Read-only external facet for non-external groups

Added evaluators to decide if attribute facet should be read-only based on attribute level rights. Default values serves well for group's external member. https://fedorahosted.org/freeipa/ticket/2895
2025-02-25 18:55:28 -06:00 · 2012-08-03 13:39:25 +02:00 · 2012-08-03 13:39:25 +02:00 · ade68ec94f
commit ade68ec94f
parent 994eeb55c9
2 changed files with 57 additions and 1 deletions
--- a/install/ui/association.js
+++ b/install/ui/association.js
@ -1185,7 +1185,11 @@ IPA.attribute_facet = function(spec, no_init) {
    spec.state.evaluators = spec.state.evaluators || [];
    spec.state.evaluators.push(
        IPA.selected_state_evaluator,
-        IPA.read_only_state_evaluator);
+        IPA.read_only_state_evaluator,
+        {
+            factory: IPA.attr_read_only_evaluator,
+            attribute: spec.attribute
+        });

    spec.columns = spec.columns || [ spec.attribute ];
    spec.table_name = spec.table_name || spec.attribute;
@ -1235,6 +1239,13 @@ IPA.attribute_facet = function(spec, no_init) {
            args: pkey
        });

+        if (command.check_option('all')) {
+            command.set_option('all', true);
+        }
+        if (command.check_option('rights')) {
+            command.set_option('rights', true);
+        }
+
        command.on_success = function(data, text_status, xhr) {
            that.load(data);
            that.show_content();
@ -1323,6 +1334,13 @@ IPA.attribute_facet = function(spec, no_init) {

        command.set_option(that.attribute, values);

+        if (command.check_option('all')) {
+            command.set_option('all', true);
+        }
+        if (command.check_option('rights')) {
+            command.set_option('rights', true);
+        }
+
        command.execute();
    };

@ -1336,5 +1354,37 @@ IPA.attribute_facet = function(spec, no_init) {

    if (!no_init) that.init_attribute_facet();

+    return that;
+};
+
+IPA.attr_read_only_evaluator = function(spec) {
+
+    spec.name = spec.name || 'attr_read_only_evaluator';
+    spec.event = spec.event || 'post_load';
+
+    var that = IPA.state_evaluator(spec);
+    that.attribute = spec.attribute;
+
+    that.on_event = function(data) {
+
+        var old_state, record, rights, i, state;
+
+        old_state = that.state;
+        record = data.result.result;
+
+        // ignore loads without --rights
+        if (!record.attributelevelrights) return;
+
+        that.state = [];
+
+        rights = record.attributelevelrights[that.attribute];
+
+        if (!rights || rights.indexOf('w') === -1) {
+            that.state.push('read-only');
+        }
+
+        that.notify_on_change(old_state);
+    };
+
    return that;
 };
--- a/install/ui/ipa.js
+++ b/install/ui/ipa.js
@ -833,6 +833,12 @@ IPA.command = function(spec) {
        return errors;
    };

+    that.check_option = function(option_name) {
+
+        var metadata = IPA.get_command_option(that.get_command(), option_name);
+        return metadata !== null;
+    };
+
    that.to_json = function() {
        var json = {};