move user-role-mappings to shared and other minor fixes

CONTRIBUTING.md

@@ -19,7 +19,7 @@ This site is created using Jekyll. Get started with Jekyll [here](https://jekyll
 Once you have jekyll and the bundler installed, run
 
 ```
-bundle install
+bundle install --path vendor/bundle
 ```
 
 Then run

_data/settings/advanced.yml

@@ -49,7 +49,7 @@ settings:
       (Since 5.2) How to track sessions, by default we track based on the source/destination IP and port.
       Arkime can also extend the session id by VLAN or VNI.
       This allows sessions that have the same source/destination IP and port but are on different VLANs or VNIs to be tracked separately.
-      It is also possible to treat VLAN and VNI ids as the same with the <a href="#vlan-vni-collapse">[vlan-vni-collapse]</a> section.
+      It is also possible to treat multiple VLAN or VNI ids as the same with the <a href="#vlan-vni-collapse">[vlan-vni-collapse]</a> section.
       <ul>
       <li>none - Only track based on source/destination IP and port</li>
       <li>vlan - Track based on source/destination IP, port, and vlan</li>

_data/settings/vlan-vni-collapse.yml

@@ -1,12 +1,12 @@
 name: vlan-vni-collapse
 before: |
   <p>
-    (Since 5.2)When using the <a href="#sessionIdTracking">sessionIdTracking</a> setting this section allows you to collapse the VLAN and VNI into a single value.
+    (Since 5.2)When using the <a href="#sessionIdTracking">sessionIdTracking</a> setting this section allows you to collapse VLAN or VNI into a single value.
     This is useful when multiple VLANs or VNIs might be used for the same session.
   </p>
 
   <p>
-    In this example the VLANs 50, 100, 300, 400, and 500 will be collapsed into a single value of 0 and the VLANs 125 and 325 will be collapsed into a single value of 25.
+    In this example the values 50, 100, 300, 400, and 500 will be collapsed into a single value of 0 and the values 125 and 325 will be collapsed into a single value of 25.
   </p>
   <pre><code>[vlan-vni-collapse]
   0=50,100,300,400,500

_data/settings/user-role-mappings.yml → _data/shared/user-role-mappings.yml

@@ -2,7 +2,8 @@ name: user-role-mappings
 before: |
   <p>
     Starting with 5.4.1 it is now possible to dynamically update the roles associated with a user when using header or oidc authMode.
-    When using this section, all roles you are using must be defined, one per line, and any role no longer enabled for the user will be removed.
+    This is done by adding a <code>[user-role-mappings]</code> section to the <code>configuration</code> file.
+    When using the user-role-mappings section, all roles you are using must be defined, one per line, and any role no longer enabled for the user will be removed.
     The rules are evaluated on login, and the user's roles are updated accordingly.
   </p>
   <p class="alert alert-secondary">
@@ -14,6 +15,9 @@ before: |
     Each line is of the format <code>rolename=javascript expression</code>.
     The javascript expression can use two variable, <code>this</code> which allows you to reference any user fields and <code>vals</code> which allows you to access any of the request headers for header auth or the oidc info for oidc auth.
   </p>
+  <p>
+    Depending on what IAM system you are using, you may need to enable the sending of userinfo to Arkime.
+  </p>
 
 after: |
   <p>
@@ -28,6 +32,8 @@ after: |
   superAdmin=this.userId === 'fred' || this.userId === 'wilma'
   # custom role based on header value
   role-special=vals.roles.includes('special')
+  # If you need to debug what is in this or vals you can use console.log
+  # role-test=console.log(this, vals),true
   </code></pre>
 
 settings:

settings.html

@@ -7,6 +7,7 @@
   - security
   - auth-oidc
   - usersdb
+  - user-role-mappings
 
 sections:
   - db
@@ -55,7 +56,6 @@
   - packet-drop-ips
   - remote-clusters
   - multi-viewer-settings
-  - user-role-mappings
   - vlan-vni-collapse
   - wise-types