read only fields for self service
This commit is contained in:
		
							parent
							
								
									1fa4ec71f5
								
							
						
					
					
						commit
						0dc4319145
					
				|  | @ -1,6 +1,7 @@ | ||||||
| September 2012 3.9 | September 2012 3.9 | ||||||
|   - LAM Pro |   - LAM Pro | ||||||
|    -> support RFC2307bis automount entries |    -> support RFC2307bis automount entries | ||||||
|  |    -> read-only fields in self service | ||||||
|   - fixed bugs |   - fixed bugs | ||||||
|    -> Hidden tools are still shown in the "Tools" page (3546092) |    -> Hidden tools are still shown in the "Tools" page (3546092) | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -13,6 +13,7 @@ | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  |    | ||||||
|   <meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"><title>Upgrade notes</title> |   <meta http-equiv="content-type" content="text/html; charset=ISO-8859-15"><title>Upgrade notes</title> | ||||||
|    |    | ||||||
| 
 | 
 | ||||||
|  | @ -32,8 +33,11 @@ This is a list of API changes for all LAM releases. | ||||||
| <h2>3.8 -> 3.9</h2>Module interface:<br> | <h2>3.8 -> 3.9</h2>Module interface:<br> | ||||||
| 
 | 
 | ||||||
| <ul> | <ul> | ||||||
| <li><span style="font-weight: bold;">supportsAdminInterface()</span>: Can be used mark modules that only support the self service.<br> | <li>new function <span style="font-weight: bold;">supportsAdminInterface()</span>: Can be used to mark modules that only support the self service.</li> | ||||||
| </li> |   <li>new function <span style="font-weight: bold;">canSelfServiceFieldBeReadOnly()</span>: Specifies if a certain self service field can be set in read-only mode.</li> | ||||||
|  |   <li><span style="font-weight: bold;">getSelfServiceOptions()</span>: new parameter <span style="font-style: italic;">$readOnlyFields</span> that contains read-only fields</li> | ||||||
|  |   <li><span style="font-weight: bold;">checkSelfServiceOptions()</span>: new parameter <span style="font-style: italic;">$readOnlyFields </span>that contains read-only fields</li> | ||||||
|  | 
 | ||||||
| </ul> | </ul> | ||||||
| Meta HTML:<br> | Meta HTML:<br> | ||||||
| <ul> | <ul> | ||||||
|  |  | ||||||
|  | @ -4343,8 +4343,16 @@ Run slapindex to rebuild the index. | ||||||
|       <section> |       <section> | ||||||
|         <title>Page layout</title> |         <title>Page layout</title> | ||||||
| 
 | 
 | ||||||
|         <para>On the bottom you can specify what input fields your users can |         <para>Here you can specify what input fields your users can see. It is | ||||||
|         see. It is also possible to group several input fields.</para> |         also possible to group several input fields.</para> | ||||||
|  | 
 | ||||||
|  |         <para>Please use the arrow signs to change the order of the | ||||||
|  |         fields/groups.</para> | ||||||
|  | 
 | ||||||
|  |         <para>You may also set some fields as read-only for your users. This | ||||||
|  |         can be done by clicking on the lock symbol. Read-only fields can be | ||||||
|  |         used to show your users additional data on the self service page that | ||||||
|  |         must not be changed by themselves (e.g. first/last name).</para> | ||||||
| 
 | 
 | ||||||
|         <screenshot> |         <screenshot> | ||||||
|           <mediaobject> |           <mediaobject> | ||||||
|  | @ -4355,239 +4363,257 @@ Run slapindex to rebuild the index. | ||||||
|         </screenshot> |         </screenshot> | ||||||
|       </section> |       </section> | ||||||
| 
 | 
 | ||||||
|       <section id="PasswordSelfReset"> |  | ||||||
|         <title>Password self reset</title> |  | ||||||
| 
 |  | ||||||
|         <para><emphasis role="bold">Settings</emphasis></para> |  | ||||||
| 
 |  | ||||||
|         <para>You can allow your users to reset their passwords themselves. |  | ||||||
|         This will reduce your administrative costs for cases where users |  | ||||||
|         forget their passwords.</para> |  | ||||||
| 
 |  | ||||||
|         <para>To enable this feature please activate the checkbox "Enable |  | ||||||
|         password self reset link":</para> |  | ||||||
| 
 |  | ||||||
|         <screenshot> |  | ||||||
|           <mediaobject> |  | ||||||
|             <imageobject> |  | ||||||
|               <imagedata fileref="images/passwordSelfReset1.png" /> |  | ||||||
|             </imageobject> |  | ||||||
|           </mediaobject> |  | ||||||
|         </screenshot> |  | ||||||
| 
 |  | ||||||
|         <para>You can now configure the minimum answer length for password |  | ||||||
|         reset answers. This is checked when you allow you users to specify |  | ||||||
|         their answers via the self service. Additionally, you can specify the |  | ||||||
|         text of the password reset link (default: "Forgot password?"). The |  | ||||||
|         link is displayed below the password field on the self service login |  | ||||||
|         page.</para> |  | ||||||
| 
 |  | ||||||
|         <para>Next, please enter the DN and password of an LDAP entry that is |  | ||||||
|         allowed to reset the passwords. This entry needs write access to the |  | ||||||
|         attributes shadowLastChange, pwdAccountLockedTime and userPassword. It |  | ||||||
|         also needs read access to uid, mail, passwordSelfResetQuestion and |  | ||||||
|         passwordSelfResetAnswer. Please note that LAM Pro saves the password |  | ||||||
|         on your server file system. Therefore, it is required to protect your |  | ||||||
|         server against unauthorised access.</para> |  | ||||||
| 
 |  | ||||||
|         <para>Please also specify the list of password reset questions that |  | ||||||
|         the user can choose.</para> |  | ||||||
| 
 |  | ||||||
|         <para>Please note that self service and LAM admin interface are |  | ||||||
|         separated functionalities. You need to specify the list of possible |  | ||||||
|         security questions in both self service profile(s) and server |  | ||||||
|         profile(s).</para> |  | ||||||
| 
 |  | ||||||
|         <literallayout> </literallayout> |  | ||||||
| 
 |  | ||||||
|         <para>You can inform your users via mail about their password change. |  | ||||||
|         The mail can include the new password by using the special wildcard |  | ||||||
|         "@@newPassword@@". Additionally, you may want to insert other |  | ||||||
|         wildcards that are replaced by the corresponding LDAP attributes. E.g. |  | ||||||
|         "@@uid@@" will be replaced by the user name.</para> |  | ||||||
| 
 |  | ||||||
|         <literallayout> </literallayout> |  | ||||||
| 
 |  | ||||||
|         <para>LAM Pro can send your users an email with a confirmation link to |  | ||||||
|         validate their email address. Of course, this should only be used if |  | ||||||
|         the email account is independent from the user password (e.g. at |  | ||||||
|         external provider). The mail must include the confirmation link by |  | ||||||
|         using the special wildcard "@@resetLink@@". Additionally, you may want |  | ||||||
|         to insert other wildcards that are replaced by the corresponding LDAP |  | ||||||
|         attributes. E.g. "@@uid@@" will be replaced by the user name.</para> |  | ||||||
| 
 |  | ||||||
|         <para>There is also an option to skip the security question at all if |  | ||||||
|         email verification is enabled. In this case the password can be reset |  | ||||||
|         directly after clicking on the confirmation link. Please handle with |  | ||||||
|         care since anybody with access to the user's mail account can reset |  | ||||||
|         the password.</para> |  | ||||||
| 
 |  | ||||||
|         <para><emphasis role="bold">New fields for self service |  | ||||||
|         page</emphasis></para> |  | ||||||
| 
 |  | ||||||
|         <para>There are two new fields that you may put on the self service |  | ||||||
|         page for your users. These fields allow them to change the reset |  | ||||||
|         question and its answer.</para> |  | ||||||
| 
 |  | ||||||
|         <screenshot> |  | ||||||
|           <mediaobject> |  | ||||||
|             <imageobject> |  | ||||||
|               <imagedata fileref="images/passwordSelfReset2.png" /> |  | ||||||
|             </imageobject> |  | ||||||
|           </mediaobject> |  | ||||||
|         </screenshot> |  | ||||||
| 
 |  | ||||||
|         <para>This is an example how can be presented to your users on the |  | ||||||
|         self service page:</para> |  | ||||||
| 
 |  | ||||||
|         <screenshot> |  | ||||||
|           <mediaobject> |  | ||||||
|             <imageobject> |  | ||||||
|               <imagedata fileref="images/passwordSelfReset3.png" /> |  | ||||||
|             </imageobject> |  | ||||||
|           </mediaobject> |  | ||||||
|         </screenshot> |  | ||||||
| 
 |  | ||||||
|         <para><emphasis role="bold">Password reset link</emphasis></para> |  | ||||||
| 
 |  | ||||||
|         <para>After activating the password self reset feature there will be a |  | ||||||
|         new link on the self service login page. The text can be configured as |  | ||||||
|         described above (default: "Forgot password?").</para> |  | ||||||
| 
 |  | ||||||
|         <screenshot> |  | ||||||
|           <mediaobject> |  | ||||||
|             <imageobject> |  | ||||||
|               <imagedata fileref="images/passwordSelfReset4.png" /> |  | ||||||
|             </imageobject> |  | ||||||
|           </mediaobject> |  | ||||||
|         </screenshot> |  | ||||||
| 
 |  | ||||||
|         <para>When a user clicks on the link then he will be asked for |  | ||||||
|         identification with his user name and email address.</para> |  | ||||||
| 
 |  | ||||||
|         <screenshot> |  | ||||||
|           <mediaobject> |  | ||||||
|             <imageobject> |  | ||||||
|               <imagedata fileref="images/passwordSelfReset5.png" /> |  | ||||||
|             </imageobject> |  | ||||||
|           </mediaobject> |  | ||||||
|         </screenshot> |  | ||||||
| 
 |  | ||||||
|         <para>LAM Pro will use this information to find the correct LDAP entry |  | ||||||
|         of this user. It then displays the user's security question and input |  | ||||||
|         fields for his new password. If the answer is correct then the new |  | ||||||
|         password will be set. Additionally, pwdAccountLockedTime will be |  | ||||||
|         removed and shadowLastChange updated to the current time if |  | ||||||
|         existing.</para> |  | ||||||
| 
 |  | ||||||
|         <screenshot> |  | ||||||
|           <mediaobject> |  | ||||||
|             <imageobject> |  | ||||||
|               <imagedata fileref="images/passwordSelfReset6.png" /> |  | ||||||
|             </imageobject> |  | ||||||
|           </mediaobject> |  | ||||||
|         </screenshot> |  | ||||||
|       </section> |  | ||||||
| 
 |  | ||||||
|       <section> |       <section> | ||||||
|         <title>User self registration</title> |         <title>Module settings</title> | ||||||
| 
 | 
 | ||||||
|         <para>With LAM Pro your users can create their own accounts if you |         <para>This allows to configure some module specific options (e.g. | ||||||
|         like. LAM Pro will display an additional link on the self service |         custom scripts or password hash type).</para> | ||||||
|         login page that allows you users to create a new account including |  | ||||||
|         email validation.</para> |  | ||||||
| 
 |  | ||||||
|         <para>You enable this feature in your self service profile. Just |  | ||||||
|         activate the checkbox "Enable self registration link".</para> |  | ||||||
| 
 | 
 | ||||||
|         <screenshot> |         <screenshot> | ||||||
|           <mediaobject> |           <mediaobject> | ||||||
|             <imageobject> |             <imageobject> | ||||||
|               <imagedata fileref="images/accountRegistration1.png" /> |               <imagedata fileref="images/conf6.jpg" /> | ||||||
|             </imageobject> |             </imageobject> | ||||||
|           </mediaobject> |           </mediaobject> | ||||||
|         </screenshot> |         </screenshot> | ||||||
| 
 | 
 | ||||||
|         <para><emphasis role="bold">Options:</emphasis></para> |         <section id="PasswordSelfReset"> | ||||||
|  |           <title>Password self reset</title> | ||||||
| 
 | 
 | ||||||
|         <para><emphasis>Link text:</emphasis> This is the label for the link |           <para><emphasis role="bold">Settings</emphasis></para> | ||||||
|         to the self registration. If empty "Register new account" will be |  | ||||||
|         used.</para> |  | ||||||
| 
 | 
 | ||||||
|         <para><emphasis>Admin DN and password:</emphasis> Please enter the |           <para>You can allow your users to reset their passwords themselves. | ||||||
|         LDAP DN and its password that should be used to create new users. This |           This will reduce your administrative costs for cases where users | ||||||
|         DN also needs to be able to do LDAP searches by uid in the self |           forget their passwords.</para> | ||||||
|         service part of your LDAP tree.</para> |  | ||||||
| 
 | 
 | ||||||
|         <para><emphasis>Object classes:</emphasis> This is a list of object |           <para>To enable this feature please activate the checkbox "Enable | ||||||
|         classes that are used to build the new user accounts. Please enter one |           password self reset link":</para> | ||||||
|         object class in each line.</para> |  | ||||||
| 
 | 
 | ||||||
|         <para><emphasis>Attributes:</emphasis> This is a list of additional |           <screenshot> | ||||||
|         attributes that the user can enter. Please note that user name, |             <mediaobject> | ||||||
|         password and email address are mandatory anyway and need not be |               <imageobject> | ||||||
|         specified.</para> |                 <imagedata fileref="images/passwordSelfReset1.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
| 
 | 
 | ||||||
|         <para>Each line represents one LDAP attribute. The options are |           <para>You can now configure the minimum answer length for password | ||||||
|         separated by "::". The first option specifies if the attribute is |           reset answers. This is checked when you allow you users to specify | ||||||
|         mandatory. It can have the values "optional" and "required". The |           their answers via the self service. Additionally, you can specify | ||||||
|         second option is the LDAP attribute name and the third one is a |           the text of the password reset link (default: "Forgot password?"). | ||||||
|         descriptive label for it. Options four and five are used for input |           The link is displayed below the password field on the self service | ||||||
|         validation. Please enter the regular expression (e.g. |           login page.</para> | ||||||
|         "/^[0-9a-zA-Z]+$/") and an error message if the value does not match |  | ||||||
|         it. For a syntax description see <ulink |  | ||||||
|         url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation is |  | ||||||
|         optional.</para> |  | ||||||
| 
 | 
 | ||||||
|         <para>Example:</para> |           <para>Next, please enter the DN and password of an LDAP entry that | ||||||
|  |           is allowed to reset the passwords. This entry needs write access to | ||||||
|  |           the attributes shadowLastChange, pwdAccountLockedTime and | ||||||
|  |           userPassword. It also needs read access to uid, mail, | ||||||
|  |           passwordSelfResetQuestion and passwordSelfResetAnswer. Please note | ||||||
|  |           that LAM Pro saves the password on your server file system. | ||||||
|  |           Therefore, it is required to protect your server against | ||||||
|  |           unauthorised access.</para> | ||||||
| 
 | 
 | ||||||
|         <para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please |           <para>Please also specify the list of password reset questions that | ||||||
|         enter a valid first name.</para> |           the user can choose.</para> | ||||||
| 
 | 
 | ||||||
|         <para>required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a |           <para>Please note that self service and LAM admin interface are | ||||||
|         valid last name.</para> |           separated functionalities. You need to specify the list of possible | ||||||
|  |           security questions in both self service profile(s) and server | ||||||
|  |           profile(s).</para> | ||||||
| 
 | 
 | ||||||
|         <para>If you use the object class "inetOrgPerson" and do not provide |           <literallayout> </literallayout> | ||||||
|         the "cn" attribute then LAM will set it to the user name value.</para> |  | ||||||
| 
 | 
 | ||||||
|         <literallayout> |           <para>You can inform your users via mail about their password | ||||||
|  |           change. The mail can include the new password by using the special | ||||||
|  |           wildcard "@@newPassword@@". Additionally, you may want to insert | ||||||
|  |           other wildcards that are replaced by the corresponding LDAP | ||||||
|  |           attributes. E.g. "@@uid@@" will be replaced by the user name.</para> | ||||||
|  | 
 | ||||||
|  |           <literallayout> </literallayout> | ||||||
|  | 
 | ||||||
|  |           <para>LAM Pro can send your users an email with a confirmation link | ||||||
|  |           to validate their email address. Of course, this should only be used | ||||||
|  |           if the email account is independent from the user password (e.g. at | ||||||
|  |           external provider). The mail must include the confirmation link by | ||||||
|  |           using the special wildcard "@@resetLink@@". Additionally, you may | ||||||
|  |           want to insert other wildcards that are replaced by the | ||||||
|  |           corresponding LDAP attributes. E.g. "@@uid@@" will be replaced by | ||||||
|  |           the user name.</para> | ||||||
|  | 
 | ||||||
|  |           <para>There is also an option to skip the security question at all | ||||||
|  |           if email verification is enabled. In this case the password can be | ||||||
|  |           reset directly after clicking on the confirmation link. Please | ||||||
|  |           handle with care since anybody with access to the user's mail | ||||||
|  |           account can reset the password.</para> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis role="bold">New fields for self service | ||||||
|  |           page</emphasis></para> | ||||||
|  | 
 | ||||||
|  |           <para>There are two new fields that you may put on the self service | ||||||
|  |           page for your users. These fields allow them to change the reset | ||||||
|  |           question and its answer.</para> | ||||||
|  | 
 | ||||||
|  |           <screenshot> | ||||||
|  |             <mediaobject> | ||||||
|  |               <imageobject> | ||||||
|  |                 <imagedata fileref="images/passwordSelfReset2.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
|  | 
 | ||||||
|  |           <para>This is an example how can be presented to your users on the | ||||||
|  |           self service page:</para> | ||||||
|  | 
 | ||||||
|  |           <screenshot> | ||||||
|  |             <mediaobject> | ||||||
|  |               <imageobject> | ||||||
|  |                 <imagedata fileref="images/passwordSelfReset3.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis role="bold">Password reset link</emphasis></para> | ||||||
|  | 
 | ||||||
|  |           <para>After activating the password self reset feature there will be | ||||||
|  |           a new link on the self service login page. The text can be | ||||||
|  |           configured as described above (default: "Forgot password?").</para> | ||||||
|  | 
 | ||||||
|  |           <screenshot> | ||||||
|  |             <mediaobject> | ||||||
|  |               <imageobject> | ||||||
|  |                 <imagedata fileref="images/passwordSelfReset4.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
|  | 
 | ||||||
|  |           <para>When a user clicks on the link then he will be asked for | ||||||
|  |           identification with his user name and email address.</para> | ||||||
|  | 
 | ||||||
|  |           <screenshot> | ||||||
|  |             <mediaobject> | ||||||
|  |               <imageobject> | ||||||
|  |                 <imagedata fileref="images/passwordSelfReset5.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
|  | 
 | ||||||
|  |           <para>LAM Pro will use this information to find the correct LDAP | ||||||
|  |           entry of this user. It then displays the user's security question | ||||||
|  |           and input fields for his new password. If the answer is correct then | ||||||
|  |           the new password will be set. Additionally, pwdAccountLockedTime | ||||||
|  |           will be removed and shadowLastChange updated to the current time if | ||||||
|  |           existing.</para> | ||||||
|  | 
 | ||||||
|  |           <screenshot> | ||||||
|  |             <mediaobject> | ||||||
|  |               <imageobject> | ||||||
|  |                 <imagedata fileref="images/passwordSelfReset6.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
|  |         </section> | ||||||
|  | 
 | ||||||
|  |         <section> | ||||||
|  |           <title>User self registration</title> | ||||||
|  | 
 | ||||||
|  |           <para>With LAM Pro your users can create their own accounts if you | ||||||
|  |           like. LAM Pro will display an additional link on the self service | ||||||
|  |           login page that allows you users to create a new account including | ||||||
|  |           email validation.</para> | ||||||
|  | 
 | ||||||
|  |           <para>You enable this feature in your self service profile. Just | ||||||
|  |           activate the checkbox "Enable self registration link".</para> | ||||||
|  | 
 | ||||||
|  |           <screenshot> | ||||||
|  |             <mediaobject> | ||||||
|  |               <imageobject> | ||||||
|  |                 <imagedata fileref="images/accountRegistration1.png" /> | ||||||
|  |               </imageobject> | ||||||
|  |             </mediaobject> | ||||||
|  |           </screenshot> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis role="bold">Options:</emphasis></para> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis>Link text:</emphasis> This is the label for the link | ||||||
|  |           to the self registration. If empty "Register new account" will be | ||||||
|  |           used.</para> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis>Admin DN and password:</emphasis> Please enter the | ||||||
|  |           LDAP DN and its password that should be used to create new users. | ||||||
|  |           This DN also needs to be able to do LDAP searches by uid in the self | ||||||
|  |           service part of your LDAP tree.</para> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis>Object classes:</emphasis> This is a list of object | ||||||
|  |           classes that are used to build the new user accounts. Please enter | ||||||
|  |           one object class in each line.</para> | ||||||
|  | 
 | ||||||
|  |           <para><emphasis>Attributes:</emphasis> This is a list of additional | ||||||
|  |           attributes that the user can enter. Please note that user name, | ||||||
|  |           password and email address are mandatory anyway and need not be | ||||||
|  |           specified.</para> | ||||||
|  | 
 | ||||||
|  |           <para>Each line represents one LDAP attribute. The options are | ||||||
|  |           separated by "::". The first option specifies if the attribute is | ||||||
|  |           mandatory. It can have the values "optional" and "required". The | ||||||
|  |           second option is the LDAP attribute name and the third one is a | ||||||
|  |           descriptive label for it. Options four and five are used for input | ||||||
|  |           validation. Please enter the regular expression (e.g. | ||||||
|  |           "/^[0-9a-zA-Z]+$/") and an error message if the value does not match | ||||||
|  |           it. For a syntax description see <ulink | ||||||
|  |           url="http://perldoc.perl.org/perlre.html">here</ulink>. Validation | ||||||
|  |           is optional.</para> | ||||||
|  | 
 | ||||||
|  |           <para>Example:</para> | ||||||
|  | 
 | ||||||
|  |           <para>optional::givenName::First name::/^[[:alnum:] ]+$/u::Please | ||||||
|  |           enter a valid first name.</para> | ||||||
|  | 
 | ||||||
|  |           <para>required::sn::Last name::/^[[:alnum:] ]+$/u::Please enter a | ||||||
|  |           valid last name.</para> | ||||||
|  | 
 | ||||||
|  |           <para>If you use the object class "inetOrgPerson" and do not provide | ||||||
|  |           the "cn" attribute then LAM will set it to the user name | ||||||
|  |           value.</para> | ||||||
|  | 
 | ||||||
|  |           <literallayout> | ||||||
| </literallayout> | </literallayout> | ||||||
| 
 | 
 | ||||||
|         <para>Please note that only simple input boxes are supported for |           <para>Please note that only simple input boxes are supported for | ||||||
|         account registration. The user may log in to self service when his |           account registration. The user may log in to self service when his | ||||||
|         account was created to manage all his attributes.</para> |           account was created to manage all his attributes.</para> | ||||||
| 
 | 
 | ||||||
|         <literallayout> |           <literallayout> | ||||||
| </literallayout> | </literallayout> | ||||||
| 
 | 
 | ||||||
|         <para><emphasis role="bold">User view:</emphasis></para> |           <para><emphasis role="bold">User view:</emphasis></para> | ||||||
| 
 | 
 | ||||||
|         <para>The user can register by clicking on a link on the self service |           <para>The user can register by clicking on a link on the self | ||||||
|         login page:</para> |           service login page:</para> | ||||||
| 
 | 
 | ||||||
|         <screenshot> |           <screenshot> | ||||||
|           <mediaobject> |             <mediaobject> | ||||||
|             <imageobject> |               <imageobject> | ||||||
|               <imagedata fileref="images/accountRegistration2.png" /> |                 <imagedata fileref="images/accountRegistration2.png" /> | ||||||
|             </imageobject> |               </imageobject> | ||||||
|           </mediaobject> |             </mediaobject> | ||||||
|         </screenshot> |           </screenshot> | ||||||
| 
 | 
 | ||||||
|         <para>Here he can insert the data that you specified in the self |           <para>Here he can insert the data that you specified in the self | ||||||
|         service profile:</para> |           service profile:</para> | ||||||
| 
 | 
 | ||||||
|         <screenshot> |           <screenshot> | ||||||
|           <mediaobject> |             <mediaobject> | ||||||
|             <imageobject> |               <imageobject> | ||||||
|               <imagedata fileref="images/accountRegistration3.png" /> |                 <imagedata fileref="images/accountRegistration3.png" /> | ||||||
|             </imageobject> |               </imageobject> | ||||||
|           </mediaobject> |             </mediaobject> | ||||||
|         </screenshot> |           </screenshot> | ||||||
| 
 | 
 | ||||||
|         <para>LAM will then send him an email with a validation link that is |           <para>LAM will then send him an email with a validation link that is | ||||||
|         valid for 24 hours. When he clicks on this link then the account will |           valid for 24 hours. When he clicks on this link then the account | ||||||
|         be created in the self service user suffix. The DN will look like |           will be created in the self service user suffix. The DN will look | ||||||
|         this: <emphasis>uid=<user name>,...</emphasis></para> |           like this: <emphasis>uid=<user name>,...</emphasis></para> | ||||||
|  |         </section> | ||||||
|       </section> |       </section> | ||||||
|     </section> |     </section> | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
										
											Binary file not shown.
										
									
								
							| Before Width: | Height: | Size: 84 KiB After Width: | Height: | Size: 128 KiB | 
										
											Binary file not shown.
										
									
								
							| Before Width: | Height: | Size: 84 KiB After Width: | Height: | Size: 70 KiB | 
										
											Binary file not shown.
										
									
								
							| After Width: | Height: | Size: 65 KiB | 
|  | @ -1221,6 +1221,19 @@ abstract class baseModule { | ||||||
| 		else return array(); | 		else return array(); | ||||||
| 	} | 	} | ||||||
| 	 | 	 | ||||||
|  | 	/** | ||||||
|  | 	 * Returns if a given self service field can be set in read-only mode. | ||||||
|  | 	 *  | ||||||
|  | 	 * @param String $fieldID field identifier | ||||||
|  | 	 * @param selfServiceProfile $profile currently edited profile | ||||||
|  | 	 */ | ||||||
|  | 	public function canSelfServiceFieldBeReadOnly($fieldID, $profile) { | ||||||
|  | 		if (isset($this->meta['selfServiceReadOnlyFields']) && is_array($this->meta['selfServiceReadOnlyFields'])) { | ||||||
|  | 			return in_array($fieldID, $this->meta['selfServiceReadOnlyFields']); | ||||||
|  | 		} | ||||||
|  | 		return false; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	/** | 	/** | ||||||
| 	 * Returns the meta HTML code for each input field. | 	 * Returns the meta HTML code for each input field. | ||||||
| 	 *  | 	 *  | ||||||
|  | @ -1231,11 +1244,12 @@ abstract class baseModule { | ||||||
| 	 * @param array $fields list of active fields | 	 * @param array $fields list of active fields | ||||||
| 	 * @param array $attributes attributes of LDAP account | 	 * @param array $attributes attributes of LDAP account | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array list of meta HTML elements (field name => htmlTableRow) | 	 * @return array list of meta HTML elements (field name => htmlTableRow) | ||||||
| 	 *  | 	 *  | ||||||
| 	 * @see htmlElement | 	 * @see htmlElement | ||||||
| 	 */ | 	 */ | ||||||
| 	public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	public function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		// this function must be overwritten by subclasses.
 | 		// this function must be overwritten by subclasses.
 | ||||||
| 		return array(); | 		return array(); | ||||||
| 	} | 	} | ||||||
|  | @ -1254,9 +1268,10 @@ abstract class baseModule { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	public function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		return $return; | 		return $return; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | @ -625,7 +625,7 @@ function printHelpLink($entry, $number, $module='', $scope='') { | ||||||
| 	echo "<a href=\"" . $helpPath . "help.php?module=$module&HelpNumber=". $number . "&scope=" . $scope . "\" "; | 	echo "<a href=\"" . $helpPath . "help.php?module=$module&HelpNumber=". $number . "&scope=" . $scope . "\" "; | ||||||
| 		echo "target=\"help\" "; | 		echo "target=\"help\" "; | ||||||
| 		echo "onmouseover=\"Tip('" . $message . "', TITLE, '" . $title . "')\" onmouseout=\"UnTip()\">"; | 		echo "onmouseover=\"Tip('" . $message . "', TITLE, '" . $title . "')\" onmouseout=\"UnTip()\">"; | ||||||
| 		echo "<img width=16 height=16 src=\"../$helpPath/graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">"; | 		echo "<img class=\"align-middle\" width=16 height=16 src=\"../$helpPath/graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">"; | ||||||
| 	echo "</a>"; | 	echo "</a>"; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -1578,9 +1578,10 @@ class asteriskAccount extends baseModule implements passwordService { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) { | 		if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskSIPUser', $attributes['objectClass'])) { | ||||||
| 			return $return; | 			return $return; | ||||||
|  |  | ||||||
|  | @ -588,9 +588,10 @@ class asteriskVoicemail extends baseModule implements passwordService { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) { | 		if (!isset($attributes['objectClass']) || !in_array_ignore_case('AsteriskVoiceMail', $attributes['objectClass'])) { | ||||||
| 			return $return; | 			return $return; | ||||||
|  |  | ||||||
|  | @ -127,6 +127,10 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			'homePhone' => _('Home telephone number'), 'roomNumber' => _('Room number'), 'carLicense' => _('Car license'), | 			'homePhone' => _('Home telephone number'), 'roomNumber' => _('Room number'), 'carLicense' => _('Car license'), | ||||||
| 			'location' => _('Location'), 'state' => _('State'), 'officeName' => _('Office name'), 'businessCategory' => _('Business category'), | 			'location' => _('Location'), 'state' => _('State'), 'officeName' => _('Office name'), 'businessCategory' => _('Business category'), | ||||||
| 			'departmentNumber' => _('Department'), 'initials' => _('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web site')); | 			'departmentNumber' => _('Department'), 'initials' => _('Initials'), 'title' => _('Job title'), 'labeledURI' => _('Web site')); | ||||||
|  | 		// possible self service read-only fields
 | ||||||
|  | 		$return['selfServiceReadOnlyFields'] = array('firstName', 'lastName', 'mail', 'telephoneNumber', 'mobile', 'faxNumber', 'street', | ||||||
|  | 			'postalAddress', 'registeredAddress', 'postalCode', 'postOfficeBox', 'jpegPhoto', 'homePhone', 'roomNumber', 'carLicense', | ||||||
|  | 			'location', 'state', 'officeName', 'businessCategory', 'departmentNumber', 'initials', 'title', 'labeledURI'); | ||||||
| 		// profile elements
 | 		// profile elements
 | ||||||
| 		$profileElements = array(); | 		$profileElements = array(); | ||||||
| 		if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideStreet')) { | 		if (!$this->isBooleanConfigOptionSet('inetOrgPerson_hideStreet')) { | ||||||
|  | @ -2521,9 +2525,10 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 	 * @param array $fields list of active fields | 	 * @param array $fields list of active fields | ||||||
| 	 * @param array $attributes attributes of LDAP account | 	 * @param array $attributes attributes of LDAP account | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array list of meta HTML elements (field name => htmlTableRow) | 	 * @return array list of meta HTML elements (field name => htmlTableRow) | ||||||
| 	 */ | 	 */ | ||||||
| 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array(); | 		$return = array(); | ||||||
| 		if ($passwordChangeOnly) { | 		if ($passwordChangeOnly) { | ||||||
| 			return $return; // no fields as long no LDAP content can be read
 | 			return $return; // no fields as long no LDAP content can be read
 | ||||||
|  | @ -2531,134 +2536,210 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 		if (in_array('firstName', $fields)) { | 		if (in_array('firstName', $fields)) { | ||||||
| 			$firstName = ''; | 			$firstName = ''; | ||||||
| 			if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0]; | 			if (isset($attributes['givenName'][0])) $firstName = $attributes['givenName'][0]; | ||||||
|  | 			$firstNameField = new htmlInputField('inetOrgPerson_firstName', $firstName); | ||||||
|  | 			if (in_array('firstName', $readOnlyFields)) { | ||||||
|  | 				$firstNameField = new htmlOutputText($firstName); | ||||||
|  | 			} | ||||||
| 			$return['firstName'] = new htmlTableRow(array( | 			$return['firstName'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('First name'), 'inetOrgPerson_firstName', $firstName) | 				new htmlOutputText(_('First name')), $firstNameField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('lastName', $fields)) { | 		if (in_array('lastName', $fields)) { | ||||||
| 			$lastName = ''; | 			$lastName = ''; | ||||||
| 			if (isset($attributes['sn'][0])) $lastName = $attributes['sn'][0]; | 			if (isset($attributes['sn'][0])) $lastName = $attributes['sn'][0]; | ||||||
|  | 			$lastNameField = new htmlInputField('inetOrgPerson_lastName', $lastName); | ||||||
|  | 			if (in_array('lastName', $readOnlyFields)) { | ||||||
|  | 				$lastNameField = new htmlOutputText($lastName); | ||||||
|  | 			} | ||||||
| 			$return['lastName'] = new htmlTableRow(array( | 			$return['lastName'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Last name'), 'inetOrgPerson_lastName', $lastName) | 				new htmlOutputText(_('Last name')), $lastNameField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('mail', $fields)) { | 		if (in_array('mail', $fields)) { | ||||||
| 			$mail = ''; | 			$mail = ''; | ||||||
| 			if (isset($attributes['mail'][0])) $mail = $attributes['mail'][0]; | 			if (isset($attributes['mail'][0])) $mail = $attributes['mail'][0]; | ||||||
|  | 			$mailField = new htmlInputField('inetOrgPerson_mail', $mail); | ||||||
|  | 			if (in_array('mail', $readOnlyFields)) { | ||||||
|  | 				$mailField = new htmlOutputText($mail); | ||||||
|  | 			} | ||||||
| 			$return['mail'] = new htmlTableRow(array( | 			$return['mail'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Email address'), 'inetOrgPerson_mail', $mail) | 				new htmlOutputText(_('Email address')), $mailField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('labeledURI', $fields)) { | 		if (in_array('labeledURI', $fields)) { | ||||||
| 			$labeledURI = ''; | 			$labeledURI = ''; | ||||||
| 			if (isset($attributes['labeledURI'][0])) $labeledURI = implode('; ', $attributes['labeledURI']); | 			if (isset($attributes['labeledURI'][0])) $labeledURI = implode('; ', $attributes['labeledURI']); | ||||||
|  | 			$labeledURIField = new htmlInputField('inetOrgPerson_labeledURI', $labeledURI); | ||||||
|  | 			if (in_array('labeledURI', $readOnlyFields)) { | ||||||
|  | 				$labeledURIField = new htmlOutputText($labeledURI); | ||||||
|  | 			} | ||||||
| 			$return['labeledURI'] = new htmlTableRow(array( | 			$return['labeledURI'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Web site'), 'inetOrgPerson_labeledURI', $labeledURI) | 				new htmlOutputText(_('Web site')), $labeledURIField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('telephoneNumber', $fields)) { | 		if (in_array('telephoneNumber', $fields)) { | ||||||
| 			$telephoneNumber = ''; | 			$telephoneNumber = ''; | ||||||
| 			if (isset($attributes['telephoneNumber'][0])) $telephoneNumber = $attributes['telephoneNumber'][0]; | 			if (isset($attributes['telephoneNumber'][0])) $telephoneNumber = $attributes['telephoneNumber'][0]; | ||||||
|  | 			$telephoneNumberField = new htmlInputField('inetOrgPerson_telephoneNumber', $telephoneNumber); | ||||||
|  | 			if (in_array('telephoneNumber', $readOnlyFields)) { | ||||||
|  | 				$telephoneNumberField = new htmlOutputText($telephoneNumber); | ||||||
|  | 			} | ||||||
| 			$return['telephoneNumber'] = new htmlTableRow(array( | 			$return['telephoneNumber'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Telephone number'), 'inetOrgPerson_telephoneNumber', $telephoneNumber) | 				new htmlOutputText(_('Telephone number')), $telephoneNumberField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('homePhone', $fields)) { | 		if (in_array('homePhone', $fields)) { | ||||||
| 			$homePhone = ''; | 			$homePhone = ''; | ||||||
| 			if (isset($attributes['homePhone'][0])) $homePhone = $attributes['homePhone'][0]; | 			if (isset($attributes['homePhone'][0])) $homePhone = $attributes['homePhone'][0]; | ||||||
|  | 			$homePhoneField = new htmlInputField('inetOrgPerson_homePhone', $homePhone); | ||||||
|  | 			if (in_array('homePhone', $readOnlyFields)) { | ||||||
|  | 				$homePhoneField = new htmlOutputText($homePhone); | ||||||
|  | 			} | ||||||
| 			$return['homePhone'] = new htmlTableRow(array( | 			$return['homePhone'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Home telephone number'), 'inetOrgPerson_homePhone', $homePhone) | 				new htmlOutputText(_('Home telephone number')), $homePhoneField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('mobile', $fields)) { | 		if (in_array('mobile', $fields)) { | ||||||
| 			$mobile = ''; | 			$mobile = ''; | ||||||
| 			if (isset($attributes['mobile'][0])) $mobile = $attributes['mobile'][0]; | 			if (isset($attributes['mobile'][0])) $mobile = $attributes['mobile'][0]; | ||||||
|  | 			$mobileField = new htmlInputField('inetOrgPerson_mobile', $mobile); | ||||||
|  | 			if (in_array('mobile', $readOnlyFields)) { | ||||||
|  | 				$mobileField = new htmlOutputText($mobile); | ||||||
|  | 			} | ||||||
| 			$return['mobile'] = new htmlTableRow(array( | 			$return['mobile'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Mobile telephone number'), 'inetOrgPerson_mobile', $mobile) | 				new htmlOutputText(_('Mobile telephone number')), $mobileField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('faxNumber', $fields)) { | 		if (in_array('faxNumber', $fields)) { | ||||||
| 			$faxNumber = ''; | 			$faxNumber = ''; | ||||||
| 			if (isset($attributes['facsimileTelephoneNumber'][0])) $faxNumber = $attributes['facsimileTelephoneNumber'][0]; | 			if (isset($attributes['facsimileTelephoneNumber'][0])) $faxNumber = $attributes['facsimileTelephoneNumber'][0]; | ||||||
|  | 			$faxNumberField = new htmlInputField('inetOrgPerson_faxNumber', $faxNumber); | ||||||
|  | 			if (in_array('faxNumber', $readOnlyFields)) { | ||||||
|  | 				$faxNumberField = new htmlOutputText($faxNumber); | ||||||
|  | 			} | ||||||
| 			$return['faxNumber'] = new htmlTableRow(array( | 			$return['faxNumber'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Fax number'), 'inetOrgPerson_faxNumber', $faxNumber) | 				new htmlOutputText(_('Fax number')), $faxNumberField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('street', $fields)) { | 		if (in_array('street', $fields)) { | ||||||
| 			$street = ''; | 			$street = ''; | ||||||
| 			if (isset($attributes['street'][0])) $street = $attributes['street'][0]; | 			if (isset($attributes['street'][0])) $street = $attributes['street'][0]; | ||||||
|  | 			$streetField = new htmlInputField('inetOrgPerson_street', $street); | ||||||
|  | 			if (in_array('street', $readOnlyFields)) { | ||||||
|  | 				$streetField = new htmlOutputText($street); | ||||||
|  | 			} | ||||||
| 			$return['street'] = new htmlTableRow(array( | 			$return['street'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Street'), 'inetOrgPerson_street', $street) | 				new htmlOutputText(_('Street')), $streetField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('postalAddress', $fields)) { | 		if (in_array('postalAddress', $fields)) { | ||||||
| 			$postalAddress = ''; | 			$postalAddress = ''; | ||||||
| 			if (isset($attributes['postalAddress'][0])) $postalAddress = $attributes['postalAddress'][0]; | 			if (isset($attributes['postalAddress'][0])) $postalAddress = $attributes['postalAddress'][0]; | ||||||
|  | 			$postalAddressField = new htmlInputField('inetOrgPerson_postalAddress', $postalAddress); | ||||||
|  | 			if (in_array('postalAddress', $readOnlyFields)) { | ||||||
|  | 				$postalAddressField = new htmlOutputText($postalAddress); | ||||||
|  | 			} | ||||||
| 			$return['postalAddress'] = new htmlTableRow(array( | 			$return['postalAddress'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Postal address'), 'inetOrgPerson_postalAddress', $postalAddress) | 				new htmlOutputText(_('Postal address')), $postalAddressField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('registeredAddress', $fields)) { | 		if (in_array('registeredAddress', $fields)) { | ||||||
| 			$registeredAddress = ''; | 			$registeredAddress = ''; | ||||||
| 			if (isset($attributes['registeredAddress'][0])) $registeredAddress = $attributes['registeredAddress'][0]; | 			if (isset($attributes['registeredAddress'][0])) $registeredAddress = $attributes['registeredAddress'][0]; | ||||||
|  | 			$registeredAddressField = new htmlInputField('inetOrgPerson_registeredAddress', $registeredAddress); | ||||||
|  | 			if (in_array('registeredAddress', $readOnlyFields)) { | ||||||
|  | 				$registeredAddressField = new htmlOutputText($registeredAddress); | ||||||
|  | 			} | ||||||
| 			$return['registeredAddress'] = new htmlTableRow(array( | 			$return['registeredAddress'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Registered address'), 'inetOrgPerson_registeredAddress', $registeredAddress) | 				new htmlOutputText(_('Registered address')), $registeredAddressField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('postalCode', $fields)) { | 		if (in_array('postalCode', $fields)) { | ||||||
| 			$postalCode = ''; | 			$postalCode = ''; | ||||||
| 			if (isset($attributes['postalCode'][0])) $postalCode = $attributes['postalCode'][0]; | 			if (isset($attributes['postalCode'][0])) $postalCode = $attributes['postalCode'][0]; | ||||||
|  | 			$postalCodeField = new htmlInputField('inetOrgPerson_postalCode', $postalCode); | ||||||
|  | 			if (in_array('postalCode', $readOnlyFields)) { | ||||||
|  | 				$postalCodeField = new htmlOutputText($postalCode); | ||||||
|  | 			} | ||||||
| 			$return['postalCode'] = new htmlTableRow(array( | 			$return['postalCode'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Postal code'), 'inetOrgPerson_postalCode', $postalCode) | 				new htmlOutputText(_('Postal code')), $postalCodeField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('postOfficeBox', $fields)) { | 		if (in_array('postOfficeBox', $fields)) { | ||||||
| 			$postOfficeBox = ''; | 			$postOfficeBox = ''; | ||||||
| 			if (isset($attributes['postOfficeBox'][0])) $postOfficeBox = $attributes['postOfficeBox'][0]; | 			if (isset($attributes['postOfficeBox'][0])) $postOfficeBox = $attributes['postOfficeBox'][0]; | ||||||
|  | 			$postOfficeBoxField = new htmlInputField('inetOrgPerson_postOfficeBox', $postOfficeBox); | ||||||
|  | 			if (in_array('postOfficeBox', $readOnlyFields)) { | ||||||
|  | 				$postOfficeBoxField = new htmlOutputText($postOfficeBox); | ||||||
|  | 			} | ||||||
| 			$return['postOfficeBox'] = new htmlTableRow(array( | 			$return['postOfficeBox'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Post office box'), 'inetOrgPerson_postOfficeBox', $postOfficeBox) | 				new htmlOutputText(_('Post office box')), $postOfficeBoxField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('roomNumber', $fields)) { | 		if (in_array('roomNumber', $fields)) { | ||||||
| 			$roomNumber = ''; | 			$roomNumber = ''; | ||||||
| 			if (isset($attributes['roomNumber'][0])) $roomNumber = $attributes['roomNumber'][0]; | 			if (isset($attributes['roomNumber'][0])) $roomNumber = $attributes['roomNumber'][0]; | ||||||
|  | 			$roomNumberField = new htmlInputField('inetOrgPerson_roomNumber', $roomNumber); | ||||||
|  | 			if (in_array('roomNumber', $readOnlyFields)) { | ||||||
|  | 				$roomNumberField = new htmlOutputText($roomNumber); | ||||||
|  | 			} | ||||||
| 			$return['roomNumber'] = new htmlTableRow(array( | 			$return['roomNumber'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Room number'), 'inetOrgPerson_roomNumber', $roomNumber) | 				new htmlOutputText(_('Room number')), $roomNumberField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('location', $fields)) { | 		if (in_array('location', $fields)) { | ||||||
| 			$l = ''; | 			$l = ''; | ||||||
| 			if (isset($attributes['l'][0])) $l = $attributes['l'][0]; | 			if (isset($attributes['l'][0])) $l = $attributes['l'][0]; | ||||||
|  | 			$lField = new htmlInputField('inetOrgPerson_location', $l); | ||||||
|  | 			if (in_array('location', $readOnlyFields)) { | ||||||
|  | 				$lField = new htmlOutputText($l); | ||||||
|  | 			} | ||||||
| 			$return['location'] = new htmlTableRow(array( | 			$return['location'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Location'), 'inetOrgPerson_location', $l) | 				new htmlOutputText(_('Location')), $lField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('state', $fields)) { | 		if (in_array('state', $fields)) { | ||||||
| 			$st = ''; | 			$st = ''; | ||||||
| 			if (isset($attributes['st'][0])) $st = $attributes['st'][0]; | 			if (isset($attributes['st'][0])) $st = $attributes['st'][0]; | ||||||
|  | 			$stField = new htmlInputField('inetOrgPerson_state', $st); | ||||||
|  | 			if (in_array('state', $readOnlyFields)) { | ||||||
|  | 				$stField = new htmlOutputText($st); | ||||||
|  | 			} | ||||||
| 			$return['state'] = new htmlTableRow(array( | 			$return['state'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('State'), 'inetOrgPerson_state', $st) | 				new htmlOutputText(_('State')), $stField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('carLicense', $fields)) { | 		if (in_array('carLicense', $fields)) { | ||||||
| 			$carLicense = ''; | 			$carLicense = ''; | ||||||
| 			if (isset($attributes['carLicense'][0])) $carLicense = $attributes['carLicense'][0]; | 			if (isset($attributes['carLicense'][0])) $carLicense = $attributes['carLicense'][0]; | ||||||
|  | 			$carLicenseField = new htmlInputField('inetOrgPerson_carLicense', $carLicense); | ||||||
|  | 			if (in_array('carLicense', $readOnlyFields)) { | ||||||
|  | 				$carLicenseField = new htmlOutputText($carLicense); | ||||||
|  | 			} | ||||||
| 			$return['carLicense'] = new htmlTableRow(array( | 			$return['carLicense'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Car license'), 'inetOrgPerson_carLicense', $carLicense) | 				new htmlOutputText(_('Car license')), $carLicenseField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('officeName', $fields)) { | 		if (in_array('officeName', $fields)) { | ||||||
| 			$physicalDeliveryOfficeName = ''; | 			$physicalDeliveryOfficeName = ''; | ||||||
| 			if (isset($attributes['physicalDeliveryOfficeName'][0])) $physicalDeliveryOfficeName = $attributes['physicalDeliveryOfficeName'][0]; | 			if (isset($attributes['physicalDeliveryOfficeName'][0])) $physicalDeliveryOfficeName = $attributes['physicalDeliveryOfficeName'][0]; | ||||||
|  | 			$physicalDeliveryOfficeNameField = new htmlInputField('inetOrgPerson_officeName', $physicalDeliveryOfficeName); | ||||||
|  | 			if (in_array('officeName', $readOnlyFields)) { | ||||||
|  | 				$physicalDeliveryOfficeNameField = new htmlOutputText($physicalDeliveryOfficeName); | ||||||
|  | 			} | ||||||
| 			$return['officeName'] = new htmlTableRow(array( | 			$return['officeName'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Office name'), 'inetOrgPerson_officeName', $physicalDeliveryOfficeName) | 				new htmlOutputText(_('Office name')), $physicalDeliveryOfficeNameField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('businessCategory', $fields)) { | 		if (in_array('businessCategory', $fields)) { | ||||||
| 			$businessCategory = ''; | 			$businessCategory = ''; | ||||||
| 			if (isset($attributes['businessCategory'][0])) $businessCategory = $attributes['businessCategory'][0]; | 			if (isset($attributes['businessCategory'][0])) $businessCategory = $attributes['businessCategory'][0]; | ||||||
|  | 			$businessCategoryField = new htmlInputField('inetOrgPerson_businessCategory', $businessCategory); | ||||||
|  | 			if (in_array('businessCategory', $readOnlyFields)) { | ||||||
|  | 				$businessCategoryField = new htmlOutputText($businessCategory); | ||||||
|  | 			} | ||||||
| 			$return['businessCategory'] = new htmlTableRow(array( | 			$return['businessCategory'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Business category'), 'inetOrgPerson_businessCategory', $businessCategory) | 				new htmlOutputText(_('Business category')), $businessCategoryField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('jpegPhoto', $fields)) { | 		if (in_array('jpegPhoto', $fields)) { | ||||||
|  | @ -2670,15 +2751,17 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 				$photoFile = '../../tmp/' . $jpeg_filename; | 				$photoFile = '../../tmp/' . $jpeg_filename; | ||||||
| 				$photoSub = new htmlTable(); | 				$photoSub = new htmlTable(); | ||||||
| 				$photoSub->addElement(new htmlImage($photoFile), true); | 				$photoSub->addElement(new htmlImage($photoFile), true); | ||||||
| 				$photoSubSub = new htmlTable(); | 				if (!in_array('jpegPhoto', $readOnlyFields)) { | ||||||
| 				$photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false)); | 					$photoSubSub = new htmlTable(); | ||||||
| 				$photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile')); | 					$photoSubSub->addElement(new htmlTableExtendedInputCheckbox('removeReplacePhoto', false, _('Remove/replace photo'), null, false)); | ||||||
| 				$photoSub->addElement($photoSubSub); | 					$photoSubSub->addElement(new htmlInputFileUpload('replacePhotoFile')); | ||||||
|  | 					$photoSub->addElement($photoSubSub); | ||||||
|  | 				} | ||||||
| 				$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub); | 				$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub); | ||||||
| 				$photoRow = new htmlTableRow($photoRowCells); | 				$photoRow = new htmlTableRow($photoRowCells); | ||||||
| 				$return['jpegPhoto'] = $photoRow; | 				$return['jpegPhoto'] = $photoRow; | ||||||
| 			} | 			} | ||||||
| 			else { | 			elseif (!in_array('jpegPhoto', $readOnlyFields)) { | ||||||
| 				$photoSub = new htmlTable(); | 				$photoSub = new htmlTable(); | ||||||
| 				$photoSub->addElement(new htmlTableExtendedInputFileUpload('photoFile', _('Add photo'))); | 				$photoSub->addElement(new htmlTableExtendedInputFileUpload('photoFile', _('Add photo'))); | ||||||
| 				$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub); | 				$photoRowCells = array(new htmlOutputText(_('Photo')), $photoSub); | ||||||
|  | @ -2689,22 +2772,34 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 		if (in_array('departmentNumber', $fields)) { | 		if (in_array('departmentNumber', $fields)) { | ||||||
| 			$departmentNumber = ''; | 			$departmentNumber = ''; | ||||||
| 			if (isset($attributes['departmentNumber'][0])) $departmentNumber = implode('; ', $attributes['departmentNumber']); | 			if (isset($attributes['departmentNumber'][0])) $departmentNumber = implode('; ', $attributes['departmentNumber']); | ||||||
|  | 			$departmentNumberField = new htmlInputField('inetOrgPerson_departmentNumber', $departmentNumber); | ||||||
|  | 			if (in_array('departmentNumber', $readOnlyFields)) { | ||||||
|  | 				$departmentNumberField = new htmlOutputText($departmentNumber); | ||||||
|  | 			} | ||||||
| 			$return['departmentNumber'] = new htmlTableRow(array( | 			$return['departmentNumber'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Department'), 'inetOrgPerson_departmentNumber', $departmentNumber) | 				new htmlOutputText(_('Department')), $departmentNumberField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('initials', $fields)) { | 		if (in_array('initials', $fields)) { | ||||||
| 			$initials = ''; | 			$initials = ''; | ||||||
| 			if (isset($attributes['initials'][0])) $initials = implode('; ', $attributes['initials']); | 			if (isset($attributes['initials'][0])) $initials = implode('; ', $attributes['initials']); | ||||||
|  | 			$initialsField = new htmlInputField('inetOrgPerson_initials', $initials); | ||||||
|  | 			if (in_array('initials', $readOnlyFields)) { | ||||||
|  | 				$initialsField = new htmlOutputText($initials); | ||||||
|  | 			} | ||||||
| 			$return['initials'] = new htmlTableRow(array( | 			$return['initials'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Initials'), 'inetOrgPerson_initials', $initials) | 				new htmlOutputText(_('Initials')), $initialsField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('title', $fields)) { | 		if (in_array('title', $fields)) { | ||||||
| 			$title = ''; | 			$title = ''; | ||||||
| 			if (isset($attributes['title'][0])) $title = $attributes['title'][0]; | 			if (isset($attributes['title'][0])) $title = $attributes['title'][0]; | ||||||
|  | 			$titleField = new htmlInputField('inetOrgPerson_title', $title); | ||||||
|  | 			if (in_array('title', $readOnlyFields)) { | ||||||
|  | 				$titleField = new htmlOutputText($title); | ||||||
|  | 			} | ||||||
| 			$return['title'] = new htmlTableRow(array( | 			$return['title'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Job title'), 'inetOrgPerson_title', $title) | 				new htmlOutputText(_('Job title')), $titleField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		return $return; | 		return $return; | ||||||
|  | @ -2724,9 +2819,10 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		if ($passwordChangeOnly) { | 		if ($passwordChangeOnly) { | ||||||
| 			return $return; // skip processing if only a password change is done
 | 			return $return; // skip processing if only a password change is done
 | ||||||
|  | @ -2734,7 +2830,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 		$attributeNames = array(); // list of attributes which should be checked for modification
 | 		$attributeNames = array(); // list of attributes which should be checked for modification
 | ||||||
| 		$attributesNew = $attributes; | 		$attributesNew = $attributes; | ||||||
| 		// first name
 | 		// first name
 | ||||||
| 		if (in_array('firstName', $fields)) { | 		if (in_array('firstName', $fields) && !in_array('firstName', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'givenName'; | 			$attributeNames[] = 'givenName'; | ||||||
| 			if (isset($_POST['inetOrgPerson_firstName']) && ($_POST['inetOrgPerson_firstName'] != '')) { | 			if (isset($_POST['inetOrgPerson_firstName']) && ($_POST['inetOrgPerson_firstName'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_firstName'], 'realname')) $return['messages'][] = $this->messages['givenName'][0]; | 				if (!get_preg($_POST['inetOrgPerson_firstName'], 'realname')) $return['messages'][] = $this->messages['givenName'][0]; | ||||||
|  | @ -2743,7 +2839,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['givenName'])) unset($attributesNew['givenName']); | 			elseif (isset($attributes['givenName'])) unset($attributesNew['givenName']); | ||||||
| 		} | 		} | ||||||
| 		// last name
 | 		// last name
 | ||||||
| 		if (in_array('lastName', $fields)) { | 		if (in_array('lastName', $fields) && !in_array('lastName', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'sn'; | 			$attributeNames[] = 'sn'; | ||||||
| 			if (isset($_POST['inetOrgPerson_lastName']) && ($_POST['inetOrgPerson_lastName'] != '')) { | 			if (isset($_POST['inetOrgPerson_lastName']) && ($_POST['inetOrgPerson_lastName'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_lastName'], 'realname')) $return['messages'][] = $this->messages['lastname'][0]; | 				if (!get_preg($_POST['inetOrgPerson_lastName'], 'realname')) $return['messages'][] = $this->messages['lastname'][0]; | ||||||
|  | @ -2755,7 +2851,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		// email
 | 		// email
 | ||||||
| 		if (in_array('mail', $fields)) { | 		if (in_array('mail', $fields) && !in_array('mail', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'mail'; | 			$attributeNames[] = 'mail'; | ||||||
| 			if (isset($_POST['inetOrgPerson_mail']) && ($_POST['inetOrgPerson_mail'] != '')) { | 			if (isset($_POST['inetOrgPerson_mail']) && ($_POST['inetOrgPerson_mail'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_mail'], 'email')) $return['messages'][] = $this->messages['email'][0]; | 				if (!get_preg($_POST['inetOrgPerson_mail'], 'email')) $return['messages'][] = $this->messages['email'][0]; | ||||||
|  | @ -2764,7 +2860,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['mail'])) unset($attributesNew['mail']); | 			elseif (isset($attributes['mail'])) unset($attributesNew['mail']); | ||||||
| 		} | 		} | ||||||
| 		// labeledURI
 | 		// labeledURI
 | ||||||
| 		if (in_array('labeledURI', $fields)) { | 		if (in_array('labeledURI', $fields) && !in_array('labeledURI', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'labeledURI'; | 			$attributeNames[] = 'labeledURI'; | ||||||
| 			if (isset($_POST['inetOrgPerson_labeledURI']) && ($_POST['inetOrgPerson_labeledURI'] != '')) { | 			if (isset($_POST['inetOrgPerson_labeledURI']) && ($_POST['inetOrgPerson_labeledURI'] != '')) { | ||||||
| 				$attributesNew['labeledURI'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_labeledURI']); | 				$attributesNew['labeledURI'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_labeledURI']); | ||||||
|  | @ -2772,7 +2868,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['labeledURI'])) unset($attributesNew['labeledURI']); | 			elseif (isset($attributes['labeledURI'])) unset($attributesNew['labeledURI']); | ||||||
| 		} | 		} | ||||||
| 		// telephone number
 | 		// telephone number
 | ||||||
| 		if (in_array('telephoneNumber', $fields)) { | 		if (in_array('telephoneNumber', $fields) && !in_array('telephoneNumber', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'telephoneNumber'; | 			$attributeNames[] = 'telephoneNumber'; | ||||||
| 			if (isset($_POST['inetOrgPerson_telephoneNumber']) && ($_POST['inetOrgPerson_telephoneNumber'] != '')) { | 			if (isset($_POST['inetOrgPerson_telephoneNumber']) && ($_POST['inetOrgPerson_telephoneNumber'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_telephoneNumber'], 'telephone')) $return['messages'][] = $this->messages['telephoneNumber'][0]; | 				if (!get_preg($_POST['inetOrgPerson_telephoneNumber'], 'telephone')) $return['messages'][] = $this->messages['telephoneNumber'][0]; | ||||||
|  | @ -2781,7 +2877,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['telephoneNumber'])) unset($attributesNew['telephoneNumber']); | 			elseif (isset($attributes['telephoneNumber'])) unset($attributesNew['telephoneNumber']); | ||||||
| 		} | 		} | ||||||
| 		// home telephone number
 | 		// home telephone number
 | ||||||
| 		if (in_array('homePhone', $fields)) { | 		if (in_array('homePhone', $fields) && !in_array('homePhone', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'homePhone'; | 			$attributeNames[] = 'homePhone'; | ||||||
| 			if (isset($_POST['inetOrgPerson_homePhone']) && ($_POST['inetOrgPerson_homePhone'] != '')) { | 			if (isset($_POST['inetOrgPerson_homePhone']) && ($_POST['inetOrgPerson_homePhone'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_homePhone'], 'telephone')) $return['messages'][] = $this->messages['homePhone'][0]; | 				if (!get_preg($_POST['inetOrgPerson_homePhone'], 'telephone')) $return['messages'][] = $this->messages['homePhone'][0]; | ||||||
|  | @ -2790,7 +2886,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['homePhone'])) unset($attributesNew['homePhone']); | 			elseif (isset($attributes['homePhone'])) unset($attributesNew['homePhone']); | ||||||
| 		} | 		} | ||||||
| 		// fax number
 | 		// fax number
 | ||||||
| 		if (in_array('faxNumber', $fields)) { | 		if (in_array('faxNumber', $fields) && !in_array('faxNumber', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'facsimileTelephoneNumber'; | 			$attributeNames[] = 'facsimileTelephoneNumber'; | ||||||
| 			if (isset($_POST['inetOrgPerson_faxNumber']) && ($_POST['inetOrgPerson_faxNumber'] != '')) { | 			if (isset($_POST['inetOrgPerson_faxNumber']) && ($_POST['inetOrgPerson_faxNumber'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_faxNumber'], 'telephone')) $return['messages'][] = $this->messages['facsimileNumber'][0]; | 				if (!get_preg($_POST['inetOrgPerson_faxNumber'], 'telephone')) $return['messages'][] = $this->messages['facsimileNumber'][0]; | ||||||
|  | @ -2799,7 +2895,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['facsimileTelephoneNumber'])) $attributesNew['facsimileTelephoneNumber'] = array(); | 			elseif (isset($attributes['facsimileTelephoneNumber'])) $attributesNew['facsimileTelephoneNumber'] = array(); | ||||||
| 		} | 		} | ||||||
| 		// mobile telephone number
 | 		// mobile telephone number
 | ||||||
| 		if (in_array('mobile', $fields)) { | 		if (in_array('mobile', $fields) && !in_array('mobile', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'mobile'; | 			$attributeNames[] = 'mobile'; | ||||||
| 			if (isset($_POST['inetOrgPerson_mobile']) && ($_POST['inetOrgPerson_mobile'] != '')) { | 			if (isset($_POST['inetOrgPerson_mobile']) && ($_POST['inetOrgPerson_mobile'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_mobile'], 'telephone')) $return['messages'][] = $this->messages['mobileTelephone'][0]; | 				if (!get_preg($_POST['inetOrgPerson_mobile'], 'telephone')) $return['messages'][] = $this->messages['mobileTelephone'][0]; | ||||||
|  | @ -2808,7 +2904,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['mobile'])) unset($attributesNew['mobile']); | 			elseif (isset($attributes['mobile'])) unset($attributesNew['mobile']); | ||||||
| 		} | 		} | ||||||
| 		// street
 | 		// street
 | ||||||
| 		if (in_array('street', $fields)) { | 		if (in_array('street', $fields) && !in_array('street', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'street'; | 			$attributeNames[] = 'street'; | ||||||
| 			if (isset($_POST['inetOrgPerson_street']) && ($_POST['inetOrgPerson_street'] != '')) { | 			if (isset($_POST['inetOrgPerson_street']) && ($_POST['inetOrgPerson_street'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_street'], 'street')) $return['messages'][] = $this->messages['street'][0]; | 				if (!get_preg($_POST['inetOrgPerson_street'], 'street')) $return['messages'][] = $this->messages['street'][0]; | ||||||
|  | @ -2817,7 +2913,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['street'])) unset($attributesNew['street']); | 			elseif (isset($attributes['street'])) unset($attributesNew['street']); | ||||||
| 		} | 		} | ||||||
| 		// postal address
 | 		// postal address
 | ||||||
| 		if (in_array('postalAddress', $fields)) { | 		if (in_array('postalAddress', $fields) && !in_array('postalAddress', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'postalAddress'; | 			$attributeNames[] = 'postalAddress'; | ||||||
| 			if (isset($_POST['inetOrgPerson_postalAddress']) && ($_POST['inetOrgPerson_postalAddress'] != '')) { | 			if (isset($_POST['inetOrgPerson_postalAddress']) && ($_POST['inetOrgPerson_postalAddress'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_postalAddress'], 'postalAddress')) $return['messages'][] = $this->messages['postalAddress'][0]; | 				if (!get_preg($_POST['inetOrgPerson_postalAddress'], 'postalAddress')) $return['messages'][] = $this->messages['postalAddress'][0]; | ||||||
|  | @ -2826,7 +2922,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['postalAddress'])) $attributesNew['postalAddress'] = array(); | 			elseif (isset($attributes['postalAddress'])) $attributesNew['postalAddress'] = array(); | ||||||
| 		} | 		} | ||||||
| 		// registered address
 | 		// registered address
 | ||||||
| 		if (in_array('registeredAddress', $fields)) { | 		if (in_array('registeredAddress', $fields) && !in_array('registeredAddress', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'registeredAddress'; | 			$attributeNames[] = 'registeredAddress'; | ||||||
| 			if (isset($_POST['inetOrgPerson_registeredAddress']) && ($_POST['inetOrgPerson_registeredAddress'] != '')) { | 			if (isset($_POST['inetOrgPerson_registeredAddress']) && ($_POST['inetOrgPerson_registeredAddress'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_registeredAddress'], 'postalAddress')) $return['messages'][] = $this->messages['registeredAddress'][0]; | 				if (!get_preg($_POST['inetOrgPerson_registeredAddress'], 'postalAddress')) $return['messages'][] = $this->messages['registeredAddress'][0]; | ||||||
|  | @ -2835,7 +2931,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['registeredAddress'])) $attributesNew['registeredAddress'] = array(); | 			elseif (isset($attributes['registeredAddress'])) $attributesNew['registeredAddress'] = array(); | ||||||
| 		} | 		} | ||||||
| 		// postal code
 | 		// postal code
 | ||||||
| 		if (in_array('postalCode', $fields)) { | 		if (in_array('postalCode', $fields) && !in_array('postalCode', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'postalCode'; | 			$attributeNames[] = 'postalCode'; | ||||||
| 			if (isset($_POST['inetOrgPerson_postalCode']) && ($_POST['inetOrgPerson_postalCode'] != '')) { | 			if (isset($_POST['inetOrgPerson_postalCode']) && ($_POST['inetOrgPerson_postalCode'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_postalCode'], 'postalCode')) $return['messages'][] = $this->messages['postalCode'][0]; | 				if (!get_preg($_POST['inetOrgPerson_postalCode'], 'postalCode')) $return['messages'][] = $this->messages['postalCode'][0]; | ||||||
|  | @ -2844,7 +2940,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['postalCode'])) unset($attributesNew['postalCode']); | 			elseif (isset($attributes['postalCode'])) unset($attributesNew['postalCode']); | ||||||
| 		} | 		} | ||||||
| 		// post office box
 | 		// post office box
 | ||||||
| 		if (in_array('postOfficeBox', $fields)) { | 		if (in_array('postOfficeBox', $fields) && !in_array('postOfficeBox', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'postOfficeBox'; | 			$attributeNames[] = 'postOfficeBox'; | ||||||
| 			if (isset($_POST['inetOrgPerson_postOfficeBox']) && ($_POST['inetOrgPerson_postOfficeBox'] != '')) { | 			if (isset($_POST['inetOrgPerson_postOfficeBox']) && ($_POST['inetOrgPerson_postOfficeBox'] != '')) { | ||||||
| 				$attributesNew['postOfficeBox'][0] = $_POST['inetOrgPerson_postOfficeBox']; | 				$attributesNew['postOfficeBox'][0] = $_POST['inetOrgPerson_postOfficeBox']; | ||||||
|  | @ -2852,7 +2948,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['postOfficeBox'])) unset($attributesNew['postOfficeBox']); | 			elseif (isset($attributes['postOfficeBox'])) unset($attributesNew['postOfficeBox']); | ||||||
| 		} | 		} | ||||||
| 		// room number
 | 		// room number
 | ||||||
| 		if (in_array('roomNumber', $fields)) { | 		if (in_array('roomNumber', $fields) && !in_array('roomNumber', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'roomNumber'; | 			$attributeNames[] = 'roomNumber'; | ||||||
| 			if (isset($_POST['inetOrgPerson_roomNumber']) && ($_POST['inetOrgPerson_roomNumber'] != '')) { | 			if (isset($_POST['inetOrgPerson_roomNumber']) && ($_POST['inetOrgPerson_roomNumber'] != '')) { | ||||||
| 				$attributesNew['roomNumber'][0] = $_POST['inetOrgPerson_roomNumber']; | 				$attributesNew['roomNumber'][0] = $_POST['inetOrgPerson_roomNumber']; | ||||||
|  | @ -2860,7 +2956,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['roomNumber'])) unset($attributesNew['roomNumber']); | 			elseif (isset($attributes['roomNumber'])) unset($attributesNew['roomNumber']); | ||||||
| 		} | 		} | ||||||
| 		// l
 | 		// l
 | ||||||
| 		if (in_array('location', $fields)) { | 		if (in_array('location', $fields) && !in_array('location', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'l'; | 			$attributeNames[] = 'l'; | ||||||
| 			if (isset($_POST['inetOrgPerson_location']) && ($_POST['inetOrgPerson_location'] != '')) { | 			if (isset($_POST['inetOrgPerson_location']) && ($_POST['inetOrgPerson_location'] != '')) { | ||||||
| 				$attributesNew['l'][0] = $_POST['inetOrgPerson_location']; | 				$attributesNew['l'][0] = $_POST['inetOrgPerson_location']; | ||||||
|  | @ -2868,7 +2964,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['l'])) unset($attributesNew['l']); | 			elseif (isset($attributes['l'])) unset($attributesNew['l']); | ||||||
| 		} | 		} | ||||||
| 		// st
 | 		// st
 | ||||||
| 		if (in_array('state', $fields)) { | 		if (in_array('state', $fields) && !in_array('state', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'st'; | 			$attributeNames[] = 'st'; | ||||||
| 			if (isset($_POST['inetOrgPerson_state']) && ($_POST['inetOrgPerson_state'] != '')) { | 			if (isset($_POST['inetOrgPerson_state']) && ($_POST['inetOrgPerson_state'] != '')) { | ||||||
| 				$attributesNew['st'][0] = $_POST['inetOrgPerson_state']; | 				$attributesNew['st'][0] = $_POST['inetOrgPerson_state']; | ||||||
|  | @ -2876,7 +2972,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['st'])) unset($attributesNew['st']); | 			elseif (isset($attributes['st'])) unset($attributesNew['st']); | ||||||
| 		} | 		} | ||||||
| 		// car license
 | 		// car license
 | ||||||
| 		if (in_array('carLicense', $fields)) { | 		if (in_array('carLicense', $fields) && !in_array('carLicense', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'carLicense'; | 			$attributeNames[] = 'carLicense'; | ||||||
| 			if (isset($_POST['inetOrgPerson_carLicense']) && ($_POST['inetOrgPerson_carLicense'] != '')) { | 			if (isset($_POST['inetOrgPerson_carLicense']) && ($_POST['inetOrgPerson_carLicense'] != '')) { | ||||||
| 				$attributesNew['carLicense'][0] = $_POST['inetOrgPerson_carLicense']; | 				$attributesNew['carLicense'][0] = $_POST['inetOrgPerson_carLicense']; | ||||||
|  | @ -2884,7 +2980,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['carLicense'])) unset($attributesNew['carLicense']); | 			elseif (isset($attributes['carLicense'])) unset($attributesNew['carLicense']); | ||||||
| 		} | 		} | ||||||
| 		// office name
 | 		// office name
 | ||||||
| 		if (in_array('officeName', $fields)) { | 		if (in_array('officeName', $fields) && !in_array('officeName', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'physicalDeliveryOfficeName'; | 			$attributeNames[] = 'physicalDeliveryOfficeName'; | ||||||
| 			if (isset($_POST['inetOrgPerson_officeName']) && ($_POST['inetOrgPerson_officeName'] != '')) { | 			if (isset($_POST['inetOrgPerson_officeName']) && ($_POST['inetOrgPerson_officeName'] != '')) { | ||||||
| 				$attributesNew['physicalDeliveryOfficeName'][0] = $_POST['inetOrgPerson_officeName']; | 				$attributesNew['physicalDeliveryOfficeName'][0] = $_POST['inetOrgPerson_officeName']; | ||||||
|  | @ -2892,7 +2988,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['physicalDeliveryOfficeName'])) unset($attributesNew['physicalDeliveryOfficeName']); | 			elseif (isset($attributes['physicalDeliveryOfficeName'])) unset($attributesNew['physicalDeliveryOfficeName']); | ||||||
| 		} | 		} | ||||||
| 		// business category
 | 		// business category
 | ||||||
| 		if (in_array('businessCategory', $fields)) { | 		if (in_array('businessCategory', $fields) && !in_array('businessCategory', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'businessCategory'; | 			$attributeNames[] = 'businessCategory'; | ||||||
| 			if (isset($_POST['inetOrgPerson_businessCategory']) && ($_POST['inetOrgPerson_businessCategory'] != '')) { | 			if (isset($_POST['inetOrgPerson_businessCategory']) && ($_POST['inetOrgPerson_businessCategory'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_businessCategory'], 'businessCategory')) { | 				if (!get_preg($_POST['inetOrgPerson_businessCategory'], 'businessCategory')) { | ||||||
|  | @ -2905,7 +3001,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['businessCategory'])) unset($attributesNew['businessCategory']); | 			elseif (isset($attributes['businessCategory'])) unset($attributesNew['businessCategory']); | ||||||
| 		} | 		} | ||||||
| 		// photo
 | 		// photo
 | ||||||
| 		if (in_array('jpegPhoto', $fields)) { | 		if (in_array('jpegPhoto', $fields) && !in_array('jpegPhoto', $readOnlyFields)) { | ||||||
| 			if (isset($_FILES['photoFile']) && ($_FILES['photoFile']['size'] > 0)) { | 			if (isset($_FILES['photoFile']) && ($_FILES['photoFile']['size'] > 0)) { | ||||||
| 				$handle = fopen($_FILES['photoFile']['tmp_name'], "r"); | 				$handle = fopen($_FILES['photoFile']['tmp_name'], "r"); | ||||||
| 				$data = fread($handle, 1000000); | 				$data = fread($handle, 1000000); | ||||||
|  | @ -2925,7 +3021,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		// departments
 | 		// departments
 | ||||||
| 		if (in_array('departmentNumber', $fields)) { | 		if (in_array('departmentNumber', $fields) && !in_array('departmentNumber', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'departmentNumber'; | 			$attributeNames[] = 'departmentNumber'; | ||||||
| 			if (isset($_POST['inetOrgPerson_departmentNumber']) && ($_POST['inetOrgPerson_departmentNumber'] != '')) { | 			if (isset($_POST['inetOrgPerson_departmentNumber']) && ($_POST['inetOrgPerson_departmentNumber'] != '')) { | ||||||
| 				$attributesNew['departmentNumber'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_departmentNumber']); | 				$attributesNew['departmentNumber'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_departmentNumber']); | ||||||
|  | @ -2933,7 +3029,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['departmentNumber'])) unset($attributesNew['departmentNumber']); | 			elseif (isset($attributes['departmentNumber'])) unset($attributesNew['departmentNumber']); | ||||||
| 		} | 		} | ||||||
| 		// initials
 | 		// initials
 | ||||||
| 		if (in_array('initials', $fields)) { | 		if (in_array('initials', $fields) && !in_array('initials', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'initials'; | 			$attributeNames[] = 'initials'; | ||||||
| 			if (isset($_POST['inetOrgPerson_initials']) && ($_POST['inetOrgPerson_initials'] != '')) { | 			if (isset($_POST['inetOrgPerson_initials']) && ($_POST['inetOrgPerson_initials'] != '')) { | ||||||
| 				$attributesNew['initials'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_initials']); | 				$attributesNew['initials'] = preg_split('/;[ ]*/', $_POST['inetOrgPerson_initials']); | ||||||
|  | @ -2941,7 +3037,7 @@ class inetOrgPerson extends baseModule implements passwordService { | ||||||
| 			elseif (isset($attributes['initials'])) unset($attributesNew['initials']); | 			elseif (isset($attributes['initials'])) unset($attributesNew['initials']); | ||||||
| 		} | 		} | ||||||
| 		// title
 | 		// title
 | ||||||
| 		if (in_array('title', $fields)) { | 		if (in_array('title', $fields) && !in_array('title', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'title'; | 			$attributeNames[] = 'title'; | ||||||
| 			if (isset($_POST['inetOrgPerson_title']) && ($_POST['inetOrgPerson_title'] != '')) { | 			if (isset($_POST['inetOrgPerson_title']) && ($_POST['inetOrgPerson_title'] != '')) { | ||||||
| 				if (!get_preg($_POST['inetOrgPerson_title'], 'title')) $return['messages'][] = $this->messages['title'][0]; | 				if (!get_preg($_POST['inetOrgPerson_title'], 'title')) $return['messages'][] = $this->messages['title'][0]; | ||||||
|  |  | ||||||
|  | @ -117,6 +117,8 @@ class kolabUser extends baseModule { | ||||||
| 			'kolabDelegate' => _('Delegates'), | 			'kolabDelegate' => _('Delegates'), | ||||||
| 			'kolabInvitationPolicy' => _('Invitation policy') | 			'kolabInvitationPolicy' => _('Invitation policy') | ||||||
| 		); | 		); | ||||||
|  | 		// possible self service read-only fields
 | ||||||
|  | 		$return['selfServiceReadOnlyFields'] = array('kolabFreeBusyFuture', 'kolabDelegate', 'kolabInvitationPolicy'); | ||||||
| 		// help Entries
 | 		// help Entries
 | ||||||
| 		$return['help'] = array( | 		$return['help'] = array( | ||||||
| 			'invPol' => array( | 			'invPol' => array( | ||||||
|  | @ -819,9 +821,10 @@ class kolabUser extends baseModule { | ||||||
| 	 * @param array $fields list of active fields | 	 * @param array $fields list of active fields | ||||||
| 	 * @param array $attributes attributes of LDAP account | 	 * @param array $attributes attributes of LDAP account | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array list of meta HTML elements (field name => htmlTableRow) | 	 * @return array list of meta HTML elements (field name => htmlTableRow) | ||||||
| 	 */ | 	 */ | ||||||
| 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		if ($passwordChangeOnly) { | 		if ($passwordChangeOnly) { | ||||||
| 			return array(); // no Kolab fields as long no LDAP content can be read
 | 			return array(); // no Kolab fields as long no LDAP content can be read
 | ||||||
| 		} | 		} | ||||||
|  | @ -835,8 +838,12 @@ class kolabUser extends baseModule { | ||||||
| 			if (isset($attributes['kolabFreeBusyFuture'][0])) { | 			if (isset($attributes['kolabFreeBusyFuture'][0])) { | ||||||
| 				$kolabFreeBusyFuture = $attributes['kolabFreeBusyFuture'][0]; | 				$kolabFreeBusyFuture = $attributes['kolabFreeBusyFuture'][0]; | ||||||
| 			} | 			} | ||||||
|  | 			$kolabFreeBusyFutureField = new htmlInputField('kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture); | ||||||
|  | 			if (in_array('kolabFreeBusyFuture', $readOnlyFields)) { | ||||||
|  | 				$kolabFreeBusyFutureField = new htmlOutputText($kolabFreeBusyFuture); | ||||||
|  | 			} | ||||||
| 			$return['kolabFreeBusyFuture'] = new htmlTableRow(array( | 			$return['kolabFreeBusyFuture'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Free/Busy interval'), 'kolabUser_kolabFreeBusyFuture', $kolabFreeBusyFuture) | 				new htmlOutputText(_('Free/Busy interval')), $kolabFreeBusyFutureField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		// delegates
 | 		// delegates
 | ||||||
|  | @ -870,10 +877,17 @@ class kolabUser extends baseModule { | ||||||
| 			$delegateContainer = new htmlTable(); | 			$delegateContainer = new htmlTable(); | ||||||
| 			for ($i = 0; $i < sizeof($kolabDelegate); $i++) { | 			for ($i = 0; $i < sizeof($kolabDelegate); $i++) { | ||||||
| 				$delegateContainer->addElement(new htmlOutputText($kolabDelegate[$i])); | 				$delegateContainer->addElement(new htmlOutputText($kolabDelegate[$i])); | ||||||
| 				$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true); | 				if (!in_array('kolabDelegate', $readOnlyFields)) { | ||||||
|  | 					$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('delDelegate_' . $i, false, _('Delete'), null, false), true); | ||||||
|  | 				} | ||||||
|  | 				else { | ||||||
|  | 					$delegateContainer->addNewLine(); | ||||||
|  | 				} | ||||||
|  | 			} | ||||||
|  | 			if (!in_array('kolabDelegate', $readOnlyFields)) { | ||||||
|  | 				$delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates)); | ||||||
|  | 				$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true); | ||||||
| 			} | 			} | ||||||
| 			$delegateContainer->addElement(new htmlSelect('new_delegate_value', $delegates)); |  | ||||||
| 			$delegateContainer->addElement(new htmlTableExtendedInputCheckbox('new_delegate', false, _("Add"), null, false), true); |  | ||||||
| 			$delegateLabel = new htmlOutputText(_('Delegates')); | 			$delegateLabel = new htmlOutputText(_('Delegates')); | ||||||
| 			$delegateLabel->alignment = htmlElement::ALIGN_TOP; | 			$delegateLabel->alignment = htmlElement::ALIGN_TOP; | ||||||
| 			$return['kolabDelegate'] = new htmlTableRow(array( | 			$return['kolabDelegate'] = new htmlTableRow(array( | ||||||
|  | @ -894,20 +908,34 @@ class kolabUser extends baseModule { | ||||||
| 					break; | 					break; | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
| 			$invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true); | 			if (!in_array('kolabDelegate', $readOnlyFields)) { | ||||||
|  | 				$invitationContainer->addElement(new htmlTableExtendedSelect('defaultInvPol', array_values($this->invitationPolicies), array($defaultInvPol), _('Anyone')), true); | ||||||
|  | 			} | ||||||
|  | 			else { | ||||||
|  | 				$invitationContainer->addElement(new htmlOutputText(_('Anyone'))); | ||||||
|  | 				$invitationContainer->addElement(new htmlOutputText($defaultInvPol), true); | ||||||
|  | 			} | ||||||
| 			// other invitation policies
 | 			// other invitation policies
 | ||||||
| 			for ($i = 0; $i < sizeof($attributes['kolabInvitationPolicy']); $i++) { | 			for ($i = 0; $i < sizeof($attributes['kolabInvitationPolicy']); $i++) { | ||||||
| 				$parts = explode(":", $attributes['kolabInvitationPolicy'][$i]); | 				$parts = explode(":", $attributes['kolabInvitationPolicy'][$i]); | ||||||
| 				if (sizeof($parts) == 2) { | 				if (sizeof($parts) == 2) { | ||||||
| 					$invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0])); | 					if (!in_array('kolabDelegate', $readOnlyFields)) { | ||||||
| 					$invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]]))); | 						$invitationContainer->addElement(new htmlInputField('invPol1' . $i, $parts[0])); | ||||||
| 					$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true); | 						$invitationContainer->addElement(new htmlSelect('invPol2' . $i, array_values($this->invitationPolicies), array($this->invitationPolicies[$parts[1]]))); | ||||||
|  | 						$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('delInvPol' . $i, false, _("Remove"), null, false), true); | ||||||
|  | 					} | ||||||
|  | 					else { | ||||||
|  | 						$invitationContainer->addElement(new htmlOutputText($parts[0])); | ||||||
|  | 						$invitationContainer->addElement(new htmlOutputText($this->invitationPolicies[$parts[1]]), true); | ||||||
|  | 					} | ||||||
| 				} | 				} | ||||||
| 			} | 			} | ||||||
| 			// input box for new invitation policy
 | 			// input box for new invitation policy
 | ||||||
| 			$invitationContainer->addElement(new htmlInputField('invPol1', '')); | 			if (!in_array('kolabDelegate', $readOnlyFields)) { | ||||||
| 			$invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies))); | 				$invitationContainer->addElement(new htmlInputField('invPol1', '')); | ||||||
| 			$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true); | 				$invitationContainer->addElement(new htmlSelect('invPol2', array_values($this->invitationPolicies))); | ||||||
|  | 				$invitationContainer->addElement(new htmlTableExtendedInputCheckbox('addInvPol', false, _("Add"), null, false), true); | ||||||
|  | 			} | ||||||
| 			$invitationLabel = new htmlOutputText(_('Invitation policy')); | 			$invitationLabel = new htmlOutputText(_('Invitation policy')); | ||||||
| 			$invitationLabel->alignment = htmlElement::ALIGN_TOP; | 			$invitationLabel->alignment = htmlElement::ALIGN_TOP; | ||||||
| 			$return['kolabInvitationPolicy'] = new htmlTableRow(array( | 			$return['kolabInvitationPolicy'] = new htmlTableRow(array( | ||||||
|  | @ -931,9 +959,10 @@ class kolabUser extends baseModule { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		if ($passwordChangeOnly) { | 		if ($passwordChangeOnly) { | ||||||
| 			return $return; // skip processing if only a password change is done
 | 			return $return; // skip processing if only a password change is done
 | ||||||
|  | @ -944,7 +973,7 @@ class kolabUser extends baseModule { | ||||||
| 		$attributeNames = array(); // list of attributes which should be checked for modification
 | 		$attributeNames = array(); // list of attributes which should be checked for modification
 | ||||||
| 		$attributesNew = $attributes; | 		$attributesNew = $attributes; | ||||||
| 		// kolabFreeBusyFuture
 | 		// kolabFreeBusyFuture
 | ||||||
| 		if (in_array('kolabFreeBusyFuture', $fields)) { | 		if (in_array('kolabFreeBusyFuture', $fields) && !in_array('kolabFreeBusyFuture', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'kolabFreeBusyFuture'; | 			$attributeNames[] = 'kolabFreeBusyFuture'; | ||||||
| 			if (isset($_POST['kolabUser_kolabFreeBusyFuture']) && ($_POST['kolabUser_kolabFreeBusyFuture'] != '')) { | 			if (isset($_POST['kolabUser_kolabFreeBusyFuture']) && ($_POST['kolabUser_kolabFreeBusyFuture'] != '')) { | ||||||
| 				if (!get_preg($_POST['kolabUser_kolabFreeBusyFuture'], 'digit')) $return['messages'][] = $this->messages['freeBusy'][0]; | 				if (!get_preg($_POST['kolabUser_kolabFreeBusyFuture'], 'digit')) $return['messages'][] = $this->messages['freeBusy'][0]; | ||||||
|  | @ -955,7 +984,7 @@ class kolabUser extends baseModule { | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		// delegates
 | 		// delegates
 | ||||||
| 		if (in_array('kolabDelegate', $fields)) { | 		if (in_array('kolabDelegate', $fields) && !in_array('kolabDelegate', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'kolabDelegate'; | 			$attributeNames[] = 'kolabDelegate'; | ||||||
| 			// new delegation
 | 			// new delegation
 | ||||||
| 			if (isset($_POST['new_delegate']) && ($_POST['new_delegate'] == 'on')) { | 			if (isset($_POST['new_delegate']) && ($_POST['new_delegate'] == 'on')) { | ||||||
|  | @ -975,7 +1004,7 @@ class kolabUser extends baseModule { | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		// invitation policies
 | 		// invitation policies
 | ||||||
| 		if (in_array('kolabInvitationPolicy', $fields)) { | 		if (in_array('kolabInvitationPolicy', $fields) && !in_array('kolabInvitationPolicy', $readOnlyFields)) { | ||||||
| 			$attributeNames[] = 'kolabInvitationPolicy'; | 			$attributeNames[] = 'kolabInvitationPolicy'; | ||||||
| 			$policies = array_flip($this->invitationPolicies); | 			$policies = array_flip($this->invitationPolicies); | ||||||
| 			$attributesNew['kolabInvitationPolicy'] = array(); | 			$attributesNew['kolabInvitationPolicy'] = array(); | ||||||
|  |  | ||||||
|  | @ -154,6 +154,8 @@ class posixAccount extends baseModule implements passwordService { | ||||||
| 			$return['selfServiceSearchAttributes'] = array('uid'); | 			$return['selfServiceSearchAttributes'] = array('uid'); | ||||||
| 			// self service field settings
 | 			// self service field settings
 | ||||||
| 			$return['selfServiceFieldSettings'] = array('password' => _('Password'), 'cn' => _('Common name'), 'loginShell' => _('Login shell')); | 			$return['selfServiceFieldSettings'] = array('password' => _('Password'), 'cn' => _('Common name'), 'loginShell' => _('Login shell')); | ||||||
|  | 			// possible self service read-only fields
 | ||||||
|  | 			$return['selfServiceReadOnlyFields'] = array('cn', 'loginShell'); | ||||||
| 			// self service configuration settings
 | 			// self service configuration settings
 | ||||||
| 			$selfServiceContainer = new htmlTable(); | 			$selfServiceContainer = new htmlTable(); | ||||||
| 			$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"), | 			$selfServiceContainer->addElement(new htmlTableExtendedSelect('posixAccount_pwdHash', array("CRYPT", "SHA", "SSHA", "MD5", "SMD5", "PLAIN"), | ||||||
|  | @ -2107,9 +2109,10 @@ class posixAccount extends baseModule implements passwordService { | ||||||
| 	 * @param array $fields list of active fields | 	 * @param array $fields list of active fields | ||||||
| 	 * @param array $attributes attributes of LDAP account | 	 * @param array $attributes attributes of LDAP account | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array list of meta HTML elements (field name => htmlTableRow) | 	 * @return array list of meta HTML elements (field name => htmlTableRow) | ||||||
| 	 */ | 	 */ | ||||||
| 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array(); | 		$return = array(); | ||||||
| 		if (in_array('password', $fields)) { | 		if (in_array('password', $fields)) { | ||||||
| 			$pwdTable = new htmlTable(); | 			$pwdTable = new htmlTable(); | ||||||
|  | @ -2130,16 +2133,24 @@ class posixAccount extends baseModule implements passwordService { | ||||||
| 		if (in_array('cn', $fields)) { | 		if (in_array('cn', $fields)) { | ||||||
| 			$cn = ''; | 			$cn = ''; | ||||||
| 			if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0]; | 			if (isset($attributes['cn'][0])) $cn = $attributes['cn'][0]; | ||||||
|  | 			$cnField = new htmlInputField('posixAccount_cn', $cn); | ||||||
|  | 			if (in_array('cn', $readOnlyFields)) { | ||||||
|  | 				$cnField = new htmlOutputText($cn); | ||||||
|  | 			} | ||||||
| 			$return['cn'] = new htmlTableRow(array( | 			$return['cn'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedInputField(_('Common name'), 'posixAccount_cn', $cn) | 				new htmlOutputText(_('Common name')), $cnField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		if (in_array('loginShell', $fields)) { | 		if (in_array('loginShell', $fields)) { | ||||||
| 			$shelllist = getshells(); // list of all valid shells
 | 			$shelllist = getshells(); // list of all valid shells
 | ||||||
| 			$loginShell = ''; | 			$loginShell = ''; | ||||||
| 			if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0]; | 			if (isset($attributes['loginShell'][0])) $loginShell = $attributes['loginShell'][0]; | ||||||
|  | 			$loginShellField = new htmlSelect('posixAccount_loginShell', $shelllist, array($loginShell)); | ||||||
|  | 			if (in_array('loginShell', $readOnlyFields)) { | ||||||
|  | 				$loginShellField = new htmlOutputText($loginShell); | ||||||
|  | 			} | ||||||
| 			$return['loginShell'] = new htmlTableRow(array( | 			$return['loginShell'] = new htmlTableRow(array( | ||||||
| 				new htmlTableExtendedSelect('posixAccount_loginShell', $shelllist, array($loginShell), _('Login shell')) | 				new htmlOutputText(_('Login shell')), $loginShellField | ||||||
| 			)); | 			)); | ||||||
| 		} | 		} | ||||||
| 		return $return; | 		return $return; | ||||||
|  | @ -2159,9 +2170,10 @@ class posixAccount extends baseModule implements passwordService { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		if (in_array('password', $fields)) { | 		if (in_array('password', $fields)) { | ||||||
| 			if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) { | 			if (isset($_POST['posixAccount_password']) && ($_POST['posixAccount_password'] != '')) { | ||||||
|  | @ -2192,7 +2204,7 @@ class posixAccount extends baseModule implements passwordService { | ||||||
| 		if ($passwordChangeOnly) { | 		if ($passwordChangeOnly) { | ||||||
| 			return $return; // skip processing if only a password change is done
 | 			return $return; // skip processing if only a password change is done
 | ||||||
| 		} | 		} | ||||||
| 		if (in_array('cn', $fields)) { | 		if (in_array('cn', $fields) && !in_array('cn', $readOnlyFields)) { | ||||||
| 			if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) { | 			if (isset($_POST['posixAccount_cn']) && ($_POST['posixAccount_cn'] != '')) { | ||||||
| 				if (!get_preg($_POST['posixAccount_cn'], 'cn')) { | 				if (!get_preg($_POST['posixAccount_cn'], 'cn')) { | ||||||
| 					$return['messages'][] = $this->messages['cn'][0]; | 					$return['messages'][] = $this->messages['cn'][0]; | ||||||
|  | @ -2205,7 +2217,7 @@ class posixAccount extends baseModule implements passwordService { | ||||||
| 				$return['messages'][] = $this->messages['cn'][0]; | 				$return['messages'][] = $this->messages['cn'][0]; | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
| 		if (in_array('loginShell', $fields)) { | 		if (in_array('loginShell', $fields) && !in_array('loginShell', $readOnlyFields)) { | ||||||
| 			$shelllist = getshells(); // list of all valid shells
 | 			$shelllist = getshells(); // list of all valid shells
 | ||||||
| 			if (in_array($_POST['posixAccount_loginShell'], $shelllist) | 			if (in_array($_POST['posixAccount_loginShell'], $shelllist) | ||||||
| 					&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) { | 					&& (!isset($attributes['loginShell']) || ($attributes['loginShell'][0] != $_POST['posixAccount_loginShell']))) { | ||||||
|  |  | ||||||
|  | @ -2103,9 +2103,10 @@ class sambaSamAccount extends baseModule implements passwordService { | ||||||
| 	 * @param array $fields list of active fields | 	 * @param array $fields list of active fields | ||||||
| 	 * @param array $attributes attributes of LDAP account | 	 * @param array $attributes attributes of LDAP account | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array list of meta HTML elements (field name => htmlTableRow) | 	 * @return array list of meta HTML elements (field name => htmlTableRow) | ||||||
| 	 */ | 	 */ | ||||||
| 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function getSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array(); | 		$return = array(); | ||||||
| 		if ($passwordChangeOnly) { | 		if ($passwordChangeOnly) { | ||||||
| 			return $return; // no input fields as long no LDAP content can be read
 | 			return $return; // no input fields as long no LDAP content can be read
 | ||||||
|  | @ -2143,9 +2144,10 @@ class sambaSamAccount extends baseModule implements passwordService { | ||||||
| 	 * @param string $fields input fields | 	 * @param string $fields input fields | ||||||
| 	 * @param array $attributes LDAP attributes | 	 * @param array $attributes LDAP attributes | ||||||
| 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | 	 * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  | 	 * @param array $readOnlyFields list of read-only fields | ||||||
| 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | 	 * @return array messages and attributes (array('messages' => array(), 'add' => array('mail' => array('test@test.com')), 'del' => array(), 'mod' => array(), 'info' => array())) | ||||||
| 	 */ | 	 */ | ||||||
| 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly) { | 	function checkSelfServiceOptions($fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 		$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 		if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) { | 		if (!isset($attributes['objectClass']) || !in_array_ignore_case('sambaSamAccount', $attributes['objectClass'])) { | ||||||
| 			return $return; | 			return $return; | ||||||
|  |  | ||||||
|  | @ -91,15 +91,23 @@ function getSelfServiceFieldSettings($scope) { | ||||||
|  * @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...))) |  * @param array $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...))) | ||||||
|  * @param array $attributes LDAP attributes (attribute names in lower case) |  * @param array $attributes LDAP attributes (attribute names in lower case) | ||||||
|  * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable |  * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  |  * @param array $readOnlyFields list of read-only fields | ||||||
|  * @return array meta HTML code (array(<moduleName> => htmlTableRow)) |  * @return array meta HTML code (array(<moduleName> => htmlTableRow)) | ||||||
|  */ |  */ | ||||||
| function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) { | function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 	$return = array(); | 	$return = array(); | ||||||
| 	$modules = getAvailableModules($scope); | 	$modules = getAvailableModules($scope); | ||||||
| 	for ($i = 0; $i < sizeof($modules); $i++) { | 	for ($i = 0; $i < sizeof($modules); $i++) { | ||||||
| 		if (!isset($fields[$modules[$i]])) continue; | 		if (!isset($fields[$modules[$i]])) continue; | ||||||
| 		$m = new $modules[$i]($scope); | 		$m = new $modules[$i]($scope); | ||||||
| 		$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly); | 		$modReadOnlyFields = array(); | ||||||
|  | 		for ($r = 0; $r < sizeof($readOnlyFields); $r++) { | ||||||
|  | 			$parts = explode('_', $readOnlyFields[$r]); | ||||||
|  | 			if ($parts[0] == $modules[$i]) { | ||||||
|  | 				$modReadOnlyFields[] = $parts[1]; | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  | 		$code = $m->getSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields); | ||||||
| 		if (sizeof($code) > 0) $return[$modules[$i]] = $code; | 		if (sizeof($code) > 0) $return[$modules[$i]] = $code; | ||||||
| 	} | 	} | ||||||
| 	return $return; | 	return $return; | ||||||
|  | @ -113,15 +121,23 @@ function getSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly | ||||||
|  * @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...))) |  * @param string $fields input fields (array(<moduleName> => array(<field1>, <field2>, ...))) | ||||||
|  * @param array $attributes LDAP attributes |  * @param array $attributes LDAP attributes | ||||||
|  * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable |  * @param boolean $passwordChangeOnly indicates that the user is only allowed to change his password and no LDAP content is readable | ||||||
|  |  * @param array $readOnlyFields list of read-only fields | ||||||
|  * @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array())) |  * @return array messages and LDAP commands (array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array())) | ||||||
|  */ |  */ | ||||||
| function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly) { | function checkSelfServiceOptions($scope, $fields, $attributes, $passwordChangeOnly, $readOnlyFields) { | ||||||
| 	$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | 	$return = array('messages' => array(), 'add' => array(), 'del' => array(), 'mod' => array(), 'info' => array()); | ||||||
| 	$modules = getAvailableModules($scope); | 	$modules = getAvailableModules($scope); | ||||||
| 	for ($i = 0; $i < sizeof($modules); $i++) { | 	for ($i = 0; $i < sizeof($modules); $i++) { | ||||||
| 		if (!isset($fields[$modules[$i]])) continue; | 		if (!isset($fields[$modules[$i]])) continue; | ||||||
| 		$m = new $modules[$i]($scope); | 		$m = new $modules[$i]($scope); | ||||||
| 		$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly); | 		$modReadOnlyFields = array(); | ||||||
|  | 		for ($r = 0; $r < sizeof($readOnlyFields); $r++) { | ||||||
|  | 			$parts = explode('_', $readOnlyFields[$r]); | ||||||
|  | 			if ($parts[0] == $modules[$i]) { | ||||||
|  | 				$modReadOnlyFields[] = $parts[1]; | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  | 		$result = $m->checkSelfServiceOptions($fields[$modules[$i]], $attributes, $passwordChangeOnly, $modReadOnlyFields); | ||||||
| 		if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']); | 		if (sizeof($result['messages']) > 0) $return['messages'] = array_merge($result['messages'], $return['messages']); | ||||||
| 		if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']); | 		if (sizeof($result['add']) > 0) $return['add'] = array_merge($result['add'], $return['add']); | ||||||
| 		if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']); | 		if (sizeof($result['del']) > 0) $return['del'] = array_merge($result['del'], $return['del']); | ||||||
|  | @ -322,6 +338,11 @@ class selfServiceProfile { | ||||||
| 	 */ | 	 */ | ||||||
| 	public $inputFields; | 	public $inputFields; | ||||||
| 	 | 	 | ||||||
|  | 	/** | ||||||
|  | 	 * List of fields that are set in read-only mode. | ||||||
|  | 	 */ | ||||||
|  | 	public $readOnlyFields; | ||||||
|  | 	 | ||||||
| 	/** configuration settings of modules */ | 	/** configuration settings of modules */ | ||||||
| 	public $moduleSettings; | 	public $moduleSettings; | ||||||
| 
 | 
 | ||||||
|  | @ -352,6 +373,7 @@ class selfServiceProfile { | ||||||
| 			array('name' => _('Password'), | 			array('name' => _('Password'), | ||||||
| 				'fields' => array('posixAccount_password')) | 				'fields' => array('posixAccount_password')) | ||||||
| 		); | 		); | ||||||
|  | 		$this->readOnlyFields = array(); | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| } | } | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue