pluggable rule editing

Author: phrocker

.azure.env

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.56
+SENTRIUS_VERSION=1.1.63
 SENTRIUS_SSH_VERSION=1.1.11
 SENTRIUS_KEYCLOAK_VERSION=1.1.14
 SENTRIUS_AGENT_VERSION=1.1.23

api/src/main/java/io/sentrius/sso/controllers/api/RuleApiController.java

@@ -137,7 +137,30 @@ public ResponseEntity<String> saveRuleConfig(HttpServletRequest request, HttpSer
         if (null == ruleName || null == ruleClass) {
             return ResponseEntity.badRequest().body("Invalid rule name or class");
         }
-        var rule = ProfileRule.builder().ruleClass(ruleClass).ruleName(ruleName).build();
+
+        // Check if we're editing an existing rule
+        ProfileRule rule;
+        String ruleIdStr = payload.get("ruleId");
+        if (ruleIdStr != null && !ruleIdStr.isEmpty()) {
+            // Editing existing rule
+            try {
+                Long ruleId = Long.parseLong(ruleIdStr);
+                rule = ruleService.getRuleById(ruleId);
+                if (rule == null) {
+                    return ResponseEntity.badRequest().body("Rule not found");
+                }
+                // Update the rule properties
+                rule.setRuleClass(ruleClass);
+                rule.setRuleName(ruleName);
+            } catch (NumberFormatException e) {
+                log.error("Invalid rule ID format: {}", ruleIdStr, e);
+                return ResponseEntity.badRequest().body("Invalid rule ID format");
+            }
+        } else {
+            // Creating new rule
+            rule = ProfileRule.builder().ruleClass(ruleClass).ruleName(ruleName).build();
+        }
+
         StringBuilder ruleConfig = new StringBuilder();
         var globalDescription = payload.get("description_global");
         var globalAction = payload.get("action_global");

api/src/main/java/io/sentrius/sso/controllers/view/ZeroTrustRuleController.java

@@ -9,6 +9,7 @@
 import io.sentrius.sso.core.controllers.BaseController;
 import io.sentrius.sso.core.dto.ProfileRuleDTO;
 import io.sentrius.sso.core.dto.TopBarLinks;
+import io.sentrius.sso.core.model.hostgroup.ProfileRule;
 import io.sentrius.sso.core.model.users.User;
 import io.sentrius.sso.core.services.ErrorOutputService;
 import io.sentrius.sso.core.services.RuleService;
@@ -101,9 +102,25 @@ public String customRuleChat() {
     }
 
     @GetMapping("/config/pluggable_rule")
-    public String configurePluggableRule(@RequestParam("ruleName") String ruleName, Model model) {
+    public String configurePluggableRule(@RequestParam("ruleName") String ruleName,
+                                         @RequestParam(value = "ruleId", required = false) Long ruleId,
+                                         Model model) {
         model.addAttribute("ruleName", ruleName);
         model.addAttribute("ruleClass", PluggableRuleEvaluator.class.getCanonicalName());
+        // If ruleId is provided, fetch the rule and pass its configuration to the template
+        if (ruleId != null) {
+            try {
+                ProfileRule rule = ruleService.getRuleById(ruleId);
+                if (rule != null) {
+                    model.addAttribute("ruleId", ruleId);
+                    model.addAttribute("ruleConfig", rule.getRuleConfig());
+                } else {
+                    log.warn("Rule not found with ID: {}", ruleId);
+                }
+            } catch (Exception e) {
+                log.error("Error fetching rule with ID: {}", ruleId, e);
+            }
+        }
         return "sso/rules/pluggable_rule";
     }
 

api/src/main/resources/static/js/rules.js

@@ -62,9 +62,10 @@ function assignRule(ruleId) {
  * 
  * @param {string} ruleClass - The rule class name
  * @param {string} ruleName - The rule name
+ * @param {number} ruleId - The rule ID (optional, used for editing)
  * @returns {string|null} The configuration URL with rule name parameter, or null if unsupported
  */
-function getRuleConfigurationUrl(ruleClass, ruleName) {
+function getRuleConfigurationUrl(ruleClass, ruleName, ruleId) {
     // Map rule classes to their configuration pages
     const ruleClassToUrl = {
         'CommandEvaluator': '/sso/v1/zerotrust/rules/config/forbidden_commands_rule',
@@ -76,7 +77,11 @@ function getRuleConfigurationUrl(ruleClass, ruleName) {
     const matchingKey = Object.keys(ruleClassToUrl).find(key => ruleClass.includes(key));
 
     if (matchingKey) {
-        return ruleClassToUrl[matchingKey] + "?ruleName=" + encodeURIComponent(ruleName);
+        let url = ruleClassToUrl[matchingKey] + "?ruleName=" + encodeURIComponent(ruleName);
+        if (ruleId) {
+            url += "&ruleId=" + encodeURIComponent(ruleId);
+        }
+        return url;
     }
 
     return null;
@@ -95,8 +100,8 @@ function editRule(ruleId) {
     // Fetch rule details to determine the rule class
     fetchRule(ruleId).then((rule) => {
         console.log("Fetched rule for editing:", rule);
-        
-        const url = getRuleConfigurationUrl(rule.ruleClass, rule.ruleName);
+
+        const url = getRuleConfigurationUrl(rule.ruleClass, rule.ruleName, rule.id);
 
         if (url) {
             // Redirect to the configuration page

api/src/main/resources/templates/sso/rules/pluggable_rule.html

@@ -232,6 +232,26 @@ <h2 class="accordion-header" id="headingFour">
             }
             const csrf = csrfElement.value;
 
+            // Parse and populate existing rule configuration if editing
+            const ruleConfig = /*[[${ruleConfig}]]*/ null;
+            if (ruleConfig) {
+                // Parse the ruleConfig format: expression:action:description[:sanitized]
+                // Split with a limit to handle colons within field values
+                const parts = ruleConfig.split(':', 4);
+                if (parts.length >= 3) {
+                    const expression = parts[0];
+                    const action = parts[1];
+                    const description = parts[2];
+                    const sanitized = parts.length >= 4 ? parts[3] : 'true';
+
+                    // Populate form fields
+                    document.getElementById('expression').value = expression;
+                    document.getElementById('action').value = action;
+                    document.getElementById('description').value = description;
+                    document.getElementById('sanitized').value = sanitized;
+                }
+            }
+
             // Use the button click event listener
             const submitBtn = document.querySelector('.submit_btn');
             if (submitBtn) {