engineering
/
configurations
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
configurations/Kimai/kamai.yaml

373 lines
19 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

# ---------------------------------------------------------------------------------------------
# DO NOT EDIT THIS FILE, INSTEAD CREATE THE FILE "local.yaml" AND ADD YOUR SETTINGS IN THERE.
# See https://www.kimai.org/documentation/local-yaml.html
#
# Be aware that this file is YAML format and the indentation is important.
# Each config level needs to be indented with 4 additional spaces.
# ---------------------------------------------------------------------------------------------
kimai:
saml:
activate: true
title: Login with IAM
mapping:
- { saml: $email, kimai: email }
- { saml: $name, kimai: alias }
roles:
resetOnLogin: false
# attribute: Groups
# mapping:
# # Insert your role-mapping here (ROLE_USER is added automatically)
# - { saml: Admin, kimai: ROLE_SUPER_ADMIN }
# - { saml: Manager, kimai: ROLE_ADMIN }
# - { saml: Teamlead, kimai: ROLE_TEAMLEAD }
connection:
idp:
entityId: 'urn:auth.libraryofcode.org'
singleSignOnService:
url: 'https://auth.libraryofcode.org/samlp/1sEhaaFdWtinNdi6ov8eiNhGSenS7qmD'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
#singleLogoutService:
# url: 'https://www.example.com/logout'
# binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
x509cert: 'MIIDDzCCAfegAwIBAgIJUAAq4EwiXEPrMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNVBAMTGmxpYnJhcnlvZmNvZGUudXMuYXV0aDAuY29tMB4XDTIxMDUyMzIwNTQ0OVoXDTM1MDEzMDIwNTQ0OVowJTEjMCEGA1UEAxMabGlicmFyeW9mY29kZS51cy5hdXRoMC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQh2G5y3EkOHkELf9vESZrGPNBfTTR4C7QRclfqCDIPaxqkkH7JhivnyOUnpOE1+8ZC3Z6kvIjHE2tJSMd3JEV1r83NOv3Iowy5NLsd7iz9CctXdYH+cJSRAQMjLYIwZg04yX+mSAMn/hdCKbMjtlg1eUer6miPOzqIMGwVptUybYIX+a6LHDyAP39CxZtD5UsWCb15NYpKqXsOHtq7EWowLf2DaocFfEV7PvZCzSR9dIRKJf2yC/oSyX8/3zAVhaWJTxBMyuYseFSQcPNcAsWrxNuF3yh4u2R05aGBPJXF2ztx6M7Mv4bK2Uvzxv4mx7wSxKbcfC9h/1vtS9qapNLAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFImsV52lnWc99Meaj9/zPAALrOVMA4GA1UdDwEB/wQEAwIChDANBgkqhkiG9w0BAQsFAAOCAQEAlA8LCnFnUamt/PZBqHe22rPCUfeglPQlmx9OSJL9SA9J4OcTEtZOao0AwRFFjFIBR+9frD5laWzWcE63tTlLlN2y1EbUMIbH/WtCNEXrq+i750spMlCtwqiCY8dIQPfBl0gfbr3sCllx0FLcZVmUCR3wewIGdVM/Jg69NfOoDmSTYKtqnDpSKtTZxudoKx+ZRxBDJQiBlCxEFeE05g6MVaK6mXRnG0nyhoRxJD4di1uN9dHgr2JWMpbVNaD1ZN9j02CEBr6Qtg1mCuGeX4K1BIWI0dCZGOqXKWYbjeSgjvsZha6op6Gz2rLP1NR+RpLpND2/REysxCbYwok8IXKvNA=='
# Your Kimai: replace https://www.example.com with your base URL
sp:
entityId: 'https://time.libraryofcode.org/auth/saml/metadata'
assertionConsumerService:
url: 'https://time.libraryofcode.org/auth/saml/acs'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
#singleLogoutService:
# url: 'https://auth.libraryofcode.org/auth/saml/logout'
# binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
#privateKey: ''
# only set baseurl, if auto-detection doesn't work
#baseurl: ''
strict: true
debug: true
security:
nameIdEncrypted: false
authnRequestsSigned: false
logoutRequestSigned: false
logoutResponseSigned: false
wantMessagesSigned: false
wantAssertionsSigned: false
wantNameIdEncrypted: false
requestedAuthnContext: true
signMetadata: false
wantXMLValidation: true
signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
contactPerson:
technical:
givenName: 'Kimai Admin'
emailAddress: 'admin@example.com'
support:
givenName: 'Kimai Support'
emailAddress: 'support@example.com'
organization:
en:
name: 'Kimai'
displayname: 'Kimai'
url: 'https://www.example.com'
# --------------------------------------------------------------------------------
# AUTHENTICATION
# --------------------------------------------------------------------------------
# user:
# registration: false
# password_reset: true
# --------------------------------------------------------------------------------
# --------------------------------------------------------------------------------
# TIME-TRACKING
# --------------------------------------------------------------------------------
timesheet:
# Allows to render timesheet descriptions with markdown
# This setting can be changed through the Administration screen
# markdown_content: false
# Configures the duration drop-down select.
# null = use rounding rules, 0 = deactivate, every other number is used as minute/step increment
# duration_increment: ~
# Configures the minute select for begin and end date-time.
# null = use rounding rules, every number > 0 is used as minute/step increment
# time_increment: ~
# The time-tracking mode that should be used.
# mode: default
# The default time to pre-fill the "create timesheet" form (in some cases).
# This setting is only respected by some time-tracking modes and not in all situations.
#
# Accepted formats, see
# - https://www.php.net/manual/en/datetime.formats.php
# - https://www.php.net/manual/en/datetime.formats.time.php
# default_begin: now
# Rounding rules are used to round the begin & end dates and the duration for timesheet records.
# The "default" rule will round "begin" down and "end" up to the full minute, the "duration" will not be rounded.
# rounding:
# default:
# days: ['monday','tuesday','wednesday','thursday','friday','saturday','sunday']
# begin: 1
# end: 1
# duration: 0
# mode: default
# If you want to apply different hourly rates for specific weekdays, you can uncomment the "rates" configuration.
# The "weekend" rule will add 50% to each timesheet entry that will be recorded on "saturdays" or "sundays".
# rates:
# weekend:
# days: ['saturday','sunday']
# factor: 1.5
# If you want to limit the max. active entries per user, you can do it here.
# The hard_limit is used to detect how many active records are allowed per user:
# - by default a user can only have one active time-record: it is automatically stopped when a new one is started
# - when hard_limit is > 1 and the user is trying to start a new entry after reaching the limit, a warning is shown
# and the user has to stop an active entry first
# active_entries:
# hard_limit: 3
# --------------------------------------------------------------------------------
# --------------------------------------------------------------------------------
# PERMISSIONS
# --------------------------------------------------------------------------------
permissions:
# mapping complex rule sets of single permissions to named "sets" ("set name" = [array of "permissions and @SETS"])
sets:
ACTIVITIES: ['view_activity','create_activity','edit_activity','budget_activity','time_activity','delete_activity','permissions_activity']
ACTIVITIES_ALL_TEAMLEAD: ['view_teamlead_activity','edit_teamlead_activity','budget_teamlead_activity','time_teamlead_activity','permissions_teamlead_activity']
ACTIVITIES_ALL_TEAM: ['view_team_activity','edit_team_activity','budget_team_activity','time_team_activity'] ACTIVITIES_TEAMLEAD: ['view_teamlead_activity','create_activity','edit_teamlead_activity','budget_teamlead_activity','time_teamlead_activity']
PROJECTS: ['view_project','create_project','edit_project','budget_project','time_project','delete_project','permissions_project','comments_project','comments_create_project','details_project']
PROJECTS_ALL_TEAMLEAD: ['view_teamlead_project','edit_teamlead_project','budget_teamlead_project','time_teamlead_project','permissions_teamlead_project','comments_teamlead_project','comments_create_teamlead_project','details_teamlead_project']
PROJECTS_ALL_TEAM: ['view_team_project','edit_team_project','budget_team_project','time_team_project','comments_team_project','comments_create_team_project','details_team_project']
PROJECTS_TEAMLEAD: ['view_teamlead_project','budget_teamlead_project','time_teamlead_project','comments_teamlead_project','comments_create_teamlead_project','details_teamlead_project']
CUSTOMERS: ['view_customer','create_customer','edit_customer','budget_customer','time_customer','delete_customer','permissions_customer','comments_customer','comments_create_customer','details_customer']
CUSTOMERS_ALL_TEAMLEAD: ['view_teamlead_customer','edit_teamlead_customer','budget_teamlead_customer','time_teamlead_customer','permissions_teamlead_customer','comments_teamlead_customer','comments_create_teamlead_customer','details_teamlead_customer']
CUSTOMERS_ALL_TEAM: ['view_team_customer','edit_team_customer','budget_team_customer','time_team_customer','comments_team_customer','comments_create_team_customer','details_team_customer']
CUSTOMERS_TEAMLEAD: ['view_teamlead_customer','budget_teamlead_customer','time_teamlead_customer','comments_teamlead_customer','comments_create_teamlead_customer','details_teamlead_customer']
INVOICE: ['view_invoice','create_invoice']
INVOICE_ADMIN: ['manage_invoice_template']
INVOICE_ALL: ['delete_invoice']
TIMESHEET: ['view_own_timesheet','start_own_timesheet','stop_own_timesheet','create_own_timesheet','edit_own_timesheet','export_own_timesheet','delete_own_timesheet','weekly_own_timesheet']
TIMESHEET_OTHER: ['view_other_timesheet','start_other_timesheet','stop_other_timesheet','create_other_timesheet','edit_other_timesheet','export_other_timesheet','delete_other_timesheet']
PROFILE: ['view_own_profile','edit_own_profile','password_own_profile','preferences_own_profile','api-token_own_profile']
PROFILE_OTHER: ['view_other_profile','edit_other_profile','password_other_profile','roles_other_profile','preferences_other_profile','api-token_other_profile','teams_other_profile']
TAGS: ['view_tag','manage_tag','delete_tag']
USER: ['view_user','create_user','delete_user','role_permissions']
RATE: ['view_rate_own_timesheet','edit_rate_own_timesheet']
RATE_OTHER: ['view_rate_other_timesheet','edit_rate_other_timesheet']
EXPORT: ['create_export','edit_export_own_timesheet','edit_export_other_timesheet']
BILLABLE: ['edit_billable_own_timesheet','edit_billable_other_timesheet']
TEAMS: ['view_team','create_team','edit_team','delete_team']
LOCKDOWN: ['lockdown_grace_timesheet','lockdown_override_timesheet']
REPORTING: ['view_reporting','view_other_reporting']
# some single default definitions for roles
SINGLE_USER: ['view_team_member','time_team_project']
SINGLE_TEAMLEAD: ['view_rate_own_timesheet','view_rate_other_timesheet','hourly-rate_own_profile','view_team_member']
SINGLE_ADMIN: ['hourly-rate_own_profile','edit_exported_timesheet','teams_own_profile','view_team_member','view_all_data']
SINGLE_SUPER_ADMIN: ['hourly-rate_own_profile','hourly-rate_other_profile','roles_own_profile','system_information','system_configuration','plugins','edit_exported_timesheet','teams_own_profile','view_team_member','upload_invoice_template','view_all_data']
# link above sets to one complete set for each user role
ROLE_USER: ['@TIMESHEET','@PROFILE','@REPORTING','@SINGLE_USER']
ROLE_TEAMLEAD: ['@ACTIVITIES_TEAMLEAD','@PROJECTS_TEAMLEAD','@CUSTOMERS_TEAMLEAD','@TIMESHEET_OTHER','@INVOICE','@TIMESHEET','@PROFILE','@EXPORT','@BILLABLE','@TAGS','@REPORTING','@SINGLE_TEAMLEAD']
ROLE_ADMIN: ['@ACTIVITIES','@PROJECTS','@CUSTOMERS','@INVOICE','@INVOICE_ADMIN','@TIMESHEET','@TIMESHEET_OTHER','@PROFILE','@TEAMS','@RATE','@RATE_OTHER','@EXPORT','@BILLABLE','@TAGS','@LOCKDOWN','@REPORTING','@SINGLE_ADMIN']
ROLE_SUPER_ADMIN: ['@ACTIVITIES','@PROJECTS','@CUSTOMERS','@INVOICE','@INVOICE_ADMIN','@TIMESHEET','@TIMESHEET_OTHER','@PROFILE','@PROFILE_OTHER','@USER','@TEAMS','@RATE','@RATE_OTHER','@EXPORT','@BILLABLE','@TAGS','@LOCKDOWN','@REPORTING','@SINGLE_SUPER_ADMIN']
# mapping "sets" or permissions to user roles ("role name" = [array of "set names"])
maps:
ROLE_USER: ['ROLE_USER']
ROLE_TEAMLEAD: ['ROLE_TEAMLEAD']
ROLE_ADMIN: ['ROLE_ADMIN']
ROLE_SUPER_ADMIN: ['ROLE_SUPER_ADMIN']
# only here to register the (partially) unused permissions in the UI
ROLE_FAKE: ['CUSTOMERS_ALL_TEAMLEAD','CUSTOMERS_ALL_TEAM','PROJECTS_ALL_TEAMLEAD','PROJECTS_ALL_TEAM','ACTIVITIES_ALL_TEAMLEAD','ACTIVITIES_ALL_TEAM','INVOICE_ALL']
# add or remove single permissions
roles:
ROLE_USER: []
ROLE_TEAMLEAD: []
ROLE_ADMIN: []
ROLE_SUPER_ADMIN: []
# --------------------------------------------------------------------------------
# --------------------------------------------------------------------------------
# CALENDAR Configuration
# --------------------------------------------------------------------------------
# calendar:
# week_numbers: true
# weekends: true
# day_limit: 4
# slot_duration: '00:30:00'
# businessHours:
# days: [1, 2, 3, 4, 5]
# begin: '08:00'
# end: '18:00'
# visibleHours:
# begin: '00:00'
# end: '24:00'
#
# # You can configure unlimited google calendars to display events for your company (e.g. holidays)
# google:
# api_key: 'your-restricted-google-api-key'
# sources:
# holidays:
# id: 'de.german#holiday@group.v.calendar.google.com'
# color: '#ccc'
# --------------------------------------------------------------------------------
# --------------------------------------------------------------------------------
# INVOICES
# --------------------------------------------------------------------------------
# invoice:
# # all files in these directories will be used as invoice documents (if supported by a renderer)
# documents:
# - 'var/invoices/'
# - 'templates/invoice/renderer/'
# --------------------------------------------------------------------------------
# --------------------------------------------------------------------------------
# DASHBOARD
# --------------------------------------------------------------------------------
dashboard:
user_duration:
title: ~
order: 10
permission: view_own_timesheet
widgets: [PaginatedWorkingTimeChart]
user_teams:
title: ~
order: 15
permission: ROLE_USER
widgets: [UserTeams, UserTeamProjects]
user_rates:
title: ~
order: 20
permission: view_rate_own_timesheet
widgets: [userAmountToday, userAmountWeek, userAmountMonth, userAmountYear]
duration:
title: dashboard.all
order: 30
permission: ROLE_TEAMLEAD
widgets: [durationToday, durationWeek, durationMonth, durationYear]
active_users:
title: ~
order: 40
permission: ROLE_TEAMLEAD
widgets: [activeUsersToday, activeUsersWeek, activeUsersMonth, activeUsersYear]
rates:
title: ~
order: 50
permission: view_all_data
widgets: [amountToday, amountWeek, amountMonth, amountYear]
totals:
title: ~
order: 100
permission: ROLE_USER
widgets: [TotalsUser, TotalsCustomer, TotalsProject, TotalsActivity]
# --------------------------------------------------------------------------------
# --------------------------------------------------------------------------------
# LANGUAGES
# --------------------------------------------------------------------------------
languages:
cs:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m H:i'
da:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
de:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
de_AT:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
de_CH:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
el:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
en:
date_type: 'yyyy-MM-dd'
date: 'Y-m-d'
date_time: 'm-d H:i'
duration: '%%h:%%m h'
en_GB:
date_type: 'dd/MM/yyyy'
date: 'd/m/Y'
date_time: 'd/m H:i'
es:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
fi:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
fr:
date_type: 'dd/MM/yyyy'
date: 'd/m/Y'
date_time: 'd/m H:i'
duration: '%%h h %%m'
he:
date_type: 'dd/MM/yyyy'
date: 'd/m/Y'
date_time: 'd/m H:i'
duration: '%%h:%%m'
hr:
date_type: 'dd. MM. yyyy.'
date: 'd. m. Y.'
date_time: 'd. m. H:i'
duration: '%%h:%%m'
hu:
date_type: 'yyyy.MM.dd.'
date: 'Y.m.d.'
date_time: 'm.d. H:i'
it:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
nl:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
duration: '%%hu%%m'
pt:
date_type: 'dd/MM/yyyy'
date: 'd/m/Y'
date_time: 'd-m H:i'
pt_BR:
date_type: 'dd-MM-yyyy'
date: 'd-m-Y'
date_time: 'd-m H:i'
ru:
date_type: 'dd.MM.yyyy'
date: 'd.m.Y'
date_time: 'd.m. H:i'
sk:
date_type: 'dd. MM. yyyy'
date: 'd. m. Y'
date_time: 'd. m. H:i'
sv:
duration: '%%h:%%m tim'
date_time: 'd/m H:i'
pl:
date_type: 'dd. MM. yyyy'
date: 'd. m. Y'
date_time: 'd. m. H:i'
# --------------------------------------------------------------------------------
Reference in New Issue View Git Blame Copy Permalink