Identities Picker
Overview
This picker enables users to select groups and users that are registered in Witboost. The two kinds of entity are grouped in sub-sections in order to give users the possibility to select directly the groups or the users they want without searching them.
Configuration
It enables users to specify a maximum number of selectable identities, beyond which it disables the remaining options. The property to be set is maxIdentities and if it is not provided, the user can select how much options it wants.
It enables users to specify if they want to display in the drop-down list both users and groups, only users, only groups. The property to be set is allowedKinds and if it is not provided, the default behaviour is displaying both users and groups in the drop-down list.
allowedKinds can assume two possible values: "user" and "group". If something else is provided, an error will be thrown.
It enables users to specify if they want to display in the drop-down list just the users and groups the logged user is member of. The property to be set is showOnlyUserMemberGroups. If it is not provided, the default value is false, i.e. all the users and groups registered in Witboost are displayed.
** Example **
parameters:
properties:
# ... other fields of your template
identities:
title: Identities
type: array
description: A list of users and groups
ui:field: IdentitiesPicker
ui:options:
maxIdentities: 5
allowedKinds:
- Group
- User
showOnlyUserMemberGroups: true
excludeGroups:
# Accepts group names or entity refs like group:name or group:ns/name
- group:bigdata
- group:default/bigdata
** Users and groups visibility **
The users and groups that are displayed in the in the drop-down list are directly taken from the identities of Witboost. If the showOnlyUserMemberGroups params is true, the way in which these are displayed depends on the logged user visibility.
groupA
|__ userA
|__ groupB
|__ userB
Let's suppose that a user "userA" belongs to a group "groupA", and, the "groupA" has a sub-group called "groupB" and a user called "userB". If a "userA" is going to use the Identities Picker, it should display in the drop-down list also the "groupB" and the "userB".
So, the users and groups that the drop-down list will render are from top to bottom in the hierarchy starting from the level represented by the logged user.
Excluding groups
You can exclude specific groups from the picker using ui:options.excludeGroups.
- Accepted formats:
group:nameorgroup:namespace/name - Matching is done by group name (namespace is ignored for the match)
- When
showOnlyUserMemberGroups: true, users that are members of excluded groups are not included in the user list unless they are also members of another included group
Example:
parameters:
properties:
identities:
title: Identities
type: array
ui:field: IdentitiesPicker
ui:options:
allowedKinds:
- Group
- User
excludeGroups:
- group:security
- group:default/platform-admins
Service Accounts
Service Accounts are a special kind of users and by default they will show up along regular users in the list. You can configure the behaviour related to Service Accounts with two special properties:
-
When
ui:options.showOnlyServiceAccounts: true, only Service Accounts will be displayed in the user list -
When
ui:options.excludeServiceAccounts: true, Service Accounts will be omitted by the user list
It is not possible to set both properties at the same time.
Output
The output produced by this picker is a list of strings representing the users and groups identifiers.