
"failedToDeleteRole": "删除角色失败",
"roleDisplayNameRequired": "角色显示名称是必需的",
"roleNameRequired": "角色名称是必需的",
"roleNameHint": "仅使用小写字母、数字、下划线和连字符",
"displayNamePlaceholder": "开发者",
"descriptionPlaceholder": "软件开发人员和工程师",
"confirmDeleteRole": "删除角色",
"confirmDeleteRoleDescription": "确定要删除角色'{{name}}'吗?此操作无法撤销。",
"confirmRemoveRole": "移除角色",
"confirmRemoveRoleDescription": "确定要从用户中移除此角色吗?",
"editRoleDescription": "更新角色信息",
"createRoleDescription": "创建新的自定义角色以分组用户",
"assignRolesDescription": "管理用户的角色分配",
"noRoles": "未找到角色",
"selectRole": "选择角色",
"type": "类型",
"user": "用户",
"role": "角色",
"saveHostFirst": "请先保存主机",
"saveHostFirstDescription": "请先保存主机后再配置分享设置。",
"shareWithUser": "与用户分享",
"shareWithRole": "与角色分享",
"share": "分享",
"target": "目标",
"expires": "过期时间",
"never": "永不",
"noAccessRecords": "未找到访问记录",
"sharedSuccessfully": "分享成功",
"failedToShare": "分享失败",
"confirmRevokeAccessDescription": "确定要撤销此访问权限吗?",
"hours": "小时",
"sharing": "分享",
"selectUserAndRole": "请选择用户和角色",
"view": "仅查看",
"viewDesc": "可以查看和连接主机,但仅限只读模式",
"use": "使用",
"useDesc": "可以正常使用主机,但不能修改主机配置",
"manage": "管理",
"manageDesc": "完全控制,包括修改主机配置和分享设置"
},
"commandPalette": {
"searchPlaceholder": "搜索主机或快速操作...",
"recentActivity": "最近活动",
@@ -1787,4 +1957,4 @@
"close": "关闭",
"hostManager": "主机管理器"
}
}
}