diff --git a/lam/HISTORY b/lam/HISTORY
index e1c4eb1e..46d6b60d 100644
--- a/lam/HISTORY
+++ b/lam/HISTORY
@@ -1,6 +1,7 @@
September 2012 3.9
- LAM Pro
-> support RFC2307bis automount entries
+ -> read-only fields in self service
- fixed bugs
-> Hidden tools are still shown in the "Tools" page (3546092)
diff --git a/lam/docs/devel/upgrade.htm b/lam/docs/devel/upgrade.htm
index bc531f8a..cb5e4d8c 100644
--- a/lam/docs/devel/upgrade.htm
+++ b/lam/docs/devel/upgrade.htm
@@ -12,6 +12,7 @@
+
Upgrade notes
@@ -32,8 +33,11 @@ This is a list of API changes for all LAM releases.
3.8 -> 3.9
Module interface:
-- supportsAdminInterface(): Can be used mark modules that only support the self service.
-
+- new function supportsAdminInterface(): Can be used to mark modules that only support the self service.
+ - new function canSelfServiceFieldBeReadOnly(): Specifies if a certain self service field can be set in read-only mode.
+ - getSelfServiceOptions(): new parameter $readOnlyFields that contains read-only fields
+ - checkSelfServiceOptions(): new parameter $readOnlyFields that contains read-only fields
+
Meta HTML:
diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 9f0a20f5..29691eef 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -4343,8 +4343,16 @@ Run slapindex to rebuild the index.
Page layout
- On the bottom you can specify what input fields your users can
- see. It is also possible to group several input fields.
+ Here you can specify what input fields your users can see. It is
+ also possible to group several input fields.
+
+ Please use the arrow signs to change the order of the
+ fields/groups.
+
+ You may also set some fields as read-only for your users. This
+ can be done by clicking on the lock symbol. Read-only fields can be
+ used to show your users additional data on the self service page that
+ must not be changed by themselves (e.g. first/last name).
@@ -4355,239 +4363,257 @@ Run slapindex to rebuild the index.
-
- Password self reset
-
- Settings
-
- You can allow your users to reset their passwords themselves.
- This will reduce your administrative costs for cases where users
- forget their passwords.
-
- To enable this feature please activate the checkbox "Enable
- password self reset link":
-
-
-
-
-
-
-
-
-
- You can now configure the minimum answer length for password
- reset answers. This is checked when you allow you users to specify
- their answers via the self service. Additionally, you can specify the
- text of the password reset link (default: "Forgot password?"). The
- link is displayed below the password field on the self service login
- page.
-
- Next, please enter the DN and password of an LDAP entry that is
- allowed to reset the passwords. This entry needs write access to the
- attributes shadowLastChange, pwdAccountLockedTime and userPassword. It
- also needs read access to uid, mail, passwordSelfResetQuestion and
- passwordSelfResetAnswer. Please note that LAM Pro saves the password
- on your server file system. Therefore, it is required to protect your
- server against unauthorised access.
-
- Please also specify the list of password reset questions that
- the user can choose.
-
- Please note that self service and LAM admin interface are
- separated functionalities. You need to specify the list of possible
- security questions in both self service profile(s) and server
- profile(s).
-
-
-
- You can inform your users via mail about their password change.
- The mail can include the new password by using the special wildcard
- "@@newPassword@@". Additionally, you may want to insert other
- wildcards that are replaced by the corresponding LDAP attributes. E.g.
- "@@uid@@" will be replaced by the user name.
-
-
-
- LAM Pro can send your users an email with a confirmation link to
- validate their email address. Of course, this should only be used if
- the email account is independent from the user password (e.g. at
- external provider). The mail must include the confirmation link by
- using the special wildcard "@@resetLink@@". Additionally, you may want
- to insert other wildcards that are replaced by the corresponding LDAP
- attributes. E.g. "@@uid@@" will be replaced by the user name.
-
- There is also an option to skip the security question at all if
- email verification is enabled. In this case the password can be reset
- directly after clicking on the confirmation link. Please handle with
- care since anybody with access to the user's mail account can reset
- the password.
-
- New fields for self service
- page
-
- There are two new fields that you may put on the self service
- page for your users. These fields allow them to change the reset
- question and its answer.
-
-
-
-
-
-
-
-
-
- This is an example how can be presented to your users on the
- self service page:
-
-
-
-
-
-
-
-
-
- Password reset link
-
- After activating the password self reset feature there will be a
- new link on the self service login page. The text can be configured as
- described above (default: "Forgot password?").
-
-
-
-
-
-
-
-
-
- When a user clicks on the link then he will be asked for
- identification with his user name and email address.
-
-
-
-
-
-
-
-
-
- LAM Pro will use this information to find the correct LDAP entry
- of this user. It then displays the user's security question and input
- fields for his new password. If the answer is correct then the new
- password will be set. Additionally, pwdAccountLockedTime will be
- removed and shadowLastChange updated to the current time if
- existing.
-
-
-
-
-
-
-
-
-
-
- User self registration
+ Module settings
- With LAM Pro your users can create their own accounts if you
- like. LAM Pro will display an additional link on the self service
- login page that allows you users to create a new account including
- email validation.
-
- You enable this feature in your self service profile. Just
- activate the checkbox "Enable self registration link".
+ This allows to configure some module specific options (e.g.
+ custom scripts or password hash type).
-
+
- Options:
+
+ Password self reset
- Link text: This is the label for the link
- to the self registration. If empty "Register new account" will be
- used.
+ Settings
- Admin DN and password: Please enter the
- LDAP DN and its password that should be used to create new users. This
- DN also needs to be able to do LDAP searches by uid in the self
- service part of your LDAP tree.
+ You can allow your users to reset their passwords themselves.
+ This will reduce your administrative costs for cases where users
+ forget their passwords.
- Object classes: This is a list of object
- classes that are used to build the new user accounts. Please enter one
- object class in each line.
+ To enable this feature please activate the checkbox "Enable
+ password self reset link":
- Attributes: This is a list of additional
- attributes that the user can enter. Please note that user name,
- password and email address are mandatory anyway and need not be
- specified.
+
+
+
+
+
+
+
- Each line represents one LDAP attribute. The options are
- separated by "::". The first option specifies if the attribute is
- mandatory. It can have the values "optional" and "required". The
- second option is the LDAP attribute name and the third one is a
- descriptive label for it. Options four and five are used for input
- validation. Please enter the regular expression (e.g.
- "/^[0-9a-zA-Z]+$/") and an error message if the value does not match
- it. For a syntax description see here. Validation is
- optional.
+ You can now configure the minimum answer length for password
+ reset answers. This is checked when you allow you users to specify
+ their answers via the self service. Additionally, you can specify
+ the text of the password reset link (default: "Forgot password?").
+ The link is displayed below the password field on the self service
+ login page.
- Example:
+ Next, please enter the DN and password of an LDAP entry that
+ is allowed to reset the passwords. This entry needs write access to
+ the attributes shadowLastChange, pwdAccountLockedTime and
+ userPassword. It also needs read access to uid, mail,
+ passwordSelfResetQuestion and passwordSelfResetAnswer. Please note
+ that LAM Pro saves the password on your server file system.
+ Therefore, it is required to protect your server against
+ unauthorised access.
- optional::givenName::First name::/^[[:alnum:] ]+$/u::Please
- enter a valid first name.
+ Please also specify the list of password reset questions that
+ the user can choose.
- required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a
- valid last name.
+ Please note that self service and LAM admin interface are
+ separated functionalities. You need to specify the list of possible
+ security questions in both self service profile(s) and server
+ profile(s).
- If you use the object class "inetOrgPerson" and do not provide
- the "cn" attribute then LAM will set it to the user name value.
+
-
+ You can inform your users via mail about their password
+ change. The mail can include the new password by using the special
+ wildcard "@@newPassword@@". Additionally, you may want to insert
+ other wildcards that are replaced by the corresponding LDAP
+ attributes. E.g. "@@uid@@" will be replaced by the user name.
+
+
+
+ LAM Pro can send your users an email with a confirmation link
+ to validate their email address. Of course, this should only be used
+ if the email account is independent from the user password (e.g. at
+ external provider). The mail must include the confirmation link by
+ using the special wildcard "@@resetLink@@". Additionally, you may
+ want to insert other wildcards that are replaced by the
+ corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by
+ the user name.
+
+ There is also an option to skip the security question at all
+ if email verification is enabled. In this case the password can be
+ reset directly after clicking on the confirmation link. Please
+ handle with care since anybody with access to the user's mail
+ account can reset the password.
+
+ New fields for self service
+ page
+
+ There are two new fields that you may put on the self service
+ page for your users. These fields allow them to change the reset
+ question and its answer.
+
+
+
+
+
+
+
+
+
+ This is an example how can be presented to your users on the
+ self service page:
+
+
+
+
+
+
+
+
+
+ Password reset link
+
+ After activating the password self reset feature there will be
+ a new link on the self service login page. The text can be
+ configured as described above (default: "Forgot password?").
+
+
+
+
+
+
+
+
+
+ When a user clicks on the link then he will be asked for
+ identification with his user name and email address.
+
+
+
+
+
+
+
+
+
+ LAM Pro will use this information to find the correct LDAP
+ entry of this user. It then displays the user's security question
+ and input fields for his new password. If the answer is correct then
+ the new password will be set. Additionally, pwdAccountLockedTime
+ will be removed and shadowLastChange updated to the current time if
+ existing.
+
+
+
+
+
+
+
+
+
+
+
+ User self registration
+
+ With LAM Pro your users can create their own accounts if you
+ like. LAM Pro will display an additional link on the self service
+ login page that allows you users to create a new account including
+ email validation.
+
+ You enable this feature in your self service profile. Just
+ activate the checkbox "Enable self registration link".
+
+
+
+
+
+
+
+
+
+ Options:
+
+ Link text: This is the label for the link
+ to the self registration. If empty "Register new account" will be
+ used.
+
+ Admin DN and password: Please enter the
+ LDAP DN and its password that should be used to create new users.
+ This DN also needs to be able to do LDAP searches by uid in the self
+ service part of your LDAP tree.
+
+ Object classes: This is a list of object
+ classes that are used to build the new user accounts. Please enter
+ one object class in each line.
+
+ Attributes: This is a list of additional
+ attributes that the user can enter. Please note that user name,
+ password and email address are mandatory anyway and need not be
+ specified.
+
+ Each line represents one LDAP attribute. The options are
+ separated by "::". The first option specifies if the attribute is
+ mandatory. It can have the values "optional" and "required". The
+ second option is the LDAP attribute name and the third one is a
+ descriptive label for it. Options four and five are used for input
+ validation. Please enter the regular expression (e.g.
+ "/^[0-9a-zA-Z]+$/") and an error message if the value does not match
+ it. For a syntax description see here. Validation
+ is optional.
+
+ Example:
+
+ optional::givenName::First name::/^[[:alnum:] ]+$/u::Please
+ enter a valid first name.
+
+ required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a
+ valid last name.
+
+ If you use the object class "inetOrgPerson" and do not provide
+ the "cn" attribute then LAM will set it to the user name
+ value.
+
+
- Please note that only simple input boxes are supported for
- account registration. The user may log in to self service when his
- account was created to manage all his attributes.
+ Please note that only simple input boxes are supported for
+ account registration. The user may log in to self service when his
+ account was created to manage all his attributes.
-
+
- User view:
+ User view:
- The user can register by clicking on a link on the self service
- login page:
+ The user can register by clicking on a link on the self
+ service login page:
-
-
-
-
-
-
-
+
+
+
+
+
+
+
- Here he can insert the data that you specified in the self
- service profile:
+ Here he can insert the data that you specified in the self
+ service profile:
-
-
-
-
-
-
-
+
+
+
+
+
+
+
- LAM will then send him an email with a validation link that is
- valid for 24 hours. When he clicks on this link then the account will
- be created in the self service user suffix. The DN will look like
- this: uid=<user name>,...
+ LAM will then send him an email with a validation link that is
+ valid for 24 hours. When he clicks on this link then the account
+ will be created in the self service user suffix. The DN will look
+ like this: uid=<user name>,...
+
diff --git a/lam/docs/manual-sources/images/conf4.jpg b/lam/docs/manual-sources/images/conf4.jpg
index 7928b69d..6db17092 100644
Binary files a/lam/docs/manual-sources/images/conf4.jpg and b/lam/docs/manual-sources/images/conf4.jpg differ
diff --git a/lam/docs/manual-sources/images/conf5.jpg b/lam/docs/manual-sources/images/conf5.jpg
index 938a1922..6a635c80 100644
Binary files a/lam/docs/manual-sources/images/conf5.jpg and b/lam/docs/manual-sources/images/conf5.jpg differ
diff --git a/lam/docs/manual-sources/images/conf6.jpg b/lam/docs/manual-sources/images/conf6.jpg
new file mode 100644
index 00000000..2da65304
Binary files /dev/null and b/lam/docs/manual-sources/images/conf6.jpg differ
diff --git a/lam/lib/baseModule.inc b/lam/lib/baseModule.inc
index 1a657409..f91d40f5 100644
--- a/lam/lib/baseModule.inc
+++ b/lam/lib/baseModule.inc
@@ -1220,6 +1220,19 @@ abstract class baseModule {
if (isset($this->meta['selfServiceFieldSettings']) && is_array($this->meta['selfServiceFieldSettings'])) return $this->meta['selfServiceFieldSettings'];
else return array();
}
+
+ /**
+ * Returns if a given self service field can be set in read-only mode.
+ *
+ * @param String $fieldID field identifier
+ * @param selfServiceProfile $profile currently edited profile
+ */
+ public function canSelfServiceFieldBeReadOnly($fieldID, $profile) {
+ if (isset($this->meta['selfServiceReadOnlyFields']) && is_array($this->meta['selfServiceReadOnlyFields'])) {
+ return in_array($fieldID, $this->meta['selfServiceReadOnlyFields']);
+ }
+ return false;
+ }
/**
* Returns the meta HTML code for each input field.
@@ -1231,11 +1244,12 @@ abstract class baseModule {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*
* @see htmlElement
*/
- public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
// this function must be overwritten by subclasses.
return array();
}
@@ -1254,9 +1268,10 @@ abstract class baseModule {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
return $return;
}
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index 05d0b366..bacd850e 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -625,7 +625,7 @@ function printHelpLink($entry, $number, $module='', $scope='') {
echo "";
- echo "";
+ echo "";
echo "";
}
diff --git a/lam/lib/modules/asteriskAccount.inc b/lam/lib/modules/asteriskAccount.inc
index 5a97e786..b561f7ba 100644
--- a/lam/lib/modules/asteriskAccount.inc
+++ b/lam/lib/modules/asteriskAccount.inc
@@ -1578,9 +1578,10 @@ class asteriskAccount extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
return $return;
diff --git a/lam/lib/modules/asteriskVoicemail.inc b/lam/lib/modules/asteriskVoicemail.inc
index 35342b41..9386c4c5 100644
--- a/lam/lib/modules/asteriskVoicemail.inc
+++ b/lam/lib/modules/asteriskVoicemail.inc
@@ -588,9 +588,10 @@ class asteriskVoicemail extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
return $return;
diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc
index efec1219..0f32f09e 100644
--- a/lam/lib/modules/inetOrgPerson.inc
+++ b/lam/lib/modules/inetOrgPerson.inc
@@ -127,6 +127,10 @@ class inetOrgPerson extends baseModule implements passwordService {
'homePhone' => _('Home telephone number'), 'roomNumber' => _('Room number'), 'carLicense' => _('Car license'),
'location' => _('Location'), 'state' => _('State'), 'officeName' => _('Office name'), 'businessCategory' => _('Business category'),
'departmentNumber' => _('Department'), 'initials' => _('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web site'));
+ // possible self service read-only fields
+ $return['selfServiceReadOnlyFields'] = array('firstName', 'lastName', 'mail', 'telephoneNumber', 'mobile', 'faxNumber', 'street',
+ 'postalAddress', 'registeredAddress', 'postalCode', 'postOfficeBox', 'jpegPhoto', 'homePhone', 'roomNumber', 'carLicense',
+ 'location', 'state', 'officeName', 'businessCategory', 'departmentNumber', 'initials', 'title', 'labeledURI');
// profile elements
$profileElements = array();
if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideStreet')) {
@@ -2521,9 +2525,10 @@ class inetOrgPerson extends baseModule implements passwordService {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
- function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if ($passwordChangeOnly) {
return $return; // no fields as long no LDAP content can be read
@@ -2531,134 +2536,210 @@ class inetOrgPerson extends baseModule implements passwordService {
if (in_array('firstName', $fields)) {
$firstName = '';
if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0];
+ $firstNameField = new htmlInputField('inetOrgPerson_firstName', $firstName);
+ if (in_array('firstName', $readOnlyFields)) {
+ $firstNameField = new htmlOutputText($firstName);
+ }
$return['firstName'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('First name'), 'inetOrgPerson_firstName', $firstName)
+ new htmlOutputText(_('First name')), $firstNameField
));
}
if (in_array('lastName', $fields)) {
$lastName = '';
if (isset($attributes['sn'][0])) $lastName = $attributes['sn'][0];
+ $lastNameField = new htmlInputField('inetOrgPerson_lastName', $lastName);
+ if (in_array('lastName', $readOnlyFields)) {
+ $lastNameField = new htmlOutputText($lastName);
+ }
$return['lastName'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Last name'), 'inetOrgPerson_lastName', $lastName)
+ new htmlOutputText(_('Last name')), $lastNameField
));
}
if (in_array('mail', $fields)) {
$mail = '';
if (isset($attributes['mail'][0])) $mail = $attributes['mail'][0];
+ $mailField = new htmlInputField('inetOrgPerson_mail', $mail);
+ if (in_array('mail', $readOnlyFields)) {
+ $mailField = new htmlOutputText($mail);
+ }
$return['mail'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Email address'), 'inetOrgPerson_mail', $mail)
+ new htmlOutputText(_('Email address')), $mailField
));
}
if (in_array('labeledURI', $fields)) {
$labeledURI = '';
if (isset($attributes['labeledURI'][0])) $labeledURI = implode('; ', $attributes['labeledURI']);
+ $labeledURIField = new htmlInputField('inetOrgPerson_labeledURI', $labeledURI);
+ if (in_array('labeledURI', $readOnlyFields)) {
+ $labeledURIField = new htmlOutputText($labeledURI);
+ }
$return['labeledURI'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Web site'), 'inetOrgPerson_labeledURI', $labeledURI)
+ new htmlOutputText(_('Web site')), $labeledURIField
));
}
if (in_array('telephoneNumber', $fields)) {
$telephoneNumber = '';
if (isset($attributes['telephoneNumber'][0])) $telephoneNumber = $attributes['telephoneNumber'][0];
+ $telephoneNumberField = new htmlInputField('inetOrgPerson_telephoneNumber', $telephoneNumber);
+ if (in_array('telephoneNumber', $readOnlyFields)) {
+ $telephoneNumberField = new htmlOutputText($telephoneNumber);
+ }
$return['telephoneNumber'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Telephone number'), 'inetOrgPerson_telephoneNumber', $telephoneNumber)
+ new htmlOutputText(_('Telephone number')), $telephoneNumberField
));
}
if (in_array('homePhone', $fields)) {
$homePhone = '';
if (isset($attributes['homePhone'][0])) $homePhone = $attributes['homePhone'][0];
+ $homePhoneField = new htmlInputField('inetOrgPerson_homePhone', $homePhone);
+ if (in_array('homePhone', $readOnlyFields)) {
+ $homePhoneField = new htmlOutputText($homePhone);
+ }
$return['homePhone'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Home telephone number'), 'inetOrgPerson_homePhone', $homePhone)
+ new htmlOutputText(_('Home telephone number')), $homePhoneField
));
}
if (in_array('mobile', $fields)) {
$mobile = '';
if (isset($attributes['mobile'][0])) $mobile = $attributes['mobile'][0];
+ $mobileField = new htmlInputField('inetOrgPerson_mobile', $mobile);
+ if (in_array('mobile', $readOnlyFields)) {
+ $mobileField = new htmlOutputText($mobile);
+ }
$return['mobile'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Mobile telephone number'), 'inetOrgPerson_mobile', $mobile)
+ new htmlOutputText(_('Mobile telephone number')), $mobileField
));
}
if (in_array('faxNumber', $fields)) {
$faxNumber = '';
if (isset($attributes['facsimileTelephoneNumber'][0])) $faxNumber = $attributes['facsimileTelephoneNumber'][0];
+ $faxNumberField = new htmlInputField('inetOrgPerson_faxNumber', $faxNumber);
+ if (in_array('faxNumber', $readOnlyFields)) {
+ $faxNumberField = new htmlOutputText($faxNumber);
+ }
$return['faxNumber'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Fax number'), 'inetOrgPerson_faxNumber', $faxNumber)
+ new htmlOutputText(_('Fax number')), $faxNumberField
));
}
if (in_array('street', $fields)) {
$street = '';
if (isset($attributes['street'][0])) $street = $attributes['street'][0];
+ $streetField = new htmlInputField('inetOrgPerson_street', $street);
+ if (in_array('street', $readOnlyFields)) {
+ $streetField = new htmlOutputText($street);
+ }
$return['street'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Street'), 'inetOrgPerson_street', $street)
+ new htmlOutputText(_('Street')), $streetField
));
}
if (in_array('postalAddress', $fields)) {
$postalAddress = '';
if (isset($attributes['postalAddress'][0])) $postalAddress = $attributes['postalAddress'][0];
+ $postalAddressField = new htmlInputField('inetOrgPerson_postalAddress', $postalAddress);
+ if (in_array('postalAddress', $readOnlyFields)) {
+ $postalAddressField = new htmlOutputText($postalAddress);
+ }
$return['postalAddress'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Postal address'), 'inetOrgPerson_postalAddress', $postalAddress)
+ new htmlOutputText(_('Postal address')), $postalAddressField
));
}
if (in_array('registeredAddress', $fields)) {
$registeredAddress = '';
if (isset($attributes['registeredAddress'][0])) $registeredAddress = $attributes['registeredAddress'][0];
+ $registeredAddressField = new htmlInputField('inetOrgPerson_registeredAddress', $registeredAddress);
+ if (in_array('registeredAddress', $readOnlyFields)) {
+ $registeredAddressField = new htmlOutputText($registeredAddress);
+ }
$return['registeredAddress'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Registered address'), 'inetOrgPerson_registeredAddress', $registeredAddress)
+ new htmlOutputText(_('Registered address')), $registeredAddressField
));
}
if (in_array('postalCode', $fields)) {
$postalCode = '';
if (isset($attributes['postalCode'][0])) $postalCode = $attributes['postalCode'][0];
+ $postalCodeField = new htmlInputField('inetOrgPerson_postalCode', $postalCode);
+ if (in_array('postalCode', $readOnlyFields)) {
+ $postalCodeField = new htmlOutputText($postalCode);
+ }
$return['postalCode'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Postal code'), 'inetOrgPerson_postalCode', $postalCode)
+ new htmlOutputText(_('Postal code')), $postalCodeField
));
}
if (in_array('postOfficeBox', $fields)) {
$postOfficeBox = '';
if (isset($attributes['postOfficeBox'][0])) $postOfficeBox = $attributes['postOfficeBox'][0];
+ $postOfficeBoxField = new htmlInputField('inetOrgPerson_postOfficeBox', $postOfficeBox);
+ if (in_array('postOfficeBox', $readOnlyFields)) {
+ $postOfficeBoxField = new htmlOutputText($postOfficeBox);
+ }
$return['postOfficeBox'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Post office box'), 'inetOrgPerson_postOfficeBox', $postOfficeBox)
+ new htmlOutputText(_('Post office box')), $postOfficeBoxField
));
}
if (in_array('roomNumber', $fields)) {
$roomNumber = '';
if (isset($attributes['roomNumber'][0])) $roomNumber = $attributes['roomNumber'][0];
+ $roomNumberField = new htmlInputField('inetOrgPerson_roomNumber', $roomNumber);
+ if (in_array('roomNumber', $readOnlyFields)) {
+ $roomNumberField = new htmlOutputText($roomNumber);
+ }
$return['roomNumber'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Room number'), 'inetOrgPerson_roomNumber', $roomNumber)
+ new htmlOutputText(_('Room number')), $roomNumberField
));
}
if (in_array('location', $fields)) {
$l = '';
if (isset($attributes['l'][0])) $l = $attributes['l'][0];
+ $lField = new htmlInputField('inetOrgPerson_location', $l);
+ if (in_array('location', $readOnlyFields)) {
+ $lField = new htmlOutputText($l);
+ }
$return['location'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Location'), 'inetOrgPerson_location', $l)
+ new htmlOutputText(_('Location')), $lField
));
}
if (in_array('state', $fields)) {
$st = '';
if (isset($attributes['st'][0])) $st = $attributes['st'][0];
+ $stField = new htmlInputField('inetOrgPerson_state', $st);
+ if (in_array('state', $readOnlyFields)) {
+ $stField = new htmlOutputText($st);
+ }
$return['state'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('State'), 'inetOrgPerson_state', $st)
+ new htmlOutputText(_('State')), $stField
));
}
if (in_array('carLicense', $fields)) {
$carLicense = '';
if (isset($attributes['carLicense'][0])) $carLicense = $attributes['carLicense'][0];
+ $carLicenseField = new htmlInputField('inetOrgPerson_carLicense', $carLicense);
+ if (in_array('carLicense', $readOnlyFields)) {
+ $carLicenseField = new htmlOutputText($carLicense);
+ }
$return['carLicense'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Car license'), 'inetOrgPerson_carLicense', $carLicense)
+ new htmlOutputText(_('Car license')), $carLicenseField
));
}
if (in_array('officeName', $fields)) {
$physicalDeliveryOfficeName = '';
if (isset($attributes['physicalDeliveryOfficeName'][0])) $physicalDeliveryOfficeName = $attributes['physicalDeliveryOfficeName'][0];
+ $physicalDeliveryOfficeNameField = new htmlInputField('inetOrgPerson_officeName', $physicalDeliveryOfficeName);
+ if (in_array('officeName', $readOnlyFields)) {
+ $physicalDeliveryOfficeNameField = new htmlOutputText($physicalDeliveryOfficeName);
+ }
$return['officeName'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Office name'), 'inetOrgPerson_officeName', $physicalDeliveryOfficeName)
+ new htmlOutputText(_('Office name')), $physicalDeliveryOfficeNameField
));
}
if (in_array('businessCategory', $fields)) {
$businessCategory = '';
if (isset($attributes['businessCategory'][0])) $businessCategory = $attributes['businessCategory'][0];
+ $businessCategoryField = new htmlInputField('inetOrgPerson_businessCategory', $businessCategory);
+ if (in_array('businessCategory', $readOnlyFields)) {
+ $businessCategoryField = new htmlOutputText($businessCategory);
+ }
$return['businessCategory'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Business category'), 'inetOrgPerson_businessCategory', $businessCategory)
+ new htmlOutputText(_('Business category')), $businessCategoryField
));
}
if (in_array('jpegPhoto', $fields)) {
@@ -2670,15 +2751,17 @@ class inetOrgPerson extends baseModule implements passwordService {
$photoFile = '../../tmp/' . $jpeg_filename;
$photoSub = new htmlTable();
$photoSub->addElement(new htmlImage($photoFile), true);
- $photoSubSub = new htmlTable();
- $photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false));
- $photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile'));
- $photoSub->addElement($photoSubSub);
+ if (!in_array('jpegPhoto', $readOnlyFields)) {
+ $photoSubSub = new htmlTable();
+ $photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false));
+ $photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile'));
+ $photoSub->addElement($photoSubSub);
+ }
$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub);
$photoRow = new htmlTableRow($photoRowCells);
$return['jpegPhoto'] = $photoRow;
}
- else {
+ elseif (!in_array('jpegPhoto', $readOnlyFields)) {
$photoSub = new htmlTable();
$photoSub->addElement(new htmlTableExtendedInputFileUpload('photoFile', _('Add photo')));
$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub);
@@ -2689,22 +2772,34 @@ class inetOrgPerson extends baseModule implements passwordService {
if (in_array('departmentNumber', $fields)) {
$departmentNumber = '';
if (isset($attributes['departmentNumber'][0])) $departmentNumber = implode('; ', $attributes['departmentNumber']);
+ $departmentNumberField = new htmlInputField('inetOrgPerson_departmentNumber', $departmentNumber);
+ if (in_array('departmentNumber', $readOnlyFields)) {
+ $departmentNumberField = new htmlOutputText($departmentNumber);
+ }
$return['departmentNumber'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Department'), 'inetOrgPerson_departmentNumber', $departmentNumber)
+ new htmlOutputText(_('Department')), $departmentNumberField
));
}
if (in_array('initials', $fields)) {
$initials = '';
if (isset($attributes['initials'][0])) $initials = implode('; ', $attributes['initials']);
+ $initialsField = new htmlInputField('inetOrgPerson_initials', $initials);
+ if (in_array('initials', $readOnlyFields)) {
+ $initialsField = new htmlOutputText($initials);
+ }
$return['initials'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Initials'), 'inetOrgPerson_initials', $initials)
+ new htmlOutputText(_('Initials')), $initialsField
));
}
if (in_array('title', $fields)) {
$title = '';
if (isset($attributes['title'][0])) $title = $attributes['title'][0];
+ $titleField = new htmlInputField('inetOrgPerson_title', $title);
+ if (in_array('title', $readOnlyFields)) {
+ $titleField = new htmlOutputText($title);
+ }
$return['title'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Job title'), 'inetOrgPerson_title', $title)
+ new htmlOutputText(_('Job title')), $titleField
));
}
return $return;
@@ -2724,9 +2819,10 @@ class inetOrgPerson extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
@@ -2734,7 +2830,7 @@ class inetOrgPerson extends baseModule implements passwordService {
$attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes;
// first name
- if (in_array('firstName', $fields)) {
+ if (in_array('firstName', $fields) && !in_array('firstName', $readOnlyFields)) {
$attributeNames[] = 'givenName';
if (isset($_POST['inetOrgPerson_firstName']) && ($_POST['inetOrgPerson_firstName'] != '')) {
if (!get_preg($_POST['inetOrgPerson_firstName'], 'realname')) $return['messages'][] = $this->messages['givenName'][0];
@@ -2743,7 +2839,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['givenName'])) unset($attributesNew['givenName']);
}
// last name
- if (in_array('lastName', $fields)) {
+ if (in_array('lastName', $fields) && !in_array('lastName', $readOnlyFields)) {
$attributeNames[] = 'sn';
if (isset($_POST['inetOrgPerson_lastName']) && ($_POST['inetOrgPerson_lastName'] != '')) {
if (!get_preg($_POST['inetOrgPerson_lastName'], 'realname')) $return['messages'][] = $this->messages['lastname'][0];
@@ -2755,7 +2851,7 @@ class inetOrgPerson extends baseModule implements passwordService {
}
}
// email
- if (in_array('mail', $fields)) {
+ if (in_array('mail', $fields) && !in_array('mail', $readOnlyFields)) {
$attributeNames[] = 'mail';
if (isset($_POST['inetOrgPerson_mail']) && ($_POST['inetOrgPerson_mail'] != '')) {
if (!get_preg($_POST['inetOrgPerson_mail'], 'email')) $return['messages'][] = $this->messages['email'][0];
@@ -2764,7 +2860,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['mail'])) unset($attributesNew['mail']);
}
// labeledURI
- if (in_array('labeledURI', $fields)) {
+ if (in_array('labeledURI', $fields) && !in_array('labeledURI', $readOnlyFields)) {
$attributeNames[] = 'labeledURI';
if (isset($_POST['inetOrgPerson_labeledURI']) && ($_POST['inetOrgPerson_labeledURI'] != '')) {
$attributesNew['labeledURI'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_labeledURI']);
@@ -2772,7 +2868,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['labeledURI'])) unset($attributesNew['labeledURI']);
}
// telephone number
- if (in_array('telephoneNumber', $fields)) {
+ if (in_array('telephoneNumber', $fields) && !in_array('telephoneNumber', $readOnlyFields)) {
$attributeNames[] = 'telephoneNumber';
if (isset($_POST['inetOrgPerson_telephoneNumber']) && ($_POST['inetOrgPerson_telephoneNumber'] != '')) {
if (!get_preg($_POST['inetOrgPerson_telephoneNumber'], 'telephone')) $return['messages'][] = $this->messages['telephoneNumber'][0];
@@ -2781,7 +2877,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['telephoneNumber'])) unset($attributesNew['telephoneNumber']);
}
// home telephone number
- if (in_array('homePhone', $fields)) {
+ if (in_array('homePhone', $fields) && !in_array('homePhone', $readOnlyFields)) {
$attributeNames[] = 'homePhone';
if (isset($_POST['inetOrgPerson_homePhone']) && ($_POST['inetOrgPerson_homePhone'] != '')) {
if (!get_preg($_POST['inetOrgPerson_homePhone'], 'telephone')) $return['messages'][] = $this->messages['homePhone'][0];
@@ -2790,7 +2886,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['homePhone'])) unset($attributesNew['homePhone']);
}
// fax number
- if (in_array('faxNumber', $fields)) {
+ if (in_array('faxNumber', $fields) && !in_array('faxNumber', $readOnlyFields)) {
$attributeNames[] = 'facsimileTelephoneNumber';
if (isset($_POST['inetOrgPerson_faxNumber']) && ($_POST['inetOrgPerson_faxNumber'] != '')) {
if (!get_preg($_POST['inetOrgPerson_faxNumber'], 'telephone')) $return['messages'][] = $this->messages['facsimileNumber'][0];
@@ -2799,7 +2895,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['facsimileTelephoneNumber'])) $attributesNew['facsimileTelephoneNumber'] = array();
}
// mobile telephone number
- if (in_array('mobile', $fields)) {
+ if (in_array('mobile', $fields) && !in_array('mobile', $readOnlyFields)) {
$attributeNames[] = 'mobile';
if (isset($_POST['inetOrgPerson_mobile']) && ($_POST['inetOrgPerson_mobile'] != '')) {
if (!get_preg($_POST['inetOrgPerson_mobile'], 'telephone')) $return['messages'][] = $this->messages['mobileTelephone'][0];
@@ -2808,7 +2904,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['mobile'])) unset($attributesNew['mobile']);
}
// street
- if (in_array('street', $fields)) {
+ if (in_array('street', $fields) && !in_array('street', $readOnlyFields)) {
$attributeNames[] = 'street';
if (isset($_POST['inetOrgPerson_street']) && ($_POST['inetOrgPerson_street'] != '')) {
if (!get_preg($_POST['inetOrgPerson_street'], 'street')) $return['messages'][] = $this->messages['street'][0];
@@ -2817,7 +2913,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['street'])) unset($attributesNew['street']);
}
// postal address
- if (in_array('postalAddress', $fields)) {
+ if (in_array('postalAddress', $fields) && !in_array('postalAddress', $readOnlyFields)) {
$attributeNames[] = 'postalAddress';
if (isset($_POST['inetOrgPerson_postalAddress']) && ($_POST['inetOrgPerson_postalAddress'] != '')) {
if (!get_preg($_POST['inetOrgPerson_postalAddress'], 'postalAddress')) $return['messages'][] = $this->messages['postalAddress'][0];
@@ -2826,7 +2922,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postalAddress'])) $attributesNew['postalAddress'] = array();
}
// registered address
- if (in_array('registeredAddress', $fields)) {
+ if (in_array('registeredAddress', $fields) && !in_array('registeredAddress', $readOnlyFields)) {
$attributeNames[] = 'registeredAddress';
if (isset($_POST['inetOrgPerson_registeredAddress']) && ($_POST['inetOrgPerson_registeredAddress'] != '')) {
if (!get_preg($_POST['inetOrgPerson_registeredAddress'], 'postalAddress')) $return['messages'][] = $this->messages['registeredAddress'][0];
@@ -2835,7 +2931,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['registeredAddress'])) $attributesNew['registeredAddress'] = array();
}
// postal code
- if (in_array('postalCode', $fields)) {
+ if (in_array('postalCode', $fields) && !in_array('postalCode', $readOnlyFields)) {
$attributeNames[] = 'postalCode';
if (isset($_POST['inetOrgPerson_postalCode']) && ($_POST['inetOrgPerson_postalCode'] != '')) {
if (!get_preg($_POST['inetOrgPerson_postalCode'], 'postalCode')) $return['messages'][] = $this->messages['postalCode'][0];
@@ -2844,7 +2940,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postalCode'])) unset($attributesNew['postalCode']);
}
// post office box
- if (in_array('postOfficeBox', $fields)) {
+ if (in_array('postOfficeBox', $fields) && !in_array('postOfficeBox', $readOnlyFields)) {
$attributeNames[] = 'postOfficeBox';
if (isset($_POST['inetOrgPerson_postOfficeBox']) && ($_POST['inetOrgPerson_postOfficeBox'] != '')) {
$attributesNew['postOfficeBox'][0] = $_POST['inetOrgPerson_postOfficeBox'];
@@ -2852,7 +2948,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postOfficeBox'])) unset($attributesNew['postOfficeBox']);
}
// room number
- if (in_array('roomNumber', $fields)) {
+ if (in_array('roomNumber', $fields) && !in_array('roomNumber', $readOnlyFields)) {
$attributeNames[] = 'roomNumber';
if (isset($_POST['inetOrgPerson_roomNumber']) && ($_POST['inetOrgPerson_roomNumber'] != '')) {
$attributesNew['roomNumber'][0] = $_POST['inetOrgPerson_roomNumber'];
@@ -2860,7 +2956,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['roomNumber'])) unset($attributesNew['roomNumber']);
}
// l
- if (in_array('location', $fields)) {
+ if (in_array('location', $fields) && !in_array('location', $readOnlyFields)) {
$attributeNames[] = 'l';
if (isset($_POST['inetOrgPerson_location']) && ($_POST['inetOrgPerson_location'] != '')) {
$attributesNew['l'][0] = $_POST['inetOrgPerson_location'];
@@ -2868,7 +2964,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['l'])) unset($attributesNew['l']);
}
// st
- if (in_array('state', $fields)) {
+ if (in_array('state', $fields) && !in_array('state', $readOnlyFields)) {
$attributeNames[] = 'st';
if (isset($_POST['inetOrgPerson_state']) && ($_POST['inetOrgPerson_state'] != '')) {
$attributesNew['st'][0] = $_POST['inetOrgPerson_state'];
@@ -2876,7 +2972,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['st'])) unset($attributesNew['st']);
}
// car license
- if (in_array('carLicense', $fields)) {
+ if (in_array('carLicense', $fields) && !in_array('carLicense', $readOnlyFields)) {
$attributeNames[] = 'carLicense';
if (isset($_POST['inetOrgPerson_carLicense']) && ($_POST['inetOrgPerson_carLicense'] != '')) {
$attributesNew['carLicense'][0] = $_POST['inetOrgPerson_carLicense'];
@@ -2884,7 +2980,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['carLicense'])) unset($attributesNew['carLicense']);
}
// office name
- if (in_array('officeName', $fields)) {
+ if (in_array('officeName', $fields) && !in_array('officeName', $readOnlyFields)) {
$attributeNames[] = 'physicalDeliveryOfficeName';
if (isset($_POST['inetOrgPerson_officeName']) && ($_POST['inetOrgPerson_officeName'] != '')) {
$attributesNew['physicalDeliveryOfficeName'][0] = $_POST['inetOrgPerson_officeName'];
@@ -2892,7 +2988,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['physicalDeliveryOfficeName'])) unset($attributesNew['physicalDeliveryOfficeName']);
}
// business category
- if (in_array('businessCategory', $fields)) {
+ if (in_array('businessCategory', $fields) && !in_array('businessCategory', $readOnlyFields)) {
$attributeNames[] = 'businessCategory';
if (isset($_POST['inetOrgPerson_businessCategory']) && ($_POST['inetOrgPerson_businessCategory'] != '')) {
if (!get_preg($_POST['inetOrgPerson_businessCategory'], 'businessCategory')) {
@@ -2905,7 +3001,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['businessCategory'])) unset($attributesNew['businessCategory']);
}
// photo
- if (in_array('jpegPhoto', $fields)) {
+ if (in_array('jpegPhoto', $fields) && !in_array('jpegPhoto', $readOnlyFields)) {
if (isset($_FILES['photoFile']) && ($_FILES['photoFile']['size'] > 0)) {
$handle = fopen($_FILES['photoFile']['tmp_name'], "r");
$data = fread($handle, 1000000);
@@ -2925,7 +3021,7 @@ class inetOrgPerson extends baseModule implements passwordService {
}
}
// departments
- if (in_array('departmentNumber', $fields)) {
+ if (in_array('departmentNumber', $fields) && !in_array('departmentNumber', $readOnlyFields)) {
$attributeNames[] = 'departmentNumber';
if (isset($_POST['inetOrgPerson_departmentNumber']) && ($_POST['inetOrgPerson_departmentNumber'] != '')) {
$attributesNew['departmentNumber'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_departmentNumber']);
@@ -2933,7 +3029,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['departmentNumber'])) unset($attributesNew['departmentNumber']);
}
// initials
- if (in_array('initials', $fields)) {
+ if (in_array('initials', $fields) && !in_array('initials', $readOnlyFields)) {
$attributeNames[] = 'initials';
if (isset($_POST['inetOrgPerson_initials']) && ($_POST['inetOrgPerson_initials'] != '')) {
$attributesNew['initials'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_initials']);
@@ -2941,7 +3037,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['initials'])) unset($attributesNew['initials']);
}
// title
- if (in_array('title', $fields)) {
+ if (in_array('title', $fields) && !in_array('title', $readOnlyFields)) {
$attributeNames[] = 'title';
if (isset($_POST['inetOrgPerson_title']) && ($_POST['inetOrgPerson_title'] != '')) {
if (!get_preg($_POST['inetOrgPerson_title'], 'title')) $return['messages'][] = $this->messages['title'][0];
diff --git a/lam/lib/modules/kolabUser.inc b/lam/lib/modules/kolabUser.inc
index a49448c8..7a1f6edf 100644
--- a/lam/lib/modules/kolabUser.inc
+++ b/lam/lib/modules/kolabUser.inc
@@ -117,6 +117,8 @@ class kolabUser extends baseModule {
'kolabDelegate' => _('Delegates'),
'kolabInvitationPolicy' => _('Invitation policy')
);
+ // possible self service read-only fields
+ $return['selfServiceReadOnlyFields'] = array('kolabFreeBusyFuture', 'kolabDelegate', 'kolabInvitationPolicy');
// help Entries
$return['help'] = array(
'invPol' => array(
@@ -819,9 +821,10 @@ class kolabUser extends baseModule {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
- function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
if ($passwordChangeOnly) {
return array(); // no Kolab fields as long no LDAP content can be read
}
@@ -835,8 +838,12 @@ class kolabUser extends baseModule {
if (isset($attributes['kolabFreeBusyFuture'][0])) {
$kolabFreeBusyFuture = $attributes['kolabFreeBusyFuture'][0];
}
+ $kolabFreeBusyFutureField = new htmlInputField('kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture);
+ if (in_array('kolabFreeBusyFuture', $readOnlyFields)) {
+ $kolabFreeBusyFutureField = new htmlOutputText($kolabFreeBusyFuture);
+ }
$return['kolabFreeBusyFuture'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Free/Busy interval'), 'kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture)
+ new htmlOutputText(_('Free/Busy interval')), $kolabFreeBusyFutureField
));
}
// delegates
@@ -870,10 +877,17 @@ class kolabUser extends baseModule {
$delegateContainer = new htmlTable();
for ($i = 0; $i < sizeof($kolabDelegate); $i++) {
$delegateContainer->addElement(new htmlOutputText($kolabDelegate[$i]));
- $delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true);
+ if (!in_array('kolabDelegate', $readOnlyFields)) {
+ $delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true);
+ }
+ else {
+ $delegateContainer->addNewLine();
+ }
+ }
+ if (!in_array('kolabDelegate', $readOnlyFields)) {
+ $delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates));
+ $delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true);
}
- $delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates));
- $delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true);
$delegateLabel = new htmlOutputText(_('Delegates'));
$delegateLabel->alignment = htmlElement::ALIGN_TOP;
$return['kolabDelegate'] = new htmlTableRow(array(
@@ -894,20 +908,34 @@ class kolabUser extends baseModule {
break;
}
}
- $invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true);
+ if (!in_array('kolabDelegate', $readOnlyFields)) {
+ $invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true);
+ }
+ else {
+ $invitationContainer->addElement(new htmlOutputText(_('Anyone')));
+ $invitationContainer->addElement(new htmlOutputText($defaultInvPol), true);
+ }
// other invitation policies
for ($i = 0; $i < sizeof($attributes['kolabInvitationPolicy']); $i++) {
$parts = explode(":", $attributes['kolabInvitationPolicy'][$i]);
if (sizeof($parts) == 2) {
- $invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0]));
- $invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]])));
- $invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true);
+ if (!in_array('kolabDelegate', $readOnlyFields)) {
+ $invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0]));
+ $invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]])));
+ $invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true);
+ }
+ else {
+ $invitationContainer->addElement(new htmlOutputText($parts[0]));
+ $invitationContainer->addElement(new htmlOutputText($this->invitationPolicies[$parts[1]]), true);
+ }
}
}
// input box for new invitation policy
- $invitationContainer->addElement(new htmlInputField('invPol1', ''));
- $invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies)));
- $invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true);
+ if (!in_array('kolabDelegate', $readOnlyFields)) {
+ $invitationContainer->addElement(new htmlInputField('invPol1', ''));
+ $invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies)));
+ $invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true);
+ }
$invitationLabel = new htmlOutputText(_('Invitation policy'));
$invitationLabel->alignment = htmlElement::ALIGN_TOP;
$return['kolabInvitationPolicy'] = new htmlTableRow(array(
@@ -931,9 +959,10 @@ class kolabUser extends baseModule {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
@@ -944,7 +973,7 @@ class kolabUser extends baseModule {
$attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes;
// kolabFreeBusyFuture
- if (in_array('kolabFreeBusyFuture', $fields)) {
+ if (in_array('kolabFreeBusyFuture', $fields) && !in_array('kolabFreeBusyFuture', $readOnlyFields)) {
$attributeNames[] = 'kolabFreeBusyFuture';
if (isset($_POST['kolabUser_kolabFreeBusyFuture']) && ($_POST['kolabUser_kolabFreeBusyFuture'] != '')) {
if (!get_preg($_POST['kolabUser_kolabFreeBusyFuture'], 'digit')) $return['messages'][] = $this->messages['freeBusy'][0];
@@ -955,7 +984,7 @@ class kolabUser extends baseModule {
}
}
// delegates
- if (in_array('kolabDelegate', $fields)) {
+ if (in_array('kolabDelegate', $fields) && !in_array('kolabDelegate', $readOnlyFields)) {
$attributeNames[] = 'kolabDelegate';
// new delegation
if (isset($_POST['new_delegate']) && ($_POST['new_delegate'] == 'on')) {
@@ -975,7 +1004,7 @@ class kolabUser extends baseModule {
}
}
// invitation policies
- if (in_array('kolabInvitationPolicy', $fields)) {
+ if (in_array('kolabInvitationPolicy', $fields) && !in_array('kolabInvitationPolicy', $readOnlyFields)) {
$attributeNames[] = 'kolabInvitationPolicy';
$policies = array_flip($this->invitationPolicies);
$attributesNew['kolabInvitationPolicy'] = array();
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index f09b232f..048bfbec 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -154,6 +154,8 @@ class posixAccount extends baseModule implements passwordService {
$return['selfServiceSearchAttributes'] = array('uid');
// self service field settings
$return['selfServiceFieldSettings'] = array('password' => _('Password'), 'cn' => _('Common name'), 'loginShell' => _('Login shell'));
+ // possible self service read-only fields
+ $return['selfServiceReadOnlyFields'] = array('cn', 'loginShell');
// self service configuration settings
$selfServiceContainer = new htmlTable();
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"),
@@ -2107,9 +2109,10 @@ class posixAccount extends baseModule implements passwordService {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
- function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if (in_array('password', $fields)) {
$pwdTable = new htmlTable();
@@ -2130,16 +2133,24 @@ class posixAccount extends baseModule implements passwordService {
if (in_array('cn', $fields)) {
$cn = '';
if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0];
+ $cnField = new htmlInputField('posixAccount_cn', $cn);
+ if (in_array('cn', $readOnlyFields)) {
+ $cnField = new htmlOutputText($cn);
+ }
$return['cn'] = new htmlTableRow(array(
- new htmlTableExtendedInputField(_('Common name'), 'posixAccount_cn', $cn)
+ new htmlOutputText(_('Common name')), $cnField
));
}
if (in_array('loginShell', $fields)) {
$shelllist = getshells(); // list of all valid shells
$loginShell = '';
if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
+ $loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
+ if (in_array('loginShell', $readOnlyFields)) {
+ $loginShellField = new htmlOutputText($loginShell);
+ }
$return['loginShell'] = new htmlTableRow(array(
- new htmlTableExtendedSelect('posixAccount_loginShell', $shelllist, array($loginShell), _('Login shell'))
+ new htmlOutputText(_('Login shell')), $loginShellField
));
}
return $return;
@@ -2159,9 +2170,10 @@ class posixAccount extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (in_array('password', $fields)) {
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
@@ -2192,7 +2204,7 @@ class posixAccount extends baseModule implements passwordService {
if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done
}
- if (in_array('cn', $fields)) {
+ if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) {
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
if (!get_preg($_POST['posixAccount_cn'], 'cn')) {
$return['messages'][] = $this->messages['cn'][0];
@@ -2205,7 +2217,7 @@ class posixAccount extends baseModule implements passwordService {
$return['messages'][] = $this->messages['cn'][0];
}
}
- if (in_array('loginShell', $fields)) {
+ if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
$shelllist = getshells(); // list of all valid shells
if (in_array($_POST['posixAccount_loginShell'], $shelllist)
&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {
diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc
index bbc0993e..d569e714 100644
--- a/lam/lib/modules/sambaSamAccount.inc
+++ b/lam/lib/modules/sambaSamAccount.inc
@@ -2103,9 +2103,10 @@ class sambaSamAccount extends baseModule implements passwordService {
* @param array $fields list of active fields
* @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow)
*/
- function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
if ($passwordChangeOnly) {
return $return; // no input fields as long no LDAP content can be read
@@ -2143,9 +2144,10 @@ class sambaSamAccount extends baseModule implements passwordService {
* @param string $fields input fields
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/
- function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) {
+ function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
return $return;
diff --git a/lam/lib/selfService.inc b/lam/lib/selfService.inc
index d8ff90cc..c11ada2e 100644
--- a/lam/lib/selfService.inc
+++ b/lam/lib/selfService.inc
@@ -91,15 +91,23 @@ function getSelfServiceFieldSettings($scope) {
* @param array $fields input fields (array( => array(, , ...)))
* @param array $attributes LDAP attributes (attribute names in lower case)
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array meta HTML code (array( => htmlTableRow))
*/
-function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
+function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array();
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope);
- $code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
+ $modReadOnlyFields = array();
+ for ($r = 0; $r < sizeof($readOnlyFields); $r++) {
+ $parts = explode('_', $readOnlyFields[$r]);
+ if ($parts[0] == $modules[$i]) {
+ $modReadOnlyFields[] = $parts[1];
+ }
+ }
+ $code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields);
if (sizeof($code) > 0) $return[$modules[$i]] = $code;
}
return $return;
@@ -113,15 +121,23 @@ function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly
* @param string $fields input fields (array( => array(, , ...)))
* @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
+ * @param array $readOnlyFields list of read-only fields
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
*/
-function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) {
+function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
$modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope);
- $result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly);
+ $modReadOnlyFields = array();
+ for ($r = 0; $r < sizeof($readOnlyFields); $r++) {
+ $parts = explode('_', $readOnlyFields[$r]);
+ if ($parts[0] == $modules[$i]) {
+ $modReadOnlyFields[] = $parts[1];
+ }
+ }
+ $result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields);
if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']);
if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']);
if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']);
@@ -322,6 +338,11 @@ class selfServiceProfile {
*/
public $inputFields;
+ /**
+ * List of fields that are set in read-only mode.
+ */
+ public $readOnlyFields;
+
/** configuration settings of modules */
public $moduleSettings;
@@ -352,6 +373,7 @@ class selfServiceProfile {
array('name' => _('Password'),
'fields' => array('posixAccount_password'))
);
+ $this->readOnlyFields = array();
}
}