WebUI: hide buttons in certificate widget according to acl

When user is logged in and opens details page of another user there should not be visible button for adding new certificate and also the option in action menu for deleting certificate should be grayed out. This is achieved by adding custom field for certificates widget, which is able to read ACLs from result of user-show and not from cert-find result. https://fedorahosted.org/freeipa/ticket/6341 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-01-12 01:01:55 -06:00 · 2016-09-23 15:47:50 +02:00 · 2016-09-23 15:47:50 +02:00 · 81ead980fb
commit 81ead980fb
parent 45e3aee352
2 changed files with 58 additions and 1 deletions
--- a/install/ui/src/freeipa/field.js
+++ b/install/ui/src/freeipa/field.js
@ -1204,6 +1204,61 @@ field.sshkeys_field = IPA.sshkeys_field = function(spec) {
    return that;
 };

+
+/**
+ * Field for certificates widget.
+ * - has the ObjectAdapter as default
+ * - by default has  `w_if_no_aci` to workaround missing object class
+ *
+ * @class
+ * @alternateClassName IPA.certs_field
+ * @extends IPA.field
+ */
+field.certs_field = IPA.certs_field = function(spec) {
+    spec = spec || {};
+    spec.adapter = spec.adapter || field.ObjectAdapter;
+    spec.flags = spec.flags || ['w_if_no_aci'];
+
+    var that = IPA.field(spec);
+
+    /**
+     * The index of record from batch command where ACLs are returned.
+     * Necessary for correct display 'add' and 'delete' buttons in certificate
+     * widget.
+     *
+     * @param {Number} acl_result_index
+     */
+    that.acl_result_index = spec.acl_result_index;
+
+    that.load = function(data) {
+        var value = that.adapter.load(data);
+        var parsed = util.parse(that.data_parser, value, "Parse error:"+that.name);
+        value = parsed.value;
+        if (!parsed.ok) {
+            window.console.warn(parsed.message);
+        }
+
+        // specific part for certificates - it is necessary to read rights from
+        // result of user-show command not from cert-find result.
+        // Therefore we need to get record with different index. The correct
+        // index is set in acl_result_index variable, old index is stored
+        // and then put back.
+        var old_index = that.adapter.result_index;
+        if (that.acl_result_index !== undefined) {
+            that.adapter.result_index = that.acl_result_index;
+        }
+
+        var record = that.adapter.get_record(data);
+        that.adapter.result_index = old_index;
+
+        that.load_writable(record);
+
+        that.set_value(value, true);
+    };
+
+    return that;
+};
+
 /**
 * SSH Keys Adapter
 * @class
@ -1553,7 +1608,7 @@ field.register = function() {
    var v = reg.validator;
    var l = reg.adapter;

-    f.register('certs', field.field);
+    f.register('certs', field.certs_field);
    f.register('checkbox', field.checkbox_field);
    f.register('checkboxes', field.field);
    f.register('combobox', field.field);
--- a/install/ui/src/freeipa/user.js
+++ b/install/ui/src/freeipa/user.js
@ -208,6 +208,8 @@ return {
                        },
                        {
                            $type: 'certs',
+                            acl_param: 'usercertificate',
+                            acl_result_index: 0,
                            adapter: {
                                $type: 'object_adapter',
                                result_index: 3