allow to hide buttons to create/delete accounts
This commit is contained in:
Roland Gruber
parent
afb8d6ebdd
commit
4f25877520
|
|
@ -2,6 +2,7 @@ June 2013 4.2
|
|||
- Samba 4 support: users, groups, hosts
|
||||
- Unix: allow to change format for suggested user name
|
||||
- LAM Pro:
|
||||
-> allow to hide buttons to create/delete entries for each account type
|
||||
-> Password self reset: support new identification methods: user, email, user or email, employee number
|
||||
-> Custom fields: support PDF, profiles and multi-value text fields
|
||||
-> Personal: support password mail sending in file upload
|
||||
|
|
|
|||
|
|
@ -155,6 +155,10 @@ $helpArray = array (
|
|||
. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
|
||||
"261" => array ("Headline" => _("Hidden"),
|
||||
"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
|
||||
"262" => array ("Headline" => _("No new entries"),
|
||||
"Text" => _('If checked then the user will not be able to create new entries of this account type.')),
|
||||
"263" => array ("Headline" => _("Disallow delete"),
|
||||
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
|
||||
// 300 - 399
|
||||
// profile editor, file upload
|
||||
"301" => array ("Headline" => _("RDN identifier"),
|
||||
|
|
|
|||
|
|
@ -486,7 +486,7 @@ class lamList {
|
|||
$group->addElement($editLink);
|
||||
$toolCount++;
|
||||
// delete link
|
||||
if (checkIfWriteAccessIsAllowed()) {
|
||||
if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
|
||||
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
|
||||
$deleteLink->setTitle(_("Delete"));
|
||||
$group->addElement($deleteLink);
|
||||
|
|
@ -543,12 +543,12 @@ class lamList {
|
|||
die();
|
||||
}
|
||||
// add new account
|
||||
if (isset($_POST['new'])){
|
||||
if (isset($_POST['new']) && checkIfNewEntriesAreAllowed($this->type)){
|
||||
metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix);
|
||||
exit;
|
||||
}
|
||||
// delete account(s)
|
||||
elseif (isset($_POST['del'])){
|
||||
elseif (isset($_POST['del']) && checkIfDeleteEntriesIsAllowed($this->type)){
|
||||
// search for checkboxes
|
||||
$accounts = array_keys($_POST, "on");
|
||||
// build DN list
|
||||
|
|
@ -562,7 +562,7 @@ class lamList {
|
|||
}
|
||||
}
|
||||
// file upload
|
||||
elseif (isset($_POST['fileUpload'])){
|
||||
elseif (isset($_POST['fileUpload']) && checkIfNewEntriesAreAllowed($this->type)){
|
||||
metaRefresh("../masscreate.php?type=" . $this->type);
|
||||
exit;
|
||||
}
|
||||
|
|
@ -749,11 +749,14 @@ class lamList {
|
|||
// button part
|
||||
$left->alignment = htmlElement::ALIGN_LEFT;
|
||||
if (checkIfWriteAccessIsAllowed()) {
|
||||
// add/delete buttons
|
||||
$newButton = new htmlButton('new', $this->labels['newEntry']);
|
||||
$newButton->setIconClass('createButton');
|
||||
$left->addElement($newButton);
|
||||
if (!$createOnly) {
|
||||
// add button
|
||||
if (checkIfNewEntriesAreAllowed($this->type)) {
|
||||
$newButton = new htmlButton('new', $this->labels['newEntry']);
|
||||
$newButton->setIconClass('createButton');
|
||||
$left->addElement($newButton);
|
||||
}
|
||||
// delete button
|
||||
if (!$createOnly && checkIfDeleteEntriesIsAllowed($this->type)) {
|
||||
$left->addElement(new htmlSpacer('1px', null));
|
||||
$delButton = new htmlButton('del', $this->labels['deleteEntry']);
|
||||
$delButton->setIconClass('deleteButton');
|
||||
|
|
@ -761,7 +764,8 @@ class lamList {
|
|||
}
|
||||
$type = new $this->type();
|
||||
$toolSettings = $_SESSION['config']->getToolSettings();
|
||||
if ($type->supportsFileUpload() && !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
|
||||
if ($type->supportsFileUpload() && checkIfNewEntriesAreAllowed($this->type)
|
||||
&& !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
|
||||
$left->addElement(new htmlSpacer('20px', null));
|
||||
$uploadButton = new htmlButton('fileUpload', _('File upload'));
|
||||
$uploadButton->setIconClass('upButton');
|
||||
|
|
|
|||
|
|
@ -1291,10 +1291,12 @@ class accountContainer {
|
|||
|
||||
$type = new $this->type();
|
||||
$buttonGroup = new htmlGroup();
|
||||
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
|
||||
$createButton->setIconClass('createButton');
|
||||
$buttonGroup->addElement($createButton);
|
||||
$buttonGroup->addElement(new htmlSpacer('10px', null));
|
||||
if (checkIfNewEntriesAreAllowed($this->type)) {
|
||||
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
|
||||
$createButton->setIconClass('createButton');
|
||||
$buttonGroup->addElement($createButton);
|
||||
$buttonGroup->addElement(new htmlSpacer('10px', null));
|
||||
}
|
||||
$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
|
||||
$pdfButton->setIconClass('pdfButton');
|
||||
$buttonGroup->addElement($pdfButton);
|
||||
|
|
|
|||
|
|
@ -243,6 +243,47 @@ function checkIfPasswordChangeIsAllowed() {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if it is allowed to create new LDAP entries of the given type.
|
||||
* This also checks if general write access is enabled.
|
||||
*
|
||||
* @param String $scope account type (e.g. 'user')
|
||||
* @return boolean true, if new entries are allowed
|
||||
*/
|
||||
function checkIfNewEntriesAreAllowed($scope) {
|
||||
if (!isLAMProVersion()) {
|
||||
return true;
|
||||
}
|
||||
if (!isset($_SESSION['config']) || empty($scope)) {
|
||||
return false;
|
||||
}
|
||||
$typeSettings = $_SESSION['config']->get_typeSettings();
|
||||
if (isset($typeSettings['hideNewButton_' . $scope]) && $typeSettings['hideNewButton_' . $scope]) {
|
||||
return false;
|
||||
}
|
||||
return checkIfWriteAccessIsAllowed();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if it is allowed to delete LDAP entries of the given type.
|
||||
*
|
||||
* @param String $scope account type (e.g. 'user')
|
||||
* @return boolean true, if entries may be deleted
|
||||
*/
|
||||
function checkIfDeleteEntriesIsAllowed($scope) {
|
||||
if (!isLAMProVersion()) {
|
||||
return true;
|
||||
}
|
||||
if (!isset($_SESSION['config']) || empty($scope)) {
|
||||
return false;
|
||||
}
|
||||
$typeSettings = $_SESSION['config']->get_typeSettings();
|
||||
if (isset($typeSettings['hideDeleteButton_' . $scope]) && $typeSettings['hideDeleteButton_' . $scope]) {
|
||||
return false;
|
||||
}
|
||||
return checkIfWriteAccessIsAllowed();
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the password fulfills the password policies.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ $Id$
|
|||
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||
2005 - 2012 Roland Gruber
|
||||
2005 - 2013 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -86,6 +86,10 @@ else if (count($_POST)==0) {
|
|||
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
|
||||
die();
|
||||
}
|
||||
elseif (!checkIfNewEntriesAreAllowed($type)) {
|
||||
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
|
||||
die();
|
||||
}
|
||||
$_SESSION['account'] = new accountContainer($type, 'account');
|
||||
$_SESSION['account']->new_account();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -234,7 +234,7 @@ if (sizeof($activeTypes) > 0) {
|
|||
for ($i = 0; $i < sizeof($activeTypes); $i++) {
|
||||
// title
|
||||
$titleGroup = new htmlGroup();
|
||||
$titleGroup->colspan = 10;
|
||||
$titleGroup->colspan = 6;
|
||||
$titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png'));
|
||||
$titleText = new htmlOutputText(getTypeAlias($activeTypes[$i]));
|
||||
$titleText->setIsBold(true);
|
||||
|
|
@ -244,21 +244,15 @@ if (sizeof($activeTypes) > 0) {
|
|||
$activeContainer->addElement($titleGroup);
|
||||
// delete button
|
||||
$delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true);
|
||||
$delButton->colspan = 3;
|
||||
$delButton->alignment = htmlElement::ALIGN_RIGHT;
|
||||
$delButton->setTitle(_("Remove this account type"));
|
||||
$activeContainer->addElement($delButton, true); //del.png
|
||||
$activeContainer->addElement(new htmlSpacer(null, '5px'), true);
|
||||
// LDAP suffix
|
||||
$suffixText = new htmlOutputText(_("LDAP suffix"));
|
||||
$suffixText->colspan = 2;
|
||||
$activeContainer->addElement($suffixText);
|
||||
$activeContainer->addElement(new htmlSpacer('10px', null));
|
||||
$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
|
||||
$suffixInput = new htmlTableExtendedInputField(_("LDAP suffix"), 'suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]], '202');
|
||||
$suffixInput->setFieldSize(40);
|
||||
$activeContainer->addElement($suffixInput);
|
||||
$activeContainer->addElement(new htmlHelpLink('202'));
|
||||
$activeContainer->addElement(new htmlSpacer('10px', null));
|
||||
$activeContainer->addElement(new htmlSpacer('20px', null));
|
||||
// list attributes
|
||||
if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
|
||||
$attributes = $typeSettings['attr_' . $activeTypes[$i]];
|
||||
|
|
@ -266,14 +260,9 @@ if (sizeof($activeTypes) > 0) {
|
|||
else {
|
||||
$attributes = getDefaultListAttributes($activeTypes[$i]);
|
||||
}
|
||||
$attrsText = new htmlOutputText(_("List attributes"));
|
||||
$attrsText->colspan = 2;
|
||||
$activeContainer->addElement($attrsText);
|
||||
$activeContainer->addElement(new htmlSpacer('10px', null));
|
||||
$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
|
||||
$attrsInput = new htmlTableExtendedInputField(_("List attributes"), 'attr_' . $activeTypes[$i], $attributes, '206');
|
||||
$attrsInput->setFieldSize(40);
|
||||
$activeContainer->addElement($attrsInput);
|
||||
$activeContainer->addElement(new htmlHelpLink('206'));
|
||||
$activeContainer->addNewLine();
|
||||
// advanced options
|
||||
$advancedOptionsContent = new htmlTable();
|
||||
|
|
@ -282,27 +271,31 @@ if (sizeof($activeTypes) > 0) {
|
|||
if (isset($typeSettings['filter_' . $activeTypes[$i]])) {
|
||||
$filter = $typeSettings['filter_' . $activeTypes[$i]];
|
||||
}
|
||||
$filterText = new htmlOutputText(_("Additional LDAP filter"));
|
||||
$filterText->colspan = 2;
|
||||
$advancedOptionsContent->addElement($filterText);
|
||||
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
|
||||
$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $filter);
|
||||
$filterInput = new htmlTableExtendedInputField(_("Additional LDAP filter"), 'filter_' . $activeTypes[$i], $filter, '260');
|
||||
$filterInput->setFieldSize(40);
|
||||
$advancedOptionsContent->addElement($filterInput);
|
||||
$advancedOptionsContent->addElement(new htmlHelpLink('260'));
|
||||
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
|
||||
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
|
||||
// hidden type
|
||||
$hidden = false;
|
||||
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
|
||||
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
|
||||
}
|
||||
$hiddenText = new htmlOutputText(_('Hidden'));
|
||||
$hiddenText->colspan = 2;
|
||||
$advancedOptionsContent->addElement($hiddenText);
|
||||
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
|
||||
$advancedOptionsContent->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $hidden));
|
||||
$advancedOptionsContent->addElement(new htmlHelpLink('261'));
|
||||
$advancedOptionsContent->addNewLine();
|
||||
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
|
||||
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
|
||||
// hide button to create new accounts
|
||||
$hideNewButton = false;
|
||||
if (isset($typeSettings['hideNewButton_' . $activeTypes[$i]])) {
|
||||
$hideNewButton = $typeSettings['hideNewButton_' . $activeTypes[$i]];
|
||||
}
|
||||
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideNewButton_' . $activeTypes[$i], $hideNewButton, _('No new entries'), '262'));
|
||||
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
|
||||
// hide button to delete accounts
|
||||
$hideDeleteButton = false;
|
||||
if (isset($typeSettings['hideDeleteButton_' . $activeTypes[$i]])) {
|
||||
$hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeTypes[$i]];
|
||||
}
|
||||
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideDeleteButton_' . $activeTypes[$i], $hideDeleteButton, _('Disallow delete'), '263'), true);
|
||||
}
|
||||
// build advanced options box
|
||||
$advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false);
|
||||
$advancedOptions->colspan = 15;
|
||||
|
|
@ -386,14 +379,17 @@ function checkInput() {
|
|||
$typeSettings[$key] = $_POST[$key];
|
||||
}
|
||||
}
|
||||
// set hidden
|
||||
for ($i = 0; $i < sizeof($accountTypes); $i++) {
|
||||
// set hidden
|
||||
$key = "hidden_" . $accountTypes[$i];
|
||||
if (isset($_POST[$key]) && ($_POST[$key] == 'on')) {
|
||||
$typeSettings[$key] = true;
|
||||
}
|
||||
else {
|
||||
$typeSettings[$key] = false;
|
||||
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
|
||||
// set if new entries are allowed
|
||||
$key = "hideNewButton_" . $accountTypes[$i];
|
||||
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||
// set if deletion of entries is allowed
|
||||
$key = "hideDeleteButton_" . $accountTypes[$i];
|
||||
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||
}
|
||||
}
|
||||
// save input
|
||||
|
|
|
|||
|
|
@ -72,6 +72,10 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
|
|||
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
|
||||
die();
|
||||
}
|
||||
if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
|
||||
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
|
||||
die();
|
||||
}
|
||||
// Create account list
|
||||
foreach ($_SESSION['delete_dn'] as $dn) {
|
||||
$start = strpos ($dn, "=")+1;
|
||||
|
|
@ -138,6 +142,10 @@ elseif (isset($_POST['cancelAllOk'])) {
|
|||
}
|
||||
|
||||
if (isset($_POST['delete'])) {
|
||||
if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
|
||||
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
|
||||
die();
|
||||
}
|
||||
// Show HTML Page
|
||||
include 'main_header.php';
|
||||
echo "<form action=\"delete.php\" method=\"post\">\n";
|
||||
|
|
|
|||
|
|
@ -97,6 +97,10 @@ if (isAccountTypeHidden($scope)) {
|
|||
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
||||
die();
|
||||
}
|
||||
if (!checkIfNewEntriesAreAllowed($scope)) {
|
||||
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
||||
die();
|
||||
}
|
||||
|
||||
echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">';
|
||||
echo '<div class="' . $scope . '-bright smallPaddingContent">';
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
$Id$
|
||||
|
||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||
Copyright (C) 2004 - 2012 Roland Gruber
|
||||
Copyright (C) 2004 - 2013 Roland Gruber
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -68,6 +68,10 @@ if (isAccountTypeHidden($scope)) {
|
|||
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
||||
die();
|
||||
}
|
||||
if (!checkIfNewEntriesAreAllowed($scope)) {
|
||||
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
||||
die();
|
||||
}
|
||||
|
||||
echo '<div class="' . $scope . '-bright smallPaddingContent">';
|
||||
|
||||
|
|
|
|||
|
|
@ -78,9 +78,10 @@ include 'main_header.php';
|
|||
|
||||
// get possible types and remove those which do not support file upload
|
||||
$types = $_SESSION['config']->get_ActiveTypes();
|
||||
for ($i = 0; $i < sizeof($types); $i++) {
|
||||
$count = sizeof($types);
|
||||
for ($i = 0; $i < $count; $i++) {
|
||||
$myType = new $types[$i]();
|
||||
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
|
||||
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
|
||||
unset($types[$i]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue