allow to hide buttons to create/delete accounts

2013-05-01 12:36:17 +00:00 · 2013-05-01 12:36:17 +00:00 · 4f25877520
parent afb8d6ebdd
commit 4f25877520
11 changed files with 122 additions and 53 deletions
--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -2,6 +2,7 @@ June 2013 4.2
  - Samba 4 support: users, groups, hosts
  - Unix: allow to change format for suggested user name
  - LAM Pro:
   -> allow to hide buttons to create/delete entries for each account type
   -> Password self reset: support new identification methods: user, email, user or email, employee number
   -> Custom fields: support PDF, profiles and multi-value text fields
   -> Personal: support password mail sending in file upload
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@ -155,6 +155,10 @@ $helpArray = array (
 						. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
 				"261" => array ("Headline" => _("Hidden"),
 					"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
 				"262" => array ("Headline" => _("No new entries"),
 					"Text" => _('If checked then the user will not be able to create new entries of this account type.')),
 				"263" => array ("Headline" => _("Disallow delete"),
 					"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
 				// 300 - 399
 				// profile editor, file upload
 				"301" => array ("Headline" => _("RDN identifier"),
--- a/lam/lib/lists.inc
+++ b/lam/lib/lists.inc
@ -486,7 +486,7 @@ class lamList {
 		$group->addElement($editLink);
 		$toolCount++;
 		// delete link
-		if (checkIfWriteAccessIsAllowed()) {
+		if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
 			$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
 			$deleteLink->setTitle(_("Delete"));
 			$group->addElement($deleteLink);
@ -543,12 +543,12 @@ class lamList {
 				die();
 			}
 			// add new account
-			if (isset($_POST['new'])){
+			if (isset($_POST['new']) && checkIfNewEntriesAreAllowed($this->type)){
 				metaRefresh("../account/edit.php?type=" . $this->type . "&amp;suffix=" . $this->suffix);
 				exit;
 			}
 			// delete account(s)
-			elseif (isset($_POST['del'])){
+			elseif (isset($_POST['del']) && checkIfDeleteEntriesIsAllowed($this->type)){
 				// search for checkboxes
 				$accounts = array_keys($_POST, "on");
 				// build DN list
@ -562,7 +562,7 @@ class lamList {
 				}
 			}
 			// file upload
-			elseif (isset($_POST['fileUpload'])){
+			elseif (isset($_POST['fileUpload']) && checkIfNewEntriesAreAllowed($this->type)){
 				metaRefresh("../masscreate.php?type=" . $this->type);
 				exit;
 			}
@ -749,11 +749,14 @@ class lamList {
 		// button part
 		$left->alignment = htmlElement::ALIGN_LEFT;
 		if (checkIfWriteAccessIsAllowed()) {
-			// add/delete buttons
+			// add button
-			$newButton = new htmlButton('new', $this->labels['newEntry']);
+			if (checkIfNewEntriesAreAllowed($this->type)) {
-			$newButton->setIconClass('createButton');
+				$newButton = new htmlButton('new', $this->labels['newEntry']);
-			$left->addElement($newButton);
+				$newButton->setIconClass('createButton');
-			if (!$createOnly) {
+				$left->addElement($newButton);
 			}
 			// delete button
 			if (!$createOnly && checkIfDeleteEntriesIsAllowed($this->type)) {
 				$left->addElement(new htmlSpacer('1px', null));
 				$delButton = new htmlButton('del', $this->labels['deleteEntry']);
 				$delButton->setIconClass('deleteButton');
@ -761,7 +764,8 @@ class lamList {
 			}
 			$type = new $this->type();
 			$toolSettings = $_SESSION['config']->getToolSettings();
-			if ($type->supportsFileUpload() && !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
+			if ($type->supportsFileUpload() && checkIfNewEntriesAreAllowed($this->type)
 					&& !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
 				$left->addElement(new htmlSpacer('20px', null));
 				$uploadButton = new htmlButton('fileUpload', _('File upload'));
 				$uploadButton->setIconClass('upButton');
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@ -1291,10 +1291,12 @@ class accountContainer {
 		$type = new $this->type();
 		$buttonGroup = new htmlGroup();
-		$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
+		if (checkIfNewEntriesAreAllowed($this->type)) {
-		$createButton->setIconClass('createButton');
+			$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
-		$buttonGroup->addElement($createButton);
+			$createButton->setIconClass('createButton');
-		$buttonGroup->addElement(new htmlSpacer('10px', null));
+			$buttonGroup->addElement($createButton);
 			$buttonGroup->addElement(new htmlSpacer('10px', null));
 		}
 		$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
 		$pdfButton->setIconClass('pdfButton');
 		$buttonGroup->addElement($pdfButton);
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@ -243,6 +243,47 @@ function checkIfPasswordChangeIsAllowed() {
 	return false;
 }
 /**
 * Checks if it is allowed to create new LDAP entries of the given type.
 * This also checks if general write access is enabled.
 * 
 * @param String $scope account type (e.g. 'user')
 * @return boolean true, if new entries are allowed
 */
 function checkIfNewEntriesAreAllowed($scope) {
 	if (!isLAMProVersion()) {
 		return true;
 	}
 	if (!isset($_SESSION['config']) || empty($scope)) {
 		return false;
 	}
 	$typeSettings = $_SESSION['config']->get_typeSettings();
 	if (isset($typeSettings['hideNewButton_' . $scope]) && $typeSettings['hideNewButton_' . $scope]) {
 		return false;
 	}
 	return checkIfWriteAccessIsAllowed();
 }
 /**
 * Checks if it is allowed to delete LDAP entries of the given type.
 * 
 * @param String $scope account type (e.g. 'user')
 * @return boolean true, if entries may be deleted
 */
 function checkIfDeleteEntriesIsAllowed($scope) {
 	if (!isLAMProVersion()) {
 		return true;
 	}
 	if (!isset($_SESSION['config']) || empty($scope)) {
 		return false;
 	}
 	$typeSettings = $_SESSION['config']->get_typeSettings();
 	if (isset($typeSettings['hideDeleteButton_' . $scope]) && $typeSettings['hideDeleteButton_' . $scope]) {
 		return false;
 	}
 	return checkIfWriteAccessIsAllowed();
 }
 /**
 * Checks if the password fulfills the password policies.
 * 
--- a/lam/templates/account/edit.php
+++ b/lam/templates/account/edit.php
@ -4,7 +4,7 @@ $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Tilo Lutz
-                2005 - 2012  Roland Gruber
+                2005 - 2013  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -86,6 +86,10 @@ else if (count($_POST)==0) {
 		logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
 		die();
 	}
 	elseif (!checkIfNewEntriesAreAllowed($type)) {
 		logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
 		die();
 	}
 	$_SESSION['account'] = new accountContainer($type, 'account');
 	$_SESSION['account']->new_account();
 }
--- a/lam/templates/config/conftypes.php
+++ b/lam/templates/config/conftypes.php
@ -234,7 +234,7 @@ if (sizeof($activeTypes) > 0) {
 	for ($i = 0; $i < sizeof($activeTypes); $i++) {
 		// title
 		$titleGroup = new htmlGroup();
-		$titleGroup->colspan = 10;
+		$titleGroup->colspan = 6;
 		$titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png'));
 		$titleText = new htmlOutputText(getTypeAlias($activeTypes[$i]));
 		$titleText->setIsBold(true);
@ -244,21 +244,15 @@ if (sizeof($activeTypes) > 0) {
 		$activeContainer->addElement($titleGroup);
 		// delete button
 		$delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true);
 		$delButton->colspan = 3;
 		$delButton->alignment = htmlElement::ALIGN_RIGHT;
 		$delButton->setTitle(_("Remove this account type"));
 		$activeContainer->addElement($delButton, true); //del.png
 		$activeContainer->addElement(new htmlSpacer(null, '5px'), true);
 		// LDAP suffix
-		$suffixText = new htmlOutputText(_("LDAP suffix"));
+		$suffixInput = new htmlTableExtendedInputField(_("LDAP suffix"), 'suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]], '202');
 		$suffixText->colspan = 2;
 		$activeContainer->addElement($suffixText);
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
 		$suffixInput->setFieldSize(40);
 		$activeContainer->addElement($suffixInput);
-		$activeContainer->addElement(new htmlHelpLink('202'));
+		$activeContainer->addElement(new htmlSpacer('20px', null));
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		// list attributes
 		if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
 			$attributes = $typeSettings['attr_' . $activeTypes[$i]];
@ -266,14 +260,9 @@ if (sizeof($activeTypes) > 0) {
 		else {
 			$attributes = getDefaultListAttributes($activeTypes[$i]);
 		}
-		$attrsText = new htmlOutputText(_("List attributes"));
+		$attrsInput = new htmlTableExtendedInputField(_("List attributes"), 'attr_' . $activeTypes[$i], $attributes, '206');
 		$attrsText->colspan = 2;
 		$activeContainer->addElement($attrsText);
 		$activeContainer->addElement(new htmlSpacer('10px', null));
 		$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
 		$attrsInput->setFieldSize(40);
 		$activeContainer->addElement($attrsInput);
 		$activeContainer->addElement(new htmlHelpLink('206'));
 		$activeContainer->addNewLine();
 		// advanced options
 		$advancedOptionsContent = new htmlTable();
@ -282,27 +271,31 @@ if (sizeof($activeTypes) > 0) {
 		if (isset($typeSettings['filter_' . $activeTypes[$i]])) {
 			$filter = $typeSettings['filter_' . $activeTypes[$i]];
 		}
-		$filterText = new htmlOutputText(_("Additional LDAP filter"));
+		$filterInput = new htmlTableExtendedInputField(_("Additional LDAP filter"), 'filter_' . $activeTypes[$i], $filter, '260');
 		$filterText->colspan = 2;
 		$advancedOptionsContent->addElement($filterText);
 		$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
 		$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $filter);
 		$filterInput->setFieldSize(40);
 		$advancedOptionsContent->addElement($filterInput);
-		$advancedOptionsContent->addElement(new htmlHelpLink('260'));
+		$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
 		$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
 		// hidden type
 		$hidden = false;
 		if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
 			$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
 		}
-		$hiddenText = new htmlOutputText(_('Hidden'));
+		$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
-		$hiddenText->colspan = 2;
+		if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
-		$advancedOptionsContent->addElement($hiddenText);
+			// hide button to create new accounts
-		$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
+			$hideNewButton = false;
-		$advancedOptionsContent->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $hidden));
+			if (isset($typeSettings['hideNewButton_' . $activeTypes[$i]])) {
-		$advancedOptionsContent->addElement(new htmlHelpLink('261'));
+				$hideNewButton = $typeSettings['hideNewButton_' . $activeTypes[$i]];
-		$advancedOptionsContent->addNewLine();
+			}
 			$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideNewButton_' . $activeTypes[$i], $hideNewButton, _('No new entries'), '262'));
 			$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
 			// hide button to delete accounts
 			$hideDeleteButton = false;
 			if (isset($typeSettings['hideDeleteButton_' . $activeTypes[$i]])) {
 				$hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeTypes[$i]];
 			}
 			$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideDeleteButton_' . $activeTypes[$i], $hideDeleteButton, _('Disallow delete'), '263'), true);
 		}
 		// build advanced options box
 		$advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false);
 		$advancedOptions->colspan = 15;
@ -386,14 +379,17 @@ function checkInput() {
 			$typeSettings[$key] = $_POST[$key];
 		}
 	}
 	// set hidden
 	for ($i = 0; $i < sizeof($accountTypes); $i++) {
 		// set hidden
 		$key = "hidden_" . $accountTypes[$i];
-		if (isset($_POST[$key]) && ($_POST[$key] == 'on')) {
+		$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
-			$typeSettings[$key] = true;
+		if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
-		}
+			// set if new entries are allowed
-		else {
+			$key = "hideNewButton_" . $accountTypes[$i];
-			$typeSettings[$key] = false;
+			$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
 			// set if deletion of entries is allowed
 			$key = "hideDeleteButton_" . $accountTypes[$i];
 			$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
 		}
 	}
 	// save input
--- a/lam/templates/delete.php
+++ b/lam/templates/delete.php
@ -72,6 +72,10 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
 		logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
 		die();
 	}
 	if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
 		logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
 		die();
 	}
 	// Create account list
 	foreach ($_SESSION['delete_dn'] as $dn) {
 		$start = strpos ($dn, "=")+1;
@ -138,6 +142,10 @@ elseif (isset($_POST['cancelAllOk'])) {
 }
 if (isset($_POST['delete'])) {
 	if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
 		logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
 		die();
 	}
 	// Show HTML Page
 	include 'main_header.php';
 	echo "<form action=\"delete.php\" method=\"post\">\n";
--- a/lam/templates/massBuildAccounts.php
+++ b/lam/templates/massBuildAccounts.php
@ -97,6 +97,10 @@ if (isAccountTypeHidden($scope)) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
 	die();
 }
 if (!checkIfNewEntriesAreAllowed($scope)) {
 	logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
 	die();
 }
 echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">';
 echo '<div class="' . $scope . '-bright smallPaddingContent">';
--- a/lam/templates/massDoUpload.php
+++ b/lam/templates/massDoUpload.php
@ -3,7 +3,7 @@
 $Id$
  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2004 - 2012  Roland Gruber
+  Copyright (C) 2004 - 2013  Roland Gruber
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -68,6 +68,10 @@ if (isAccountTypeHidden($scope)) {
 	logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
 	die();
 }
 if (!checkIfNewEntriesAreAllowed($scope)) {
 	logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
 	die();
 }
 echo '<div class="' . $scope . '-bright smallPaddingContent">';
--- a/lam/templates/masscreate.php
+++ b/lam/templates/masscreate.php
@ -78,9 +78,10 @@ include 'main_header.php';
 // get possible types and remove those which do not support file upload
 $types = $_SESSION['config']->get_ActiveTypes();
-for ($i = 0; $i < sizeof($types); $i++) {
+$count = sizeof($types);
 for ($i = 0; $i < $count; $i++) {
 	$myType = new $types[$i]();
-	if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
+	if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
 		unset($types[$i]);
 	}
 }