sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 23:41:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: Newsfeed in Portal based on XWiki blog feature

Browse Source
This commit is contained in:
Thorsten Roßner
2024-11-26 11:31:47 +01:00
parent e4d9106c45
commit 3ad285a869
7 changed files with 92 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/architecture.md
View File

@@ -23,6 +23,7 @@ SPDX-License-Identifier: Apache-2.0
* [Central Contacts](#central-contacts) * [Central Contacts](#central-contacts)
* [Central Navigation](#central-navigation) * [Central Navigation](#central-navigation)
* [Filepicker](#filepicker) * [Filepicker](#filepicker)
* [Newsfeed](#newsfeed)
* [(OpenProject) File Store](#openproject-file-store) * [(OpenProject) File Store](#openproject-file-store)
* [Applications vs. Services](#applications-vs-services) * [Applications vs. Services](#applications-vs-services)
* [Collabora (Office)](#collabora-office) * [Collabora (Office)](#collabora-office)
@@ -256,6 +257,7 @@ flowchart TD
Intercom_Service-->|Silent Login, Token Exchange|IdP Intercom_Service-->|Silent Login, Token Exchange|IdP
Intercom_Service-->|Filepicker|Nextcloud Intercom_Service-->|Filepicker|Nextcloud
Intercom_Service-->|Central Navigations|Portal Intercom_Service-->|Central Navigations|Portal
Intercom_Service-->|Newsfeed|XWiki
OX-AppSuite_Backend-->|Filepicker|Nextcloud OX-AppSuite_Backend-->|Filepicker|Nextcloud
OX-AppSuite_Backend-->|Videoconferences|Element OX-AppSuite_Backend-->|Videoconferences|Element
Nextcloud-->|Central Navigation|Portal Nextcloud-->|Central Navigation|Portal
@@ -264,6 +266,7 @@ flowchart TD
XWiki-->|Central Navigation|Portal XWiki-->|Central Navigation|Portal
Nextcloud-->|Central Contacts|OX-AppSuite_Backend Nextcloud-->|Central Contacts|OX-AppSuite_Backend
OX-AppSuite_Frontend-->|Filepicker|OX-AppSuite_Backend OX-AppSuite_Frontend-->|Filepicker|OX-AppSuite_Backend
Portal-->|Newsfeed|Intercom_Service
``` ```
Details can be found in the upstream documentation that is linked in the respective sections. Details can be found in the upstream documentation that is linked in the respective sections.
@@ -325,6 +328,14 @@ when adding a file to an email or storing a file into Nextcloud to avoid passing
**Links** **Links**
- [OX AppSuite Nextcloud Integration upstream documentation](https://gitlab.open-xchange.com/extensions/nextcloud-integration/-/tree/main/documentation). - [OX AppSuite Nextcloud Integration upstream documentation](https://gitlab.open-xchange.com/extensions/nextcloud-integration/-/tree/main/documentation).
## Newsfeed
The portal renders a newsfeed based on entries of a predefined openDesk blog in XWiki. It accesses the required XWiki
service through the Intercom Service's `/wiki` endpoint, in combination with the previously described silent login.
**Links:**
- [XWiki Blog feature](https://extensions.xwiki.org/xwiki/bin/view/Extension/Blog%20Application)
## (OpenProject) File Store ## (OpenProject) File Store
While OpenProject allows you to attach files to work packages directly, it is often preferred that the files are While OpenProject allows you to attach files to work packages directly, it is often preferred that the files are

10
helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
View File

@@ -53,7 +53,8 @@ ics:
secret: {{ .Values.secrets.intercom.secret | quote }} secret: {{ .Values.secrets.intercom.secret | quote }}
issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
originRegex: "{{ .Values.global.domain }}" originRegex: "{{ .Values.global.domain }}"
userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"entryuuid"{{ else }}"phoenixusername"{{ end }} userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"entryuuid"{{ else }}"opendesk_username"{{ end }}
usernameClaim: "opendesk_username"
keycloak: keycloak:
realm: {{ .Values.platform.realm | quote }} realm: {{ .Values.platform.realm | quote }}
default: default:
@@ -77,6 +78,9 @@ ics:
oci: true oci: true
url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
audience: "opendesk-oxappsuite" audience: "opendesk-oxappsuite"
xwiki:
subdomain: {{ .Values.global.hosts.xwiki | quote }}
audience: "opendesk-xwiki"
nextcloud: nextcloud:
origin: {{ .Values.global.hosts.nextcloud | quote }} origin: {{ .Values.global.hosts.nextcloud | quote }}
subdomain: {{ .Values.global.hosts.nextcloud | quote }} subdomain: {{ .Values.global.hosts.nextcloud | quote }}
@@ -103,7 +107,9 @@ podSecurityContext:
fsGroupChangePolicy: "Always" fsGroupChangePolicy: "Always"
provisioning: provisioning:
enabled: true # intercom OIDC client is created by opendesk-keycloak-bootstrap, as we have control over the
# client's claims this way.
enabled: false
config: config:
nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}" nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
keycloak: keycloak:

65
helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
View File

@@ -375,6 +375,71 @@ config:
claim.name: "opendesk_username" claim.name: "opendesk_username"
jsonType.label: "String" jsonType.label: "String"
clients: clients:
- name: "opendesk-intercom"
clientId: "opendesk-intercom"
protocol: "openid-connect"
clientAuthenticatorType: "client-secret"
secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
redirectUris:
- "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
consentRequired: false
frontchannelLogout: false
publicClient: false
authorizationServicesEnabled: false
attributes:
backchannel.logout.session.required: true
backchannel.logout.revoke.offline.tokens: true
backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
protocolMappers:
- name: "intercom-audience"
protocol: "openid-connect"
protocolMapper: "oidc-audience-mapper"
consentRequired: false
config:
included.client.audience: "opendesk-intercom"
id.token.claim: false
access.token.claim: true
# temporary additional claim while entryuuid is a hardcoded attribute in IntercomService and we cannot set
# it to `opendesk_useruuid` standard claim. For reference:
# https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/app.js#L89
- name: "entryuuid_temp"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "entryUUID"
id.token.claim: true
access.token.claim: true
claim.name: "entryuuid"
jsonType.label: "String"
# temporary additional claim while phoenixusername is a hardcoded attribute in IntercomService and we cannot
# set it to `opendesk_username` standard claim. For reference:
# https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/routes/navigation.js#L27
- name: "phoenixusername_temp"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "phoenixusername"
jsonType.label: "String"
- name: "opendesk_username"
protocol: "openid-connect"
protocolMapper: "oidc-usermodel-attribute-mapper"
consentRequired: false
config:
userinfo.token.claim: true
user.attribute: "uid"
id.token.claim: true
access.token.claim: true
claim.name: "opendesk_username"
jsonType.label: "String"
defaultClientScopes:
- "offline_access"
- name: "opendesk-dovecot" - name: "opendesk-dovecot"
clientId: "opendesk-dovecot" clientId: "opendesk-dovecot"
protocol: "openid-connect" protocol: "openid-connect"

3
helmfile/apps/xwiki/values.yaml.gotmpl
View File

@@ -147,6 +147,7 @@ properties:
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.secure": 1 "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.secure": 1
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}" "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443 "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443
## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping. ## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping.
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,dc=swp-ldap,dc=internal" "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,dc=swp-ldap,dc=internal"
## SMTP settings ## SMTP settings
@@ -175,7 +176,7 @@ properties:
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
"property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "li#tmWorkplaceServices { padding-left: 16px; padding-top: 5px; } .navbar-right { padding-top: 8px; } .navbar { border-bottom: 1px solid #ddd !important; height: 64px;} div#companylogo { width: 90px; height: auto; padding-top: 7px; padding-left: 9px; }" "property:xwiki:FlamingoThemes.Iceberg^FlamingoThemesCode.ThemeClass.lessCode": "li#tmWorkplaceServices { padding-left: 16px; padding-top: 5px; } .navbar-right { padding-top: 8px; } .navbar { border-bottom: 1px solid #ddd !important; height: 64px;} div#companylogo { width: 90px; height: auto; padding-top: 7px; padding-left: 9px; }"
"property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "oidc" "property:xwiki:XWiki.AuthService.Configuration^XWiki.AuthService.ConfigurationClass.authService": "keycloak-bridge-auth"
## Fields to search in when importing users from the administration UI (not completely in scope for now) ## Fields to search in when importing users from the administration UI (not completely in scope for now)
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes": "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapUserAttributes":
"sn,givenname,uid,mailPrimaryAddress" "sn,givenname,uid,mailPrimaryAddress"

4
helmfile/environments/default/charts.yaml.gotmpl
View File

@@ -139,7 +139,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror" repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "intercom-service" name: "intercom-service"
version: "2.7.1" version: "2.7.3"
verify: true verify: true
jitsi: jitsi:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -321,7 +321,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap" repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
name: "opendesk-keycloak-bootstrap" name: "opendesk-keycloak-bootstrap"
version: "2.1.3" version: "2.1.4"
verify: true verify: true
openproject: openproject:
# providerCategory: "Supplier" # providerCategory: "Supplier"

6
helmfile/environments/default/images.yaml.gotmpl
View File

@@ -79,7 +79,7 @@ images:
# upstreamMirrorStartFrom: ["2", "1", "0"] # upstreamMirrorStartFrom: ["2", "1", "0"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service" repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
tag: "2.4.0@sha256:df743b7ea30077dc941815ccc60198820d67bbba94853fa7a6f939c0f36af335" tag: "2.7.3@sha256:bae60a9a14df53431f81846bf98520e3340dbfc1abae88622ccbd3c6e81cd930"
jibri: jibri:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Nordeck" # providerResponsible: "Nordeck"
@@ -469,7 +469,7 @@ images:
# upstreamRepository: "nubus/images/portal-frontend" # upstreamRepository: "nubus/images/portal-frontend"
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus-portal-update" repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus-portal-update"
tag: "1.10.5@sha256:75461683a2233c2e5c99499791ceb576b717c68baa28eef2c307e7052aaaf754" tag: "1.10.13@sha256:2f84f50af5d6ed31587e5ea9d043c9c30599d91350e13ea1ca31c9c9737a32cc"
nubusPortalServer: nubusPortalServer:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"
@@ -837,5 +837,5 @@ images:
# upstreamMirrorStartFrom: ["0", "12"] # upstreamMirrorStartFrom: ["0", "12"]
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki" repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
tag: "0.22-mariadb-jetty-alpine@sha256:ba29f44befc558c4a4d969f103b216c13a55194dbc532adc43567bee4943d65f" tag: "0.23-mariadb-jetty-alpine@sha256:d358212cc5c3addc4be02cfd0f2b08aa8b88399ac5848e152111f231356558da"
... ...