IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

webui: hide non-readable fields

Browse Source 
hide widgets if associated field had received attribute level rights
without 'r' right.

Explicit rights are required to avoid hiding of special widgets which
are not associated with any LDAP attribute.

https://fedorahosted.org/freeipa/ticket/4402

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
This commit is contained in:
Petr Vobornik 2014-07-31 10:14:32 +02:00
parent 2b2f379811
commit 7e7fe57fc9
3 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
install/ui/src/freeipa/FieldBinder.js
View File

@ -121,6 +121,7 @@ define(['dojo/_base/declare',
this.handle(field, 'require-change', this.on_field_require_change);
this.handle(field, 'writable-change', this.on_field_writable_change);
this.handle(field, 'readonly-change', this.on_field_readonly_change);
this.handle(field, 'acl-rights-change', this.on_field_acl_rights_change);
this.handle(field, 'reset', this.on_field_reset);
this.handle(widget, 'value-change', this.on_widget_value_change);
@ -240,6 +241,18 @@ define(['dojo/_base/declare',
this.widget.set_read_only(event.read_only);
},
/**
* Field acl rights change handler
* @protected
*/
on_field_acl_rights_change: function(event) {
var readable= event.rights.indexOf('r') > -1;
if (this.widget.set_readable) {
this.widget.set_readable(readable);
}
},
/**
* Field reset handler
*

24
install/ui/src/freeipa/field.js
View File

@ -105,6 +105,16 @@ field.field = IPA.field = function(spec) {
*/
that.acl_param = spec.acl_param || that.param;
/**
* Rights which determines what operation can do with this field or
* attribute.
*
* E.g., 'rscwo' - read, search, compare, write(mod-add), obliterate(mod-del)
*
* @property {string}
*/
that.acl_rights = spec.acl_rights || 'r';
/**
* Label
* @property {string}
@ -449,6 +459,7 @@ field.field = IPA.field = function(spec) {
that.load_writable = function(record) {
var writable = true;
var old = that.acl_rights;
function has_write(record, param) {
var rights = record.attributelevelrights[param];
@ -466,11 +477,17 @@ field.field = IPA.field = function(spec) {
}
}
if (record && record.attributelevelrights && writable) {
if (record && record.attributelevelrights) {
var rights = record.attributelevelrights[that.acl_param];
var write_attr = has_write(record, that.acl_param);
var all_rights = record.attributelevelrights['*'];
var write_all = has_write(record, '*');
// don't assume any value if the rights are not defined, keep the original
if (rights !== undefined || all_rights !== undefined) {
that.acl_rights = rights || all_rights || '';
}
// Some objects in LDAP may not have proper object class set and
// therefore server doesn't send proper attribute rights. Flag
// 'w_if_no_aci' should be used when we want to ensure that UI
@ -480,10 +497,13 @@ field.field = IPA.field = function(spec) {
var may_add_oc = !rights && write_oc && that.flags.indexOf('w_if_no_aci') > -1;
// If no rights, change writable to False:
writable = write_attr || write_all || may_add_oc;
writable = writable && (write_attr || write_all || may_add_oc);
}
that.set_writable(writable);
if (old !== that.acl_rights) {
that.emit('acl-rights-change', { source: that, rights: that.acl_rights, old: old });
}
};
/**

16
install/ui/src/freeipa/widget.js
View File

@ -406,6 +406,9 @@ IPA.input_widget = function(spec) {
*/
that.ctor_init = function() {
on(that, 'value-change', that.hide_if_empty);
on(that, 'readable-change', function() {
that.set_visible();
});
};
/**
@ -641,9 +644,22 @@ IPA.input_widget = function(spec) {
if (that.has_value === false && !that.is_writable() && that.hidden_if_empty) {
visible = false;
}
if (that.readable !== undefined) {
visible = visible && that.readable;
}
return visible;
};
that.set_readable = function(readable) {
var old = that.readable;
that.readable = readable;
if (old !== that.readable) {
that.emit('readable-change', { source: that, readable: readable });
}
};
/**
* Widget is writable
* @return {boolean}