Enable reset password action according to attribute perrmission

This patch creates state_evaluator which creates permission states for defined attribute. The state format is: attributeName_permissionChar. This evaluator is used for user_password attribute and it control enabling/disabling of related action in user account action panel. https://fedorahosted.org/freeipa/ticket/2318
2025-02-25 18:55:28 -06:00 · 2012-05-23 11:52:20 +02:00
parent bf0c6ff697
commit bf9234dbd1
2 changed files with 46 additions and 2 deletions
--- a/install/ui/details.js
+++ b/install/ui/details.js
@@ -969,6 +969,40 @@ IPA.enable_state_evaluator = function(spec) {
    return that;
 };

+IPA.acl_state_evaluator = function(spec) {
+
+    spec.name = spec.name || 'acl_state_evaluator';
+    spec.event = spec.event || 'post_load';
+
+    var that = IPA.state_evaluator(spec);
+    that.attribute = spec.attribute;
+
+    that.on_event = function(data) {
+
+        var old_state, record, rights, i, state;
+
+        old_state = that.state;
+        record = data.result.result;
+
+        that.state = [];
+
+        if (record.attributelevelrights) {
+            rights = record.attributelevelrights[that.attribute];
+        }
+
+        rights = rights || '';
+
+        for (i=0; i<rights.length; i++) {
+            state = that.attribute + '_' + rights.charAt(i);
+            that.state.push(state);
+        }
+
+        that.notify_on_change(old_state);
+    };
+
+    return that;
+};
+
 IPA.object_action = function(spec) {

    spec = spec || {};
--- a/install/ui/user.js
+++ b/install/ui/user.js
@@ -239,7 +239,8 @@ IPA.user.entity = function(spec) {
                        factory: IPA.enable_state_evaluator,
                        field: 'nsaccountlock',
                        invert_value: true
-                    }
+                    },
+                    IPA.user.reset_password_acl_evaluator
                ],
                summary_conditions: [
                    IPA.enabled_summary_cond(),
@@ -613,7 +614,7 @@ IPA.user.reset_password_action = function(spec) {
    spec = spec || {};
    spec.name = spec.name || 'reset_password';
    spec.label = spec.label || IPA.messages.password.reset_password;
-    //TODO: add enable condition based on ACL
+    spec.enable_cond = spec.enable_cond || ['userpassword_w'];

    var that = IPA.action(spec);

@@ -629,4 +630,13 @@ IPA.user.reset_password_action = function(spec) {
    return that;
 };

+IPA.user.reset_password_acl_evaluator = function(spec) {
+
+    spec.name = spec.name || 'reset_password_acl_evaluator';
+    spec.attribute = spec.attribute || 'userpassword';
+
+    var that = IPA.acl_state_evaluator(spec);
+    return that;
+};
+
 IPA.register('user', IPA.user.entity);