feat(settings): add admin mapping section EE-971

app/portainer/oauth/components/oauth-settings/oauth-settings-controller.js

@@ -1,5 +1,7 @@
 angular.module('portainer.oauth').controller('OAuthSettingsController', function OAuthSettingsController() {
   var ctrl = this;
+  this.addAdminClaimRegex = addAdminClaimRegex;
+  this.removeAdminClaimRegex = removeAdminClaimRegex;
 
   this.state = {
     provider: {},
@@ -7,6 +9,14 @@ angular.module('portainer.oauth').controller('OAuthSettingsController', function
 
   this.$onInit = $onInit;
 
+  function addAdminClaimRegex() {
+    ctrl.settings.AdminGroupClaimsRegexList.push('');
+  }
+
+  function removeAdminClaimRegex(index) {
+    ctrl.settings.AdminGroupClaimsRegexList.splice(index, 1);
+  }
+
   function $onInit() {
     if (ctrl.settings.RedirectURI === '') {
       ctrl.settings.RedirectURI = window.location.origin;
@@ -19,5 +29,7 @@ angular.module('portainer.oauth').controller('OAuthSettingsController', function
     if (ctrl.settings.DefaultTeamID === 0) {
       ctrl.settings.DefaultTeamID = null;
     }
+
+    ctrl.settings.AdminGroupClaimsRegexList = [];
   }
 });

app/portainer/oauth/components/oauth-settings/oauth-settings.html

@@ -82,6 +82,36 @@
     </span>
   </div>
 
+  <div class="form-group">
+    <label class="col-sm-12 control-label text-left">Admin mapping</label>
+  </div>
+  <div class="form-group">
+    <div class="col-sm-12">
+      <label for="admin-auto-populate" class="text-muted small" style="margin-bottom: 0.5em; vertical-align: top;">
+        Assign admin rights to group(s) <portainer-tooltip position="bottom" message="Complete OAuth configuration below"></portainer-tooltip
+      ></label>
+      <label class="switch" style="margin: 0 30px; vertical-align: top;">
+        <input id="admin-auto-populate" type="checkbox" ng-model="$ctrl.settings.AdminAutoPopulate" /><i></i>
+      </label>
+      <div style="display: inline-block;" ng-if="$ctrl.settings.AdminAutoPopulate">
+        <span class="label label-default interactive" style="margin-left: 1.4em;" ng-click="$ctrl.addAdminClaimRegex()">
+          <i class="fa fa-plus-circle" aria-hidden="true"></i> add admin mapping
+        </span>
+
+        <div class="form-inline" ng-repeat="mapping in $ctrl.settings.AdminGroupClaimsRegexList track by $index" style="margin-top: 0.75em;">
+          <div class="input-group input-group-sm">
+            <span class="input-group-addon">claim value regex</span>
+            <input style="min-width: 300px;" id="admin-claims_regex_{{ $index }}" type="text" class="form-control" ng-model="$ctrl.settings.AdminGroupClaimsRegexList[$index]" />
+          </div>
+          <button type="button" class="btn btn-sm btn-danger" ng-click="$ctrl.removeAdminClaimRegex($index)"> <i class="fa fa-trash" aria-hidden="true"> </i></button>
+          <div class="small text-warning" ng-show="!$ctrl.settings.AdminGroupClaimsRegexList[$index]" style="margin-top: 0.4em;">
+            <i class="fa fa-exclamation-triangle" aria-hidden="true"></i> Claim value regex is required.
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+
   <div class="col-sm-12 form-section-title">OAuth Configuration</div>
 
   <div class="form-group">

app/portainer/views/settings/authentication/settingsAuthentication.html

@@ -425,7 +425,13 @@
           </div>
           <div class="form-group">
             <div class="col-sm-12">
-              <button type="button" class="btn btn-primary btn-sm" ng-click="saveSettings()" ng-disabled="state.actionInProgress" button-spinner="state.actionInProgress">
+              <button
+                type="button"
+                class="btn btn-primary btn-sm"
+                ng-click="saveSettings()"
+                ng-disabled="state.actionInProgress || (settings.AuthenticationMethod === 3 && !isOAuthAdminMappingFormValid())"
+                button-spinner="state.actionInProgress"
+              >
                 <span ng-hide="state.actionInProgress">Save settings</span>
                 <span ng-show="state.actionInProgress">Saving...</span>
               </button>

app/portainer/views/settings/authentication/settingsAuthenticationController.js

@@ -123,6 +123,11 @@ angular.module('portainer.app').controller('SettingsAuthenticationController', [
 
     $scope.saveSettings = function () {
       var settings = angular.copy($scope.settings);
+
+      if (!settings.OAuthSettings.AdminAutoPopulate) {
+        delete settings.OAuthSettings.AdminGroupClaimsRegexList;
+      }
+
       var TLSCAFile = $scope.formValues.TLSCACert !== settings.LDAPSettings.TLSConfig.TLSCACert ? $scope.formValues.TLSCACert : null;
 
       if ($scope.formValues.LDAPSettings.AnonymousMode) {
@@ -151,6 +156,18 @@ angular.module('portainer.app').controller('SettingsAuthenticationController', [
         });
     };
 
+    $scope.isOAuthAdminMappingFormValid = function () {
+      if ($scope.settings && $scope.settings.OAuthSettings.AdminAutoPopulate && $scope.settings.OAuthSettings.AdminGroupClaimsRegexList) {
+        const hasInvalidMapping =
+          $scope.settings.OAuthSettings.AdminGroupClaimsRegexList.length === 0 || $scope.settings.OAuthSettings.AdminGroupClaimsRegexList.some((e) => e === '');
+        if (hasInvalidMapping) {
+          return false;
+        }
+      }
+
+      return true;
+    };
+
     // Add default port if :port is not defined in URL
     function addLDAPDefaultPort(settings, tlsEnabled) {
       if (settings.LDAPSettings.URL.indexOf(':') === -1) {