/**@jsx React.DOM*/ // Generated by LiveScript 1.2.0 (function(){ var ref$, em, strong, table, div, th, tr, td, thead, tbody, section, h3, time, map, each, unique, isType, join, compact_fields, extended_fields, FieldsMixin, AuditTableHeader, Timestamp, wrapArray, AuditEntry, newEventSet, AuditTable, GlobalAudit, urlOfRole, urlOfResource, AuditBox, out$ = typeof exports != 'undefined' && exports || this, slice$ = [].slice; ref$ = React.DOM, em = ref$.em, strong = ref$.strong, table = ref$.table, div = ref$.div, th = ref$.th, tr = ref$.tr, td = ref$.td, thead = ref$.thead, tbody = ref$.tbody, section = ref$.section, h3 = ref$.h3, time = ref$.time; ref$ = require('prelude-ls'), map = ref$.map, each = ref$.each, unique = ref$.unique, isType = ref$.isType, join = ref$.join; compact_fields = ['auditview_user', 'auditview_action']; //extended_fields = ['timestamp', 'user', 'acting_as', 'action', 'entities', 'privilege','human']; extended_fields = ['timestamp','auditview_user','auditview_action']; known_rolsource_types = [ 'user','group','host','layer','policy']; // what if somebody explicitly will create the role of such type? FieldsMixin = { fields: function(){ if (this.props.compact) { return compact_fields; } else { return extended_fields; } } }; AuditTableHeader = React.createClass({ mixins: [FieldsMixin], displayName: 'AuditTableHeader', render: function(){ return thead({}, tr({}, map(function(it){ return th({ key: it }, it.replace('auditview_','').replace('_', ' ')); })( this.fields()))); } }); Timestamp = React.createClass({ displayName: 'Timestamp', render: function(){ var ts; ts = moment(this.props.time); /*.format('YYYY-MM-DD hh:mm:ss'); return
{ts}
; */ return time({ className: "timestamp", dateTime: ts.format(), title: ts.calendar() }, [ts.fromNow()]); } }); wrapArray = function(it){ if (isType('Array', it)) { return it; } else { return [it]; } }; out$.AuditEntry = AuditEntry = React.createClass({ mixins: [FieldsMixin], displayName: 'AuditEntry', // TODO: make message a separate React Class humanizeEvent: function(e) { // copy of SHORT_FORMATS logic from cli-ruby:lib/conjur/command/audit.rb var msg=""; var ResourceLink = conjur.views.ResourceLink; var RoleLink = conjur.views.RoleLink; if ((e.kind=='resource') && (e.action=='check')) { msg = [ ] if ( e.allowed ) { msg.push("performed "); msg.push(em({}, e.privilege)); msg.push(" on "); msg.push(ResourceLink({id: e.resource, noIcon: true})); } else { msg.push("was "); msg.push(strong({}, "denied permission")); msg.push(" to "); msg.push(em({}, e.privilege)); msg.push(" "); msg.push(ResourceLink({id: e.resource, noIcon: true})); } } else if ((e.kind=="resource") && (e.action=="create")) { msg = [ " created ", ResourceLink({id: e.resource, noIcon: true}), " owned by ", RoleLink({id: e.owner, noIcon: true}) ]; } else if ((e.kind=="resource") && (e.action=="update")) { // this is suspicious, but CLI audit does this msg = [ " gave ", ResourceLink({id: e.resource, noIcon: true}), " to ", RoleLink({id: e.owner, noIcon: true}) ]; } else if ((e.kind=="resource") && (e.action=="destroy")) { msg = [ " deleted ", ResourceLink({id: e.resource, noIcon: true}) ]; } else if ((e.kind=="resource") && (e.action=="permit")) { msg = [ " permitted ", RoleLink({id: e.grantee, noIcon: true}), " to ", em({}, e.privilege), " ", ResourceLink({id: e.resource, noIcon: true}) ] if ( e.grant_option ) msg.push(" with grant option"); } else if ((e.kind=="resource") && (e.action=="deny")) { msg = [ " denied ", em({}, e.privilege), " from ", RoleLink({id: e.grantee, noIcon: true}), " on ", ResourceLink({id: e.resource, noIcon: true}) ]; } else if ((e.kind=="resource") && (e.action=="permitted_roles")) { msg = [ " listed roles permitted to ", em({}, e.privilege), " on ", ResourceLink({id: e.resource, noIcon: true}) ]; } else if ((e.kind=="role") && (e.action=="check")) { msg = [ ] if ( e.allowed ) { msg.push(RoleLink({id: e.role, noIcon: true})) msg.push(" performed "); msg.push(em({}, e.privilege)); msg.push(" on "); msg.push(ResourceLink({id: e.resource, noIcon: true})); } else { msg.push(RoleLink({id: e.role, noIcon: true})) msg.push(" was "); msg.push(strong({}, "denied permission")); msg.push(" to "); msg.push(em({}, e.privilege)); msg.push(" on "); msg.push(ResourceLink({id: e.resource, noIcon: true})); } } else if ((e.kind=="role") && (e.action=="grant")) { /* what was the point of commenting this out? */ msg = [ " granted role ", RoleLink({id: e.role, noIcon: true}), " to ", RoleLink({id: e.member, noIcon: true}) ]; if (e.admin_option) { msg.push(" with admin permission"); } else { msg.push(" without admin permission"); } } else if ((e.kind=="role") && (e.action=="revoke")) { msg = [ " revoked role ", RoleLink({id: e.role, noIcon: true}), " from ", RoleLink({id: e.member, noIcon: true}) ]; } else if ((e.kind=="role") && (e.action=="create")) { msg = [ " created role ", RoleLink({id: e.role, noIcon: true}) ]; } else if ((e.kind=="annotation") && (e.action=="update")) { msg = [ " updated annotation on ", ResourceLink({id: e.resource, noIcon: true}) ]; } else if (e.kind=="audit") { var action_part = _.compact([e.facility, e.action]).join(":"); var parts = [action_part]; if (e.role!=null) { parts.push(" by "); parts.push(RoleLink({id: e.role, noIcon: true})); } if (e.resource_id!=null) { parts.push(" on"); parts.push(ResourceLink({id: e.resource_id, noIcon: true})); } if (e.allowed!=null) { parts.push(" (allowed: "+e.allowed+")"); } var statement = parts.join(" "); msg = [" reported ", parts ]; if (e.audit_message!=null) { msg.push("; message: "); msg.push(e.audit_message); } } else { msg+=" unknown event: "+e.kind+":"+e.action+"!"; } if (e.error!=null) { msg+=" (failed with "+e.error+")"; } return msg; }, transformField: function(key, value){ var ResourceLink = conjur.views.ResourceLink; var RoleLink = conjur.views.RoleLink; var that; switch (key) { case 'entities': return [ (that = this.props.resource) != null ? ResourceLink({ data: that }) : void 8, (that = this.props.role) != null ? RoleLink({ id: that }) : void 8 ]; case 'user': if (value != null) { return RoleLink({ id: value }); } break; case 'acting_as': that = this.props.user; if ((value != null) && ( value != that )) { return RoleLink({ id: value }); } break; case 'auditview_user': //virtual field var acting_user =this.props.user; var acting_role = this.props.acting_as; msg = [ RoleLink({id: acting_user}) ]; if ((acting_role!=null) && (acting_role != acting_user)) { msg.push([" as ", RoleLink({id: acting_role})]); } return msg; case 'timestamp': if (value != null) { return Timestamp({ time: value }); } break; case 'auditview_action': return this.humanizeEvent(this.props); default: return value; } }, render: function(){ var this$ = this; return tr({ className: this.props.action }, map(function(it){ return td.apply(null, [{ key: it }].concat(slice$.call(wrapArray(this$.transformField(it, this$.props[it]))))); })( this.fields())); } }); newEventSet = function(){ var evts; evts = new SortedSet({ comparator: function(a, b){ return a && b && b.id - a.id; } }); evts.containsLike = function(item){ var existing; existing = this.findIterator(item).value(); if (existing != null) { return this.priv.comparator(existing, item) === 0; } }; return evts; }; out$.AuditTable = AuditTable = React.createClass({ displayName: 'AuditTable', getInitialState: function(){ return { events: newEventSet() }; }, knownRolsourceTypes: function() { return ; }, render: function(){ var compact; compact = this.props.compact; return section({ className: 'audit' }, [ h3({}, this.props.caption), table({ className: 'audit-table' }, [ AuditTableHeader({ key: 'thead', compact: compact }), tbody({ key: 'tbody' }, this.state.events.filter(function(ev){ // remove internal resources creation if ((ev.role!=null) && (ev.role.split(':')[1] == '@')) { return false; } if ((ev.resource!=null) && (ev.resource.split(':')[1] == '@')) { return false; } if ((ev.resource!=null) && (ev.resource.split(':')[1] == 'secret')) { return false; } if ((ev.grantee!=null) && (ev.grantee.split(':')[1] == '@')) { return false; } // hide automated creation of roles corresponding to resources of known type if ((ev.kind=="role") && (ev.action=="create")) { var rolekind = ev.role.split(':')[1]; if (_.contains(known_rolsource_types, rolekind)) { return false; } } return true; }).map(function(it){ // new way to clone objects, custom clone$ does not work no more as expected var ref$ = React.addons.update(it, {$merge: {key: it.id, compact: compact} }); return new AuditEntry(ref$); })) ]) ]); }, componentDidMount: function(){ return each(this.addSource)( wrapArray( this.props.src)); }, componentWillUnmount: function(){ return each(function(it){ console.log("closing event source ", it); return it.close(); })( this.sources); }, addEvent: function(arg$){ var data, event; data = arg$.data; event = JSON.parse(data); if (event.action === "check" && event.privilege === "read" && event.allowed) { return true; } else { if (!this.state.events.containsLike(event)) { this.state.events.insert(event); return this.forceUpdate(); } } }, addSource: function(url){ var evtSrc; console.log("opening eventsource to " + url); evtSrc = new EventSource(url); console.log(evtSrc); evtSrc.onmessage = this.addEvent; evtSrc.onerror = function(a, b, c, d){ return console.log(a, b, c, d); }; return (this.sources || (this.sources = [])).push(evtSrc); } }); out$.GlobalAudit = GlobalAudit = React.createClass({ displayName: 'GlobalAudit', render: function(){ return AuditTable({ src: '/api/audit/all', caption: 'All recent audit events' }); } }); urlOfRole = function(role){ return "/api/audit/roles/" + encodeURIComponent(role); }; urlOfResource = function(resource){ return "/api/audit/resources/" + encodeURIComponent(resource); }; out$.AuditBox = AuditBox = React.createClass({ displayName: 'AuditBox', render: function(){ var roles, resources, roleSrcs, resSrcs, things; roles = this.props.roles || []; resources = this.props.resources || []; roleSrcs = map(urlOfRole)( roles); resSrcs = map(urlOfResource)( resources); things = join(', ')( unique( roles.concat(resources))); var options= { src: roleSrcs.concat(resSrcs) }; if (this.props.tabview==null) { options=_.extend(options, {caption: "Recent Activity"}); } return AuditTable(options); } }); /* it does not work as expected with new react any more (prototype fields are squashed within react) function clone$(it){ function fun(){} fun.prototype = it; return new fun; } */ }).call(this);