dashboard-shell-shell 3.0.5-tsh.8 → 3.0.5-tsh.9

package/assets/translations/en-us.yaml

@@ -7648,6 +7648,10 @@ typeDescription:
   management.cattle.io.setting: 统一配置平台基础选项与全局设置，支持CA证书、密码规则、域名、Token时效等核心配置。
   management.cattle.io.user: 用于管理用户账号，支持创建、维护用户信息，可设置用户权限、管理密码等，保障系统资源仅由授权用户访问，提升系统安全性。
   harvesterhci.io.management.cluster: 提供虚拟化集群的实时健康状态监控、版本号管理及资源负载管理，支持批量导入/删除集群、配置调优与权限分级功能，实现高效运维管控。
+  harvesterhci.io.logging.clusterflow: 集群流用于展示集群内的事件与操作日志，帮助您实时监控集群状态、追踪资源变更，提升问题排查与运维效率。
+  harvesterhci.io.logging.clusteroutput: 集群输出用于集中展示集群运行过程中的日志与输出信息，帮助您分析系统行为、定位问题并优化集群性能。
+  harvesterhci.io.logging.flow: 流用于实时展示系统内各类事件与操作记录，帮助您监控资源变化、追踪操作过程，提升系统可观测性与运维效率。
+  harvesterhci.io.logging.output: 输出用于查看系统或服务运行产生的日志与结果信息，帮助您及时了解运行状态并进行故障排查。
 typeLabel:
   management.cattle.io.oidcclient: |-
     {count, plural,

package/assets/translations/zh-hans.yaml

@@ -3264,6 +3264,18 @@ members:
     viewClusterCatalogs: 查看集群应用商店
     viewClusterMembers: 查看集群成员
     viewNodes: 查看节点
+    safe-admin:
+      label: 安全管理员
+      description: 负责用户、角色及基础配置管理，保障系统权限与安全策略的合规性。
+    project-tenant:
+      label: 租户
+      description: 租户可管理资源组及其中的虚机、网络等资源。
+    cluster-tenant:
+      label: 租户
+      description: 租户可管理资源组及其中的虚机、网络等资源。
+    tenant:
+      label: 租户
+      description: 租户可管理资源组及其中的虚机、网络等资源。
     owner:
       label: 所有者
       description: 所有者对集群和集群内的所有资源拥有完全的控制权。
@@ -4502,6 +4514,12 @@ projectMembers:
     description: 控制用户对项目的访问权限
     noDescription: 已创建用户 - 没有描述
     searchForMember: 搜索需要向其提供项目访问权限的成员
+    safe-admin:
+      label: 安全管理员
+      description: 负责用户、角色及基础配置管理，保障系统权限与安全策略的合规性。
+    tenant:
+      label: 租户
+      description: 租户可管理资源组及其中的虚机、网络等资源。
     owner:
       label: 所有者
       description: 所有者对项目和项目内的所有资源拥有完全的控制权限。
@@ -4765,6 +4783,9 @@ rbac:
         description: 无描述
     assignOnlyRole: 已分配该角色
     role:
+      cluster-tenant:
+        label: 租户
+        description: 租户可管理资源组及其中的虚机、网络等资源。
       admin:
         label: 管理员
         description: 管理员可以完全控制整个安装以及所有集群中的所有资源。
@@ -4774,6 +4795,12 @@ rbac:
       user-base:
         label: User-Base 用户
         description: User-Base 用户只拥有登录权限。
+      tenant:
+        label: 租户
+        description: 租户可管理资源组及其中的虚机、网络等资源。
+      safe-admin:
+        label: 安全管理员
+        description: 负责用户、角色及基础配置管理，保障系统权限与安全策略的合规性。
       clusters-create:
         label: 创建集群
         description: 允许用户创建集群，并成为该集群的所有者（owner）。普通用户默认拥有此权限。
@@ -6544,6 +6571,7 @@ model:
       label: Service Account 用户名
   projectMember:
     role:
+      tenant: 租户
       member: 成员
       owner: 所有者
       readonly: 只读用户
@@ -6639,6 +6667,10 @@ typeDescription:
   batch.cronjob: CronJob 创建 Job，然后按照重复调度来运行 Pod。该调度以标准的 Unix cron 格式表示，并使用 Kubernetes Control Plane 的时区（通常是 UTC）。
   batch.job: Job 创建一个或多个 Pod。 Job 通过运行 Pod 直到其成功退出，以可靠执行一次性任务。失败的 Pod 会自动被替换，直到达到指定的完成运行次数。Job 还可以并行运行多个 Pod，或作为批处理工作队列。
   pod: Pod 是你可以在 Kubernetes 中创建和管理的最小可部署计算单元。Pod 是一个或多个容器，具有共享的存储和网络资源以及运行容器的规范。
+  harvesterhci.io.logging.clusterflow: 集群流用于展示集群内的事件与操作日志，帮助您实时监控集群状态、追踪资源变更，提升问题排查与运维效率。
+  harvesterhci.io.logging.clusteroutput: 集群输出用于集中展示集群运行过程中的日志与输出信息，帮助您分析系统行为、定位问题并优化集群性能。
+  harvesterhci.io.logging.flow: 流用于实时展示系统内各类事件与操作记录，帮助您监控资源变化、追踪操作过程，提升系统可观测性与运维效率。
+  harvesterhci.io.logging.output: 输出用于查看系统或服务运行产生的日志与结果信息，帮助您及时了解运行状态并进行故障排查。
 typeLabel:
   management.cattle.io.project: |-
     {count, plural,
@@ -8087,3 +8119,13 @@ component:
         keyValue:
           noRows: 此资源上没有配置｛propertyName}.
           showConfiguration: 显示配置
+
+
+
+customConversion:
+  Tenant: 租户
+  Cluster Owner: 所有者
+  Project Owner: 项目负责人
+
+
+

package/components/GlobalRoleBindings.vue

@@ -103,21 +103,36 @@ export default {
         this.sortedRoles.global.push(...remainingGlobalRoles);
         // End sort of global roles
 
-        delete this.sortedRoles.builtin
-        delete this.sortedRoles.custom
+        if (!(sessionStorage.getItem('TOPLEVELPERMISSIONS') && sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin')) {
+          delete this.sortedRoles.builtin
+          delete this.sortedRoles.custom
+        }
 
         this.update();
       }
     } catch (e) { }
   },
   data() {
-    return {
-      // This not only identifies global roles but the order here is the order we want to display them in the UI
-      globalPermissions: [
+
+    let globalPermissions = [
+        'admin',
+        'safe-admin',
+        'tenant',
+      ]
+
+    if (sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+      globalPermissions = [
         'admin',
+        'safe-admin',
         'user',
         'user-base',
-      ],
+        'tenant',
+      ]
+    }
+
+    return {
+      // This not only identifies global roles but the order here is the order we want to display them in the UI
+      globalPermissions,
       globalRoleBindings:    null,
       sortedRoles:           null,
       selectedRoles:         [],

package/components/form/Members/ClusterPermissionsEditor.vue

@@ -143,30 +143,46 @@ export default {
       return [this.permissionGroup];
     },
     options() {
+
       const customRoles = this.customRoles.map((role) => ({
         label:       role.nameDisplay,
         description: role.description || role.metadata?.annotations?.[DESCRIPTION] || this.t('members.clusterPermissions.noDescription'),
         value:       role.id
       }));
 
-      return [
-        {
-          label:       this.t('members.clusterPermissions.owner.label'),
-          description: this.t('members.clusterPermissions.owner.description'),
-          value:       'owner'
-        },
-        {
-          label:       this.t('members.clusterPermissions.member.label'),
-          description: this.t('members.clusterPermissions.member.description'),
-          value:       'member'
-        },
-        ...customRoles,
-        // {
-        //   label:       this.t('members.clusterPermissions.custom.label'),
-        //   description: this.t('members.clusterPermissions.custom.description'),
-        //   value:       'custom'
-        // }
-      ];
+      let optionList =  [{
+        label:       this.t('members.clusterPermissions.cluster-tenant.label'),
+        description: this.t('members.clusterPermissions.cluster-tenant.description'),
+        value:       'cluster-tenant'
+      }];
+
+      if (sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+        optionList = [
+          {
+            label:       this.t('members.clusterPermissions.cluster-tenant.label'),
+            description: this.t('members.clusterPermissions.cluster-tenant.description'),
+            value:       'cluster-tenant'
+          },
+          {
+            label:       this.t('members.clusterPermissions.owner.label'),
+            description: this.t('members.clusterPermissions.owner.description'),
+            value:       'owner'
+          },
+          {
+            label:       this.t('members.clusterPermissions.member.label'),
+            description: this.t('members.clusterPermissions.member.description'),
+            value:       'member'
+          },
+          ...customRoles,
+          {
+            label:       this.t('members.clusterPermissions.custom.label'),
+            description: this.t('members.clusterPermissions.custom.description'),
+            value:       'custom'
+          }
+        ];
+      }
+
+      return optionList
     },
     principal() {
       const principalId = this.principalId.replace(/\//g, '%2F');

package/components/form/Members/MembershipEditor.vue

@@ -191,7 +191,7 @@ export default {
           :data-testid="`role-item-${i}`"
           class="col span-6 role"
         >
-          {{ row.value.roleDisplay }}
+          {{ $store.getters['i18n/withFallback'](`customConversion.${row.value.roleDisplay}`, row.value.roleDisplay) }}
         </div>
       </div>
     </template>

package/components/form/NameNsDescription.vue

@@ -514,9 +514,8 @@ export default {
     </div>
 
     <!-- 自定义插槽，可插入额外内容 -->
-     <div :class=" isDialog? 'namespace-item-row mb-20': 'col span-6'">
-       <slot name="customize" />
-     </div>
+    <slot name="customize" />
+
     <!-- <div
       v-show="!descriptionHidden"
       :data-testid="componentTestid + '-description'"

package/components/form/ProjectMemberEditor.vue

@@ -166,29 +166,44 @@ export default {
         value:       this.purifyOption(role.id),
       }));
 
-      return [
-        {
-          label:       this.t('projectMembers.projectPermissions.owner.label'),
-          description: this.t('projectMembers.projectPermissions.owner.description'),
-          value:       'owner'
-        },
-        {
-          label:       this.t('projectMembers.projectPermissions.member.label'),
-          description: this.t('projectMembers.projectPermissions.member.description'),
-          value:       'member'
-        },
-        {
-          label:       this.t('projectMembers.projectPermissions.readOnly.label'),
-          description: this.t('projectMembers.projectPermissions.readOnly.description'),
-          value:       'read-only'
-        },
-        ...customRoles,
-        {
-          label:       this.t('projectMembers.projectPermissions.custom.label'),
-          description: this.t('projectMembers.projectPermissions.custom.description'),
-          value:       'custom'
-        }
-      ];
+      let optionList =  [{
+        label:       this.t('members.clusterPermissions.project-tenant.label'),
+        description: this.t('members.clusterPermissions.project-tenant.description'),
+        value:       'project-tenant'
+      }];
+
+      if (sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+        optionList = [
+          {
+            label:       this.t('members.clusterPermissions.project-tenant.label'),
+            description: this.t('members.clusterPermissions.project-tenant.description'),
+            value:       'project-tenant'
+          },
+          {
+            label:       this.t('projectMembers.projectPermissions.owner.label'),
+            description: this.t('projectMembers.projectPermissions.owner.description'),
+            value:       'owner'
+          },
+          {
+            label:       this.t('projectMembers.projectPermissions.member.label'),
+            description: this.t('projectMembers.projectPermissions.member.description'),
+            value:       'member'
+          },
+          {
+            label:       this.t('projectMembers.projectPermissions.readOnly.label'),
+            description: this.t('projectMembers.projectPermissions.readOnly.description'),
+            value:       'read-only'
+          },
+          ...customRoles,
+          {
+            label:       this.t('projectMembers.projectPermissions.custom.label'),
+            description: this.t('projectMembers.projectPermissions.custom.description'),
+            value:       'custom'
+          }
+        ];
+      }
+
+      return optionList
     },
     customPermissionsUpdate() {
       return this.customPermissions.reduce((acc, customPermissionsItem) => {

package/config/product/uiplugins.js

@@ -5,14 +5,17 @@ export const NAME = 'uiplugins';
 export function init(store) {
   const { product } = DSL(store, NAME);
 
-  // Add a product for UI Plugins - will appear in the top-level menu
-  product({
-    ifHave:              IF_HAVE.ADMIN, // Only admins can see the UI Plugin Custom Resource by default
-    inStore:             'management',
-    icon:                'extension',
-    removable:           false,
-    showClusterSwitcher: false,
-    category:            'configuration',
-    weight:              50,
-  });
+  if (sessionStorage.getItem('TOPLEVELPERMISSIONS') && sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+    // Add a product for UI Plugins - will appear in the top-level menu
+    product({
+      ifHave:              IF_HAVE.ADMIN, // Only admins can see the UI Plugin Custom Resource by default
+      inStore:             'management',
+      icon:                'extension',
+      removable:           false,
+      showClusterSwitcher: false,
+      category:            'configuration',
+      weight:              50,
+    });
+  }
+
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dashboard-shell-shell",
-  "version": "3.0.5-tsh.8",
+  "version": "3.0.5-tsh.9",
   "description": "Rancher Dashboard Shell",
   "repository": "https://github.com/rancherlabs/dashboard",
   "license": "Apache-2.0",

package/pages/auth/login.vue

@@ -311,7 +311,7 @@ export default {
           this.$store.dispatch('auth/setInitialPass', this.password);
           this.$router.push({ name: 'auth-setup' });
         } else {
-          this.$router.push({ name: 'home' });
+          this.$router.push({ name: 'index' });
         }
       } catch (err) {
         // 登录失败处理

package/pages/c/_cluster/auth/roles/index.vue

@@ -7,6 +7,7 @@ import Loading from '@shell/components/Loading';
 import { SUBTYPE_MAPPING, CREATE_VERBS } from '@shell/models/management.cattle.io.roletemplate';
 import { NAME } from '@shell/config/product/auth';
 import { BLANK_CLUSTER } from '@shell/store/store-types.js';
+import { globalRoleFilteringfn, clusterRoleFilteringfn, projectRoleFilteringfn } from '@shell/utils/roleFiltering'
 
 const GLOBAL = SUBTYPE_MAPPING.GLOBAL.key;
 const CLUSTER = SUBTYPE_MAPPING.CLUSTER.key;
@@ -99,15 +100,38 @@ export default {
 
   computed: {
     globalResources() {
-      return this.globalRoles;
+
+      let rolesList = globalRoleFilteringfn(this.globalRoles)
+      
+      if (sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+        rolesList = this.globalRoles
+      }
+
+      return rolesList
     },
 
     clusterResources() {
-      return this.roleTemplates.filter((r) => r.context === SUBTYPE_MAPPING.CLUSTER.context);
+      const roleList = this.roleTemplates.filter((r) => r.context === SUBTYPE_MAPPING.CLUSTER.context);
+      
+      let rolesList = clusterRoleFilteringfn(roleList)
+      
+      if (sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+        rolesList = roleList
+      }
+
+      return rolesList
     },
 
     namespaceResources() {
-      return this.roleTemplates.filter((r) => r.context === SUBTYPE_MAPPING.NAMESPACE.context);
+      const roleList = this.roleTemplates.filter((r) => r.context === SUBTYPE_MAPPING.NAMESPACE.context);
+            
+      let rolesList = projectRoleFilteringfn(roleList)
+      
+      if (sessionStorage.getItem('TOPLEVELPERMISSIONS') === 'superadmin') {
+        rolesList = roleList
+      }
+
+      return rolesList
     },
 
     type() {

package/types/shell/index.d.ts

@@ -4354,6 +4354,14 @@ export function deferred(name: any): {
 export function setPromiseResult(promise: any, obj: any, key: any, label: any): void;
 }
 
+// @shell/utils/roleFiltering
+
+declare module '@shell/utils/roleFiltering' {
+export function globalRoleFilteringfn(ary: any): any;
+export function clusterRoleFilteringfn(ary: any): any;
+export function projectRoleFilteringfn(ary: any): any;
+}
+
 // @shell/utils/router
 
 declare module '@shell/utils/router' {

package/utils/roleFiltering.js

@@ -0,0 +1,33 @@
+export function globalRoleFilteringfn (ary) {
+  const roleList = ['admin', 'tenant', 'safe-admin']
+  if (ary && ary.length > 0) {
+    return ary.filter(item => { return roleList.includes(item.id) })
+  }
+  return []
+}
+
+export function clusterRoleFilteringfn (ary) {
+  const roleList = ['cluster-tenant']
+  if (ary && ary.length > 0) {
+    ary.map(m => {
+      if (m.id === 'cluster-tenant') {
+        m['displayName'] = '租户'
+      }
+    })
+    return ary.filter(item => { return roleList.includes(item.id) })
+  }
+  return []
+}
+
+export function projectRoleFilteringfn (ary) {
+  const roleList = ['project-tenant']
+  ary.map(m => {
+    if (m.id === 'project-tenant') {
+      m['displayName'] = '租户'
+    }
+  })
+  if (ary && ary.length > 0) {
+    return ary.filter(item => { return roleList.includes(item.id) })
+  }
+  return []
+}