read only fields for self service

This commit is contained in:
Roland Gruber 2012-08-18 15:55:43 +00:00
parent 1fa4ec71f5
commit 0dc4319145
15 changed files with 501 additions and 292 deletions

View File

@ -1,6 +1,7 @@
September 2012 3.9 September 2012 3.9
- LAM Pro - LAM Pro
-> support RFC2307bis automount entries -> support RFC2307bis automount entries
-> read-only fields in self service
- fixed bugs - fixed bugs
-> Hidden tools are still shown in the "Tools" page (3546092) -> Hidden tools are still shown in the "Tools" page (3546092)

View File

@ -13,6 +13,7 @@
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"><title>Upgrade notes</title> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"><title>Upgrade notes</title>
@ -32,8 +33,11 @@ This is a list of API changes for all LAM releases.
<h2>3.8 -&gt; 3.9</h2>Module interface:<br> <h2>3.8 -&gt; 3.9</h2>Module interface:<br>
<ul> <ul>
<li><span style="font-weight: bold;">supportsAdminInterface()</span>: Can be used mark modules that only support the self service.<br> <li>new function <span style="font-weight: bold;">supportsAdminInterface()</span>: Can be used to mark modules that only support the self service.</li>
</li> <li>new function <span style="font-weight: bold;">canSelfServiceFieldBeReadOnly()</span>: Specifies if a certain self service field can be set in read-only mode.</li>
<li><span style="font-weight: bold;">getSelfServiceOptions()</span>: new parameter <span style="font-style: italic;">$readOnlyFields</span> that contains read-only fields</li>
<li><span style="font-weight: bold;">checkSelfServiceOptions()</span>: new parameter <span style="font-style: italic;">$readOnlyFields </span>that contains read-only fields</li>
</ul> </ul>
Meta HTML:<br> Meta HTML:<br>
<ul> <ul>

View File

@ -4343,8 +4343,16 @@ Run slapindex to rebuild the index.
<section> <section>
<title>Page layout</title> <title>Page layout</title>
<para>On the bottom you can specify what input fields your users can <para>Here you can specify what input fields your users can see. It is
see. It is also possible to group several input fields.</para> also possible to group several input fields.</para>
<para>Please use the arrow signs to change the order of the
fields/groups.</para>
<para>You may also set some fields as read-only for your users. This
can be done by clicking on the lock symbol. Read-only fields can be
used to show your users additional data on the self service page that
must not be changed by themselves (e.g. first/last name).</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
@ -4355,6 +4363,20 @@ Run slapindex to rebuild the index.
</screenshot> </screenshot>
</section> </section>
<section>
<title>Module settings</title>
<para>This allows to configure some module specific options (e.g.
custom scripts or password hash type).</para>
<screenshot>
<mediaobject>
<imageobject>
<imagedata fileref="images/conf6.jpg" />
</imageobject>
</mediaobject>
</screenshot>
<section id="PasswordSelfReset"> <section id="PasswordSelfReset">
<title>Password self reset</title> <title>Password self reset</title>
@ -4377,18 +4399,19 @@ Run slapindex to rebuild the index.
<para>You can now configure the minimum answer length for password <para>You can now configure the minimum answer length for password
reset answers. This is checked when you allow you users to specify reset answers. This is checked when you allow you users to specify
their answers via the self service. Additionally, you can specify the their answers via the self service. Additionally, you can specify
text of the password reset link (default: "Forgot password?"). The the text of the password reset link (default: "Forgot password?").
link is displayed below the password field on the self service login The link is displayed below the password field on the self service
page.</para> login page.</para>
<para>Next, please enter the DN and password of an LDAP entry that is <para>Next, please enter the DN and password of an LDAP entry that
allowed to reset the passwords. This entry needs write access to the is allowed to reset the passwords. This entry needs write access to
attributes shadowLastChange, pwdAccountLockedTime and userPassword. It the attributes shadowLastChange, pwdAccountLockedTime and
also needs read access to uid, mail, passwordSelfResetQuestion and userPassword. It also needs read access to uid, mail,
passwordSelfResetAnswer. Please note that LAM Pro saves the password passwordSelfResetQuestion and passwordSelfResetAnswer. Please note
on your server file system. Therefore, it is required to protect your that LAM Pro saves the password on your server file system.
server against unauthorised access.</para> Therefore, it is required to protect your server against
unauthorised access.</para>
<para>Please also specify the list of password reset questions that <para>Please also specify the list of password reset questions that
the user can choose.</para> the user can choose.</para>
@ -4400,27 +4423,28 @@ Run slapindex to rebuild the index.
<literallayout> </literallayout> <literallayout> </literallayout>
<para>You can inform your users via mail about their password change. <para>You can inform your users via mail about their password
The mail can include the new password by using the special wildcard change. The mail can include the new password by using the special
"@@newPassword@@". Additionally, you may want to insert other wildcard "@@newPassword@@". Additionally, you may want to insert
wildcards that are replaced by the corresponding LDAP attributes. E.g. other wildcards that are replaced by the corresponding LDAP
"@@uid@@" will be replaced by the user name.</para> attributes. E.g. "@@uid@@" will be replaced by the user name.</para>
<literallayout> </literallayout> <literallayout> </literallayout>
<para>LAM Pro can send your users an email with a confirmation link to <para>LAM Pro can send your users an email with a confirmation link
validate their email address. Of course, this should only be used if to validate their email address. Of course, this should only be used
the email account is independent from the user password (e.g. at if the email account is independent from the user password (e.g. at
external provider). The mail must include the confirmation link by external provider). The mail must include the confirmation link by
using the special wildcard "@@resetLink@@". Additionally, you may want using the special wildcard "@@resetLink@@". Additionally, you may
to insert other wildcards that are replaced by the corresponding LDAP want to insert other wildcards that are replaced by the
attributes. E.g. "@@uid@@" will be replaced by the user name.</para> corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by
the user name.</para>
<para>There is also an option to skip the security question at all if <para>There is also an option to skip the security question at all
email verification is enabled. In this case the password can be reset if email verification is enabled. In this case the password can be
directly after clicking on the confirmation link. Please handle with reset directly after clicking on the confirmation link. Please
care since anybody with access to the user's mail account can reset handle with care since anybody with access to the user's mail
the password.</para> account can reset the password.</para>
<para><emphasis role="bold">New fields for self service <para><emphasis role="bold">New fields for self service
page</emphasis></para> page</emphasis></para>
@ -4450,9 +4474,9 @@ Run slapindex to rebuild the index.
<para><emphasis role="bold">Password reset link</emphasis></para> <para><emphasis role="bold">Password reset link</emphasis></para>
<para>After activating the password self reset feature there will be a <para>After activating the password self reset feature there will be
new link on the self service login page. The text can be configured as a new link on the self service login page. The text can be
described above (default: "Forgot password?").</para> configured as described above (default: "Forgot password?").</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
@ -4473,11 +4497,11 @@ Run slapindex to rebuild the index.
</mediaobject> </mediaobject>
</screenshot> </screenshot>
<para>LAM Pro will use this information to find the correct LDAP entry <para>LAM Pro will use this information to find the correct LDAP
of this user. It then displays the user's security question and input entry of this user. It then displays the user's security question
fields for his new password. If the answer is correct then the new and input fields for his new password. If the answer is correct then
password will be set. Additionally, pwdAccountLockedTime will be the new password will be set. Additionally, pwdAccountLockedTime
removed and shadowLastChange updated to the current time if will be removed and shadowLastChange updated to the current time if
existing.</para> existing.</para>
<screenshot> <screenshot>
@ -4515,13 +4539,13 @@ Run slapindex to rebuild the index.
used.</para> used.</para>
<para><emphasis>Admin DN and password:</emphasis> Please enter the <para><emphasis>Admin DN and password:</emphasis> Please enter the
LDAP DN and its password that should be used to create new users. This LDAP DN and its password that should be used to create new users.
DN also needs to be able to do LDAP searches by uid in the self This DN also needs to be able to do LDAP searches by uid in the self
service part of your LDAP tree.</para> service part of your LDAP tree.</para>
<para><emphasis>Object classes:</emphasis> This is a list of object <para><emphasis>Object classes:</emphasis> This is a list of object
classes that are used to build the new user accounts. Please enter one classes that are used to build the new user accounts. Please enter
object class in each line.</para> one object class in each line.</para>
<para><emphasis>Attributes:</emphasis> This is a list of additional <para><emphasis>Attributes:</emphasis> This is a list of additional
attributes that the user can enter. Please note that user name, attributes that the user can enter. Please note that user name,
@ -4536,8 +4560,8 @@ Run slapindex to rebuild the index.
validation. Please enter the regular expression (e.g. validation. Please enter the regular expression (e.g.
"/^[0-9a-zA-Z]+$/") and an error message if the value does not match "/^[0-9a-zA-Z]+$/") and an error message if the value does not match
it. For a syntax description see <ulink it. For a syntax description see <ulink
url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation
optional.</para> is optional.</para>
<para>Example:</para> <para>Example:</para>
@ -4548,7 +4572,8 @@ Run slapindex to rebuild the index.
valid last name.</para> valid last name.</para>
<para>If you use the object class "inetOrgPerson" and do not provide <para>If you use the object class "inetOrgPerson" and do not provide
the "cn" attribute then LAM will set it to the user name value.</para> the "cn" attribute then LAM will set it to the user name
value.</para>
<literallayout> <literallayout>
</literallayout> </literallayout>
@ -4562,8 +4587,8 @@ Run slapindex to rebuild the index.
<para><emphasis role="bold">User view:</emphasis></para> <para><emphasis role="bold">User view:</emphasis></para>
<para>The user can register by clicking on a link on the self service <para>The user can register by clicking on a link on the self
login page:</para> service login page:</para>
<screenshot> <screenshot>
<mediaobject> <mediaobject>
@ -4585,9 +4610,10 @@ Run slapindex to rebuild the index.
</screenshot> </screenshot>
<para>LAM will then send him an email with a validation link that is <para>LAM will then send him an email with a validation link that is
valid for 24 hours. When he clicks on this link then the account will valid for 24 hours. When he clicks on this link then the account
be created in the self service user suffix. The DN will look like will be created in the self service user suffix. The DN will look
this: <emphasis>uid=&lt;user name&gt;,...</emphasis></para> like this: <emphasis>uid=&lt;user name&gt;,...</emphasis></para>
</section>
</section> </section>
</section> </section>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 128 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 84 KiB

After

Width:  |  Height:  |  Size: 70 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 65 KiB

View File

@ -1221,6 +1221,19 @@ abstract class baseModule {
else return array(); else return array();
} }
/**
* Returns if a given self service field can be set in read-only mode.
*
* @param String $fieldID field identifier
* @param selfServiceProfile $profile currently edited profile
*/
public function canSelfServiceFieldBeReadOnly($fieldID, $profile) {
if (isset($this->meta['selfServiceReadOnlyFields']) && is_array($this->meta['selfServiceReadOnlyFields'])) {
return in_array($fieldID, $this->meta['selfServiceReadOnlyFields']);
}
return false;
}
/** /**
* Returns the meta HTML code for each input field. * Returns the meta HTML code for each input field.
* *
@ -1231,11 +1244,12 @@ abstract class baseModule {
* @param array $fields list of active fields * @param array $fields list of active fields
* @param array $attributes attributes of LDAP account * @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow) * @return array list of meta HTML elements (field name => htmlTableRow)
* *
* @see htmlElement * @see htmlElement
*/ */
public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
// this function must be overwritten by subclasses. // this function must be overwritten by subclasses.
return array(); return array();
} }
@ -1254,9 +1268,10 @@ abstract class baseModule {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
return $return; return $return;
} }

View File

@ -625,7 +625,7 @@ function printHelpLink($entry, $number, $module='', $scope='') {
echo "<a href=\"" . $helpPath . "help.php?module=$module&amp;HelpNumber=". $number . "&amp;scope=" . $scope . "\" "; echo "<a href=\"" . $helpPath . "help.php?module=$module&amp;HelpNumber=". $number . "&amp;scope=" . $scope . "\" ";
echo "target=\"help\" "; echo "target=\"help\" ";
echo "onmouseover=\"Tip('" . $message . "', TITLE, '" . $title . "')\" onmouseout=\"UnTip()\">"; echo "onmouseover=\"Tip('" . $message . "', TITLE, '" . $title . "')\" onmouseout=\"UnTip()\">";
echo "<img width=16 height=16 src=\"../$helpPath/graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">"; echo "<img class=\"align-middle\" width=16 height=16 src=\"../$helpPath/graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "</a>"; echo "</a>";
} }

View File

@ -1578,9 +1578,10 @@ class asteriskAccount extends baseModule implements passwordService {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) { if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) {
return $return; return $return;

View File

@ -588,9 +588,10 @@ class asteriskVoicemail extends baseModule implements passwordService {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) { if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) {
return $return; return $return;

View File

@ -127,6 +127,10 @@ class inetOrgPerson extends baseModule implements passwordService {
'homePhone' => _('Home telephone number'), 'roomNumber' => _('Room number'), 'carLicense' => _('Car license'), 'homePhone' => _('Home telephone number'), 'roomNumber' => _('Room number'), 'carLicense' => _('Car license'),
'location' => _('Location'), 'state' => _('State'), 'officeName' => _('Office name'), 'businessCategory' => _('Business category'), 'location' => _('Location'), 'state' => _('State'), 'officeName' => _('Office name'), 'businessCategory' => _('Business category'),
'departmentNumber' => _('Department'), 'initials' => _('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web site')); 'departmentNumber' => _('Department'), 'initials' => _('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web site'));
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('firstName', 'lastName', 'mail', 'telephoneNumber', 'mobile', 'faxNumber', 'street',
'postalAddress', 'registeredAddress', 'postalCode', 'postOfficeBox', 'jpegPhoto', 'homePhone', 'roomNumber', 'carLicense',
'location', 'state', 'officeName', 'businessCategory', 'departmentNumber', 'initials', 'title', 'labeledURI');
// profile elements // profile elements
$profileElements = array(); $profileElements = array();
if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideStreet')) { if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideStreet')) {
@ -2521,9 +2525,10 @@ class inetOrgPerson extends baseModule implements passwordService {
* @param array $fields list of active fields * @param array $fields list of active fields
* @param array $attributes attributes of LDAP account * @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow) * @return array list of meta HTML elements (field name => htmlTableRow)
*/ */
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array(); $return = array();
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return $return; // no fields as long no LDAP content can be read return $return; // no fields as long no LDAP content can be read
@ -2531,134 +2536,210 @@ class inetOrgPerson extends baseModule implements passwordService {
if (in_array('firstName', $fields)) { if (in_array('firstName', $fields)) {
$firstName = ''; $firstName = '';
if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0]; if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0];
$firstNameField = new htmlInputField('inetOrgPerson_firstName', $firstName);
if (in_array('firstName', $readOnlyFields)) {
$firstNameField = new htmlOutputText($firstName);
}
$return['firstName'] = new htmlTableRow(array( $return['firstName'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('First name'), 'inetOrgPerson_firstName', $firstName) new htmlOutputText(_('First name')), $firstNameField
)); ));
} }
if (in_array('lastName', $fields)) { if (in_array('lastName', $fields)) {
$lastName = ''; $lastName = '';
if (isset($attributes['sn'][0])) $lastName = $attributes['sn'][0]; if (isset($attributes['sn'][0])) $lastName = $attributes['sn'][0];
$lastNameField = new htmlInputField('inetOrgPerson_lastName', $lastName);
if (in_array('lastName', $readOnlyFields)) {
$lastNameField = new htmlOutputText($lastName);
}
$return['lastName'] = new htmlTableRow(array( $return['lastName'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Last name'), 'inetOrgPerson_lastName', $lastName) new htmlOutputText(_('Last name')), $lastNameField
)); ));
} }
if (in_array('mail', $fields)) { if (in_array('mail', $fields)) {
$mail = ''; $mail = '';
if (isset($attributes['mail'][0])) $mail = $attributes['mail'][0]; if (isset($attributes['mail'][0])) $mail = $attributes['mail'][0];
$mailField = new htmlInputField('inetOrgPerson_mail', $mail);
if (in_array('mail', $readOnlyFields)) {
$mailField = new htmlOutputText($mail);
}
$return['mail'] = new htmlTableRow(array( $return['mail'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Email address'), 'inetOrgPerson_mail', $mail) new htmlOutputText(_('Email address')), $mailField
)); ));
} }
if (in_array('labeledURI', $fields)) { if (in_array('labeledURI', $fields)) {
$labeledURI = ''; $labeledURI = '';
if (isset($attributes['labeledURI'][0])) $labeledURI = implode('; ', $attributes['labeledURI']); if (isset($attributes['labeledURI'][0])) $labeledURI = implode('; ', $attributes['labeledURI']);
$labeledURIField = new htmlInputField('inetOrgPerson_labeledURI', $labeledURI);
if (in_array('labeledURI', $readOnlyFields)) {
$labeledURIField = new htmlOutputText($labeledURI);
}
$return['labeledURI'] = new htmlTableRow(array( $return['labeledURI'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Web site'), 'inetOrgPerson_labeledURI', $labeledURI) new htmlOutputText(_('Web site')), $labeledURIField
)); ));
} }
if (in_array('telephoneNumber', $fields)) { if (in_array('telephoneNumber', $fields)) {
$telephoneNumber = ''; $telephoneNumber = '';
if (isset($attributes['telephoneNumber'][0])) $telephoneNumber = $attributes['telephoneNumber'][0]; if (isset($attributes['telephoneNumber'][0])) $telephoneNumber = $attributes['telephoneNumber'][0];
$telephoneNumberField = new htmlInputField('inetOrgPerson_telephoneNumber', $telephoneNumber);
if (in_array('telephoneNumber', $readOnlyFields)) {
$telephoneNumberField = new htmlOutputText($telephoneNumber);
}
$return['telephoneNumber'] = new htmlTableRow(array( $return['telephoneNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Telephone number'), 'inetOrgPerson_telephoneNumber', $telephoneNumber) new htmlOutputText(_('Telephone number')), $telephoneNumberField
)); ));
} }
if (in_array('homePhone', $fields)) { if (in_array('homePhone', $fields)) {
$homePhone = ''; $homePhone = '';
if (isset($attributes['homePhone'][0])) $homePhone = $attributes['homePhone'][0]; if (isset($attributes['homePhone'][0])) $homePhone = $attributes['homePhone'][0];
$homePhoneField = new htmlInputField('inetOrgPerson_homePhone', $homePhone);
if (in_array('homePhone', $readOnlyFields)) {
$homePhoneField = new htmlOutputText($homePhone);
}
$return['homePhone'] = new htmlTableRow(array( $return['homePhone'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Home telephone number'), 'inetOrgPerson_homePhone', $homePhone) new htmlOutputText(_('Home telephone number')), $homePhoneField
)); ));
} }
if (in_array('mobile', $fields)) { if (in_array('mobile', $fields)) {
$mobile = ''; $mobile = '';
if (isset($attributes['mobile'][0])) $mobile = $attributes['mobile'][0]; if (isset($attributes['mobile'][0])) $mobile = $attributes['mobile'][0];
$mobileField = new htmlInputField('inetOrgPerson_mobile', $mobile);
if (in_array('mobile', $readOnlyFields)) {
$mobileField = new htmlOutputText($mobile);
}
$return['mobile'] = new htmlTableRow(array( $return['mobile'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Mobile telephone number'), 'inetOrgPerson_mobile', $mobile) new htmlOutputText(_('Mobile telephone number')), $mobileField
)); ));
} }
if (in_array('faxNumber', $fields)) { if (in_array('faxNumber', $fields)) {
$faxNumber = ''; $faxNumber = '';
if (isset($attributes['facsimileTelephoneNumber'][0])) $faxNumber = $attributes['facsimileTelephoneNumber'][0]; if (isset($attributes['facsimileTelephoneNumber'][0])) $faxNumber = $attributes['facsimileTelephoneNumber'][0];
$faxNumberField = new htmlInputField('inetOrgPerson_faxNumber', $faxNumber);
if (in_array('faxNumber', $readOnlyFields)) {
$faxNumberField = new htmlOutputText($faxNumber);
}
$return['faxNumber'] = new htmlTableRow(array( $return['faxNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Fax number'), 'inetOrgPerson_faxNumber', $faxNumber) new htmlOutputText(_('Fax number')), $faxNumberField
)); ));
} }
if (in_array('street', $fields)) { if (in_array('street', $fields)) {
$street = ''; $street = '';
if (isset($attributes['street'][0])) $street = $attributes['street'][0]; if (isset($attributes['street'][0])) $street = $attributes['street'][0];
$streetField = new htmlInputField('inetOrgPerson_street', $street);
if (in_array('street', $readOnlyFields)) {
$streetField = new htmlOutputText($street);
}
$return['street'] = new htmlTableRow(array( $return['street'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Street'), 'inetOrgPerson_street', $street) new htmlOutputText(_('Street')), $streetField
)); ));
} }
if (in_array('postalAddress', $fields)) { if (in_array('postalAddress', $fields)) {
$postalAddress = ''; $postalAddress = '';
if (isset($attributes['postalAddress'][0])) $postalAddress = $attributes['postalAddress'][0]; if (isset($attributes['postalAddress'][0])) $postalAddress = $attributes['postalAddress'][0];
$postalAddressField = new htmlInputField('inetOrgPerson_postalAddress', $postalAddress);
if (in_array('postalAddress', $readOnlyFields)) {
$postalAddressField = new htmlOutputText($postalAddress);
}
$return['postalAddress'] = new htmlTableRow(array( $return['postalAddress'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Postal address'), 'inetOrgPerson_postalAddress', $postalAddress) new htmlOutputText(_('Postal address')), $postalAddressField
)); ));
} }
if (in_array('registeredAddress', $fields)) { if (in_array('registeredAddress', $fields)) {
$registeredAddress = ''; $registeredAddress = '';
if (isset($attributes['registeredAddress'][0])) $registeredAddress = $attributes['registeredAddress'][0]; if (isset($attributes['registeredAddress'][0])) $registeredAddress = $attributes['registeredAddress'][0];
$registeredAddressField = new htmlInputField('inetOrgPerson_registeredAddress', $registeredAddress);
if (in_array('registeredAddress', $readOnlyFields)) {
$registeredAddressField = new htmlOutputText($registeredAddress);
}
$return['registeredAddress'] = new htmlTableRow(array( $return['registeredAddress'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Registered address'), 'inetOrgPerson_registeredAddress', $registeredAddress) new htmlOutputText(_('Registered address')), $registeredAddressField
)); ));
} }
if (in_array('postalCode', $fields)) { if (in_array('postalCode', $fields)) {
$postalCode = ''; $postalCode = '';
if (isset($attributes['postalCode'][0])) $postalCode = $attributes['postalCode'][0]; if (isset($attributes['postalCode'][0])) $postalCode = $attributes['postalCode'][0];
$postalCodeField = new htmlInputField('inetOrgPerson_postalCode', $postalCode);
if (in_array('postalCode', $readOnlyFields)) {
$postalCodeField = new htmlOutputText($postalCode);
}
$return['postalCode'] = new htmlTableRow(array( $return['postalCode'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Postal code'), 'inetOrgPerson_postalCode', $postalCode) new htmlOutputText(_('Postal code')), $postalCodeField
)); ));
} }
if (in_array('postOfficeBox', $fields)) { if (in_array('postOfficeBox', $fields)) {
$postOfficeBox = ''; $postOfficeBox = '';
if (isset($attributes['postOfficeBox'][0])) $postOfficeBox = $attributes['postOfficeBox'][0]; if (isset($attributes['postOfficeBox'][0])) $postOfficeBox = $attributes['postOfficeBox'][0];
$postOfficeBoxField = new htmlInputField('inetOrgPerson_postOfficeBox', $postOfficeBox);
if (in_array('postOfficeBox', $readOnlyFields)) {
$postOfficeBoxField = new htmlOutputText($postOfficeBox);
}
$return['postOfficeBox'] = new htmlTableRow(array( $return['postOfficeBox'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Post office box'), 'inetOrgPerson_postOfficeBox', $postOfficeBox) new htmlOutputText(_('Post office box')), $postOfficeBoxField
)); ));
} }
if (in_array('roomNumber', $fields)) { if (in_array('roomNumber', $fields)) {
$roomNumber = ''; $roomNumber = '';
if (isset($attributes['roomNumber'][0])) $roomNumber = $attributes['roomNumber'][0]; if (isset($attributes['roomNumber'][0])) $roomNumber = $attributes['roomNumber'][0];
$roomNumberField = new htmlInputField('inetOrgPerson_roomNumber', $roomNumber);
if (in_array('roomNumber', $readOnlyFields)) {
$roomNumberField = new htmlOutputText($roomNumber);
}
$return['roomNumber'] = new htmlTableRow(array( $return['roomNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Room number'), 'inetOrgPerson_roomNumber', $roomNumber) new htmlOutputText(_('Room number')), $roomNumberField
)); ));
} }
if (in_array('location', $fields)) { if (in_array('location', $fields)) {
$l = ''; $l = '';
if (isset($attributes['l'][0])) $l = $attributes['l'][0]; if (isset($attributes['l'][0])) $l = $attributes['l'][0];
$lField = new htmlInputField('inetOrgPerson_location', $l);
if (in_array('location', $readOnlyFields)) {
$lField = new htmlOutputText($l);
}
$return['location'] = new htmlTableRow(array( $return['location'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Location'), 'inetOrgPerson_location', $l) new htmlOutputText(_('Location')), $lField
)); ));
} }
if (in_array('state', $fields)) { if (in_array('state', $fields)) {
$st = ''; $st = '';
if (isset($attributes['st'][0])) $st = $attributes['st'][0]; if (isset($attributes['st'][0])) $st = $attributes['st'][0];
$stField = new htmlInputField('inetOrgPerson_state', $st);
if (in_array('state', $readOnlyFields)) {
$stField = new htmlOutputText($st);
}
$return['state'] = new htmlTableRow(array( $return['state'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('State'), 'inetOrgPerson_state', $st) new htmlOutputText(_('State')), $stField
)); ));
} }
if (in_array('carLicense', $fields)) { if (in_array('carLicense', $fields)) {
$carLicense = ''; $carLicense = '';
if (isset($attributes['carLicense'][0])) $carLicense = $attributes['carLicense'][0]; if (isset($attributes['carLicense'][0])) $carLicense = $attributes['carLicense'][0];
$carLicenseField = new htmlInputField('inetOrgPerson_carLicense', $carLicense);
if (in_array('carLicense', $readOnlyFields)) {
$carLicenseField = new htmlOutputText($carLicense);
}
$return['carLicense'] = new htmlTableRow(array( $return['carLicense'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Car license'), 'inetOrgPerson_carLicense', $carLicense) new htmlOutputText(_('Car license')), $carLicenseField
)); ));
} }
if (in_array('officeName', $fields)) { if (in_array('officeName', $fields)) {
$physicalDeliveryOfficeName = ''; $physicalDeliveryOfficeName = '';
if (isset($attributes['physicalDeliveryOfficeName'][0])) $physicalDeliveryOfficeName = $attributes['physicalDeliveryOfficeName'][0]; if (isset($attributes['physicalDeliveryOfficeName'][0])) $physicalDeliveryOfficeName = $attributes['physicalDeliveryOfficeName'][0];
$physicalDeliveryOfficeNameField = new htmlInputField('inetOrgPerson_officeName', $physicalDeliveryOfficeName);
if (in_array('officeName', $readOnlyFields)) {
$physicalDeliveryOfficeNameField = new htmlOutputText($physicalDeliveryOfficeName);
}
$return['officeName'] = new htmlTableRow(array( $return['officeName'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Office name'), 'inetOrgPerson_officeName', $physicalDeliveryOfficeName) new htmlOutputText(_('Office name')), $physicalDeliveryOfficeNameField
)); ));
} }
if (in_array('businessCategory', $fields)) { if (in_array('businessCategory', $fields)) {
$businessCategory = ''; $businessCategory = '';
if (isset($attributes['businessCategory'][0])) $businessCategory = $attributes['businessCategory'][0]; if (isset($attributes['businessCategory'][0])) $businessCategory = $attributes['businessCategory'][0];
$businessCategoryField = new htmlInputField('inetOrgPerson_businessCategory', $businessCategory);
if (in_array('businessCategory', $readOnlyFields)) {
$businessCategoryField = new htmlOutputText($businessCategory);
}
$return['businessCategory'] = new htmlTableRow(array( $return['businessCategory'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Business category'), 'inetOrgPerson_businessCategory', $businessCategory) new htmlOutputText(_('Business category')), $businessCategoryField
)); ));
} }
if (in_array('jpegPhoto', $fields)) { if (in_array('jpegPhoto', $fields)) {
@ -2670,15 +2751,17 @@ class inetOrgPerson extends baseModule implements passwordService {
$photoFile = '../../tmp/' . $jpeg_filename; $photoFile = '../../tmp/' . $jpeg_filename;
$photoSub = new htmlTable(); $photoSub = new htmlTable();
$photoSub->addElement(new htmlImage($photoFile), true); $photoSub->addElement(new htmlImage($photoFile), true);
if (!in_array('jpegPhoto', $readOnlyFields)) {
$photoSubSub = new htmlTable(); $photoSubSub = new htmlTable();
$photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false)); $photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false));
$photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile')); $photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile'));
$photoSub->addElement($photoSubSub); $photoSub->addElement($photoSubSub);
}
$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub); $photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub);
$photoRow = new htmlTableRow($photoRowCells); $photoRow = new htmlTableRow($photoRowCells);
$return['jpegPhoto'] = $photoRow; $return['jpegPhoto'] = $photoRow;
} }
else { elseif (!in_array('jpegPhoto', $readOnlyFields)) {
$photoSub = new htmlTable(); $photoSub = new htmlTable();
$photoSub->addElement(new htmlTableExtendedInputFileUpload('photoFile', _('Add photo'))); $photoSub->addElement(new htmlTableExtendedInputFileUpload('photoFile', _('Add photo')));
$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub); $photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub);
@ -2689,22 +2772,34 @@ class inetOrgPerson extends baseModule implements passwordService {
if (in_array('departmentNumber', $fields)) { if (in_array('departmentNumber', $fields)) {
$departmentNumber = ''; $departmentNumber = '';
if (isset($attributes['departmentNumber'][0])) $departmentNumber = implode('; ', $attributes['departmentNumber']); if (isset($attributes['departmentNumber'][0])) $departmentNumber = implode('; ', $attributes['departmentNumber']);
$departmentNumberField = new htmlInputField('inetOrgPerson_departmentNumber', $departmentNumber);
if (in_array('departmentNumber', $readOnlyFields)) {
$departmentNumberField = new htmlOutputText($departmentNumber);
}
$return['departmentNumber'] = new htmlTableRow(array( $return['departmentNumber'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Department'), 'inetOrgPerson_departmentNumber', $departmentNumber) new htmlOutputText(_('Department')), $departmentNumberField
)); ));
} }
if (in_array('initials', $fields)) { if (in_array('initials', $fields)) {
$initials = ''; $initials = '';
if (isset($attributes['initials'][0])) $initials = implode('; ', $attributes['initials']); if (isset($attributes['initials'][0])) $initials = implode('; ', $attributes['initials']);
$initialsField = new htmlInputField('inetOrgPerson_initials', $initials);
if (in_array('initials', $readOnlyFields)) {
$initialsField = new htmlOutputText($initials);
}
$return['initials'] = new htmlTableRow(array( $return['initials'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Initials'), 'inetOrgPerson_initials', $initials) new htmlOutputText(_('Initials')), $initialsField
)); ));
} }
if (in_array('title', $fields)) { if (in_array('title', $fields)) {
$title = ''; $title = '';
if (isset($attributes['title'][0])) $title = $attributes['title'][0]; if (isset($attributes['title'][0])) $title = $attributes['title'][0];
$titleField = new htmlInputField('inetOrgPerson_title', $title);
if (in_array('title', $readOnlyFields)) {
$titleField = new htmlOutputText($title);
}
$return['title'] = new htmlTableRow(array( $return['title'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Job title'), 'inetOrgPerson_title', $title) new htmlOutputText(_('Job title')), $titleField
)); ));
} }
return $return; return $return;
@ -2724,9 +2819,10 @@ class inetOrgPerson extends baseModule implements passwordService {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done return $return; // skip processing if only a password change is done
@ -2734,7 +2830,7 @@ class inetOrgPerson extends baseModule implements passwordService {
$attributeNames = array(); // list of attributes which should be checked for modification $attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes; $attributesNew = $attributes;
// first name // first name
if (in_array('firstName', $fields)) { if (in_array('firstName', $fields) && !in_array('firstName', $readOnlyFields)) {
$attributeNames[] = 'givenName'; $attributeNames[] = 'givenName';
if (isset($_POST['inetOrgPerson_firstName']) && ($_POST['inetOrgPerson_firstName'] != '')) { if (isset($_POST['inetOrgPerson_firstName']) && ($_POST['inetOrgPerson_firstName'] != '')) {
if (!get_preg($_POST['inetOrgPerson_firstName'], 'realname')) $return['messages'][] = $this->messages['givenName'][0]; if (!get_preg($_POST['inetOrgPerson_firstName'], 'realname')) $return['messages'][] = $this->messages['givenName'][0];
@ -2743,7 +2839,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['givenName'])) unset($attributesNew['givenName']); elseif (isset($attributes['givenName'])) unset($attributesNew['givenName']);
} }
// last name // last name
if (in_array('lastName', $fields)) { if (in_array('lastName', $fields) && !in_array('lastName', $readOnlyFields)) {
$attributeNames[] = 'sn'; $attributeNames[] = 'sn';
if (isset($_POST['inetOrgPerson_lastName']) && ($_POST['inetOrgPerson_lastName'] != '')) { if (isset($_POST['inetOrgPerson_lastName']) && ($_POST['inetOrgPerson_lastName'] != '')) {
if (!get_preg($_POST['inetOrgPerson_lastName'], 'realname')) $return['messages'][] = $this->messages['lastname'][0]; if (!get_preg($_POST['inetOrgPerson_lastName'], 'realname')) $return['messages'][] = $this->messages['lastname'][0];
@ -2755,7 +2851,7 @@ class inetOrgPerson extends baseModule implements passwordService {
} }
} }
// email // email
if (in_array('mail', $fields)) { if (in_array('mail', $fields) && !in_array('mail', $readOnlyFields)) {
$attributeNames[] = 'mail'; $attributeNames[] = 'mail';
if (isset($_POST['inetOrgPerson_mail']) && ($_POST['inetOrgPerson_mail'] != '')) { if (isset($_POST['inetOrgPerson_mail']) && ($_POST['inetOrgPerson_mail'] != '')) {
if (!get_preg($_POST['inetOrgPerson_mail'], 'email')) $return['messages'][] = $this->messages['email'][0]; if (!get_preg($_POST['inetOrgPerson_mail'], 'email')) $return['messages'][] = $this->messages['email'][0];
@ -2764,7 +2860,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['mail'])) unset($attributesNew['mail']); elseif (isset($attributes['mail'])) unset($attributesNew['mail']);
} }
// labeledURI // labeledURI
if (in_array('labeledURI', $fields)) { if (in_array('labeledURI', $fields) && !in_array('labeledURI', $readOnlyFields)) {
$attributeNames[] = 'labeledURI'; $attributeNames[] = 'labeledURI';
if (isset($_POST['inetOrgPerson_labeledURI']) && ($_POST['inetOrgPerson_labeledURI'] != '')) { if (isset($_POST['inetOrgPerson_labeledURI']) && ($_POST['inetOrgPerson_labeledURI'] != '')) {
$attributesNew['labeledURI'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_labeledURI']); $attributesNew['labeledURI'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_labeledURI']);
@ -2772,7 +2868,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['labeledURI'])) unset($attributesNew['labeledURI']); elseif (isset($attributes['labeledURI'])) unset($attributesNew['labeledURI']);
} }
// telephone number // telephone number
if (in_array('telephoneNumber', $fields)) { if (in_array('telephoneNumber', $fields) && !in_array('telephoneNumber', $readOnlyFields)) {
$attributeNames[] = 'telephoneNumber'; $attributeNames[] = 'telephoneNumber';
if (isset($_POST['inetOrgPerson_telephoneNumber']) && ($_POST['inetOrgPerson_telephoneNumber'] != '')) { if (isset($_POST['inetOrgPerson_telephoneNumber']) && ($_POST['inetOrgPerson_telephoneNumber'] != '')) {
if (!get_preg($_POST['inetOrgPerson_telephoneNumber'], 'telephone')) $return['messages'][] = $this->messages['telephoneNumber'][0]; if (!get_preg($_POST['inetOrgPerson_telephoneNumber'], 'telephone')) $return['messages'][] = $this->messages['telephoneNumber'][0];
@ -2781,7 +2877,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['telephoneNumber'])) unset($attributesNew['telephoneNumber']); elseif (isset($attributes['telephoneNumber'])) unset($attributesNew['telephoneNumber']);
} }
// home telephone number // home telephone number
if (in_array('homePhone', $fields)) { if (in_array('homePhone', $fields) && !in_array('homePhone', $readOnlyFields)) {
$attributeNames[] = 'homePhone'; $attributeNames[] = 'homePhone';
if (isset($_POST['inetOrgPerson_homePhone']) && ($_POST['inetOrgPerson_homePhone'] != '')) { if (isset($_POST['inetOrgPerson_homePhone']) && ($_POST['inetOrgPerson_homePhone'] != '')) {
if (!get_preg($_POST['inetOrgPerson_homePhone'], 'telephone')) $return['messages'][] = $this->messages['homePhone'][0]; if (!get_preg($_POST['inetOrgPerson_homePhone'], 'telephone')) $return['messages'][] = $this->messages['homePhone'][0];
@ -2790,7 +2886,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['homePhone'])) unset($attributesNew['homePhone']); elseif (isset($attributes['homePhone'])) unset($attributesNew['homePhone']);
} }
// fax number // fax number
if (in_array('faxNumber', $fields)) { if (in_array('faxNumber', $fields) && !in_array('faxNumber', $readOnlyFields)) {
$attributeNames[] = 'facsimileTelephoneNumber'; $attributeNames[] = 'facsimileTelephoneNumber';
if (isset($_POST['inetOrgPerson_faxNumber']) && ($_POST['inetOrgPerson_faxNumber'] != '')) { if (isset($_POST['inetOrgPerson_faxNumber']) && ($_POST['inetOrgPerson_faxNumber'] != '')) {
if (!get_preg($_POST['inetOrgPerson_faxNumber'], 'telephone')) $return['messages'][] = $this->messages['facsimileNumber'][0]; if (!get_preg($_POST['inetOrgPerson_faxNumber'], 'telephone')) $return['messages'][] = $this->messages['facsimileNumber'][0];
@ -2799,7 +2895,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['facsimileTelephoneNumber'])) $attributesNew['facsimileTelephoneNumber'] = array(); elseif (isset($attributes['facsimileTelephoneNumber'])) $attributesNew['facsimileTelephoneNumber'] = array();
} }
// mobile telephone number // mobile telephone number
if (in_array('mobile', $fields)) { if (in_array('mobile', $fields) && !in_array('mobile', $readOnlyFields)) {
$attributeNames[] = 'mobile'; $attributeNames[] = 'mobile';
if (isset($_POST['inetOrgPerson_mobile']) && ($_POST['inetOrgPerson_mobile'] != '')) { if (isset($_POST['inetOrgPerson_mobile']) && ($_POST['inetOrgPerson_mobile'] != '')) {
if (!get_preg($_POST['inetOrgPerson_mobile'], 'telephone')) $return['messages'][] = $this->messages['mobileTelephone'][0]; if (!get_preg($_POST['inetOrgPerson_mobile'], 'telephone')) $return['messages'][] = $this->messages['mobileTelephone'][0];
@ -2808,7 +2904,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['mobile'])) unset($attributesNew['mobile']); elseif (isset($attributes['mobile'])) unset($attributesNew['mobile']);
} }
// street // street
if (in_array('street', $fields)) { if (in_array('street', $fields) && !in_array('street', $readOnlyFields)) {
$attributeNames[] = 'street'; $attributeNames[] = 'street';
if (isset($_POST['inetOrgPerson_street']) && ($_POST['inetOrgPerson_street'] != '')) { if (isset($_POST['inetOrgPerson_street']) && ($_POST['inetOrgPerson_street'] != '')) {
if (!get_preg($_POST['inetOrgPerson_street'], 'street')) $return['messages'][] = $this->messages['street'][0]; if (!get_preg($_POST['inetOrgPerson_street'], 'street')) $return['messages'][] = $this->messages['street'][0];
@ -2817,7 +2913,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['street'])) unset($attributesNew['street']); elseif (isset($attributes['street'])) unset($attributesNew['street']);
} }
// postal address // postal address
if (in_array('postalAddress', $fields)) { if (in_array('postalAddress', $fields) && !in_array('postalAddress', $readOnlyFields)) {
$attributeNames[] = 'postalAddress'; $attributeNames[] = 'postalAddress';
if (isset($_POST['inetOrgPerson_postalAddress']) && ($_POST['inetOrgPerson_postalAddress'] != '')) { if (isset($_POST['inetOrgPerson_postalAddress']) && ($_POST['inetOrgPerson_postalAddress'] != '')) {
if (!get_preg($_POST['inetOrgPerson_postalAddress'], 'postalAddress')) $return['messages'][] = $this->messages['postalAddress'][0]; if (!get_preg($_POST['inetOrgPerson_postalAddress'], 'postalAddress')) $return['messages'][] = $this->messages['postalAddress'][0];
@ -2826,7 +2922,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postalAddress'])) $attributesNew['postalAddress'] = array(); elseif (isset($attributes['postalAddress'])) $attributesNew['postalAddress'] = array();
} }
// registered address // registered address
if (in_array('registeredAddress', $fields)) { if (in_array('registeredAddress', $fields) && !in_array('registeredAddress', $readOnlyFields)) {
$attributeNames[] = 'registeredAddress'; $attributeNames[] = 'registeredAddress';
if (isset($_POST['inetOrgPerson_registeredAddress']) && ($_POST['inetOrgPerson_registeredAddress'] != '')) { if (isset($_POST['inetOrgPerson_registeredAddress']) && ($_POST['inetOrgPerson_registeredAddress'] != '')) {
if (!get_preg($_POST['inetOrgPerson_registeredAddress'], 'postalAddress')) $return['messages'][] = $this->messages['registeredAddress'][0]; if (!get_preg($_POST['inetOrgPerson_registeredAddress'], 'postalAddress')) $return['messages'][] = $this->messages['registeredAddress'][0];
@ -2835,7 +2931,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['registeredAddress'])) $attributesNew['registeredAddress'] = array(); elseif (isset($attributes['registeredAddress'])) $attributesNew['registeredAddress'] = array();
} }
// postal code // postal code
if (in_array('postalCode', $fields)) { if (in_array('postalCode', $fields) && !in_array('postalCode', $readOnlyFields)) {
$attributeNames[] = 'postalCode'; $attributeNames[] = 'postalCode';
if (isset($_POST['inetOrgPerson_postalCode']) && ($_POST['inetOrgPerson_postalCode'] != '')) { if (isset($_POST['inetOrgPerson_postalCode']) && ($_POST['inetOrgPerson_postalCode'] != '')) {
if (!get_preg($_POST['inetOrgPerson_postalCode'], 'postalCode')) $return['messages'][] = $this->messages['postalCode'][0]; if (!get_preg($_POST['inetOrgPerson_postalCode'], 'postalCode')) $return['messages'][] = $this->messages['postalCode'][0];
@ -2844,7 +2940,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postalCode'])) unset($attributesNew['postalCode']); elseif (isset($attributes['postalCode'])) unset($attributesNew['postalCode']);
} }
// post office box // post office box
if (in_array('postOfficeBox', $fields)) { if (in_array('postOfficeBox', $fields) && !in_array('postOfficeBox', $readOnlyFields)) {
$attributeNames[] = 'postOfficeBox'; $attributeNames[] = 'postOfficeBox';
if (isset($_POST['inetOrgPerson_postOfficeBox']) && ($_POST['inetOrgPerson_postOfficeBox'] != '')) { if (isset($_POST['inetOrgPerson_postOfficeBox']) && ($_POST['inetOrgPerson_postOfficeBox'] != '')) {
$attributesNew['postOfficeBox'][0] = $_POST['inetOrgPerson_postOfficeBox']; $attributesNew['postOfficeBox'][0] = $_POST['inetOrgPerson_postOfficeBox'];
@ -2852,7 +2948,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['postOfficeBox'])) unset($attributesNew['postOfficeBox']); elseif (isset($attributes['postOfficeBox'])) unset($attributesNew['postOfficeBox']);
} }
// room number // room number
if (in_array('roomNumber', $fields)) { if (in_array('roomNumber', $fields) && !in_array('roomNumber', $readOnlyFields)) {
$attributeNames[] = 'roomNumber'; $attributeNames[] = 'roomNumber';
if (isset($_POST['inetOrgPerson_roomNumber']) && ($_POST['inetOrgPerson_roomNumber'] != '')) { if (isset($_POST['inetOrgPerson_roomNumber']) && ($_POST['inetOrgPerson_roomNumber'] != '')) {
$attributesNew['roomNumber'][0] = $_POST['inetOrgPerson_roomNumber']; $attributesNew['roomNumber'][0] = $_POST['inetOrgPerson_roomNumber'];
@ -2860,7 +2956,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['roomNumber'])) unset($attributesNew['roomNumber']); elseif (isset($attributes['roomNumber'])) unset($attributesNew['roomNumber']);
} }
// l // l
if (in_array('location', $fields)) { if (in_array('location', $fields) && !in_array('location', $readOnlyFields)) {
$attributeNames[] = 'l'; $attributeNames[] = 'l';
if (isset($_POST['inetOrgPerson_location']) && ($_POST['inetOrgPerson_location'] != '')) { if (isset($_POST['inetOrgPerson_location']) && ($_POST['inetOrgPerson_location'] != '')) {
$attributesNew['l'][0] = $_POST['inetOrgPerson_location']; $attributesNew['l'][0] = $_POST['inetOrgPerson_location'];
@ -2868,7 +2964,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['l'])) unset($attributesNew['l']); elseif (isset($attributes['l'])) unset($attributesNew['l']);
} }
// st // st
if (in_array('state', $fields)) { if (in_array('state', $fields) && !in_array('state', $readOnlyFields)) {
$attributeNames[] = 'st'; $attributeNames[] = 'st';
if (isset($_POST['inetOrgPerson_state']) && ($_POST['inetOrgPerson_state'] != '')) { if (isset($_POST['inetOrgPerson_state']) && ($_POST['inetOrgPerson_state'] != '')) {
$attributesNew['st'][0] = $_POST['inetOrgPerson_state']; $attributesNew['st'][0] = $_POST['inetOrgPerson_state'];
@ -2876,7 +2972,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['st'])) unset($attributesNew['st']); elseif (isset($attributes['st'])) unset($attributesNew['st']);
} }
// car license // car license
if (in_array('carLicense', $fields)) { if (in_array('carLicense', $fields) && !in_array('carLicense', $readOnlyFields)) {
$attributeNames[] = 'carLicense'; $attributeNames[] = 'carLicense';
if (isset($_POST['inetOrgPerson_carLicense']) && ($_POST['inetOrgPerson_carLicense'] != '')) { if (isset($_POST['inetOrgPerson_carLicense']) && ($_POST['inetOrgPerson_carLicense'] != '')) {
$attributesNew['carLicense'][0] = $_POST['inetOrgPerson_carLicense']; $attributesNew['carLicense'][0] = $_POST['inetOrgPerson_carLicense'];
@ -2884,7 +2980,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['carLicense'])) unset($attributesNew['carLicense']); elseif (isset($attributes['carLicense'])) unset($attributesNew['carLicense']);
} }
// office name // office name
if (in_array('officeName', $fields)) { if (in_array('officeName', $fields) && !in_array('officeName', $readOnlyFields)) {
$attributeNames[] = 'physicalDeliveryOfficeName'; $attributeNames[] = 'physicalDeliveryOfficeName';
if (isset($_POST['inetOrgPerson_officeName']) && ($_POST['inetOrgPerson_officeName'] != '')) { if (isset($_POST['inetOrgPerson_officeName']) && ($_POST['inetOrgPerson_officeName'] != '')) {
$attributesNew['physicalDeliveryOfficeName'][0] = $_POST['inetOrgPerson_officeName']; $attributesNew['physicalDeliveryOfficeName'][0] = $_POST['inetOrgPerson_officeName'];
@ -2892,7 +2988,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['physicalDeliveryOfficeName'])) unset($attributesNew['physicalDeliveryOfficeName']); elseif (isset($attributes['physicalDeliveryOfficeName'])) unset($attributesNew['physicalDeliveryOfficeName']);
} }
// business category // business category
if (in_array('businessCategory', $fields)) { if (in_array('businessCategory', $fields) && !in_array('businessCategory', $readOnlyFields)) {
$attributeNames[] = 'businessCategory'; $attributeNames[] = 'businessCategory';
if (isset($_POST['inetOrgPerson_businessCategory']) && ($_POST['inetOrgPerson_businessCategory'] != '')) { if (isset($_POST['inetOrgPerson_businessCategory']) && ($_POST['inetOrgPerson_businessCategory'] != '')) {
if (!get_preg($_POST['inetOrgPerson_businessCategory'], 'businessCategory')) { if (!get_preg($_POST['inetOrgPerson_businessCategory'], 'businessCategory')) {
@ -2905,7 +3001,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['businessCategory'])) unset($attributesNew['businessCategory']); elseif (isset($attributes['businessCategory'])) unset($attributesNew['businessCategory']);
} }
// photo // photo
if (in_array('jpegPhoto', $fields)) { if (in_array('jpegPhoto', $fields) && !in_array('jpegPhoto', $readOnlyFields)) {
if (isset($_FILES['photoFile']) && ($_FILES['photoFile']['size'] > 0)) { if (isset($_FILES['photoFile']) && ($_FILES['photoFile']['size'] > 0)) {
$handle = fopen($_FILES['photoFile']['tmp_name'], "r"); $handle = fopen($_FILES['photoFile']['tmp_name'], "r");
$data = fread($handle, 1000000); $data = fread($handle, 1000000);
@ -2925,7 +3021,7 @@ class inetOrgPerson extends baseModule implements passwordService {
} }
} }
// departments // departments
if (in_array('departmentNumber', $fields)) { if (in_array('departmentNumber', $fields) && !in_array('departmentNumber', $readOnlyFields)) {
$attributeNames[] = 'departmentNumber'; $attributeNames[] = 'departmentNumber';
if (isset($_POST['inetOrgPerson_departmentNumber']) && ($_POST['inetOrgPerson_departmentNumber'] != '')) { if (isset($_POST['inetOrgPerson_departmentNumber']) && ($_POST['inetOrgPerson_departmentNumber'] != '')) {
$attributesNew['departmentNumber'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_departmentNumber']); $attributesNew['departmentNumber'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_departmentNumber']);
@ -2933,7 +3029,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['departmentNumber'])) unset($attributesNew['departmentNumber']); elseif (isset($attributes['departmentNumber'])) unset($attributesNew['departmentNumber']);
} }
// initials // initials
if (in_array('initials', $fields)) { if (in_array('initials', $fields) && !in_array('initials', $readOnlyFields)) {
$attributeNames[] = 'initials'; $attributeNames[] = 'initials';
if (isset($_POST['inetOrgPerson_initials']) && ($_POST['inetOrgPerson_initials'] != '')) { if (isset($_POST['inetOrgPerson_initials']) && ($_POST['inetOrgPerson_initials'] != '')) {
$attributesNew['initials'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_initials']); $attributesNew['initials'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_initials']);
@ -2941,7 +3037,7 @@ class inetOrgPerson extends baseModule implements passwordService {
elseif (isset($attributes['initials'])) unset($attributesNew['initials']); elseif (isset($attributes['initials'])) unset($attributesNew['initials']);
} }
// title // title
if (in_array('title', $fields)) { if (in_array('title', $fields) && !in_array('title', $readOnlyFields)) {
$attributeNames[] = 'title'; $attributeNames[] = 'title';
if (isset($_POST['inetOrgPerson_title']) && ($_POST['inetOrgPerson_title'] != '')) { if (isset($_POST['inetOrgPerson_title']) && ($_POST['inetOrgPerson_title'] != '')) {
if (!get_preg($_POST['inetOrgPerson_title'], 'title')) $return['messages'][] = $this->messages['title'][0]; if (!get_preg($_POST['inetOrgPerson_title'], 'title')) $return['messages'][] = $this->messages['title'][0];

View File

@ -117,6 +117,8 @@ class kolabUser extends baseModule {
'kolabDelegate' => _('Delegates'), 'kolabDelegate' => _('Delegates'),
'kolabInvitationPolicy' => _('Invitation policy') 'kolabInvitationPolicy' => _('Invitation policy')
); );
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('kolabFreeBusyFuture', 'kolabDelegate', 'kolabInvitationPolicy');
// help Entries // help Entries
$return['help'] = array( $return['help'] = array(
'invPol' => array( 'invPol' => array(
@ -819,9 +821,10 @@ class kolabUser extends baseModule {
* @param array $fields list of active fields * @param array $fields list of active fields
* @param array $attributes attributes of LDAP account * @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow) * @return array list of meta HTML elements (field name => htmlTableRow)
*/ */
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return array(); // no Kolab fields as long no LDAP content can be read return array(); // no Kolab fields as long no LDAP content can be read
} }
@ -835,8 +838,12 @@ class kolabUser extends baseModule {
if (isset($attributes['kolabFreeBusyFuture'][0])) { if (isset($attributes['kolabFreeBusyFuture'][0])) {
$kolabFreeBusyFuture = $attributes['kolabFreeBusyFuture'][0]; $kolabFreeBusyFuture = $attributes['kolabFreeBusyFuture'][0];
} }
$kolabFreeBusyFutureField = new htmlInputField('kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture);
if (in_array('kolabFreeBusyFuture', $readOnlyFields)) {
$kolabFreeBusyFutureField = new htmlOutputText($kolabFreeBusyFuture);
}
$return['kolabFreeBusyFuture'] = new htmlTableRow(array( $return['kolabFreeBusyFuture'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Free/Busy interval'), 'kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture) new htmlOutputText(_('Free/Busy interval')), $kolabFreeBusyFutureField
)); ));
} }
// delegates // delegates
@ -870,10 +877,17 @@ class kolabUser extends baseModule {
$delegateContainer = new htmlTable(); $delegateContainer = new htmlTable();
for ($i = 0; $i < sizeof($kolabDelegate); $i++) { for ($i = 0; $i < sizeof($kolabDelegate); $i++) {
$delegateContainer->addElement(new htmlOutputText($kolabDelegate[$i])); $delegateContainer->addElement(new htmlOutputText($kolabDelegate[$i]));
if (!in_array('kolabDelegate', $readOnlyFields)) {
$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true); $delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true);
} }
else {
$delegateContainer->addNewLine();
}
}
if (!in_array('kolabDelegate', $readOnlyFields)) {
$delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates)); $delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates));
$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true); $delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true);
}
$delegateLabel = new htmlOutputText(_('Delegates')); $delegateLabel = new htmlOutputText(_('Delegates'));
$delegateLabel->alignment = htmlElement::ALIGN_TOP; $delegateLabel->alignment = htmlElement::ALIGN_TOP;
$return['kolabDelegate'] = new htmlTableRow(array( $return['kolabDelegate'] = new htmlTableRow(array(
@ -894,20 +908,34 @@ class kolabUser extends baseModule {
break; break;
} }
} }
if (!in_array('kolabDelegate', $readOnlyFields)) {
$invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true); $invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true);
}
else {
$invitationContainer->addElement(new htmlOutputText(_('Anyone')));
$invitationContainer->addElement(new htmlOutputText($defaultInvPol), true);
}
// other invitation policies // other invitation policies
for ($i = 0; $i < sizeof($attributes['kolabInvitationPolicy']); $i++) { for ($i = 0; $i < sizeof($attributes['kolabInvitationPolicy']); $i++) {
$parts = explode(":", $attributes['kolabInvitationPolicy'][$i]); $parts = explode(":", $attributes['kolabInvitationPolicy'][$i]);
if (sizeof($parts) == 2) { if (sizeof($parts) == 2) {
if (!in_array('kolabDelegate', $readOnlyFields)) {
$invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0])); $invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0]));
$invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]]))); $invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]])));
$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true); $invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true);
} }
else {
$invitationContainer->addElement(new htmlOutputText($parts[0]));
$invitationContainer->addElement(new htmlOutputText($this->invitationPolicies[$parts[1]]), true);
}
}
} }
// input box for new invitation policy // input box for new invitation policy
if (!in_array('kolabDelegate', $readOnlyFields)) {
$invitationContainer->addElement(new htmlInputField('invPol1', '')); $invitationContainer->addElement(new htmlInputField('invPol1', ''));
$invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies))); $invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies)));
$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true); $invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true);
}
$invitationLabel = new htmlOutputText(_('Invitation policy')); $invitationLabel = new htmlOutputText(_('Invitation policy'));
$invitationLabel->alignment = htmlElement::ALIGN_TOP; $invitationLabel->alignment = htmlElement::ALIGN_TOP;
$return['kolabInvitationPolicy'] = new htmlTableRow(array( $return['kolabInvitationPolicy'] = new htmlTableRow(array(
@ -931,9 +959,10 @@ class kolabUser extends baseModule {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done return $return; // skip processing if only a password change is done
@ -944,7 +973,7 @@ class kolabUser extends baseModule {
$attributeNames = array(); // list of attributes which should be checked for modification $attributeNames = array(); // list of attributes which should be checked for modification
$attributesNew = $attributes; $attributesNew = $attributes;
// kolabFreeBusyFuture // kolabFreeBusyFuture
if (in_array('kolabFreeBusyFuture', $fields)) { if (in_array('kolabFreeBusyFuture', $fields) && !in_array('kolabFreeBusyFuture', $readOnlyFields)) {
$attributeNames[] = 'kolabFreeBusyFuture'; $attributeNames[] = 'kolabFreeBusyFuture';
if (isset($_POST['kolabUser_kolabFreeBusyFuture']) && ($_POST['kolabUser_kolabFreeBusyFuture'] != '')) { if (isset($_POST['kolabUser_kolabFreeBusyFuture']) && ($_POST['kolabUser_kolabFreeBusyFuture'] != '')) {
if (!get_preg($_POST['kolabUser_kolabFreeBusyFuture'], 'digit')) $return['messages'][] = $this->messages['freeBusy'][0]; if (!get_preg($_POST['kolabUser_kolabFreeBusyFuture'], 'digit')) $return['messages'][] = $this->messages['freeBusy'][0];
@ -955,7 +984,7 @@ class kolabUser extends baseModule {
} }
} }
// delegates // delegates
if (in_array('kolabDelegate', $fields)) { if (in_array('kolabDelegate', $fields) && !in_array('kolabDelegate', $readOnlyFields)) {
$attributeNames[] = 'kolabDelegate'; $attributeNames[] = 'kolabDelegate';
// new delegation // new delegation
if (isset($_POST['new_delegate']) && ($_POST['new_delegate'] == 'on')) { if (isset($_POST['new_delegate']) && ($_POST['new_delegate'] == 'on')) {
@ -975,7 +1004,7 @@ class kolabUser extends baseModule {
} }
} }
// invitation policies // invitation policies
if (in_array('kolabInvitationPolicy', $fields)) { if (in_array('kolabInvitationPolicy', $fields) && !in_array('kolabInvitationPolicy', $readOnlyFields)) {
$attributeNames[] = 'kolabInvitationPolicy'; $attributeNames[] = 'kolabInvitationPolicy';
$policies = array_flip($this->invitationPolicies); $policies = array_flip($this->invitationPolicies);
$attributesNew['kolabInvitationPolicy'] = array(); $attributesNew['kolabInvitationPolicy'] = array();

View File

@ -154,6 +154,8 @@ class posixAccount extends baseModule implements passwordService {
$return['selfServiceSearchAttributes'] = array('uid'); $return['selfServiceSearchAttributes'] = array('uid');
// self service field settings // self service field settings
$return['selfServiceFieldSettings'] = array('password' => _('Password'), 'cn' => _('Common name'), 'loginShell' => _('Login shell')); $return['selfServiceFieldSettings'] = array('password' => _('Password'), 'cn' => _('Common name'), 'loginShell' => _('Login shell'));
// possible self service read-only fields
$return['selfServiceReadOnlyFields'] = array('cn', 'loginShell');
// self service configuration settings // self service configuration settings
$selfServiceContainer = new htmlTable(); $selfServiceContainer = new htmlTable();
$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"), $selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"),
@ -2107,9 +2109,10 @@ class posixAccount extends baseModule implements passwordService {
* @param array $fields list of active fields * @param array $fields list of active fields
* @param array $attributes attributes of LDAP account * @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow) * @return array list of meta HTML elements (field name => htmlTableRow)
*/ */
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array(); $return = array();
if (in_array('password', $fields)) { if (in_array('password', $fields)) {
$pwdTable = new htmlTable(); $pwdTable = new htmlTable();
@ -2130,16 +2133,24 @@ class posixAccount extends baseModule implements passwordService {
if (in_array('cn', $fields)) { if (in_array('cn', $fields)) {
$cn = ''; $cn = '';
if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0]; if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0];
$cnField = new htmlInputField('posixAccount_cn', $cn);
if (in_array('cn', $readOnlyFields)) {
$cnField = new htmlOutputText($cn);
}
$return['cn'] = new htmlTableRow(array( $return['cn'] = new htmlTableRow(array(
new htmlTableExtendedInputField(_('Common name'), 'posixAccount_cn', $cn) new htmlOutputText(_('Common name')), $cnField
)); ));
} }
if (in_array('loginShell', $fields)) { if (in_array('loginShell', $fields)) {
$shelllist = getshells(); // list of all valid shells $shelllist = getshells(); // list of all valid shells
$loginShell = ''; $loginShell = '';
if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0]; if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0];
$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell));
if (in_array('loginShell', $readOnlyFields)) {
$loginShellField = new htmlOutputText($loginShell);
}
$return['loginShell'] = new htmlTableRow(array( $return['loginShell'] = new htmlTableRow(array(
new htmlTableExtendedSelect('posixAccount_loginShell', $shelllist, array($loginShell), _('Login shell')) new htmlOutputText(_('Login shell')), $loginShellField
)); ));
} }
return $return; return $return;
@ -2159,9 +2170,10 @@ class posixAccount extends baseModule implements passwordService {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (in_array('password', $fields)) { if (in_array('password', $fields)) {
if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) { if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) {
@ -2192,7 +2204,7 @@ class posixAccount extends baseModule implements passwordService {
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return $return; // skip processing if only a password change is done return $return; // skip processing if only a password change is done
} }
if (in_array('cn', $fields)) { if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) {
if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) { if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) {
if (!get_preg($_POST['posixAccount_cn'], 'cn')) { if (!get_preg($_POST['posixAccount_cn'], 'cn')) {
$return['messages'][] = $this->messages['cn'][0]; $return['messages'][] = $this->messages['cn'][0];
@ -2205,7 +2217,7 @@ class posixAccount extends baseModule implements passwordService {
$return['messages'][] = $this->messages['cn'][0]; $return['messages'][] = $this->messages['cn'][0];
} }
} }
if (in_array('loginShell', $fields)) { if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) {
$shelllist = getshells(); // list of all valid shells $shelllist = getshells(); // list of all valid shells
if (in_array($_POST['posixAccount_loginShell'], $shelllist) if (in_array($_POST['posixAccount_loginShell'], $shelllist)
&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) { && (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) {

View File

@ -2103,9 +2103,10 @@ class sambaSamAccount extends baseModule implements passwordService {
* @param array $fields list of active fields * @param array $fields list of active fields
* @param array $attributes attributes of LDAP account * @param array $attributes attributes of LDAP account
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array list of meta HTML elements (field name => htmlTableRow) * @return array list of meta HTML elements (field name => htmlTableRow)
*/ */
function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array(); $return = array();
if ($passwordChangeOnly) { if ($passwordChangeOnly) {
return $return; // no input fields as long no LDAP content can be read return $return; // no input fields as long no LDAP content can be read
@ -2143,9 +2144,10 @@ class sambaSamAccount extends baseModule implements passwordService {
* @param string $fields input fields * @param string $fields input fields
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array()))
*/ */
function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) { if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) {
return $return; return $return;

View File

@ -91,15 +91,23 @@ function getSelfServiceFieldSettings($scope) {
* @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...))) * @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
* @param array $attributes LDAP attributes (attribute names in lower case) * @param array $attributes LDAP attributes (attribute names in lower case)
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array meta HTML code (array(<moduleName> => htmlTableRow)) * @return array meta HTML code (array(<moduleName> => htmlTableRow))
*/ */
function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) { function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array(); $return = array();
$modules = getAvailableModules($scope); $modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) { for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue; if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope); $m = new $modules[$i]($scope);
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly); $modReadOnlyFields = array();
for ($r = 0; $r < sizeof($readOnlyFields); $r++) {
$parts = explode('_', $readOnlyFields[$r]);
if ($parts[0] == $modules[$i]) {
$modReadOnlyFields[] = $parts[1];
}
}
$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields);
if (sizeof($code) > 0) $return[$modules[$i]] = $code; if (sizeof($code) > 0) $return[$modules[$i]] = $code;
} }
return $return; return $return;
@ -113,15 +121,23 @@ function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly
* @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...))) * @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...)))
* @param array $attributes LDAP attributes * @param array $attributes LDAP attributes
* @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable
* @param array $readOnlyFields list of read-only fields
* @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array())) * @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array()))
*/ */
function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) { function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) {
$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); $return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array());
$modules = getAvailableModules($scope); $modules = getAvailableModules($scope);
for ($i = 0; $i < sizeof($modules); $i++) { for ($i = 0; $i < sizeof($modules); $i++) {
if (!isset($fields[$modules[$i]])) continue; if (!isset($fields[$modules[$i]])) continue;
$m = new $modules[$i]($scope); $m = new $modules[$i]($scope);
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly); $modReadOnlyFields = array();
for ($r = 0; $r < sizeof($readOnlyFields); $r++) {
$parts = explode('_', $readOnlyFields[$r]);
if ($parts[0] == $modules[$i]) {
$modReadOnlyFields[] = $parts[1];
}
}
$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields);
if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']); if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']);
if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']); if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']);
if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']); if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']);
@ -322,6 +338,11 @@ class selfServiceProfile {
*/ */
public $inputFields; public $inputFields;
/**
* List of fields that are set in read-only mode.
*/
public $readOnlyFields;
/** configuration settings of modules */ /** configuration settings of modules */
public $moduleSettings; public $moduleSettings;
@ -352,6 +373,7 @@ class selfServiceProfile {
array('name' => _('Password'), array('name' => _('Password'),
'fields' => array('posixAccount_password')) 'fields' => array('posixAccount_password'))
); );
$this->readOnlyFields = array();
} }
} }