Association facets are read only in self service

This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only. Checkingi and working with the actual rights would require significantly bigger effort. https://fedorahosted.org/freeipa/ticket/1972
2025-02-25 18:55:28 -06:00 · 2011-12-12 15:52:23 +01:00
parent 433cf5b5e7
commit 7710bfb5bd
1 changed files with 12 additions and 6 deletions
--- a/install/ui/user.js
+++ b/install/ui/user.js
@@ -32,7 +32,8 @@ IPA.user.entity = function(spec) {
    that.init = function() {
        that.entity_init();

-        var link = IPA.nav.name == 'self-service' ? false : undefined;
+        var self_service = IPA.nav.name === 'self-service';
+        var link = self_service ? false : undefined;

        that.builder.search_facet({
            columns: [
@@ -108,31 +109,36 @@ IPA.user.entity = function(spec) {
        association_facet({
            name: 'memberof_group',
            associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
        }).
        association_facet({
            name: 'memberof_netgroup',
            associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
        }).
        association_facet({
            name: 'memberof_role',
            associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
        }).
        association_facet({
            name: 'memberof_hbacrule',
            associator: IPA.serial_associator,
            add_method: 'add_user',
            remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
        }).
        association_facet({
            name: 'memberof_sudorule',
            associator: IPA.serial_associator,
            add_method: 'add_user',
            remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
        }).
        standard_association_facets({
            link: link