github-starred/burp-ui
2
0
Fork 0
mirror of https://github.com/ziirish/burp-ui.git synced 2026-05-21 06:45:24 -06:00
Code Issues 1 Projects Packages Wiki Activity Actions

add: group deletion UI

Browse source
This commit is contained in:
ziirish 2018-04-04 18:44:35 +02:00
parent f6bdf45597
commit 0d4d7935f3
No known key found for this signature in database
GPG key ID: 72DB229A64B54E46
4 changed files with 128 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

12
burpui/api/admin.py
View file

@ -893,16 +893,16 @@ class AclGrants(Resource):
This resource is part of the :mod:`burpui.api.admin` module.
"""
parser_add = ns.parser()
parser_add.add_argument('grant', required=True, help='Grant name', location='values')
parser_add.add_argument('content', required=True, help='Grant content', location='values')
parser_add.add_argument('backend', required=True, help='Backend', location='values')
parser_add.add_argument('grant', required=True, help='Grant name')
parser_add.add_argument('content', required=True, help='Grant content')
parser_add.add_argument('backend', help='Backend')
parser_mod = ns.parser()
parser_mod.add_argument('content', required=True, help='Grant content', location='values')
parser_mod.add_argument('backend', required=True, help='Backend', location='values')
parser_mod.add_argument('content', required=True, help='Grant content')
parser_mod.add_argument('backend', help='Backend')
parser_del = ns.parser()
parser_del.add_argument('backend', required=True, help='Backend', location='values')
parser_del.add_argument('backend', help='Backend', location='values')
@api.acl_admin_or_moderator_required(message="Not allowed to view grants list")
@ns.marshal_list_with(grant_fields, code=200, description='Success')

43
burpui/templates/admin-authorizations.html
View file

@ -137,4 +137,47 @@
</div>
</div>
</div>
<div id="delete-group-modal" class="modal fade">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<div class="alert alert-warning">
<i class="fa fa-fw fa-2x fa-question-circle"></i>{{ _('You are about to delete a group, are you sure?') }}
</div>
<form class="form-horizontal" id="delete-group-form">
<fieldset id="delete-group-details">
</fieldset>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">{{ _('Cancel') }}</button>
<button type="button" class="btn btn-info" data-dismiss="modal" id="perform-group-delete">{{ _('Confirm') }}</button>
</div>
</div>
</div>
</div>
<div id="edit-group-modal" class="modal fade">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title">{{ _('Confirmation') }}</h4>
</div>
<div class="modal-body">
<form class="form-horizontal">
<fieldset id="edit-group-details">
</fieldset>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">{{ _('Cancel') }}</button>
<button type="button" class="btn btn-info" data-dismiss="modal" id="perform-group-edit">{{ _('Edit') }}</button>
</div>
</div>
</div>
</div>
{% endblock %}

74
burpui/templates/js/admin-authorizations.js
View file

@ -510,3 +510,77 @@ $( document ).on('change', '#edit_backend', function(e) {
$('#perform-edit').on('click', function(e) {
location = "{{ url_for('view.admin_grant_authorization', grant='') }}"+$('#edit_backend').data('id')+'?backend='+$('#edit_backend option:selected').text();
});
/* Delete group */
var _remove_group_selected = 0;
$( document ).on('click', '.btn-delete-group', function(e) {
var group_id = $(this).data('member');
var group = _groups[group_id];
var content = '<legend>{{ _("Please select the backend(s) from which to remove the group:") }}</legend>';
$.each(group['backends'], function(i, back) {
var disabled_legend = '{{ _("The backend does not support group removal") }}';
var disabled = 'disabled title="'+disabled_legend+'"';
var is_enabled = _auth_backends[back]['del_group'];
content += '<div class="checkbox"><label><input type="checkbox" name="group_backend" data-id="'+group_id+'" data-backend="'+back+'" '+(is_enabled?'':disabled)+'>'+back+(is_enabled?'':' <em>('+disabled_legend+')</em>')+'</label></div>';
});
/* disable submit button while we did not select a backend */
$('#perform-group-delete').prop('disabled', true);
$('#delete-group-details').html(content);
$('#delete-group-modal').modal('toggle');
});
$( document ).on('change', 'input[name=group_backend]', function(e) {
if ($(this).is(':checked')) {
_remove_group_selected++;
} else {
_remove_group_selected--;
}
if (_remove_group_selected > 0) {
$('#perform-group-delete').prop('disabled', false);
} else {
$('#perform-group-delete').prop('disabled', true);
}
});
$('#perform-group-delete').on('click', function(e) {
var _delete_promises = [];
$.each($('input[name=group_backend]'), function(i, elmt) {
var e = $(elmt);
if (e.is(':checked')) {
var d = $.ajax({
url: "{{ url_for('api.acl_groups', name='') }}"+$(e).data('id')+"?backend="+$(e).data('backend'),
type: 'DELETE',
headers: { 'X-From-UI': true },
}).done(function(data) {
notifAll(data);
}).fail(myFail);
_delete_promises.push(d);
}
});
$.when.apply( $, _delete_promises ).done(function() {
_authorization_groups();
});
});
/* Edit group */
$( document ).on('click', '.btn-edit-group', function(e) {
var group_id = $(this).data('member');
var group = _groups[group_id];
var content = '<legend>{{ _("Please select the backend from which to edit the user from:") }}</legend>';
content += '<div class="form-group"><label for="edit_group_backend" class="col-lg-2 control-label">Backend</label>';
content += '<div class="col-lg-10"><select class="form-control" id="edit_group_backend" name="edit_group_backend" data-id="'+group_id+'"><option disabled selected value="placeholder">'+'{{ _("Please select a backend") }}'+'</option>';
$.each(group['backends'], function(i, back) {
is_enabled = _auth_backends[back]['mod_group'];
content += '<option'+(is_enabled?'':' disabled')+'>'+back+'</option>';
});
content += '</select></div></div>';
$('#perform-group-edit').prop('disabled', true);
$('#edit-group-details').html(content);
$('#edit-group-modal').modal('toggle');
});
$( document ).on('change', '#edit_group_backend', function(e) {
if ($('#edit_group_backend option:selected').val() != 'placeholder') {
$('#perform-group-edit').prop('disabled', false);
}
});
$('#perform-group-edit').on('click', function(e) {
location = "{{ url_for('view.admin_group_authorization', group='') }}"+$('#edit_group_backend').data('id')+'?backend='+$('#edit_group_backend option:selected').text();
});

8
burpui/templates/js/admin/grant-authorization.js
View file

@ -469,10 +469,12 @@ app.controller('AdminCtrl', ['$scope', '$http', '$q', '$scrollspy', 'DTOptionsBu
var p = $http({
url: '{{ url_for("api.acl_grants", backend=backend, name=grant) }}',
method: 'POST',
params: {
content: $scope.grantValue,
data: {
content: JSON.stringify(JSON.parse($scope.grantValue)), // remove indentation
},
headers: {
'X-From-UI': true,
},
headers: { 'X-From-UI': true },
})
.catch(myFail)
.then(function(response) {