allow to set single account types read-only

This commit is contained in:
Roland Gruber 2014-01-15 20:48:52 +00:00
parent 4b9c4bf535
commit a7d3773493
27 changed files with 203 additions and 97 deletions

View File

@ -3,6 +3,7 @@ March 2014 4.5
- Personal: allow to set fields read-only
- Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD)
- LAM Pro:
-> Allow to set single account types read-only
-> Separate IP restriction list for self service

View File

@ -15,7 +15,7 @@ LAM - Readme
https://www.ldap-account-manager.org/
Copyright (C) 2003 - 2013 Roland Gruber <post@rolandgruber.de>
Copyright (C) 2003 - 2014 Roland Gruber <post@rolandgruber.de>
Installation and documentation:
Please see the LAM manual in docs/manual/index.html.

View File

@ -1,4 +1,4 @@
This software is copyright (c) 2003 - 2013 by Roland Gruber
This software is copyright (c) 2003 - 2014 by Roland Gruber
If you purchased a copy of LDAP Account Manager Pro then the following
files are licensed under the conditions which you accepted at purchase

View File

@ -19,7 +19,7 @@
<para><ulink
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
<para>Copyright (C) 2003 - 2013 Roland Gruber
<para>Copyright (C) 2003 - 2014 Roland Gruber
&lt;post@rolandgruber.de&gt;</para>
<para><emphasis role="bold">Key features:</emphasis></para>
@ -1388,6 +1388,15 @@ Have fun!
users.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Read-only (LAM Pro only):</emphasis>
This allows to set a single account type to read-only mode.
Please note that this is a restriction on functional level (e.g.
group memberships can be changed on user page even if groups are
read-only) and is no replacement for setting up proper ACLs on
your LDAP server.</para>
</listitem>
<listitem>
<para><emphasis role="bold">Custom label:</emphasis> Here you
can set a custom label for the account types. Use this if the

Binary file not shown.

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 43 KiB

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2003 - 2013 Roland Gruber
2003 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -171,6 +171,8 @@ $helpArray = array (
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
"264" => array ("Headline" => _('Custom label'),
"Text" => _('Here you can overwrite the display name for this account type.')),
"265" => array ("Headline" => _('Read-only'),
"Text" => _('Sets this account type to read-only.')),
// 300 - 399
// profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"),

View File

@ -1728,6 +1728,10 @@ class htmlInputCheckbox extends htmlElement {
protected $tableRowsToShow = array();
/** indicates that this field should not automatically be saved in the self service or server profile */
private $transient = false;
/** list of input elements to enable when checked */
protected $elementsToEnable = array();
/** list of input elements to disable when checked */
protected $elementsToDisable = array();
/**
@ -1776,7 +1780,6 @@ class htmlInputCheckbox extends htmlElement {
$script = '';
if ((sizeof($this->tableRowsToShow) > 0) || (sizeof($this->tableRowsToHide) > 0)) {
// build onChange listener
$onChange = ' onChange="';
$onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {';
for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) {
$onChange .= 'jQuery(\'#' . $this->tableRowsToShow[$i] . '\').closest(\'tr\').removeClass(\'hidden\');';
@ -1793,7 +1796,6 @@ class htmlInputCheckbox extends htmlElement {
$onChange .= 'jQuery(\'#' . $this->tableRowsToHide[$i] . '\').closest(\'tr\').removeClass(\'hidden\');';
}
$onChange .= '};';
$onChange .= '"';
// build script to set initial state
$script = '<script type="text/javascript">jQuery(document).ready(function() {';
for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) {
@ -1812,6 +1814,46 @@ class htmlInputCheckbox extends htmlElement {
}
$script .= '});</script>';
}
// build Java script to enable/disable elements
if ((sizeof($this->elementsToEnable) > 0) || (sizeof($this->elementsToDisable) > 0)) {
// build onChange listener
$onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {';
for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) {
$onChange .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', false);';
}
for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) {
$onChange .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', true);';
}
$onChange .= '}';
$onChange .= 'else {';
for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) {
$onChange .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', true);';
}
for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) {
$onChange .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', false);';
}
$onChange .= '};';
// build script to set initial state
$script = '<script type="text/javascript">jQuery(document).ready(function() {';
for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) {
$classType = 'true';
if ($this->checked) {
$classType = 'false';
}
$script .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', ' . $classType . ');';
}
for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) {
$classType = 'false';
if ($this->checked) {
$classType = 'true';
}
$script .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', ' . $classType . ');';
}
$script .= '});</script>';
}
if (!empty($onChange)) {
$onChange = ' onChange="' . $onChange . '"';
}
echo '<input type="checkbox" id="' . $this->name . '" name="' . $this->name . '"' . $tabindexValue . $onChange . $checked . $disabled . '>';
echo $script;
if ($this->transient) {
@ -1868,6 +1910,26 @@ class htmlInputCheckbox extends htmlElement {
$this->transient = $transient;
}
/**
* This will disable the given input elements when the checkbox is checked.
* The given IDs can be of any input element (e.g. select, checkbox, ...).
*
* @param array $elements IDs of elements to disable
*/
public function setElementsToDisable($elements) {
$this->elementsToDisable = $elements;
}
/**
* This will enable the given input elements when the checkbox is checked.
* The given IDs can be of any input element (e.g. select, checkbox, ...).
*
* @param array $elements IDs of elements to enable
*/
public function setElementsToEnable($elements) {
$this->elementsToEnable = $elements;
}
}
/**

View File

@ -486,7 +486,7 @@ class lamList {
$group->addElement($editLink);
$toolCount++;
// delete link
if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
if (checkIfWriteAccessIsAllowed($this->type) && checkIfDeleteEntriesIsAllowed($this->type)) {
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
$deleteLink->setTitle(_("Delete"));
$group->addElement($deleteLink);
@ -539,7 +539,7 @@ class lamList {
protected function listDoPost() {
// check if button was pressed and if we have to add/delete an account or call file upload
if (isset($_POST['new']) || isset($_POST['del']) || isset($_POST['fileUpload'])){
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->type)) {
die();
}
// add new account
@ -748,7 +748,7 @@ class lamList {
$left = new htmlGroup();
// button part
$left->alignment = htmlElement::ALIGN_LEFT;
if (checkIfWriteAccessIsAllowed()) {
if (checkIfWriteAccessIsAllowed($this->type)) {
// add button
if (checkIfNewEntriesAreAllowed($this->type)) {
$newButton = new htmlButton('new', $this->labels['newEntry']);

View File

@ -843,7 +843,7 @@ class accountContainer {
exit;
}
// module actions
if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed()) {
if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed($this->type)) {
$result = call_user_func(array(&$this->module[$this->order[$this->current_page]], 'process_'.$this->subpage));
if (is_array($result)) { // messages were returned, check for errors
for ($i = 0; $i < sizeof($result); $i++) {
@ -965,7 +965,7 @@ class accountContainer {
}
echo '<div id="passwordMessageArea"></div>';
echo "<table class=\"".$this->type."-bright\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
if (checkIfWriteAccessIsAllowed()) {
if (checkIfWriteAccessIsAllowed($this->type)) {
echo "<tr class=\"".$this->type."-bright\"><td style=\"padding: 15px 15px 0px 15px;\">\n";
$this->printCommonControls($tabindex);
echo "</td></tr>\n";
@ -1673,7 +1673,7 @@ class accountContainer {
* @return array list of status messages
*/
function save_account() {
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->type)) {
die();
}
$this->finalDN = $this->dn_orig;

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2010 - 2011 Pavel Pozdniak
2010 - 2013 Roland Gruber
2010 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -188,7 +188,7 @@ class imapAccess extends baseModule {
*/
function display_html_attributes() {
$return = new htmlTable();
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
return $return;
}
$prefix = $this->getMailboxPrefix();
@ -335,7 +335,7 @@ class imapAccess extends baseModule {
*/
function process_attributes() {
$errors = array();
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
return $errors;
}
$prefix = $this->getMailboxPrefix();

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2013 Roland Gruber
2005 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -1672,7 +1672,7 @@ class inetOrgPerson extends baseModule implements passwordService {
}
}
// password buttons
if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed() && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
$fieldContainer->addElement(new htmlSubTitle(_('Password')), true);
$pwdContainer = new htmlTable();
if (pwd_is_enabled($this->attributes['userPassword'][0])) {
@ -2516,7 +2516,7 @@ class inetOrgPerson extends baseModule implements passwordService {
* <br> )
*/
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
die();
}
// mail sending is LAM Pro only

View File

@ -1429,7 +1429,7 @@ class posixAccount extends baseModule implements passwordService {
$return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true);
}
// password buttons
if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->getPasswordAttrName()][0])) {
if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->getPasswordAttrName()][0])) {
$return->addElement(new htmlOutputText(_('Password')));
$pwdContainer = new htmlTable();
if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0])) {
@ -2172,7 +2172,7 @@ class posixAccount extends baseModule implements passwordService {
* <br> )
*/
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
die();
}
// on first call generate list of ldap operations

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
2007 - 2013 Roland Gruber
2007 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -201,7 +201,7 @@ class posixGroup extends baseModule implements passwordService {
$return->addElement(new htmlTableExtendedInputField(_('Description'), 'description', $description, 'description'), true);
}
// password buttons
if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->passwordAttrName][0])) {
if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->passwordAttrName][0])) {
$return->addElement(new htmlOutputText(_('Password')));
$pwdContainer = new htmlTable();
if (pwd_is_enabled($this->attributes[$this->passwordAttrName][0])) {

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2013 Roland Gruber
Copyright (C) 2013 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -1427,7 +1427,7 @@ class windowsUser extends baseModule implements passwordService {
* <br> )
*/
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
if (!checkIfWriteAccessIsAllowed()) {
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
die();
}
// on first call generate list of ldap operations

View File

@ -236,14 +236,22 @@ function logNewMessage($level, $message) {
/**
* Checks if write access to LDAP is allowed.
*
* @param String $scope account type (e.g. user)
* @return boolean true, if allowed
*/
function checkIfWriteAccessIsAllowed() {
function checkIfWriteAccessIsAllowed($scope = null) {
if (!isset($_SESSION['config'])) {
return false;
}
if ($_SESSION['config']->getAccessLevel() >= LAMConfig::ACCESS_ALL) {
return true;
$typeSettings = $_SESSION['config']->get_typeSettings();
if ($scope == null) {
return true;
}
elseif (!isset($typeSettings['readOnly_' . $scope]) || !$typeSettings['readOnly_' . $scope]) {
// check if write for this type is allowed
return true;
}
}
return false;
}

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2008 Thomas Manninger
2009 - 2013 Roland Gruber
2009 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -244,7 +244,7 @@ class lamDHCPList extends lamList {
* @param htmlGroup $right right part
*/
protected function addExtraInputElementsToTopArea(&$left, &$right) {
if (checkIfWriteAccessIsAllowed()) {
if (checkIfWriteAccessIsAllowed($this->type)) {
$left->addElement(new htmlSpacer('20px', null));
$dhcpButton = new htmlButton('dhcpDefaults', $this->labels['dhcpDefaults']);
$dhcpButton->setIconClass('settingsButton');

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2005 - 2013 Roland Gruber
Copyright (C) 2005 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -293,13 +293,13 @@ class user extends baseType {
}
$statusTable .= '</table>';
$tipContent = $statusTable;
if (checkIfWriteAccessIsAllowed()) {
if (checkIfWriteAccessIsAllowed('user')) {
$tipContent .= '<br><img alt=&quot;hint&quot; src=&quot;../../graphics/light.png&quot;> ';
$tipContent .= _('Please click to lock/unlock this account.');
}
$dialogDiv = $this->buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable, $windowsLocked);
$onClick = '';
if (checkIfWriteAccessIsAllowed()) {
if (checkIfWriteAccessIsAllowed('user')) {
$onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"';
}
return $dialogDiv . '<a href="#"><img id="lam_accountStatus" alt="status" ' . $onClick . ' helptitle="' . _('Account status') . '" helpdata="' . $tipContent . '" height=16 width=16 src="../../graphics/' . $icon . '"></a>&nbsp;&nbsp;&nbsp;';
@ -664,7 +664,7 @@ class lamUserList extends lamList {
* @return lamListTool[] tools
*/
protected function getAdditionalTools() {
if (isLAMProVersion() && checkIfPasswordChangeIsAllowed()) {
if (isLAMProVersion() && checkIfPasswordChangeIsAllowed() && checkIfWriteAccessIsAllowed('user')) {
$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php');
return array($passwordTool);
}

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2004 - 2013 Roland Gruber
Copyright (C) 2004 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -280,7 +280,18 @@ if (sizeof($activeTypes) > 0) {
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
}
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'));
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
$isReadOnly = false;
if (isset($typeSettings['readOnly_' . $activeTypes[$i]])) {
$isReadOnly = $typeSettings['readOnly_' . $activeTypes[$i]];
}
$readOnly = new htmlTableExtendedInputCheckbox('readOnly_' . $activeTypes[$i], $isReadOnly, _('Read-only'), '265');
$readOnly->setElementsToDisable(array('hideNewButton_' . $activeTypes[$i], 'hideDeleteButton_' . $activeTypes[$i]));
$advancedOptionsContent->addElement($readOnly);
}
$advancedOptionsContent->addNewLine();
// custom label
$customLabel = '';
if (isset($typeSettings['customLabel_' . $activeTypes[$i]])) {
@ -403,6 +414,9 @@ function checkInput() {
// set if deletion of entries is allowed
$key = "hideDeleteButton_" . $accountTypes[$i];
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
// set if account type is read-only
$key = "readOnly_" . $accountTypes[$i];
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
}
}
// save input

View File

@ -72,7 +72,7 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
die();
}
if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
if (!checkIfDeleteEntriesIsAllowed($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
die();
}
@ -142,7 +142,7 @@ elseif (isset($_POST['cancelAllOk'])) {
}
if (isset($_POST['delete'])) {
if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
if (!checkIfDeleteEntriesIsAllowed($_POST['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
die();
}

View File

@ -97,7 +97,7 @@ if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die();
}
if (!checkIfNewEntriesAreAllowed($scope)) {
if (!checkIfNewEntriesAreAllowed($scope) || !checkIfWriteAccessIsAllowed($scope)) {
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
die();
}

View File

@ -68,7 +68,7 @@ if (isAccountTypeHidden($scope)) {
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
die();
}
if (!checkIfNewEntriesAreAllowed($scope)) {
if (!checkIfNewEntriesAreAllowed($scope) || !checkIfWriteAccessIsAllowed($scope)) {
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
die();
}

View File

@ -81,7 +81,8 @@ $types = $_SESSION['config']->get_ActiveTypes();
$count = sizeof($types);
for ($i = 0; $i < $count; $i++) {
$myType = new $types[$i]();
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])
|| !checkIfNewEntriesAreAllowed($types[$i]) || !checkIfWriteAccessIsAllowed($types[$i])) {
unset($types[$i]);
}
}
@ -145,7 +146,7 @@ $selectedType = array();
if (isset($_REQUEST['type'])) {
$selectedType[] = $_REQUEST['type'];
}
else {
elseif (!empty($types)) {
$selectedType[] = $types[0];
}
$typeSelect = new htmlTableExtendedSelect('type', $typeList, $selectedType, _("Account type"));
@ -206,7 +207,9 @@ $table->addElement($moduleGroup, true);
// ok button
$table->addElement(new htmlSpacer(null, '20px'), true);
$table->addElement(new htmlButton('submit', _('Ok')), true);
if (!empty($types)) {
$table->addElement(new htmlButton('submit', _('Ok')), true);
}
parseHtml(null, $table, array(), false, $tabindex, 'user');
?>

View File

@ -164,7 +164,7 @@ function display_main($message, $error) {
$types = array();
$typeList = $_SESSION['config']->get_ActiveTypes();
for ($i = 0; $i < sizeof($typeList); $i++) {
if (isAccountTypeHidden($typeList[$i])) {
if (isAccountTypeHidden($typeList[$i]) || !checkIfWriteAccessIsAllowed($typeList[$i])) {
continue;
}
$types[$typeList[$i]] = getTypeAlias($typeList[$i]);
@ -179,31 +179,34 @@ function display_main($message, $error) {
}
$options[$title] = $elements;
}
// new OU
$container->addElement(new htmlOutputText(_("New organisational unit")));
$parentOUSelect = new htmlSelect('parentOU', $options, array());
$parentOUSelect->setContainsOptgroups(true);
$parentOUSelect->setHasDescriptiveElements(true);
$parentOUSelect->setRightToLeftTextDirection(true);
$parentOUSelect->setSortElements(false);
$container->addElement($parentOUSelect);
$container->addElement(new htmlInputField('newOU'));
$container->addElement(new htmlButton('createOU', _("Ok")));
$container->addElement(new htmlHelpLink('601'), true);
$container->addElement(new htmlSpacer(null, '10px'), true);
// delete OU
$container->addElement(new htmlOutputText(_("Delete organisational unit")));
$deleteableOUSelect = new htmlSelect('deleteableOU', $options, array());
$deleteableOUSelect->setContainsOptgroups(true);
$deleteableOUSelect->setHasDescriptiveElements(true);
$deleteableOUSelect->setRightToLeftTextDirection(true);
$deleteableOUSelect->setSortElements(false);
$container->addElement($deleteableOUSelect);
$container->addElement(new htmlOutputText(''));
$container->addElement(new htmlButton('deleteOU', _("Ok")));
$container->addElement(new htmlHelpLink('602'), true);
if (!empty($options)) {
// new OU
$container->addElement(new htmlOutputText(_("New organisational unit")));
$parentOUSelect = new htmlSelect('parentOU', $options, array());
$parentOUSelect->setContainsOptgroups(true);
$parentOUSelect->setHasDescriptiveElements(true);
$parentOUSelect->setRightToLeftTextDirection(true);
$parentOUSelect->setSortElements(false);
$container->addElement($parentOUSelect);
$container->addElement(new htmlInputField('newOU'));
$container->addElement(new htmlButton('createOU', _("Ok")));
$container->addElement(new htmlHelpLink('601'), true);
$container->addElement(new htmlSpacer(null, '10px'), true);
// delete OU
$container->addElement(new htmlOutputText(_("Delete organisational unit")));
$deleteableOUSelect = new htmlSelect('deleteableOU', $options, array());
$deleteableOUSelect->setContainsOptgroups(true);
$deleteableOUSelect->setHasDescriptiveElements(true);
$deleteableOUSelect->setRightToLeftTextDirection(true);
$deleteableOUSelect->setSortElements(false);
$container->addElement($deleteableOUSelect);
$container->addElement(new htmlOutputText(''));
$container->addElement(new htmlButton('deleteOU', _("Ok")));
$container->addElement(new htmlHelpLink('602'), true);
}
parseHtml(null, $container, array(), false, $tabindex, 'user');
echo ("</form>\n");

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2005 - 2013 Roland Gruber
2005 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -73,7 +73,7 @@ if(isset($_POST['createNewTemplate'])) {
$scopes = $_SESSION['config']->get_ActiveTypes();
$sortedScopes = array();
for ($i = 0; $i < sizeof($scopes); $i++) {
if (isAccountTypeHidden($scopes[$i])) {
if (isAccountTypeHidden($scopes[$i]) || !checkIfWriteAccessIsAllowed($scopes[$i])) {
continue;
}
$sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]);
@ -171,16 +171,18 @@ include '../main_header.php';
}
// new template
$container->addElement(new htmlSubTitle(_('Create a new PDF structure')), true);
$newPDFContainer = new htmlTable();
$newScopeSelect = new htmlSelect('scope', $availableScopes);
$newScopeSelect->setHasDescriptiveElements(true);
$newScopeSelect->setWidth('15em');
$newPDFContainer->addElement($newScopeSelect);
$newPDFContainer->addElement(new htmlSpacer('10px', null));
$newPDFContainer->addElement(new htmlButton('createNewTemplate', _('Create')));
$container->addElement($newPDFContainer, true);
$container->addElement(new htmlSpacer(null, '10px'), true);
if (!empty($availableScopes)) {
$container->addElement(new htmlSubTitle(_('Create a new PDF structure')), true);
$newPDFContainer = new htmlTable();
$newScopeSelect = new htmlSelect('scope', $availableScopes);
$newScopeSelect->setHasDescriptiveElements(true);
$newScopeSelect->setWidth('15em');
$newPDFContainer->addElement($newScopeSelect);
$newPDFContainer->addElement(new htmlSpacer('10px', null));
$newPDFContainer->addElement(new htmlButton('createNewTemplate', _('Create')));
$container->addElement($newPDFContainer, true);
$container->addElement(new htmlSpacer(null, '10px'), true);
}
// existing templates
$configProfiles = getConfigProfiles();

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2007 - 2013 Roland Gruber
2007 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -69,7 +69,7 @@ if(isset($_POST['type'])) {
}
}
if (isAccountTypeHidden($_GET['type'])) {
if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']);
die();
}

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2012 Roland Gruber
Copyright (C) 2003 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -51,7 +51,7 @@ $types = $_SESSION['config']->get_ActiveTypes();
$profileClasses = array();
$profileClassesTemp = array();
for ($i = 0; $i < sizeof($types); $i++) {
if (isAccountTypeHidden($types[$i])) {
if (isAccountTypeHidden($types[$i]) || !checkIfWriteAccessIsAllowed($types[$i])) {
continue;
}
$profileClassesTemp[getTypeAlias($types[$i])] = array(
@ -152,20 +152,22 @@ if (isset($_GET['savedSuccessfully'])) {
}
// new profile
$container->addElement(new htmlSubTitle(_('Create a new profile')), true);
$sortedTypes = array();
for ($i = 0; $i < sizeof($profileClasses); $i++) {
$sortedTypes[$profileClasses[$i]['title']] = $profileClasses[$i]['scope'];
if (!empty($profileClasses)) {
$container->addElement(new htmlSubTitle(_('Create a new profile')), true);
$sortedTypes = array();
for ($i = 0; $i < sizeof($profileClasses); $i++) {
$sortedTypes[$profileClasses[$i]['title']] = $profileClasses[$i]['scope'];
}
natcasesort($sortedTypes);
$newContainer = new htmlTable();
$newProfileSelect = new htmlSelect('createProfile', $sortedTypes);
$newProfileSelect->setHasDescriptiveElements(true);
$newProfileSelect->setWidth('15em');
$newContainer->addElement($newProfileSelect);
$newContainer->addElement(new htmlSpacer('10px', null));
$newContainer->addElement(new htmlButton('createProfileButton', _('Create')), true);
$container->addElement($newContainer, true);
}
natcasesort($sortedTypes);
$newContainer = new htmlTable();
$newProfileSelect = new htmlSelect('createProfile', $sortedTypes);
$newProfileSelect->setHasDescriptiveElements(true);
$newProfileSelect->setWidth('15em');
$newContainer->addElement($newProfileSelect);
$newContainer->addElement(new htmlSpacer('10px', null));
$newContainer->addElement(new htmlButton('createProfileButton', _('Create')), true);
$container->addElement($newContainer, true);
$container->addElement(new htmlSpacer(null, '10px'), true);

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2012 Roland Gruber
Copyright (C) 2003 - 2014 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -61,7 +61,7 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];
if (isAccountTypeHidden($_GET['type'])) {
if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
die();
}