WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

read only fields for self service

This commit is contained in:
Roland Gruber 2012-08-18 15:55:43 +00:00
parent 1fa4ec71f5
commit 0dc4319145
15 changed files with 501 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -1,6 +1,7 @@
September 2012 3.9
- LAM Pro
-> support RFC2307bis automount entries
-> read-only fields in self service
- fixed bugs
-> Hidden tools are still shown in the "Tools" page (3546092)

8
lam/docs/devel/upgrade.htm
View File

@ -12,6 +12,7 @@
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"><title>Upgrade notes</title>
@ -32,8 +33,11 @@ This is a list of API changes for all LAM releases.
<h2>3.8 -&gt; 3.9</h2>Module interface:<br>
<ul>
<li><span style="font-weight: bold;">supportsAdminInterface()</span>: Can be used mark modules that only support the self service.<br>
</li>
<li>new function <span style="font-weight: bold;">supportsAdminInterface()</span>: Can be used to mark modules that only support the self service.</li>
<li>new function <span style="font-weight: bold;">canSelfServiceFieldBeReadOnly()</span>: Specifies if a certain self service field can be set in read-only mode.</li>
<li><span style="font-weight: bold;">getSelfServiceOptions()</span>: new parameter <span style="font-style: italic;">$readOnlyFields</span> that contains read-only fields</li>
<li><span style="font-weight: bold;">checkSelfServiceOptions()</span>: new parameter <span style="font-style: italic;">$readOnlyFields </span>that contains read-only fields</li>
</ul>
Meta HTML:<br>
<ul>

436
lam/docs/manual-sources/howto.xml
View File

@ -4343,8 +4343,16 @@ Run slapindex to rebuild the index.
<section>
<title>Page layout</title>
<para>On the bottom you can specify what input fields your users can
see. It is also possible to group several input fields.</para>
<para>Here you can specify what input fields your users can see. It is
also possible to group several input fields.</para>
<para>Please use the arrow signs to change the order of the
fields/groups.</para>
<para>You may also set some fields as read-only for your users. This
can be done by clicking on the lock symbol. Read-only fields can be
used to show your users additional data on the self service page that
must not be changed by themselves (e.g. first/last name).</para>
<screenshot>
<mediaobject>
@ -4355,239 +4363,257 @@ Run slapindex to rebuild the index.
</screenshot>
</section>
<section id="PasswordSelfReset">
<title>Password self reset</title>
<para><emphasis role="bold">Settings</emphasis></para>
<para>You can allow your users to reset their passwords themselves.
This will reduce your administrative costs for cases where users
forget their passwords.</para>
<para>To enable this feature please activate the checkbox "Enable
password self reset link":</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset1.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>You can now configure the minimum answer length for password
reset answers. This is checked when you allow you users to specify
their answers via the self service. Additionally, you can specify the
text of the password reset link (default: "Forgot password?"). The
link is displayed below the password field on the self service login
page.</para>
<para>Next, please enter the DN and password of an LDAP entry that is
allowed to reset the passwords. This entry needs write access to the
attributes shadowLastChange, pwdAccountLockedTime and userPassword. It
also needs read access to uid, mail, passwordSelfResetQuestion and
passwordSelfResetAnswer. Please note that LAM Pro saves the password
on your server file system. Therefore, it is required to protect your
server against unauthorised access.</para>
<para>Please also specify the list of password reset questions that
the user can choose.</para>
<para>Please note that self service and LAM admin interface are
separated functionalities. You need to specify the list of possible
security questions in both self service profile(s) and server
profile(s).</para>
<literallayout> </literallayout>
<para>You can inform your users via mail about their password change.
The mail can include the new password by using the special wildcard
"@@newPassword@@". Additionally, you may want to insert other
wildcards that are replaced by the corresponding LDAP attributes. E.g.
"@@uid@@" will be replaced by the user name.</para>
<literallayout> </literallayout>
<para>LAM Pro can send your users an email with a confirmation link to
validate their email address. Of course, this should only be used if
the email account is independent from the user password (e.g. at
external provider). The mail must include the confirmation link by
using the special wildcard "@@resetLink@@". Additionally, you may want
to insert other wildcards that are replaced by the corresponding LDAP
attributes. E.g. "@@uid@@" will be replaced by the user name.</para>
<para>There is also an option to skip the security question at all if
email verification is enabled. In this case the password can be reset
directly after clicking on the confirmation link. Please handle with
care since anybody with access to the user's mail account can reset
the password.</para>
<para><emphasis role="bold">New fields for self service
page</emphasis></para>
<para>There are two new fields that you may put on the self service
page for your users. These fields allow them to change the reset
question and its answer.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset2.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>This is an example how can be presented to your users on the
self service page:</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset3.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Password reset link</emphasis></para>
<para>After activating the password self reset feature there will be a
new link on the self service login page. The text can be configured as
described above (default: "Forgot password?").</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset4.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>When a user clicks on the link then he will be asked for
identification with his user name and email address.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset5.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>LAM Pro will use this information to find the correct LDAP entry
of this user. It then displays the user's security question and input
fields for his new password. If the answer is correct then the new
password will be set. Additionally, pwdAccountLockedTime will be
removed and shadowLastChange updated to the current time if
existing.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset6.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>User self registration</title>
<title>Module settings</title>
<para>With LAM Pro your users can create their own accounts if you
like. LAM Pro will display an additional link on the self service
login page that allows you users to create a new account including
email validation.</para>
<para>You enable this feature in your self service profile. Just
activate the checkbox "Enable self registration link".</para>
<para>This allows to configure some module specific options (e.g.
custom scripts or password hash type).</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/accountRegistration1.png" />
<imagedata fileref="images/conf6.jpg" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Options:</emphasis></para>
<section id="PasswordSelfReset">
<title>Password self reset</title>
<para><emphasis>Link text:</emphasis> This is the label for the link
to the self registration. If empty "Register new account" will be
used.</para>
<para><emphasis role="bold">Settings</emphasis></para>
<para><emphasis>Admin DN and password:</emphasis> Please enter the
LDAP DN and its password that should be used to create new users. This
DN also needs to be able to do LDAP searches by uid in the self
service part of your LDAP tree.</para>
<para>You can allow your users to reset their passwords themselves.
This will reduce your administrative costs for cases where users
forget their passwords.</para>
<para><emphasis>Object classes:</emphasis> This is a list of object
classes that are used to build the new user accounts. Please enter one
object class in each line.</para>
<para>To enable this feature please activate the checkbox "Enable
password self reset link":</para>
<para><emphasis>Attributes:</emphasis> This is a list of additional
attributes that the user can enter. Please note that user name,
password and email address are mandatory anyway and need not be
specified.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset1.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>Each line represents one LDAP attribute. The options are
separated by "::". The first option specifies if the attribute is
mandatory. It can have the values "optional" and "required". The
second option is the LDAP attribute name and the third one is a
descriptive label for it. Options four and five are used for input
validation. Please enter the regular expression (e.g.
"/^[0-9a-zA-Z]+$/") and an error message if the value does not match
it. For a syntax description see <ulink
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is
optional.</para>
<para>You can now configure the minimum answer length for password
reset answers. This is checked when you allow you users to specify
their answers via the self service. Additionally, you can specify
the text of the password reset link (default: "Forgot password?").
The link is displayed below the password field on the self service
login page.</para>
<para>Example:</para>
<para>Next, please enter the DN and password of an LDAP entry that
is allowed to reset the passwords. This entry needs write access to
the attributes shadowLastChange, pwdAccountLockedTime and
userPassword. It also needs read access to uid, mail,
passwordSelfResetQuestion and passwordSelfResetAnswer. Please note
that LAM Pro saves the password on your server file system.
Therefore, it is required to protect your server against
unauthorised access.</para>
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please
enter a valid first name.</para>
<para>Please also specify the list of password reset questions that
the user can choose.</para>
<para>required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a
valid last name.</para>
<para>Please note that self service and LAM admin interface are
separated functionalities. You need to specify the list of possible
security questions in both self service profile(s) and server
profile(s).</para>
<para>If you use the object class "inetOrgPerson" and do not provide
the "cn" attribute then LAM will set it to the user name value.</para>
<literallayout> </literallayout>
<literallayout>
<para>You can inform your users via mail about their password
change. The mail can include the new password by using the special
wildcard "@@newPassword@@". Additionally, you may want to insert
other wildcards that are replaced by the corresponding LDAP
attributes. E.g. "@@uid@@" will be replaced by the user name.</para>
<literallayout> </literallayout>
<para>LAM Pro can send your users an email with a confirmation link
to validate their email address. Of course, this should only be used
if the email account is independent from the user password (e.g. at
external provider). The mail must include the confirmation link by
using the special wildcard "@@resetLink@@". Additionally, you may
want to insert other wildcards that are replaced by the
corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by
the user name.</para>
<para>There is also an option to skip the security question at all
if email verification is enabled. In this case the password can be
reset directly after clicking on the confirmation link. Please
handle with care since anybody with access to the user's mail
account can reset the password.</para>
<para><emphasis role="bold">New fields for self service
page</emphasis></para>
<para>There are two new fields that you may put on the self service
page for your users. These fields allow them to change the reset
question and its answer.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset2.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>This is an example how can be presented to your users on the
self service page:</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset3.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Password reset link</emphasis></para>
<para>After activating the password self reset feature there will be
a new link on the self service login page. The text can be
configured as described above (default: "Forgot password?").</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset4.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>When a user clicks on the link then he will be asked for
identification with his user name and email address.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset5.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>LAM Pro will use this information to find the correct LDAP
entry of this user. It then displays the user's security question
and input fields for his new password. If the answer is correct then
the new password will be set. Additionally, pwdAccountLockedTime
will be removed and shadowLastChange updated to the current time if
existing.</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/passwordSelfReset6.png" />
</imageobject>
</mediaobject>
</screenshot>
</section>
<section>
<title>User self registration</title>
<para>With LAM Pro your users can create their own accounts if you
like. LAM Pro will display an additional link on the self service
login page that allows you users to create a new account including
email validation.</para>
<para>You enable this feature in your self service profile. Just
activate the checkbox "Enable self registration link".</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/accountRegistration1.png" />
</imageobject>
</mediaobject>
</screenshot>
<para><emphasis role="bold">Options:</emphasis></para>
<para><emphasis>Link text:</emphasis> This is the label for the link
to the self registration. If empty "Register new account" will be
used.</para>
<para><emphasis>Admin DN and password:</emphasis> Please enter the
LDAP DN and its password that should be used to create new users.
This DN also needs to be able to do LDAP searches by uid in the self
service part of your LDAP tree.</para>
<para><emphasis>Object classes:</emphasis> This is a list of object
classes that are used to build the new user accounts. Please enter
one object class in each line.</para>
<para><emphasis>Attributes:</emphasis> This is a list of additional
attributes that the user can enter. Please note that user name,
password and email address are mandatory anyway and need not be
specified.</para>
<para>Each line represents one LDAP attribute. The options are
separated by "::". The first option specifies if the attribute is
mandatory. It can have the values "optional" and "required". The
second option is the LDAP attribute name and the third one is a
descriptive label for it. Options four and five are used for input
validation. Please enter the regular expression (e.g.
"/^[0-9a-zA-Z]+$/") and an error message if the value does not match
it. For a syntax description see <ulink
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation
is optional.</para>
<para>Example:</para>
<para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please
enter a valid first name.</para>
<para>required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a
valid last name.</para>
<para>If you use the object class "inetOrgPerson" and do not provide
the "cn" attribute then LAM will set it to the user name
value.</para>
<literallayout>
</literallayout>
<para>Please note that only simple input boxes are supported for
account registration. The user may log in to self service when his
account was created to manage all his attributes.</para>
<para>Please note that only simple input boxes are supported for
account registration. The user may log in to self service when his
account was created to manage all his attributes.</para>
<literallayout>
<literallayout>
</literallayout>
<para><emphasis role="bold">User view:</emphasis></para>
<para><emphasis role="bold">User view:</emphasis></para>
<para>The user can register by clicking on a link on the self service
login page:</para>
<para>The user can register by clicking on a link on the self
service login page:</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/accountRegistration2.png" />
</imageobject>
</mediaobject>
</screenshot>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/accountRegistration2.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>Here he can insert the data that you specified in the self
service profile:</para>
<para>Here he can insert the data that you specified in the self
service profile:</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/accountRegistration3.png" />
</imageobject>
</mediaobject>
</screenshot>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/accountRegistration3.png" />
</imageobject>
</mediaobject>
</screenshot>
<para>LAM will then send him an email with a validation link that is
valid for 24 hours. When he clicks on this link then the account will
be created in the self service user suffix. The DN will look like
this: <emphasis>uid=&lt;user name&gt;,...</emphasis></para>
<para>LAM will then send him an email with a validation link that is
valid for 24 hours. When he clicks on this link then the account
will be created in the self service user suffix. The DN will look
like this: <emphasis>uid=&lt;user name&gt;,...</emphasis></para>
</section>
</section>
</section>

BIN
lam/docs/manual-sources/images/conf4.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 128 KiB

BIN
lam/docs/manual-sources/images/conf5.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 70 KiB

BIN
lam/docs/manual-sources/images/conf6.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

19
lam/lib/baseModule.inc
View File

@ -1220,6 +1220,19 @@ abstract class baseModule {
if (isset($this->meta['selfServiceFieldSettings']) && is_array($this->meta['selfServiceFieldSettings'])) return $this->meta['selfServiceFieldSettings'];
else return array();
}
/**
* Returns if a given self service field can be set in read-only mode.
*
* @param String $fieldID field identifier
* @param selfServiceProfile $profile currently edited profile
*/
public function canSelfServiceFieldBeReadOnly($fieldID, $profile) {
if (isset($this->meta['selfServiceReadOnlyFields']) && is_array($this->meta['selfServiceReadOnlyFields'])) {
return in_array($fieldID, $this->meta['selfServiceReadOnlyFields']);
}
return false;
}
/**
* Returns the meta HTML code for each input field.
@ -1231,11 +1244,12 @@ abstract class baseModule {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*
* @see htmlElement
*/
public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
// this function must be overwritten by subclasses.
return array();
}
@ -1254,9 +1268,10 @@ abstract class baseModule {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
return $return;
}

2
lam/lib/modules.inc
View File

@ -625,7 +625,7 @@ function printHelpLink($entry, $number, $module='', $scope='') {
echo "<a href=\"" . $helpPath . "help.php?module=$module&amp;HelpNumber=". $number . "&amp;scope=" . $scope . "\" ";
echo "target=\"help\" ";
echo "onmouseover=\"Tip('" . $message . "', TITLE, '" . $title . "')\" onmouseout=\"UnTip()\">";
echo "<img width=16 height=16 src=\"../$helpPath/graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "<img class=\"align-middle\" width=16 height=16 src=\"../$helpPath/graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "</a>";
}

3
lam/lib/modules/asteriskAccount.inc
View File

@ -1578,9 +1578,10 @@ class asteriskAccount extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
return $return;

3
lam/lib/modules/asteriskVoicemail.inc
View File

@ -588,9 +588,10 @@ class asteriskVoicemail extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
return $return;

200
lam/lib/modules/inetOrgPerson.inc
View File

@ -127,6 +127,10 @@ class inetOrgPerson extends baseModule implements passwordService {
'homePhone' => _('Home telephone number'), 'roomNumber' => _('Room number'), 'carLicense' => _('Car license'),
'location' => _('Location'), 'state' => _('State'), 'officeName' => _('Office name'), 'businessCategory' => _('Business category'),
'departmentNumber' => _('Department'), 'initials' => _('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web site'));
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('firstName', 'lastName', 'mail', 'telephoneNumber', 'mobile', 'faxNumber', 'street',
'postalAddress', 'registeredAddress', 'postalCode', 'postOfficeBox', 'jpegPhoto', 'homePhone', 'roomNumber', 'carLicense',
'location', 'state', 'officeName', 'businessCategory', 'departmentNumber', 'initials', 'title', 'labeledURI');
// profile elements
$profileElements = array();
if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideStreet')) {
@ -2521,9 +2525,10 @@ class inetOrgPerson extends baseModule implements passwordService {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if ($passwordChangeOnly) {
return $return; // no fields as long no LDAP content can be read
@ -2531,134 +2536,210 @@ class inetOrgPerson extends baseModule implements passwordService {
if (in_array('firstName', $fields)) {
$firstName = '';
if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0];
$firstNameField = new htmlInputField('inetOrgPerson_firstName', $firstName);
if (in_array('firstName', $readOnlyFields)) {
$firstNameField = new htmlOutputText($firstName);
}
$return['firstName'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('First name'), 'inetOrgPerson_firstName', $firstName)
new htmlOutputText(_('First name')), $firstNameField
));
}
if (in_array('lastName', $fields)) {
$lastName = '';
if (isset($attributes['sn'][0])) $lastName = $attributes['sn'][0];
$lastNameField = new htmlInputField('inetOrgPerson_lastName', $lastName);
if (in_array('lastName', $readOnlyFields)) {
$lastNameField = new htmlOutputText($lastName);
}
$return['lastName'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Last name'), 'inetOrgPerson_lastName', $lastName)
new htmlOutputText(_('Last name')), $lastNameField
));
}
if (in_array('mail', $fields)) {
$mail = '';
if (isset($attributes['mail'][0])) $mail = $attributes['mail'][0];
$mailField = new htmlInputField('inetOrgPerson_mail', $mail);
if (in_array('mail', $readOnlyFields)) {
$mailField = new htmlOutputText($mail);
}
$return['mail'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Email address'), 'inetOrgPerson_mail', $mail)
new htmlOutputText(_('Email address')), $mailField
));
}
if (in_array('labeledURI', $fields)) {
$labeledURI = '';
if (isset($attributes['labeledURI'][0])) $labeledURI = implode('; ', $attributes['labeledURI']);
$labeledURIField = new htmlInputField('inetOrgPerson_labeledURI', $labeledURI);
if (in_array('labeledURI', $readOnlyFields)) {
$labeledURIField = new htmlOutputText($labeledURI);
}
$return['labeledURI'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Web site'), 'inetOrgPerson_labeledURI', $labeledURI)
new htmlOutputText(_('Web site')), $labeledURIField
));
}
if (in_array('telephoneNumber', $fields)) {
$telephoneNumber = '';
if (isset($attributes['telephoneNumber'][0])) $telephoneNumber = $attributes['telephoneNumber'][0];
$telephoneNumberField = new htmlInputField('inetOrgPerson_telephoneNumber', $telephoneNumber);
if (in_array('telephoneNumber', $readOnlyFields)) {
$telephoneNumberField = new htmlOutputText($telephoneNumber);
}
$return['telephoneNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Telephone number'), 'inetOrgPerson_telephoneNumber', $telephoneNumber)
new htmlOutputText(_('Telephone number')), $telephoneNumberField
));
}
if (in_array('homePhone', $fields)) {
$homePhone = '';
if (isset($attributes['homePhone'][0])) $homePhone = $attributes['homePhone'][0];
$homePhoneField = new htmlInputField('inetOrgPerson_homePhone', $homePhone);
if (in_array('homePhone', $readOnlyFields)) {
$homePhoneField = new htmlOutputText($homePhone);
}
$return['homePhone'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Home telephone number'), 'inetOrgPerson_homePhone', $homePhone)
new htmlOutputText(_('Home telephone number')), $homePhoneField
));
}
if (in_array('mobile', $fields)) {
$mobile = '';
if (isset($attributes['mobile'][0])) $mobile = $attributes['mobile'][0];
$mobileField = new htmlInputField('inetOrgPerson_mobile', $mobile);
if (in_array('mobile', $readOnlyFields)) {
$mobileField = new htmlOutputText($mobile);
}
$return['mobile'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Mobile telephone number'), 'inetOrgPerson_mobile', $mobile)
new htmlOutputText(_('Mobile telephone number')), $mobileField
));
}
if (in_array('faxNumber', $fields)) {
$faxNumber = '';
if (isset($attributes['facsimileTelephoneNumber'][0])) $faxNumber = $attributes['facsimileTelephoneNumber'][0];
$faxNumberField = new htmlInputField('inetOrgPerson_faxNumber', $faxNumber);
if (in_array('faxNumber', $readOnlyFields)) {
$faxNumberField = new htmlOutputText($faxNumber);
}
$return['faxNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Fax number'), 'inetOrgPerson_faxNumber', $faxNumber)
new htmlOutputText(_('Fax number')), $faxNumberField
));
}
if (in_array('street', $fields)) {
$street = '';
if (isset($attributes['street'][0])) $street = $attributes['street'][0];
$streetField = new htmlInputField('inetOrgPerson_street', $street);
if (in_array('street', $readOnlyFields)) {
$streetField = new htmlOutputText($street);
}
$return['street'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Street'), 'inetOrgPerson_street', $street)
new htmlOutputText(_('Street')), $streetField
));
}
if (in_array('postalAddress', $fields)) {
$postalAddress = '';
if (isset($attributes['postalAddress'][0])) $postalAddress = $attributes['postalAddress'][0];
$postalAddressField = new htmlInputField('inetOrgPerson_postalAddress', $postalAddress);
if (in_array('postalAddress', $readOnlyFields)) {
$postalAddressField = new htmlOutputText($postalAddress);
}
$return['postalAddress'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Postal address'), 'inetOrgPerson_postalAddress', $postalAddress)
new htmlOutputText(_('Postal address')), $postalAddressField
));
}
if (in_array('registeredAddress', $fields)) {
$registeredAddress = '';
if (isset($attributes['registeredAddress'][0])) $registeredAddress = $attributes['registeredAddress'][0];
$registeredAddressField = new htmlInputField('inetOrgPerson_registeredAddress', $registeredAddress);
if (in_array('registeredAddress', $readOnlyFields)) {
$registeredAddressField = new htmlOutputText($registeredAddress);
}
$return['registeredAddress'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Registered address'), 'inetOrgPerson_registeredAddress', $registeredAddress)
new htmlOutputText(_('Registered address')), $registeredAddressField
));
}
if (in_array('postalCode', $fields)) {
$postalCode = '';
if (isset($attributes['postalCode'][0])) $postalCode = $attributes['postalCode'][0];
$postalCodeField = new htmlInputField('inetOrgPerson_postalCode', $postalCode);
if (in_array('postalCode', $readOnlyFields)) {
$postalCodeField = new htmlOutputText($postalCode);
}
$return['postalCode'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Postal code'), 'inetOrgPerson_postalCode', $postalCode)
new htmlOutputText(_('Postal code')), $postalCodeField
));
}
if (in_array('postOfficeBox', $fields)) {
$postOfficeBox = '';
if (isset($attributes['postOfficeBox'][0])) $postOfficeBox = $attributes['postOfficeBox'][0];
$postOfficeBoxField = new htmlInputField('inetOrgPerson_postOfficeBox', $postOfficeBox);
if (in_array('postOfficeBox', $readOnlyFields)) {
$postOfficeBoxField = new htmlOutputText($postOfficeBox);
}
$return['postOfficeBox'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Post office box'), 'inetOrgPerson_postOfficeBox', $postOfficeBox)
new htmlOutputText(_('Post office box')), $postOfficeBoxField
));
}
if (in_array('roomNumber', $fields)) {
$roomNumber = '';
if (isset($attributes['roomNumber'][0])) $roomNumber = $attributes['roomNumber'][0];
$roomNumberField = new htmlInputField('inetOrgPerson_roomNumber', $roomNumber);
if (in_array('roomNumber', $readOnlyFields)) {
$roomNumberField = new htmlOutputText($roomNumber);
}
$return['roomNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Room number'), 'inetOrgPerson_roomNumber', $roomNumber)
new htmlOutputText(_('Room number')), $roomNumberField
));
}
if (in_array('location', $fields)) {
$l = '';
if (isset($attributes['l'][0])) $l = $attributes['l'][0];
$lField = new htmlInputField('inetOrgPerson_location', $l);
if (in_array('location', $readOnlyFields)) {
$lField = new htmlOutputText($l);
}
$return['location'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Location'), 'inetOrgPerson_location', $l)
new htmlOutputText(_('Location')), $lField
));
}
if (in_array('state', $fields)) {
$st = '';
if (isset($attributes['st'][0])) $st = $attributes['st'][0];
$stField = new htmlInputField('inetOrgPerson_state', $st);
if (in_array('state', $readOnlyFields)) {
$stField = new htmlOutputText($st);
}
$return['state'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('State'), 'inetOrgPerson_state', $st)
new htmlOutputText(_('State')), $stField
));
}
if (in_array('carLicense', $fields)) {
$carLicense = '';
if (isset($attributes['carLicense'][0])) $carLicense = $attributes['carLicense'][0];
$carLicenseField = new htmlInputField('inetOrgPerson_carLicense', $carLicense);
if (in_array('carLicense', $readOnlyFields)) {
$carLicenseField = new htmlOutputText($carLicense);
}
$return['carLicense'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Car license'), 'inetOrgPerson_carLicense', $carLicense)
new htmlOutputText(_('Car license')), $carLicenseField
));
}
if (in_array('officeName', $fields)) {
$physicalDeliveryOfficeName = '';
if (isset($attributes['physicalDeliveryOfficeName'][0])) $physicalDeliveryOfficeName = $attributes['physicalDeliveryOfficeName'][0];
$physicalDeliveryOfficeNameField = new htmlInputField('inetOrgPerson_officeName', $physicalDeliveryOfficeName);
if (in_array('officeName', $readOnlyFields)) {
$physicalDeliveryOfficeNameField = new htmlOutputText($physicalDeliveryOfficeName);
}
$return['officeName'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Office name'), 'inetOrgPerson_officeName', $physicalDeliveryOfficeName)
new htmlOutputText(_('Office name')), $physicalDeliveryOfficeNameField
));
}
if (in_array('businessCategory', $fields)) {
$businessCategory = '';
if (isset($attributes['businessCategory'][0])) $businessCategory = $attributes['businessCategory'][0];
$businessCategoryField = new htmlInputField('inetOrgPerson_businessCategory', $businessCategory);
if (in_array('businessCategory', $readOnlyFields)) {
$businessCategoryField = new htmlOutputText($businessCategory);
}
$return['businessCategory'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Business category'), 'inetOrgPerson_businessCategory', $businessCategory)
new htmlOutputText(_('Business category')), $businessCategoryField
));
}
if (in_array('jpegPhoto', $fields)) {
@ -2670,15 +2751,17 @@ class inetOrgPerson extends baseModule implements passwordService {
$photoFile = '../../tmp/' . $jpeg_filename;
$photoSub = new htmlTable();
$photoSub->addElement(new htmlImage($photoFile), true);
$photoSubSub = new htmlTable();
$photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false));
$photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile'));
$photoSub->addElement($photoSubSub);
if (!in_array('jpegPhoto', $readOnlyFields)) {
$photoSubSub = new htmlTable();
$photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false));
$photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile'));
$photoSub->addElement($photoSubSub);
}
$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub);
$photoRow = new htmlTableRow($photoRowCells);
$return['jpegPhoto'] = $photoRow;
}
else {
elseif (!in_array('jpegPhoto', $readOnlyFields)) {
$photoSub = new htmlTable();
$photoSub->addElement(new htmlTableExtendedInputFileUpload('photoFile', _('Add photo')));
$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub);
@ -2689,22 +2772,34 @@ class inetOrgPerson extends baseModule implements passwordService {
if (in_array('departmentNumber', $fields)) {
$departmentNumber = '';
if (isset($attributes['departmentNumber'][0])) $departmentNumber = implode('; ', $attributes['departmentNumber']);
$departmentNumberField = new htmlInputField('inetOrgPerson_departmentNumber', $departmentNumber);
if (in_array('departmentNumber', $readOnlyFields)) {
$departmentNumberField = new htmlOutputText($departmentNumber);
}
$return['departmentNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Department'), 'inetOrgPerson_departmentNumber', $departmentNumber)
new htmlOutputText(_('Department')), $departmentNumberField
));
}
if (in_array('initials', $fields)) {
$initials = '';
if (isset($attributes['initials'][0])) $initials = implode('; ', $attributes['initials']);
$initialsField = new htmlInputField('inetOrgPerson_initials', $initials);
if (in_array('initials', $readOnlyFields)) {
$initialsField = new htmlOutputText($initials);
}
$return['initials'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Initials'), 'inetOrgPerson_initials', $initials)
new htmlOutputText(_('Initials')), $initialsField
));
}
if (in_array('title', $fields)) {
$title = '';
if (isset($attributes['title'][0])) $title = $attributes['title'][0];
$titleField = new htmlInputField('inetOrgPerson_title', $title);
if (in_array('title', $readOnlyFields)) {
$titleField = new htmlOutputText($title);
}
$return['title'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Job title'), 'inetOrgPerson_title', $title)
new htmlOutputText(_('Job title')), $titleField
));
}
return $return;
@ -2724,9 +2819,10 @@ class inetOrgPerson extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
@ -2734,7 +2830,7 @@ class inetOrgPerson extends baseModule implements passwordService {
$attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes;
// first name
if (in_array('firstName', $fields)) {
if (in_array('firstName', $fields) && !in_array('firstName', $readOnlyFields)) {
$attributeNames[] = 'givenName';
if (isset($_POST['inetOrgPerson_firstName']) && ($_POST['inetOrgPerson_firstName'] != '')) {
if (!get_preg($_POST['inetOrgPerson_firstName'], 'realname')) $return['messages'][] = $this->messages['givenName'][0];
@ -2743,7 +2839,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['givenName'])) unset($attributesNew['givenName']);
}
// last name
if (in_array('lastName', $fields)) {
if (in_array('lastName', $fields) && !in_array('lastName', $readOnlyFields)) {
$attributeNames[] = 'sn';
if (isset($_POST['inetOrgPerson_lastName']) && ($_POST['inetOrgPerson_lastName'] != '')) {
if (!get_preg($_POST['inetOrgPerson_lastName'], 'realname')) $return['messages'][] = $this->messages['lastname'][0];
@ -2755,7 +2851,7 @@ class inetOrgPerson extends baseModule implements passwordService {
}
}
// email
if (in_array('mail', $fields)) {
if (in_array('mail', $fields) && !in_array('mail', $readOnlyFields)) {
$attributeNames[] = 'mail';
if (isset($_POST['inetOrgPerson_mail']) && ($_POST['inetOrgPerson_mail'] != '')) {
if (!get_preg($_POST['inetOrgPerson_mail'], 'email')) $return['messages'][] = $this->messages['email'][0];
@ -2764,7 +2860,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['mail'])) unset($attributesNew['mail']);
}
// labeledURI
if (in_array('labeledURI', $fields)) {
if (in_array('labeledURI', $fields) && !in_array('labeledURI', $readOnlyFields)) {
$attributeNames[] = 'labeledURI';
if (isset($_POST['inetOrgPerson_labeledURI']) && ($_POST['inetOrgPerson_labeledURI'] != '')) {
$attributesNew['labeledURI'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_labeledURI']);
@ -2772,7 +2868,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['labeledURI'])) unset($attributesNew['labeledURI']);
}
// telephone number
if (in_array('telephoneNumber', $fields)) {
if (in_array('telephoneNumber', $fields) && !in_array('telephoneNumber', $readOnlyFields)) {
$attributeNames[] = 'telephoneNumber';
if (isset($_POST['inetOrgPerson_telephoneNumber']) && ($_POST['inetOrgPerson_telephoneNumber'] != '')) {
if (!get_preg($_POST['inetOrgPerson_telephoneNumber'], 'telephone')) $return['messages'][] = $this->messages['telephoneNumber'][0];
@ -2781,7 +2877,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['telephoneNumber'])) unset($attributesNew['telephoneNumber']);
}
// home telephone number
if (in_array('homePhone', $fields)) {
if (in_array('homePhone', $fields) && !in_array('homePhone', $readOnlyFields)) {
$attributeNames[] = 'homePhone';
if (isset($_POST['inetOrgPerson_homePhone']) && ($_POST['inetOrgPerson_homePhone'] != '')) {
if (!get_preg($_POST['inetOrgPerson_homePhone'], 'telephone')) $return['messages'][] = $this->messages['homePhone'][0];
@ -2790,7 +2886,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['homePhone'])) unset($attributesNew['homePhone']);
}
// fax number
if (in_array('faxNumber', $fields)) {
if (in_array('faxNumber', $fields) && !in_array('faxNumber', $readOnlyFields)) {
$attributeNames[] = 'facsimileTelephoneNumber';
if (isset($_POST['inetOrgPerson_faxNumber']) && ($_POST['inetOrgPerson_faxNumber'] != '')) {
if (!get_preg($_POST['inetOrgPerson_faxNumber'], 'telephone')) $return['messages'][] = $this->messages['facsimileNumber'][0];
@ -2799,7 +2895,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['facsimileTelephoneNumber'])) $attributesNew['facsimileTelephoneNumber'] = array();
}
// mobile telephone number
if (in_array('mobile', $fields)) {
if (in_array('mobile', $fields) && !in_array('mobile', $readOnlyFields)) {
$attributeNames[] = 'mobile';
if (isset($_POST['inetOrgPerson_mobile']) && ($_POST['inetOrgPerson_mobile'] != '')) {
if (!get_preg($_POST['inetOrgPerson_mobile'], 'telephone')) $return['messages'][] = $this->messages['mobileTelephone'][0];
@ -2808,7 +2904,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['mobile'])) unset($attributesNew['mobile']);
}
// street
if (in_array('street', $fields)) {
if (in_array('street', $fields) && !in_array('street', $readOnlyFields)) {
$attributeNames[] = 'street';
if (isset($_POST['inetOrgPerson_street']) && ($_POST['inetOrgPerson_street'] != '')) {
if (!get_preg($_POST['inetOrgPerson_street'], 'street')) $return['messages'][] = $this->messages['street'][0];
@ -2817,7 +2913,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['street'])) unset($attributesNew['street']);
}
// postal address
if (in_array('postalAddress', $fields)) {
if (in_array('postalAddress', $fields) && !in_array('postalAddress', $readOnlyFields)) {
$attributeNames[] = 'postalAddress';
if (isset($_POST['inetOrgPerson_postalAddress']) && ($_POST['inetOrgPerson_postalAddress'] != '')) {
if (!get_preg($_POST['inetOrgPerson_postalAddress'], 'postalAddress')) $return['messages'][] = $this->messages['postalAddress'][0];
@ -2826,7 +2922,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postalAddress'])) $attributesNew['postalAddress'] = array();
}
// registered address
if (in_array('registeredAddress', $fields)) {
if (in_array('registeredAddress', $fields) && !in_array('registeredAddress', $readOnlyFields)) {
$attributeNames[] = 'registeredAddress';
if (isset($_POST['inetOrgPerson_registeredAddress']) && ($_POST['inetOrgPerson_registeredAddress'] != '')) {
if (!get_preg($_POST['inetOrgPerson_registeredAddress'], 'postalAddress')) $return['messages'][] = $this->messages['registeredAddress'][0];
@ -2835,7 +2931,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['registeredAddress'])) $attributesNew['registeredAddress'] = array();
}
// postal code
if (in_array('postalCode', $fields)) {
if (in_array('postalCode', $fields) && !in_array('postalCode', $readOnlyFields)) {
$attributeNames[] = 'postalCode';
if (isset($_POST['inetOrgPerson_postalCode']) && ($_POST['inetOrgPerson_postalCode'] != '')) {
if (!get_preg($_POST['inetOrgPerson_postalCode'], 'postalCode')) $return['messages'][] = $this->messages['postalCode'][0];
@ -2844,7 +2940,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postalCode'])) unset($attributesNew['postalCode']);
}
// post office box
if (in_array('postOfficeBox', $fields)) {
if (in_array('postOfficeBox', $fields) && !in_array('postOfficeBox', $readOnlyFields)) {
$attributeNames[] = 'postOfficeBox';
if (isset($_POST['inetOrgPerson_postOfficeBox']) && ($_POST['inetOrgPerson_postOfficeBox'] != '')) {
$attributesNew['postOfficeBox'][0] = $_POST['inetOrgPerson_postOfficeBox'];
@ -2852,7 +2948,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postOfficeBox'])) unset($attributesNew['postOfficeBox']);
}
// room number
if (in_array('roomNumber', $fields)) {
if (in_array('roomNumber', $fields) && !in_array('roomNumber', $readOnlyFields)) {
$attributeNames[] = 'roomNumber';
if (isset($_POST['inetOrgPerson_roomNumber']) && ($_POST['inetOrgPerson_roomNumber'] != '')) {
$attributesNew['roomNumber'][0] = $_POST['inetOrgPerson_roomNumber'];
@ -2860,7 +2956,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['roomNumber'])) unset($attributesNew['roomNumber']);
}
// l
if (in_array('location', $fields)) {
if (in_array('location', $fields) && !in_array('location', $readOnlyFields)) {
$attributeNames[] = 'l';
if (isset($_POST['inetOrgPerson_location']) && ($_POST['inetOrgPerson_location'] != '')) {
$attributesNew['l'][0] = $_POST['inetOrgPerson_location'];
@ -2868,7 +2964,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['l'])) unset($attributesNew['l']);
}
// st
if (in_array('state', $fields)) {
if (in_array('state', $fields) && !in_array('state', $readOnlyFields)) {
$attributeNames[] = 'st';
if (isset($_POST['inetOrgPerson_state']) && ($_POST['inetOrgPerson_state'] != '')) {
$attributesNew['st'][0] = $_POST['inetOrgPerson_state'];
@ -2876,7 +2972,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['st'])) unset($attributesNew['st']);
}
// car license
if (in_array('carLicense', $fields)) {
if (in_array('carLicense', $fields) && !in_array('carLicense', $readOnlyFields)) {
$attributeNames[] = 'carLicense';
if (isset($_POST['inetOrgPerson_carLicense']) && ($_POST['inetOrgPerson_carLicense'] != '')) {
$attributesNew['carLicense'][0] = $_POST['inetOrgPerson_carLicense'];
@ -2884,7 +2980,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['carLicense'])) unset($attributesNew['carLicense']);
}
// office name
if (in_array('officeName', $fields)) {
if (in_array('officeName', $fields) && !in_array('officeName', $readOnlyFields)) {
$attributeNames[] = 'physicalDeliveryOfficeName';
if (isset($_POST['inetOrgPerson_officeName']) && ($_POST['inetOrgPerson_officeName'] != '')) {
$attributesNew['physicalDeliveryOfficeName'][0] = $_POST['inetOrgPerson_officeName'];
@ -2892,7 +2988,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['physicalDeliveryOfficeName'])) unset($attributesNew['physicalDeliveryOfficeName']);
}
// business category
if (in_array('businessCategory', $fields)) {
if (in_array('businessCategory', $fields) && !in_array('businessCategory', $readOnlyFields)) {
$attributeNames[] = 'businessCategory';
if (isset($_POST['inetOrgPerson_businessCategory']) && ($_POST['inetOrgPerson_businessCategory'] != '')) {
if (!get_preg($_POST['inetOrgPerson_businessCategory'], 'businessCategory')) {
@ -2905,7 +3001,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['businessCategory'])) unset($attributesNew['businessCategory']);
}
// photo
if (in_array('jpegPhoto', $fields)) {
if (in_array('jpegPhoto', $fields) && !in_array('jpegPhoto', $readOnlyFields)) {
if (isset($_FILES['photoFile']) && ($_FILES['photoFile']['size'] > 0)) {
$handle = fopen($_FILES['photoFile']['tmp_name'], "r");
$data = fread($handle, 1000000);
@ -2925,7 +3021,7 @@ class inetOrgPerson extends baseModule implements passwordService {
}
}
// departments
if (in_array('departmentNumber', $fields)) {
if (in_array('departmentNumber', $fields) && !in_array('departmentNumber', $readOnlyFields)) {
$attributeNames[] = 'departmentNumber';
if (isset($_POST['inetOrgPerson_departmentNumber']) && ($_POST['inetOrgPerson_departmentNumber'] != '')) {
$attributesNew['departmentNumber'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_departmentNumber']);
@ -2933,7 +3029,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['departmentNumber'])) unset($attributesNew['departmentNumber']);
}
// initials
if (in_array('initials', $fields)) {
if (in_array('initials', $fields) && !in_array('initials', $readOnlyFields)) {
$attributeNames[] = 'initials';
if (isset($_POST['inetOrgPerson_initials']) && ($_POST['inetOrgPerson_initials'] != '')) {
$attributesNew['initials'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_initials']);
@ -2941,7 +3037,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['initials'])) unset($attributesNew['initials']);
}
// title
if (in_array('title', $fields)) {
if (in_array('title', $fields) && !in_array('title', $readOnlyFields)) {
$attributeNames[] = 'title';
if (isset($_POST['inetOrgPerson_title']) && ($_POST['inetOrgPerson_title'] != '')) {
if (!get_preg($_POST['inetOrgPerson_title'], 'title')) $return['messages'][] = $this->messages['title'][0];

61
lam/lib/modules/kolabUser.inc
View File

@ -117,6 +117,8 @@ class kolabUser extends baseModule {
'kolabDelegate' => _('Delegates'),
'kolabInvitationPolicy' => _('Invitation policy')
);
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('kolabFreeBusyFuture', 'kolabDelegate', 'kolabInvitationPolicy');
// help Entries
$return['help'] = array(
'invPol' => array(
@ -819,9 +821,10 @@ class kolabUser extends baseModule {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
if ($passwordChangeOnly) {
return array(); // no Kolab fields as long no LDAP content can be read
}
@ -835,8 +838,12 @@ class kolabUser extends baseModule {
if (isset($attributes['kolabFreeBusyFuture'][0])) {
$kolabFreeBusyFuture = $attributes['kolabFreeBusyFuture'][0];
}
$kolabFreeBusyFutureField = new htmlInputField('kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture);
if (in_array('kolabFreeBusyFuture', $readOnlyFields)) {
$kolabFreeBusyFutureField = new htmlOutputText($kolabFreeBusyFuture);
}
$return['kolabFreeBusyFuture'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Free/Busy interval'), 'kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture)
new htmlOutputText(_('Free/Busy interval')), $kolabFreeBusyFutureField
));
}
// delegates
@ -870,10 +877,17 @@ class kolabUser extends baseModule {
$delegateContainer = new htmlTable();
for ($i = 0; $i < sizeof($kolabDelegate); $i++) {
$delegateContainer->addElement(new htmlOutputText($kolabDelegate[$i]));
$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true);
if (!in_array('kolabDelegate', $readOnlyFields)) {
$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true);
}
else {
$delegateContainer->addNewLine();
}
}
if (!in_array('kolabDelegate', $readOnlyFields)) {
$delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates));
$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true);
}
$delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates));
$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true);
$delegateLabel = new htmlOutputText(_('Delegates'));
$delegateLabel->alignment = htmlElement::ALIGN_TOP;
$return['kolabDelegate'] = new htmlTableRow(array(
@ -894,20 +908,34 @@ class kolabUser extends baseModule {
break;
}
}
$invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true);
if (!in_array('kolabDelegate', $readOnlyFields)) {
$invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true);
}
else {
$invitationContainer->addElement(new htmlOutputText(_('Anyone')));
$invitationContainer->addElement(new htmlOutputText($defaultInvPol), true);
}
// other invitation policies
for ($i = 0; $i < sizeof($attributes['kolabInvitationPolicy']); $i++) {
$parts = explode(":", $attributes['kolabInvitationPolicy'][$i]);
if (sizeof($parts) == 2) {
$invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0]));
$invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]])));
$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true);
if (!in_array('kolabDelegate', $readOnlyFields)) {
$invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0]));
$invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]])));
$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true);
}
else {
$invitationContainer->addElement(new htmlOutputText($parts[0]));
$invitationContainer->addElement(new htmlOutputText($this->invitationPolicies[$parts[1]]), true);
}
}
}
// input box for new invitation policy
$invitationContainer->addElement(new htmlInputField('invPol1', ''));
$invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies)));
$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true);
if (!in_array('kolabDelegate', $readOnlyFields)) {
$invitationContainer->addElement(new htmlInputField('invPol1', ''));
$invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies)));
$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true);
}
$invitationLabel = new htmlOutputText(_('Invitation policy'));
$invitationLabel->alignment = htmlElement::ALIGN_TOP;
$return['kolabInvitationPolicy'] = new htmlTableRow(array(
@ -931,9 +959,10 @@ class kolabUser extends baseModule {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
@ -944,7 +973,7 @@ class kolabUser extends baseModule {
$attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes;
// kolabFreeBusyFuture
if (in_array('kolabFreeBusyFuture', $fields)) {
if (in_array('kolabFreeBusyFuture', $fields) && !in_array('kolabFreeBusyFuture', $readOnlyFields)) {
$attributeNames[] = 'kolabFreeBusyFuture';
if (isset($_POST['kolabUser_kolabFreeBusyFuture']) && ($_POST['kolabUser_kolabFreeBusyFuture'] != '')) {
if (!get_preg($_POST['kolabUser_kolabFreeBusyFuture'], 'digit')) $return['messages'][] = $this->messages['freeBusy'][0];
@ -955,7 +984,7 @@ class kolabUser extends baseModule {
}
}
// delegates
if (in_array('kolabDelegate', $fields)) {
if (in_array('kolabDelegate', $fields) && !in_array('kolabDelegate', $readOnlyFields)) {
$attributeNames[] = 'kolabDelegate';
// new delegation
if (isset($_POST['new_delegate']) && ($_POST['new_delegate'] == 'on')) {
@ -975,7 +1004,7 @@ class kolabUser extends baseModule {
}
}
// invitation policies
if (in_array('kolabInvitationPolicy', $fields)) {
if (in_array('kolabInvitationPolicy', $fields) && !in_array('kolabInvitationPolicy', $readOnlyFields)) {
$attributeNames[] = 'kolabInvitationPolicy';
$policies = array_flip($this->invitationPolicies);
$attributesNew['kolabInvitationPolicy'] = array();

24
lam/lib/modules/posixAccount.inc
View File

@ -154,6 +154,8 @@ class posixAccount extends baseModule implements passwordService {
$return['selfServiceSearchAttributes'] = array('uid');
// self service field settings
$return['selfServiceFieldSettings'] = array('password' => _('Password'), 'cn' => _('Common name'), 'loginShell' => _('Login shell'));
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('cn', 'loginShell');
// self service configuration settings
$selfServiceContainer = new htmlTable();
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"),
@ -2107,9 +2109,10 @@ class posixAccount extends baseModule implements passwordService {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if (in_array('password', $fields)) {
$pwdTable = new htmlTable();
@ -2130,16 +2133,24 @@ class posixAccount extends baseModule implements passwordService {
if (in_array('cn', $fields)) {
$cn = '';
if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0];
$cnField = new htmlInputField('posixAccount_cn', $cn);
if (in_array('cn', $readOnlyFields)) {
$cnField = new htmlOutputText($cn);
}
$return['cn'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Common name'), 'posixAccount_cn', $cn)
new htmlOutputText(_('Common name')), $cnField
));
}
if (in_array('loginShell', $fields)) {
$shelllist = getshells(); // list of all valid shells
$loginShell = '';
if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
if (in_array('loginShell', $readOnlyFields)) {
$loginShellField = new htmlOutputText($loginShell);
}
$return['loginShell'] = new htmlTableRow(array(
new htmlTableExtendedSelect('posixAccount_loginShell', $shelllist, array($loginShell), _('Login shell'))
new htmlOutputText(_('Login shell')), $loginShellField
));
}
return $return;
@ -2159,9 +2170,10 @@ class posixAccount extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (in_array('password', $fields)) {
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
@ -2192,7 +2204,7 @@ class posixAccount extends baseModule implements passwordService {
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
}
if (in_array('cn', $fields)) {
if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) {
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
if (!get_preg($_POST['posixAccount_cn'], 'cn')) {
$return['messages'][] = $this->messages['cn'][0];
@ -2205,7 +2217,7 @@ class posixAccount extends baseModule implements passwordService {
$return['messages'][] = $this->messages['cn'][0];
}
}
if (in_array('loginShell', $fields)) {
if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
$shelllist = getshells(); // list of all valid shells
if (in_array($_POST['posixAccount_loginShell'], $shelllist)
&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {

6
lam/lib/modules/sambaSamAccount.inc
View File

@ -2103,9 +2103,10 @@ class sambaSamAccount extends baseModule implements passwordService {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if ($passwordChangeOnly) {
return $return; // no input fields as long no LDAP content can be read
@ -2143,9 +2144,10 @@ class sambaSamAccount extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
return $return;

30
lam/lib/selfService.inc
View File

@ -91,15 +91,23 @@ function getSelfServiceFieldSettings($scope) {
* @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
* @param array $attributes LDAP attributes (attribute names in lower case)
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array meta HTML code (array(<moduleName> => htmlTableRow))
*/
function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope);
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
$modReadOnlyFields = array();
for ($r = 0; $r < sizeof($readOnlyFields); $r++) {
$parts = explode('_', $readOnlyFields[$r]);
if ($parts[0] == $modules[$i]) {
$modReadOnlyFields[] = $parts[1];
}
}
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields);
if (sizeof($code) > 0) $return[$modules[$i]] = $code;
}
return $return;
@ -113,15 +121,23 @@ function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly
* @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
*/
function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope);
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
$modReadOnlyFields = array();
for ($r = 0; $r < sizeof($readOnlyFields); $r++) {
$parts = explode('_', $readOnlyFields[$r]);
if ($parts[0] == $modules[$i]) {
$modReadOnlyFields[] = $parts[1];
}
}
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields);
if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']);
if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']);
if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']);
@ -322,6 +338,11 @@ class selfServiceProfile {
*/
public $inputFields;
/**
* List of fields that are set in read-only mode.
*/
public $readOnlyFields;
/** configuration settings of modules */
public $moduleSettings;
@ -352,6 +373,7 @@ class selfServiceProfile {
array('name' => _('Password'),
'fields' => array('posixAccount_password'))
);
$this->readOnlyFields = array();
}
}