Possibility to skip checking writable according to metadata

Useful in association tables which need to ignore object's metadata flags. Association tables don't check right at all. They check them only when 'acl_param' is set in association table field spec. In case that checking metadata needs to be turned on even for Association table, then set 'check_writable_from_metadata' true value in spec. Part of: https://fedorahosted.org/freeipa/ticket/5426 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2025-01-26 16:16:31 -06:00 · 2016-10-05 10:20:25 +02:00 · 2016-10-05 10:20:25 +02:00 · 93a7f4c88d
commit 93a7f4c88d
parent ec63456b7c
2 changed files with 65 additions and 18 deletions
--- a/install/ui/src/freeipa/association.js
+++ b/install/ui/src/freeipa/association.js
@ -827,12 +827,31 @@ IPA.association_table_field = function (spec) {

    spec = spec || {};

+    /**
+     * Turn off decision whether the field is writable according to metadata.
+     * The source of rights will be only ACLs.
+     *
+     * @property {Boolean}
+     */
+    spec.check_writable_from_metadata = spec.check_writable_from_metadata === undefined ?
+                        false : spec.check_writable_from_metadata;
+
    var that = IPA.field(spec);

    that.load = function(data) {
        that.values = that.adapter.load(data);
        that.widget.update(that.values);
        that.widget.unselect_all();
+
+        if (!!that.acl_param) {
+            var record = that.adapter.get_record(data);
+            that.load_writable(record);
+            that.handle_acl();
+        }
+    };
+
+    that.handle_acl = function() {
+        if (!that.writable) that.widget.set_enabled(false);
    };

    that.refresh = function() {
--- a/install/ui/src/freeipa/field.js
+++ b/install/ui/src/freeipa/field.js
@ -95,6 +95,16 @@ field.field = IPA.field = function(spec) {
     */
    that.param = spec.param || spec.name;

+    /**
+     * Some fields needs to skip checking whether they are writable or not
+     * in metadata. It is possible by setting this option to true.
+     * Field example: association_table_field
+     *
+     * @property {string}
+     */
+    that.check_writable_from_metadata = spec.check_writable_from_metadata !== undefined ?
+                spec.check_writable_from_metadata : true;
+
    /**
     * Entity param which provides access control rights
     *
@ -458,11 +468,44 @@ field.field = IPA.field = function(spec) {
        that.set_value(value, true);
    };

+    /**
+    * Evaluate if field is writable according to ACL in record and field
+    * configuration. Updates `writable` property.
+    *
+    * Not writable:
+    *
+    * - primary keys
+    * - with 'no_update' metadata flag
+    */
+    that.load_writable_from_metadata = function(writable) {
+        if (that.metadata) {
+            if (that.metadata.primary_key) {
+                writable = false;
+            }
+
+            // In case that field has set always_writable attribute, then
+            // 'no_update' flag is ignored in WebUI. It is done because of
+            // commands like user-{add,remove}-certmap. They operate with user's
+            // attribute, which cannot be changed using user-mod, but only
+            // using command user-{add,remove}-certmap. Therefore it has set
+            // 'no_update' flag, but we need to show 'Add', 'Remove' buttons in
+            // WebUI.
+            if (that.metadata.flags &&
+                array.indexOf(that.metadata.flags, 'no_update') > -1 &&
+                !that.always_writable) {
+                writable = false;
+            }
+        }
+
+        return writable;
+    };
+
+
    /**
     * Evaluate if field is writable according to ACL in record and field
     * configuration. Updates `writable` property.
     *
-     * Not writable:
+     * Not writable (checked in method that.load_writable_from_metadata()):
     *
     * - primary keys
     * - with 'no_update' metadata flag
@ -487,23 +530,8 @@ field.field = IPA.field = function(spec) {
            return has;
        }

-        if (that.metadata) {
-            if (that.metadata.primary_key) {
-                writable = false;
-            }
-
-            // In case that field has set always_writable attribute, then
-            // 'no_update' flag is ignored in WebUI. It is done because of
-            // commands like user-{add,remove}-certmap. They operate with user's
-            // attribute, which cannot be changed using user-mod, but only
-            // using command user-{add,remove}-certmap. Therefore it has set
-            // 'no_update' flag, but we need to show 'Add', 'Remove' buttons in
-            // WebUI.
-            if (that.metadata.flags &&
-                array.indexOf(that.metadata.flags, 'no_update') > -1 &&
-                !that.always_writable) {
-                writable = false;
-            }
+        if (that.check_writable_from_metadata) {
+            writable = that.load_writable_from_metadata(writable);
        }

        if (record && record.attributelevelrights) {