allow to hide buttons to create/delete accounts

This commit is contained in:
Roland Gruber 2013-05-01 12:36:17 +00:00
parent afb8d6ebdd
commit 4f25877520
11 changed files with 122 additions and 53 deletions

View File

@ -2,6 +2,7 @@ June 2013 4.2
- Samba 4 support: users, groups, hosts
- Unix: allow to change format for suggested user name
- LAM Pro:
-> allow to hide buttons to create/delete entries for each account type
-> Password self reset: support new identification methods: user, email, user or email, employee number
-> Custom fields: support PDF, profiles and multi-value text fields
-> Personal: support password mail sending in file upload

View File

@ -155,6 +155,10 @@ $helpArray = array (
. ' ' . _('By default LAM will show all accounts that match the selected account modules.')),
"261" => array ("Headline" => _("Hidden"),
"Text" => _('Hidden account types will not show up in LAM. This is useful if you want to display e.g. only groups but still need to manage their members.')),
"262" => array ("Headline" => _("No new entries"),
"Text" => _('If checked then the user will not be able to create new entries of this account type.')),
"263" => array ("Headline" => _("Disallow delete"),
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
// 300 - 399
// profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"),

View File

@ -486,7 +486,7 @@ class lamList {
$group->addElement($editLink);
$toolCount++;
// delete link
if (checkIfWriteAccessIsAllowed()) {
if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
$deleteLink->setTitle(_("Delete"));
$group->addElement($deleteLink);
@ -543,12 +543,12 @@ class lamList {
die();
}
// add new account
if (isset($_POST['new'])){
if (isset($_POST['new']) && checkIfNewEntriesAreAllowed($this->type)){
metaRefresh("../account/edit.php?type=" . $this->type . "&suffix=" . $this->suffix);
exit;
}
// delete account(s)
elseif (isset($_POST['del'])){
elseif (isset($_POST['del']) && checkIfDeleteEntriesIsAllowed($this->type)){
// search for checkboxes
$accounts = array_keys($_POST, "on");
// build DN list
@ -562,7 +562,7 @@ class lamList {
}
}
// file upload
elseif (isset($_POST['fileUpload'])){
elseif (isset($_POST['fileUpload']) && checkIfNewEntriesAreAllowed($this->type)){
metaRefresh("../masscreate.php?type=" . $this->type);
exit;
}
@ -749,11 +749,14 @@ class lamList {
// button part
$left->alignment = htmlElement::ALIGN_LEFT;
if (checkIfWriteAccessIsAllowed()) {
// add/delete buttons
// add button
if (checkIfNewEntriesAreAllowed($this->type)) {
$newButton = new htmlButton('new', $this->labels['newEntry']);
$newButton->setIconClass('createButton');
$left->addElement($newButton);
if (!$createOnly) {
}
// delete button
if (!$createOnly && checkIfDeleteEntriesIsAllowed($this->type)) {
$left->addElement(new htmlSpacer('1px', null));
$delButton = new htmlButton('del', $this->labels['deleteEntry']);
$delButton->setIconClass('deleteButton');
@ -761,7 +764,8 @@ class lamList {
}
$type = new $this->type();
$toolSettings = $_SESSION['config']->getToolSettings();
if ($type->supportsFileUpload() && !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
if ($type->supportsFileUpload() && checkIfNewEntriesAreAllowed($this->type)
&& !(isset($toolSettings['tool_hide_toolFileUpload']) && ($toolSettings['tool_hide_toolFileUpload'] == 'true'))) {
$left->addElement(new htmlSpacer('20px', null));
$uploadButton = new htmlButton('fileUpload', _('File upload'));
$uploadButton->setIconClass('upButton');

View File

@ -1291,10 +1291,12 @@ class accountContainer {
$type = new $this->type();
$buttonGroup = new htmlGroup();
if (checkIfNewEntriesAreAllowed($this->type)) {
$createButton = new htmlButton('accountContainerCreateAgain', $type->LABEL_CREATE_ANOTHER_ACCOUNT);
$createButton->setIconClass('createButton');
$buttonGroup->addElement($createButton);
$buttonGroup->addElement(new htmlSpacer('10px', null));
}
$pdfButton = new htmlButton('accountContainerCreatePDF', _('Create PDF file'));
$pdfButton->setIconClass('pdfButton');
$buttonGroup->addElement($pdfButton);

View File

@ -243,6 +243,47 @@ function checkIfPasswordChangeIsAllowed() {
return false;
}
/**
* Checks if it is allowed to create new LDAP entries of the given type.
* This also checks if general write access is enabled.
*
* @param String $scope account type (e.g. 'user')
* @return boolean true, if new entries are allowed
*/
function checkIfNewEntriesAreAllowed($scope) {
if (!isLAMProVersion()) {
return true;
}
if (!isset($_SESSION['config']) || empty($scope)) {
return false;
}
$typeSettings = $_SESSION['config']->get_typeSettings();
if (isset($typeSettings['hideNewButton_' . $scope]) && $typeSettings['hideNewButton_' . $scope]) {
return false;
}
return checkIfWriteAccessIsAllowed();
}
/**
* Checks if it is allowed to delete LDAP entries of the given type.
*
* @param String $scope account type (e.g. 'user')
* @return boolean true, if entries may be deleted
*/
function checkIfDeleteEntriesIsAllowed($scope) {
if (!isLAMProVersion()) {
return true;
}
if (!isset($_SESSION['config']) || empty($scope)) {
return false;
}
$typeSettings = $_SESSION['config']->get_typeSettings();
if (isset($typeSettings['hideDeleteButton_' . $scope]) && $typeSettings['hideDeleteButton_' . $scope]) {
return false;
}
return checkIfWriteAccessIsAllowed();
}
/**
* Checks if the password fulfills the password policies.
*

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2012 Roland Gruber
2005 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -86,6 +86,10 @@ else if (count($_POST)==0) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type: ' . $type);
die();
}
elseif (!checkIfNewEntriesAreAllowed($type)) {
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
die();
}
$_SESSION['account'] = new accountContainer($type, 'account');
$_SESSION['account']->new_account();
}

View File

@ -234,7 +234,7 @@ if (sizeof($activeTypes) > 0) {
for ($i = 0; $i < sizeof($activeTypes); $i++) {
// title
$titleGroup = new htmlGroup();
$titleGroup->colspan = 10;
$titleGroup->colspan = 6;
$titleGroup->addElement(new htmlImage('../../graphics/' . $activeTypes[$i] . '.png'));
$titleText = new htmlOutputText(getTypeAlias($activeTypes[$i]));
$titleText->setIsBold(true);
@ -244,21 +244,15 @@ if (sizeof($activeTypes) > 0) {
$activeContainer->addElement($titleGroup);
// delete button
$delButton = new htmlButton('rem_'. $activeTypes[$i], 'del.png', true);
$delButton->colspan = 3;
$delButton->alignment = htmlElement::ALIGN_RIGHT;
$delButton->setTitle(_("Remove this account type"));
$activeContainer->addElement($delButton, true); //del.png
$activeContainer->addElement(new htmlSpacer(null, '5px'), true);
// LDAP suffix
$suffixText = new htmlOutputText(_("LDAP suffix"));
$suffixText->colspan = 2;
$activeContainer->addElement($suffixText);
$activeContainer->addElement(new htmlSpacer('10px', null));
$suffixInput = new htmlInputField('suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]]);
$suffixInput = new htmlTableExtendedInputField(_("LDAP suffix"), 'suffix_' . $activeTypes[$i], $typeSettings['suffix_' . $activeTypes[$i]], '202');
$suffixInput->setFieldSize(40);
$activeContainer->addElement($suffixInput);
$activeContainer->addElement(new htmlHelpLink('202'));
$activeContainer->addElement(new htmlSpacer('10px', null));
$activeContainer->addElement(new htmlSpacer('20px', null));
// list attributes
if (isset($typeSettings['attr_' . $activeTypes[$i]])) {
$attributes = $typeSettings['attr_' . $activeTypes[$i]];
@ -266,14 +260,9 @@ if (sizeof($activeTypes) > 0) {
else {
$attributes = getDefaultListAttributes($activeTypes[$i]);
}
$attrsText = new htmlOutputText(_("List attributes"));
$attrsText->colspan = 2;
$activeContainer->addElement($attrsText);
$activeContainer->addElement(new htmlSpacer('10px', null));
$attrsInput = new htmlInputField('attr_' . $activeTypes[$i], $attributes);
$attrsInput = new htmlTableExtendedInputField(_("List attributes"), 'attr_' . $activeTypes[$i], $attributes, '206');
$attrsInput->setFieldSize(40);
$activeContainer->addElement($attrsInput);
$activeContainer->addElement(new htmlHelpLink('206'));
$activeContainer->addNewLine();
// advanced options
$advancedOptionsContent = new htmlTable();
@ -282,27 +271,31 @@ if (sizeof($activeTypes) > 0) {
if (isset($typeSettings['filter_' . $activeTypes[$i]])) {
$filter = $typeSettings['filter_' . $activeTypes[$i]];
}
$filterText = new htmlOutputText(_("Additional LDAP filter"));
$filterText->colspan = 2;
$advancedOptionsContent->addElement($filterText);
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
$filterInput = new htmlInputField('filter_' . $activeTypes[$i], $filter);
$filterInput = new htmlTableExtendedInputField(_("Additional LDAP filter"), 'filter_' . $activeTypes[$i], $filter, '260');
$filterInput->setFieldSize(40);
$advancedOptionsContent->addElement($filterInput);
$advancedOptionsContent->addElement(new htmlHelpLink('260'));
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
// hidden type
$hidden = false;
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
}
$hiddenText = new htmlOutputText(_('Hidden'));
$hiddenText->colspan = 2;
$advancedOptionsContent->addElement($hiddenText);
$advancedOptionsContent->addElement(new htmlSpacer('10px', null));
$advancedOptionsContent->addElement(new htmlInputCheckbox('hidden_' . $activeTypes[$i], $hidden));
$advancedOptionsContent->addElement(new htmlHelpLink('261'));
$advancedOptionsContent->addNewLine();
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
// hide button to create new accounts
$hideNewButton = false;
if (isset($typeSettings['hideNewButton_' . $activeTypes[$i]])) {
$hideNewButton = $typeSettings['hideNewButton_' . $activeTypes[$i]];
}
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideNewButton_' . $activeTypes[$i], $hideNewButton, _('No new entries'), '262'));
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
// hide button to delete accounts
$hideDeleteButton = false;
if (isset($typeSettings['hideDeleteButton_' . $activeTypes[$i]])) {
$hideDeleteButton = $typeSettings['hideDeleteButton_' . $activeTypes[$i]];
}
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hideDeleteButton_' . $activeTypes[$i], $hideDeleteButton, _('Disallow delete'), '263'), true);
}
// build advanced options box
$advancedOptions = new htmlAccordion('advancedOptions_' . $activeTypes[$i], array(_('Advanced options') => $advancedOptionsContent), false);
$advancedOptions->colspan = 15;
@ -386,14 +379,17 @@ function checkInput() {
$typeSettings[$key] = $_POST[$key];
}
}
// set hidden
for ($i = 0; $i < sizeof($accountTypes); $i++) {
// set hidden
$key = "hidden_" . $accountTypes[$i];
if (isset($_POST[$key]) && ($_POST[$key] == 'on')) {
$typeSettings[$key] = true;
}
else {
$typeSettings[$key] = false;
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
// set if new entries are allowed
$key = "hideNewButton_" . $accountTypes[$i];
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
// set if deletion of entries is allowed
$key = "hideDeleteButton_" . $accountTypes[$i];
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
}
}
// save input

View File

@ -72,6 +72,10 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
die();
}
if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
die();
}
// Create account list
foreach ($_SESSION['delete_dn'] as $dn) {
$start = strpos ($dn, "=")+1;
@ -138,6 +142,10 @@ elseif (isset($_POST['cancelAllOk'])) {
}
if (isset($_POST['delete'])) {
if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
die();
}
// Show HTML Page
include 'main_header.php';
echo "<form action=\"delete.php\" method=\"post\">\n";

View File

@ -97,6 +97,10 @@ if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die();
}
if (!checkIfNewEntriesAreAllowed($scope)) {
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
die();
}
echo '<form enctype="multipart/form-data" action="masscreate.php" method="post">';
echo '<div class="' . $scope . '-bright smallPaddingContent">';

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2004 - 2012 Roland Gruber
Copyright (C) 2004 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -68,6 +68,10 @@ if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die();
}
if (!checkIfNewEntriesAreAllowed($scope)) {
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
die();
}
echo '<div class="' . $scope . '-bright smallPaddingContent">';

View File

@ -78,9 +78,10 @@ include 'main_header.php';
// get possible types and remove those which do not support file upload
$types = $_SESSION['config']->get_ActiveTypes();
for ($i = 0; $i < sizeof($types); $i++) {
$count = sizeof($types);
for ($i = 0; $i < $count; $i++) {
$myType = new $types[$i]();
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])) {
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
unset($types[$i]);
}
}