allow to hide buttons to create/delete accounts

This commit is contained in:
Roland Gruber 2013-05-01 12:36:17 +00:00
parent afb8d6ebdd
commit 4f25877520
11 changed files with 122 additions and 53 deletions

View File

@ -2,6 +2,7 @@ June 2013 4.2
- Samba 4 support: users, groups, hosts - Samba 4 support: users, groups, hosts
- Unix: allow to change format for suggested user name - Unix: allow to change format for suggested user name
- LAM Pro: - LAM Pro:
-> allow to hide buttons to create/delete entries for each account type
-> Password self reset: support new identification methods: user, email, user or email, employee number -> Password self reset: support new identification methods: user, email, user or email, employee number
-> Custom fields: support PDF, profiles and multi-value text fields -> Custom fields: support PDF, profiles and multi-value text fields
-> Personal: support password mail sending in file upload -> Personal: support password mail sending in file upload

View File

@ -155,6 +155,10 @@ $helpArray = array (
. ' ' . _('By default LAM will show all accounts that match the selected account modules.')), . ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
"261" => array ("Headline" => _("Hidden"), "261" => array ("Headline" => _("Hidden"),
"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')), "Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
"262" => array ("Headline" => _("No new entries"),
"Text" => _('If checked then the user will not be able to create new entries of this account type.')),
"263" => array ("Headline" => _("Disallow delete"),
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
// 300 - 399 // 300 - 399
// profile editor, file upload // profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"), "301" => array ("Headline" => _("RDN identifier"),

View File

@ -486,7 +486,7 @@ class lamList {
$group->addElement($editLink); $group->addElement($editLink);
$toolCount++; $toolCount++;
// delete link // delete link
if (checkIfWriteAccessIsAllowed()) { if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png'); $deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
$deleteLink->setTitle(_("Delete")); $deleteLink->setTitle(_("Delete"));
$group->addElement($deleteLink); $group->addElement($deleteLink);
@ -543,12 +543,12 @@ class lamList {
die(); die();
} }
// add new account // add new account
if (isset($_POST['new'])){ if (isset($_POST['new']) && checkIfNewEntriesAreAllowed($this->type)){
metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix); metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix);
exit; exit;
} }
// delete account(s) // delete account(s)
elseif (isset($_POST['del'])){ elseif (isset($_POST['del']) && checkIfDeleteEntriesIsAllowed($this->type)){
// search for checkboxes // search for checkboxes
$accounts = array_keys($_POST, "on"); $accounts = array_keys($_POST, "on");
// build DN list // build DN list
@ -562,7 +562,7 @@ class lamList {
} }
} }
// file upload // file upload
elseif (isset($_POST['fileUpload'])){ elseif (isset($_POST['fileUpload']) && checkIfNewEntriesAreAllowed($this->type)){
metaRefresh("../masscreate.php?type=" . $this->type); metaRefresh("../masscreate.php?type=" . $this->type);
exit; exit;
} }
@ -749,11 +749,14 @@ class lamList {
// button part // button part
$left->alignment = htmlElement::ALIGN_LEFT; $left->alignment = htmlElement::ALIGN_LEFT;
if (checkIfWriteAccessIsAllowed()) { if (checkIfWriteAccessIsAllowed()) {
// add/delete buttons // add button
$newButton = new htmlButton('new', $this->labels['newEntry']); if (checkIfNewEntriesAreAllowed($this->type)) {
$newButton->setIconClass('createButton'); $newButton = new htmlButton('new', $this->labels['newEntry']);
$left->addElement($newButton); $newButton->setIconClass('createButton');
if (!$createOnly) { $left->addElement($newButton);
}
// delete button
if (!$createOnly && checkIfDeleteEntriesIsAllowed($this->type)) {
$left->addElement(new htmlSpacer('1px', null)); $left->addElement(new htmlSpacer('1px', null));
$delButton = new htmlButton('del', $this->labels['deleteEntry']); $delButton = new htmlButton('del', $this->labels['deleteEntry']);
$delButton->setIconClass('deleteButton'); $delButton->setIconClass('deleteButton');
@ -761,7 +764,8 @@ class lamList {
} }
$type = new $this->type(); $type = new $this->type();
$toolSettings = $_SESSION['config']->getToolSettings(); $toolSettings = $_SESSION['config']->getToolSettings();
if ($type->supportsFileUpload() && !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) { if ($type->supportsFileUpload() && checkIfNewEntriesAreAllowed($this->type)
&& !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
$left->addElement(new htmlSpacer('20px', null)); $left->addElement(new htmlSpacer('20px', null));
$uploadButton = new htmlButton('fileUpload', _('File upload')); $uploadButton = new htmlButton('fileUpload', _('File upload'));
$uploadButton->setIconClass('upButton'); $uploadButton->setIconClass('upButton');

View File

@ -1291,10 +1291,12 @@ class accountContainer {
$type = new $this->type(); $type = new $this->type();
$buttonGroup = new htmlGroup(); $buttonGroup = new htmlGroup();
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT); if (checkIfNewEntriesAreAllowed($this->type)) {
$createButton->setIconClass('createButton'); $createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
$buttonGroup->addElement($createButton); $createButton->setIconClass('createButton');
$buttonGroup->addElement(new htmlSpacer('10px', null)); $buttonGroup->addElement($createButton);
$buttonGroup->addElement(new htmlSpacer('10px', null));
}
$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file')); $pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
$pdfButton->setIconClass('pdfButton'); $pdfButton->setIconClass('pdfButton');
$buttonGroup->addElement($pdfButton); $buttonGroup->addElement($pdfButton);

View File

@ -243,6 +243,47 @@ function checkIfPasswordChangeIsAllowed() {
return false; return false;
} }
/**
* Checks if it is allowed to create new LDAP entries of the given type.
* This also checks if general write access is enabled.
*
* @param String $scope account type (e.g. 'user')
* @return boolean true, if new entries are allowed
*/
function checkIfNewEntriesAreAllowed($scope) {
if (!isLAMProVersion()) {
return true;
}
if (!isset($_SESSION['config']) || empty($scope)) {
return false;
}
$typeSettings = $_SESSION['config']->get_typeSettings();
if (isset($typeSettings['hideNewButton_' . $scope]) && $typeSettings['hideNewButton_' . $scope]) {
return false;
}
return checkIfWriteAccessIsAllowed();
}
/**
* Checks if it is allowed to delete LDAP entries of the given type.
*
* @param String $scope account type (e.g. 'user')
* @return boolean true, if entries may be deleted
*/
function checkIfDeleteEntriesIsAllowed($scope) {
if (!isLAMProVersion()) {
return true;
}
if (!isset($_SESSION['config']) || empty($scope)) {
return false;
}
$typeSettings = $_SESSION['config']->get_typeSettings();
if (isset($typeSettings['hideDeleteButton_' . $scope]) && $typeSettings['hideDeleteButton_' . $scope]) {
return false;
}
return checkIfWriteAccessIsAllowed();
}
/** /**
* Checks if the password fulfills the password policies. * Checks if the password fulfills the password policies.
* *

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2012 Roland Gruber 2005 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -86,6 +86,10 @@ else if (count($_POST)==0) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type); logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
die(); die();
} }
elseif (!checkIfNewEntriesAreAllowed($type)) {
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
die();
}
$_SESSION['account'] = new accountContainer($type, 'account'); $_SESSION['account'] = new accountContainer($type, 'account');
$_SESSION['account']->new_account(); $_SESSION['account']->new_account();
} }

View File

@ -234,7 +234,7 @@ if (sizeof($activeTypes) > 0) {
for ($i = 0; $i < sizeof($activeTypes); $i++) { for ($i = 0; $i < sizeof($activeTypes); $i++) {
// title // title
$titleGroup = new htmlGroup(); $titleGroup = new htmlGroup();
$titleGroup->colspan = 10; $titleGroup->colspan = 6;
$titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png')); $titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png'));
$titleText = new htmlOutputText(getTypeAlias($activeTypes[$i])); $titleText = new htmlOutputText(getTypeAlias($activeTypes[$i]));
$titleText->setIsBold(true); $titleText->setIsBold(true);
@ -244,21 +244,15 @@ if (sizeof($activeTypes) > 0) {
$activeContainer->addElement($titleGroup); $activeContainer->addElement($titleGroup);
// delete button // delete button
$delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true); $delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true);
$delButton->colspan = 3;
$delButton->alignment = htmlElement::ALIGN_RIGHT; $delButton->alignment = htmlElement::ALIGN_RIGHT;
$delButton->setTitle(_("Remove this account type")); $delButton->setTitle(_("Remove this account type"));
$activeContainer->addElement($delButton, true); //del.png $activeContainer->addElement($delButton, true); //del.png
$activeContainer->addElement(new htmlSpacer(null, '5px'), true); $activeContainer->addElement(new htmlSpacer(null, '5px'), true);
// LDAP suffix // LDAP suffix
$suffixText = new htmlOutputText(_("LDAP suffix")); $suffixInput = new htmlTableExtendedInputField(_("LDAP suffix"), 'suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]], '202');
$suffixText->colspan = 2;
$activeContainer->addElement($suffixText);
$activeContainer->addElement(new htmlSpacer('10px', null));
$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
$suffixInput->setFieldSize(40); $suffixInput->setFieldSize(40);
$activeContainer->addElement($suffixInput); $activeContainer->addElement($suffixInput);
$activeContainer->addElement(new htmlHelpLink('202')); $activeContainer->addElement(new htmlSpacer('20px', null));
$activeContainer->addElement(new htmlSpacer('10px', null));
// list attributes // list attributes
if (isset($typeSettings['attr_' . $activeTypes[$i]])) { if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
$attributes = $typeSettings['attr_' . $activeTypes[$i]]; $attributes = $typeSettings['attr_' . $activeTypes[$i]];
@ -266,14 +260,9 @@ if (sizeof($activeTypes) > 0) {
else { else {
$attributes = getDefaultListAttributes($activeTypes[$i]); $attributes = getDefaultListAttributes($activeTypes[$i]);
} }
$attrsText = new htmlOutputText(_("List attributes")); $attrsInput = new htmlTableExtendedInputField(_("List attributes"), 'attr_' . $activeTypes[$i], $attributes, '206');
$attrsText->colspan = 2;
$activeContainer->addElement($attrsText);
$activeContainer->addElement(new htmlSpacer('10px', null));
$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
$attrsInput->setFieldSize(40); $attrsInput->setFieldSize(40);
$activeContainer->addElement($attrsInput); $activeContainer->addElement($attrsInput);
$activeContainer->addElement(new htmlHelpLink('206'));
$activeContainer->addNewLine(); $activeContainer->addNewLine();
// advanced options // advanced options
$advancedOptionsContent = new htmlTable(); $advancedOptionsContent = new htmlTable();
@ -282,27 +271,31 @@ if (sizeof($activeTypes) > 0) {
if (isset($typeSettings['filter_' . $activeTypes[$i]])) { if (isset($typeSettings['filter_' . $activeTypes[$i]])) {
$filter = $typeSettings['filter_' . $activeTypes[$i]]; $filter = $typeSettings['filter_' . $activeTypes[$i]];
} }
$filterText = new htmlOutputText(_("Additional LDAP filter")); $filterInput = new htmlTableExtendedInputField(_("Additional LDAP filter"), 'filter_' . $activeTypes[$i], $filter, '260');
$filterText->colspan = 2;
$advancedOptionsContent->addElement($filterText);
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $filter);
$filterInput->setFieldSize(40); $filterInput->setFieldSize(40);
$advancedOptionsContent->addElement($filterInput); $advancedOptionsContent->addElement($filterInput);
$advancedOptionsContent->addElement(new htmlHelpLink('260')); $advancedOptionsContent->addElement(new htmlSpacer('20px', null));
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
// hidden type // hidden type
$hidden = false; $hidden = false;
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) { if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
$hidden = $typeSettings['hidden_' . $activeTypes[$i]]; $hidden = $typeSettings['hidden_' . $activeTypes[$i]];
} }
$hiddenText = new htmlOutputText(_('Hidden')); $advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
$hiddenText->colspan = 2; if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
$advancedOptionsContent->addElement($hiddenText); // hide button to create new accounts
$advancedOptionsContent->addElement(new htmlSpacer('10px', null)); $hideNewButton = false;
$advancedOptionsContent->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $hidden)); if (isset($typeSettings['hideNewButton_' . $activeTypes[$i]])) {
$advancedOptionsContent->addElement(new htmlHelpLink('261')); $hideNewButton = $typeSettings['hideNewButton_' . $activeTypes[$i]];
$advancedOptionsContent->addNewLine(); }
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideNewButton_' . $activeTypes[$i], $hideNewButton, _('No new entries'), '262'));
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
// hide button to delete accounts
$hideDeleteButton = false;
if (isset($typeSettings['hideDeleteButton_' . $activeTypes[$i]])) {
$hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeTypes[$i]];
}
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideDeleteButton_' . $activeTypes[$i], $hideDeleteButton, _('Disallow delete'), '263'), true);
}
// build advanced options box // build advanced options box
$advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false); $advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false);
$advancedOptions->colspan = 15; $advancedOptions->colspan = 15;
@ -386,14 +379,17 @@ function checkInput() {
$typeSettings[$key] = $_POST[$key]; $typeSettings[$key] = $_POST[$key];
} }
} }
// set hidden
for ($i = 0; $i < sizeof($accountTypes); $i++) { for ($i = 0; $i < sizeof($accountTypes); $i++) {
// set hidden
$key = "hidden_" . $accountTypes[$i]; $key = "hidden_" . $accountTypes[$i];
if (isset($_POST[$key]) && ($_POST[$key] == 'on')) { $typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
$typeSettings[$key] = true; if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
} // set if new entries are allowed
else { $key = "hideNewButton_" . $accountTypes[$i];
$typeSettings[$key] = false; $typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
// set if deletion of entries is allowed
$key = "hideDeleteButton_" . $accountTypes[$i];
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
} }
} }
// save input // save input

View File

@ -72,6 +72,10 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']); logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
die(); die();
} }
if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
die();
}
// Create account list // Create account list
foreach ($_SESSION['delete_dn'] as $dn) { foreach ($_SESSION['delete_dn'] as $dn) {
$start = strpos ($dn, "=")+1; $start = strpos ($dn, "=")+1;
@ -138,6 +142,10 @@ elseif (isset($_POST['cancelAllOk'])) {
} }
if (isset($_POST['delete'])) { if (isset($_POST['delete'])) {
if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
die();
}
// Show HTML Page // Show HTML Page
include 'main_header.php'; include 'main_header.php';
echo "<form action=\"delete.php\" method=\"post\">\n"; echo "<form action=\"delete.php\" method=\"post\">\n";

View File

@ -97,6 +97,10 @@ if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope); logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die(); die();
} }
if (!checkIfNewEntriesAreAllowed($scope)) {
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
die();
}
echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">'; echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">';
echo '<div class="' . $scope . '-bright smallPaddingContent">'; echo '<div class="' . $scope . '-bright smallPaddingContent">';

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2004 - 2012 Roland Gruber Copyright (C) 2004 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -68,6 +68,10 @@ if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope); logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die(); die();
} }
if (!checkIfNewEntriesAreAllowed($scope)) {
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
die();
}
echo '<div class="' . $scope . '-bright smallPaddingContent">'; echo '<div class="' . $scope . '-bright smallPaddingContent">';

View File

@ -78,9 +78,10 @@ include 'main_header.php';
// get possible types and remove those which do not support file upload // get possible types and remove those which do not support file upload
$types = $_SESSION['config']->get_ActiveTypes(); $types = $_SESSION['config']->get_ActiveTypes();
for ($i = 0; $i < sizeof($types); $i++) { $count = sizeof($types);
for ($i = 0; $i < $count; $i++) {
$myType = new $types[$i](); $myType = new $types[$i]();
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) { if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
unset($types[$i]); unset($types[$i]);
} }
} }