allow to hide buttons to create/delete accounts
This commit is contained in:
parent
afb8d6ebdd
commit
4f25877520
|
@ -2,6 +2,7 @@ June 2013 4.2
|
||||||
- Samba 4 support: users, groups, hosts
|
- Samba 4 support: users, groups, hosts
|
||||||
- Unix: allow to change format for suggested user name
|
- Unix: allow to change format for suggested user name
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
|
-> allow to hide buttons to create/delete entries for each account type
|
||||||
-> Password self reset: support new identification methods: user, email, user or email, employee number
|
-> Password self reset: support new identification methods: user, email, user or email, employee number
|
||||||
-> Custom fields: support PDF, profiles and multi-value text fields
|
-> Custom fields: support PDF, profiles and multi-value text fields
|
||||||
-> Personal: support password mail sending in file upload
|
-> Personal: support password mail sending in file upload
|
||||||
|
|
|
@ -155,6 +155,10 @@ $helpArray = array (
|
||||||
. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
|
. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
|
||||||
"261" => array ("Headline" => _("Hidden"),
|
"261" => array ("Headline" => _("Hidden"),
|
||||||
"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
|
"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
|
||||||
|
"262" => array ("Headline" => _("No new entries"),
|
||||||
|
"Text" => _('If checked then the user will not be able to create new entries of this account type.')),
|
||||||
|
"263" => array ("Headline" => _("Disallow delete"),
|
||||||
|
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
|
||||||
// 300 - 399
|
// 300 - 399
|
||||||
// profile editor, file upload
|
// profile editor, file upload
|
||||||
"301" => array ("Headline" => _("RDN identifier"),
|
"301" => array ("Headline" => _("RDN identifier"),
|
||||||
|
|
|
@ -486,7 +486,7 @@ class lamList {
|
||||||
$group->addElement($editLink);
|
$group->addElement($editLink);
|
||||||
$toolCount++;
|
$toolCount++;
|
||||||
// delete link
|
// delete link
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
|
||||||
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
|
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
|
||||||
$deleteLink->setTitle(_("Delete"));
|
$deleteLink->setTitle(_("Delete"));
|
||||||
$group->addElement($deleteLink);
|
$group->addElement($deleteLink);
|
||||||
|
@ -543,12 +543,12 @@ class lamList {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
// add new account
|
// add new account
|
||||||
if (isset($_POST['new'])){
|
if (isset($_POST['new']) && checkIfNewEntriesAreAllowed($this->type)){
|
||||||
metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix);
|
metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
// delete account(s)
|
// delete account(s)
|
||||||
elseif (isset($_POST['del'])){
|
elseif (isset($_POST['del']) && checkIfDeleteEntriesIsAllowed($this->type)){
|
||||||
// search for checkboxes
|
// search for checkboxes
|
||||||
$accounts = array_keys($_POST, "on");
|
$accounts = array_keys($_POST, "on");
|
||||||
// build DN list
|
// build DN list
|
||||||
|
@ -562,7 +562,7 @@ class lamList {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// file upload
|
// file upload
|
||||||
elseif (isset($_POST['fileUpload'])){
|
elseif (isset($_POST['fileUpload']) && checkIfNewEntriesAreAllowed($this->type)){
|
||||||
metaRefresh("../masscreate.php?type=" . $this->type);
|
metaRefresh("../masscreate.php?type=" . $this->type);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
@ -749,11 +749,14 @@ class lamList {
|
||||||
// button part
|
// button part
|
||||||
$left->alignment = htmlElement::ALIGN_LEFT;
|
$left->alignment = htmlElement::ALIGN_LEFT;
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed()) {
|
||||||
// add/delete buttons
|
// add button
|
||||||
|
if (checkIfNewEntriesAreAllowed($this->type)) {
|
||||||
$newButton = new htmlButton('new', $this->labels['newEntry']);
|
$newButton = new htmlButton('new', $this->labels['newEntry']);
|
||||||
$newButton->setIconClass('createButton');
|
$newButton->setIconClass('createButton');
|
||||||
$left->addElement($newButton);
|
$left->addElement($newButton);
|
||||||
if (!$createOnly) {
|
}
|
||||||
|
// delete button
|
||||||
|
if (!$createOnly && checkIfDeleteEntriesIsAllowed($this->type)) {
|
||||||
$left->addElement(new htmlSpacer('1px', null));
|
$left->addElement(new htmlSpacer('1px', null));
|
||||||
$delButton = new htmlButton('del', $this->labels['deleteEntry']);
|
$delButton = new htmlButton('del', $this->labels['deleteEntry']);
|
||||||
$delButton->setIconClass('deleteButton');
|
$delButton->setIconClass('deleteButton');
|
||||||
|
@ -761,7 +764,8 @@ class lamList {
|
||||||
}
|
}
|
||||||
$type = new $this->type();
|
$type = new $this->type();
|
||||||
$toolSettings = $_SESSION['config']->getToolSettings();
|
$toolSettings = $_SESSION['config']->getToolSettings();
|
||||||
if ($type->supportsFileUpload() && !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
|
if ($type->supportsFileUpload() && checkIfNewEntriesAreAllowed($this->type)
|
||||||
|
&& !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
|
||||||
$left->addElement(new htmlSpacer('20px', null));
|
$left->addElement(new htmlSpacer('20px', null));
|
||||||
$uploadButton = new htmlButton('fileUpload', _('File upload'));
|
$uploadButton = new htmlButton('fileUpload', _('File upload'));
|
||||||
$uploadButton->setIconClass('upButton');
|
$uploadButton->setIconClass('upButton');
|
||||||
|
|
|
@ -1291,10 +1291,12 @@ class accountContainer {
|
||||||
|
|
||||||
$type = new $this->type();
|
$type = new $this->type();
|
||||||
$buttonGroup = new htmlGroup();
|
$buttonGroup = new htmlGroup();
|
||||||
|
if (checkIfNewEntriesAreAllowed($this->type)) {
|
||||||
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
|
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
|
||||||
$createButton->setIconClass('createButton');
|
$createButton->setIconClass('createButton');
|
||||||
$buttonGroup->addElement($createButton);
|
$buttonGroup->addElement($createButton);
|
||||||
$buttonGroup->addElement(new htmlSpacer('10px', null));
|
$buttonGroup->addElement(new htmlSpacer('10px', null));
|
||||||
|
}
|
||||||
$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
|
$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
|
||||||
$pdfButton->setIconClass('pdfButton');
|
$pdfButton->setIconClass('pdfButton');
|
||||||
$buttonGroup->addElement($pdfButton);
|
$buttonGroup->addElement($pdfButton);
|
||||||
|
|
|
@ -243,6 +243,47 @@ function checkIfPasswordChangeIsAllowed() {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if it is allowed to create new LDAP entries of the given type.
|
||||||
|
* This also checks if general write access is enabled.
|
||||||
|
*
|
||||||
|
* @param String $scope account type (e.g. 'user')
|
||||||
|
* @return boolean true, if new entries are allowed
|
||||||
|
*/
|
||||||
|
function checkIfNewEntriesAreAllowed($scope) {
|
||||||
|
if (!isLAMProVersion()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (!isset($_SESSION['config']) || empty($scope)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$typeSettings = $_SESSION['config']->get_typeSettings();
|
||||||
|
if (isset($typeSettings['hideNewButton_' . $scope]) && $typeSettings['hideNewButton_' . $scope]) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return checkIfWriteAccessIsAllowed();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if it is allowed to delete LDAP entries of the given type.
|
||||||
|
*
|
||||||
|
* @param String $scope account type (e.g. 'user')
|
||||||
|
* @return boolean true, if entries may be deleted
|
||||||
|
*/
|
||||||
|
function checkIfDeleteEntriesIsAllowed($scope) {
|
||||||
|
if (!isLAMProVersion()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
if (!isset($_SESSION['config']) || empty($scope)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$typeSettings = $_SESSION['config']->get_typeSettings();
|
||||||
|
if (isset($typeSettings['hideDeleteButton_' . $scope]) && $typeSettings['hideDeleteButton_' . $scope]) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return checkIfWriteAccessIsAllowed();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks if the password fulfills the password policies.
|
* Checks if the password fulfills the password policies.
|
||||||
*
|
*
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2005 - 2012 Roland Gruber
|
2005 - 2013 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -86,6 +86,10 @@ else if (count($_POST)==0) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
|
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
elseif (!checkIfNewEntriesAreAllowed($type)) {
|
||||||
|
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
|
||||||
|
die();
|
||||||
|
}
|
||||||
$_SESSION['account'] = new accountContainer($type, 'account');
|
$_SESSION['account'] = new accountContainer($type, 'account');
|
||||||
$_SESSION['account']->new_account();
|
$_SESSION['account']->new_account();
|
||||||
}
|
}
|
||||||
|
|
|
@ -234,7 +234,7 @@ if (sizeof($activeTypes) > 0) {
|
||||||
for ($i = 0; $i < sizeof($activeTypes); $i++) {
|
for ($i = 0; $i < sizeof($activeTypes); $i++) {
|
||||||
// title
|
// title
|
||||||
$titleGroup = new htmlGroup();
|
$titleGroup = new htmlGroup();
|
||||||
$titleGroup->colspan = 10;
|
$titleGroup->colspan = 6;
|
||||||
$titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png'));
|
$titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png'));
|
||||||
$titleText = new htmlOutputText(getTypeAlias($activeTypes[$i]));
|
$titleText = new htmlOutputText(getTypeAlias($activeTypes[$i]));
|
||||||
$titleText->setIsBold(true);
|
$titleText->setIsBold(true);
|
||||||
|
@ -244,21 +244,15 @@ if (sizeof($activeTypes) > 0) {
|
||||||
$activeContainer->addElement($titleGroup);
|
$activeContainer->addElement($titleGroup);
|
||||||
// delete button
|
// delete button
|
||||||
$delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true);
|
$delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true);
|
||||||
$delButton->colspan = 3;
|
|
||||||
$delButton->alignment = htmlElement::ALIGN_RIGHT;
|
$delButton->alignment = htmlElement::ALIGN_RIGHT;
|
||||||
$delButton->setTitle(_("Remove this account type"));
|
$delButton->setTitle(_("Remove this account type"));
|
||||||
$activeContainer->addElement($delButton, true); //del.png
|
$activeContainer->addElement($delButton, true); //del.png
|
||||||
$activeContainer->addElement(new htmlSpacer(null, '5px'), true);
|
$activeContainer->addElement(new htmlSpacer(null, '5px'), true);
|
||||||
// LDAP suffix
|
// LDAP suffix
|
||||||
$suffixText = new htmlOutputText(_("LDAP suffix"));
|
$suffixInput = new htmlTableExtendedInputField(_("LDAP suffix"), 'suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]], '202');
|
||||||
$suffixText->colspan = 2;
|
|
||||||
$activeContainer->addElement($suffixText);
|
|
||||||
$activeContainer->addElement(new htmlSpacer('10px', null));
|
|
||||||
$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
|
|
||||||
$suffixInput->setFieldSize(40);
|
$suffixInput->setFieldSize(40);
|
||||||
$activeContainer->addElement($suffixInput);
|
$activeContainer->addElement($suffixInput);
|
||||||
$activeContainer->addElement(new htmlHelpLink('202'));
|
$activeContainer->addElement(new htmlSpacer('20px', null));
|
||||||
$activeContainer->addElement(new htmlSpacer('10px', null));
|
|
||||||
// list attributes
|
// list attributes
|
||||||
if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
|
if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
|
||||||
$attributes = $typeSettings['attr_' . $activeTypes[$i]];
|
$attributes = $typeSettings['attr_' . $activeTypes[$i]];
|
||||||
|
@ -266,14 +260,9 @@ if (sizeof($activeTypes) > 0) {
|
||||||
else {
|
else {
|
||||||
$attributes = getDefaultListAttributes($activeTypes[$i]);
|
$attributes = getDefaultListAttributes($activeTypes[$i]);
|
||||||
}
|
}
|
||||||
$attrsText = new htmlOutputText(_("List attributes"));
|
$attrsInput = new htmlTableExtendedInputField(_("List attributes"), 'attr_' . $activeTypes[$i], $attributes, '206');
|
||||||
$attrsText->colspan = 2;
|
|
||||||
$activeContainer->addElement($attrsText);
|
|
||||||
$activeContainer->addElement(new htmlSpacer('10px', null));
|
|
||||||
$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
|
|
||||||
$attrsInput->setFieldSize(40);
|
$attrsInput->setFieldSize(40);
|
||||||
$activeContainer->addElement($attrsInput);
|
$activeContainer->addElement($attrsInput);
|
||||||
$activeContainer->addElement(new htmlHelpLink('206'));
|
|
||||||
$activeContainer->addNewLine();
|
$activeContainer->addNewLine();
|
||||||
// advanced options
|
// advanced options
|
||||||
$advancedOptionsContent = new htmlTable();
|
$advancedOptionsContent = new htmlTable();
|
||||||
|
@ -282,27 +271,31 @@ if (sizeof($activeTypes) > 0) {
|
||||||
if (isset($typeSettings['filter_' . $activeTypes[$i]])) {
|
if (isset($typeSettings['filter_' . $activeTypes[$i]])) {
|
||||||
$filter = $typeSettings['filter_' . $activeTypes[$i]];
|
$filter = $typeSettings['filter_' . $activeTypes[$i]];
|
||||||
}
|
}
|
||||||
$filterText = new htmlOutputText(_("Additional LDAP filter"));
|
$filterInput = new htmlTableExtendedInputField(_("Additional LDAP filter"), 'filter_' . $activeTypes[$i], $filter, '260');
|
||||||
$filterText->colspan = 2;
|
|
||||||
$advancedOptionsContent->addElement($filterText);
|
|
||||||
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
|
|
||||||
$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $filter);
|
|
||||||
$filterInput->setFieldSize(40);
|
$filterInput->setFieldSize(40);
|
||||||
$advancedOptionsContent->addElement($filterInput);
|
$advancedOptionsContent->addElement($filterInput);
|
||||||
$advancedOptionsContent->addElement(new htmlHelpLink('260'));
|
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
|
||||||
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
|
|
||||||
// hidden type
|
// hidden type
|
||||||
$hidden = false;
|
$hidden = false;
|
||||||
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
|
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
|
||||||
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
|
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
|
||||||
}
|
}
|
||||||
$hiddenText = new htmlOutputText(_('Hidden'));
|
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
|
||||||
$hiddenText->colspan = 2;
|
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
|
||||||
$advancedOptionsContent->addElement($hiddenText);
|
// hide button to create new accounts
|
||||||
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
|
$hideNewButton = false;
|
||||||
$advancedOptionsContent->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $hidden));
|
if (isset($typeSettings['hideNewButton_' . $activeTypes[$i]])) {
|
||||||
$advancedOptionsContent->addElement(new htmlHelpLink('261'));
|
$hideNewButton = $typeSettings['hideNewButton_' . $activeTypes[$i]];
|
||||||
$advancedOptionsContent->addNewLine();
|
}
|
||||||
|
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideNewButton_' . $activeTypes[$i], $hideNewButton, _('No new entries'), '262'));
|
||||||
|
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
|
||||||
|
// hide button to delete accounts
|
||||||
|
$hideDeleteButton = false;
|
||||||
|
if (isset($typeSettings['hideDeleteButton_' . $activeTypes[$i]])) {
|
||||||
|
$hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeTypes[$i]];
|
||||||
|
}
|
||||||
|
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideDeleteButton_' . $activeTypes[$i], $hideDeleteButton, _('Disallow delete'), '263'), true);
|
||||||
|
}
|
||||||
// build advanced options box
|
// build advanced options box
|
||||||
$advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false);
|
$advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false);
|
||||||
$advancedOptions->colspan = 15;
|
$advancedOptions->colspan = 15;
|
||||||
|
@ -386,14 +379,17 @@ function checkInput() {
|
||||||
$typeSettings[$key] = $_POST[$key];
|
$typeSettings[$key] = $_POST[$key];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// set hidden
|
|
||||||
for ($i = 0; $i < sizeof($accountTypes); $i++) {
|
for ($i = 0; $i < sizeof($accountTypes); $i++) {
|
||||||
|
// set hidden
|
||||||
$key = "hidden_" . $accountTypes[$i];
|
$key = "hidden_" . $accountTypes[$i];
|
||||||
if (isset($_POST[$key]) && ($_POST[$key] == 'on')) {
|
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||||
$typeSettings[$key] = true;
|
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
|
||||||
}
|
// set if new entries are allowed
|
||||||
else {
|
$key = "hideNewButton_" . $accountTypes[$i];
|
||||||
$typeSettings[$key] = false;
|
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||||
|
// set if deletion of entries is allowed
|
||||||
|
$key = "hideDeleteButton_" . $accountTypes[$i];
|
||||||
|
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// save input
|
// save input
|
||||||
|
|
|
@ -72,6 +72,10 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
|
||||||
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
|
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
|
||||||
|
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
|
||||||
|
die();
|
||||||
|
}
|
||||||
// Create account list
|
// Create account list
|
||||||
foreach ($_SESSION['delete_dn'] as $dn) {
|
foreach ($_SESSION['delete_dn'] as $dn) {
|
||||||
$start = strpos ($dn, "=")+1;
|
$start = strpos ($dn, "=")+1;
|
||||||
|
@ -138,6 +142,10 @@ elseif (isset($_POST['cancelAllOk'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_POST['delete'])) {
|
if (isset($_POST['delete'])) {
|
||||||
|
if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
|
||||||
|
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
|
||||||
|
die();
|
||||||
|
}
|
||||||
// Show HTML Page
|
// Show HTML Page
|
||||||
include 'main_header.php';
|
include 'main_header.php';
|
||||||
echo "<form action=\"delete.php\" method=\"post\">\n";
|
echo "<form action=\"delete.php\" method=\"post\">\n";
|
||||||
|
|
|
@ -97,6 +97,10 @@ if (isAccountTypeHidden($scope)) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
if (!checkIfNewEntriesAreAllowed($scope)) {
|
||||||
|
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">';
|
echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">';
|
||||||
echo '<div class="' . $scope . '-bright smallPaddingContent">';
|
echo '<div class="' . $scope . '-bright smallPaddingContent">';
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2004 - 2012 Roland Gruber
|
Copyright (C) 2004 - 2013 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -68,6 +68,10 @@ if (isAccountTypeHidden($scope)) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
if (!checkIfNewEntriesAreAllowed($scope)) {
|
||||||
|
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
echo '<div class="' . $scope . '-bright smallPaddingContent">';
|
echo '<div class="' . $scope . '-bright smallPaddingContent">';
|
||||||
|
|
||||||
|
|
|
@ -78,9 +78,10 @@ include 'main_header.php';
|
||||||
|
|
||||||
// get possible types and remove those which do not support file upload
|
// get possible types and remove those which do not support file upload
|
||||||
$types = $_SESSION['config']->get_ActiveTypes();
|
$types = $_SESSION['config']->get_ActiveTypes();
|
||||||
for ($i = 0; $i < sizeof($types); $i++) {
|
$count = sizeof($types);
|
||||||
|
for ($i = 0; $i < $count; $i++) {
|
||||||
$myType = new $types[$i]();
|
$myType = new $types[$i]();
|
||||||
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
|
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
|
||||||
unset($types[$i]);
|
unset($types[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue