allow to set single account types read-only
This commit is contained in:
parent
4b9c4bf535
commit
a7d3773493
|
@ -3,6 +3,7 @@ March 2014 4.5
|
||||||
- Personal: allow to set fields read-only
|
- Personal: allow to set fields read-only
|
||||||
- Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD)
|
- Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD)
|
||||||
- LAM Pro:
|
- LAM Pro:
|
||||||
|
-> Allow to set single account types read-only
|
||||||
-> Separate IP restriction list for self service
|
-> Separate IP restriction list for self service
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,7 @@ LAM - Readme
|
||||||
|
|
||||||
https://www.ldap-account-manager.org/
|
https://www.ldap-account-manager.org/
|
||||||
|
|
||||||
Copyright (C) 2003 - 2013 Roland Gruber <post@rolandgruber.de>
|
Copyright (C) 2003 - 2014 Roland Gruber <post@rolandgruber.de>
|
||||||
|
|
||||||
Installation and documentation:
|
Installation and documentation:
|
||||||
Please see the LAM manual in docs/manual/index.html.
|
Please see the LAM manual in docs/manual/index.html.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
This software is copyright (c) 2003 - 2013 by Roland Gruber
|
This software is copyright (c) 2003 - 2014 by Roland Gruber
|
||||||
|
|
||||||
If you purchased a copy of LDAP Account Manager Pro then the following
|
If you purchased a copy of LDAP Account Manager Pro then the following
|
||||||
files are licensed under the conditions which you accepted at purchase
|
files are licensed under the conditions which you accepted at purchase
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
<para><ulink
|
<para><ulink
|
||||||
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
|
url="https://www.ldap-account-manager.org/">https://www.ldap-account-manager.org/</ulink></para>
|
||||||
|
|
||||||
<para>Copyright (C) 2003 - 2013 Roland Gruber
|
<para>Copyright (C) 2003 - 2014 Roland Gruber
|
||||||
<post@rolandgruber.de></para>
|
<post@rolandgruber.de></para>
|
||||||
|
|
||||||
<para><emphasis role="bold">Key features:</emphasis></para>
|
<para><emphasis role="bold">Key features:</emphasis></para>
|
||||||
|
@ -1388,6 +1388,15 @@ Have fun!
|
||||||
users.</para>
|
users.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis role="bold">Read-only (LAM Pro only):</emphasis>
|
||||||
|
This allows to set a single account type to read-only mode.
|
||||||
|
Please note that this is a restriction on functional level (e.g.
|
||||||
|
group memberships can be changed on user page even if groups are
|
||||||
|
read-only) and is no replacement for setting up proper ACLs on
|
||||||
|
your LDAP server.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis role="bold">Custom label:</emphasis> Here you
|
<para><emphasis role="bold">Custom label:</emphasis> Here you
|
||||||
can set a custom label for the account types. Use this if the
|
can set a custom label for the account types. Use this if the
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 40 KiB After Width: | Height: | Size: 43 KiB |
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Michael Duergner
|
Copyright (C) 2003 - 2006 Michael Duergner
|
||||||
2003 - 2013 Roland Gruber
|
2003 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -171,6 +171,8 @@ $helpArray = array (
|
||||||
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
|
"Text" => _('If checked then the user will not be able to delete entries of this account type.')),
|
||||||
"264" => array ("Headline" => _('Custom label'),
|
"264" => array ("Headline" => _('Custom label'),
|
||||||
"Text" => _('Here you can overwrite the display name for this account type.')),
|
"Text" => _('Here you can overwrite the display name for this account type.')),
|
||||||
|
"265" => array ("Headline" => _('Read-only'),
|
||||||
|
"Text" => _('Sets this account type to read-only.')),
|
||||||
// 300 - 399
|
// 300 - 399
|
||||||
// profile editor, file upload
|
// profile editor, file upload
|
||||||
"301" => array ("Headline" => _("RDN identifier"),
|
"301" => array ("Headline" => _("RDN identifier"),
|
||||||
|
|
|
@ -1728,6 +1728,10 @@ class htmlInputCheckbox extends htmlElement {
|
||||||
protected $tableRowsToShow = array();
|
protected $tableRowsToShow = array();
|
||||||
/** indicates that this field should not automatically be saved in the self service or server profile */
|
/** indicates that this field should not automatically be saved in the self service or server profile */
|
||||||
private $transient = false;
|
private $transient = false;
|
||||||
|
/** list of input elements to enable when checked */
|
||||||
|
protected $elementsToEnable = array();
|
||||||
|
/** list of input elements to disable when checked */
|
||||||
|
protected $elementsToDisable = array();
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1776,7 +1780,6 @@ class htmlInputCheckbox extends htmlElement {
|
||||||
$script = '';
|
$script = '';
|
||||||
if ((sizeof($this->tableRowsToShow) > 0) || (sizeof($this->tableRowsToHide) > 0)) {
|
if ((sizeof($this->tableRowsToShow) > 0) || (sizeof($this->tableRowsToHide) > 0)) {
|
||||||
// build onChange listener
|
// build onChange listener
|
||||||
$onChange = ' onChange="';
|
|
||||||
$onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {';
|
$onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {';
|
||||||
for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) {
|
for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) {
|
||||||
$onChange .= 'jQuery(\'#' . $this->tableRowsToShow[$i] . '\').closest(\'tr\').removeClass(\'hidden\');';
|
$onChange .= 'jQuery(\'#' . $this->tableRowsToShow[$i] . '\').closest(\'tr\').removeClass(\'hidden\');';
|
||||||
|
@ -1793,7 +1796,6 @@ class htmlInputCheckbox extends htmlElement {
|
||||||
$onChange .= 'jQuery(\'#' . $this->tableRowsToHide[$i] . '\').closest(\'tr\').removeClass(\'hidden\');';
|
$onChange .= 'jQuery(\'#' . $this->tableRowsToHide[$i] . '\').closest(\'tr\').removeClass(\'hidden\');';
|
||||||
}
|
}
|
||||||
$onChange .= '};';
|
$onChange .= '};';
|
||||||
$onChange .= '"';
|
|
||||||
// build script to set initial state
|
// build script to set initial state
|
||||||
$script = '<script type="text/javascript">jQuery(document).ready(function() {';
|
$script = '<script type="text/javascript">jQuery(document).ready(function() {';
|
||||||
for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) {
|
for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) {
|
||||||
|
@ -1812,6 +1814,46 @@ class htmlInputCheckbox extends htmlElement {
|
||||||
}
|
}
|
||||||
$script .= '});</script>';
|
$script .= '});</script>';
|
||||||
}
|
}
|
||||||
|
// build Java script to enable/disable elements
|
||||||
|
if ((sizeof($this->elementsToEnable) > 0) || (sizeof($this->elementsToDisable) > 0)) {
|
||||||
|
// build onChange listener
|
||||||
|
$onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {';
|
||||||
|
for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) {
|
||||||
|
$onChange .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', false);';
|
||||||
|
}
|
||||||
|
for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) {
|
||||||
|
$onChange .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', true);';
|
||||||
|
}
|
||||||
|
$onChange .= '}';
|
||||||
|
$onChange .= 'else {';
|
||||||
|
for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) {
|
||||||
|
$onChange .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', true);';
|
||||||
|
}
|
||||||
|
for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) {
|
||||||
|
$onChange .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', false);';
|
||||||
|
}
|
||||||
|
$onChange .= '};';
|
||||||
|
// build script to set initial state
|
||||||
|
$script = '<script type="text/javascript">jQuery(document).ready(function() {';
|
||||||
|
for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) {
|
||||||
|
$classType = 'true';
|
||||||
|
if ($this->checked) {
|
||||||
|
$classType = 'false';
|
||||||
|
}
|
||||||
|
$script .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', ' . $classType . ');';
|
||||||
|
}
|
||||||
|
for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) {
|
||||||
|
$classType = 'false';
|
||||||
|
if ($this->checked) {
|
||||||
|
$classType = 'true';
|
||||||
|
}
|
||||||
|
$script .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', ' . $classType . ');';
|
||||||
|
}
|
||||||
|
$script .= '});</script>';
|
||||||
|
}
|
||||||
|
if (!empty($onChange)) {
|
||||||
|
$onChange = ' onChange="' . $onChange . '"';
|
||||||
|
}
|
||||||
echo '<input type="checkbox" id="' . $this->name . '" name="' . $this->name . '"' . $tabindexValue . $onChange . $checked . $disabled . '>';
|
echo '<input type="checkbox" id="' . $this->name . '" name="' . $this->name . '"' . $tabindexValue . $onChange . $checked . $disabled . '>';
|
||||||
echo $script;
|
echo $script;
|
||||||
if ($this->transient) {
|
if ($this->transient) {
|
||||||
|
@ -1868,6 +1910,26 @@ class htmlInputCheckbox extends htmlElement {
|
||||||
$this->transient = $transient;
|
$this->transient = $transient;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This will disable the given input elements when the checkbox is checked.
|
||||||
|
* The given IDs can be of any input element (e.g. select, checkbox, ...).
|
||||||
|
*
|
||||||
|
* @param array $elements IDs of elements to disable
|
||||||
|
*/
|
||||||
|
public function setElementsToDisable($elements) {
|
||||||
|
$this->elementsToDisable = $elements;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This will enable the given input elements when the checkbox is checked.
|
||||||
|
* The given IDs can be of any input element (e.g. select, checkbox, ...).
|
||||||
|
*
|
||||||
|
* @param array $elements IDs of elements to enable
|
||||||
|
*/
|
||||||
|
public function setElementsToEnable($elements) {
|
||||||
|
$this->elementsToEnable = $elements;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -486,7 +486,7 @@ class lamList {
|
||||||
$group->addElement($editLink);
|
$group->addElement($editLink);
|
||||||
$toolCount++;
|
$toolCount++;
|
||||||
// delete link
|
// delete link
|
||||||
if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) {
|
if (checkIfWriteAccessIsAllowed($this->type) && checkIfDeleteEntriesIsAllowed($this->type)) {
|
||||||
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
|
$deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png');
|
||||||
$deleteLink->setTitle(_("Delete"));
|
$deleteLink->setTitle(_("Delete"));
|
||||||
$group->addElement($deleteLink);
|
$group->addElement($deleteLink);
|
||||||
|
@ -539,7 +539,7 @@ class lamList {
|
||||||
protected function listDoPost() {
|
protected function listDoPost() {
|
||||||
// check if button was pressed and if we have to add/delete an account or call file upload
|
// check if button was pressed and if we have to add/delete an account or call file upload
|
||||||
if (isset($_POST['new']) || isset($_POST['del']) || isset($_POST['fileUpload'])){
|
if (isset($_POST['new']) || isset($_POST['del']) || isset($_POST['fileUpload'])){
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->type)) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
// add new account
|
// add new account
|
||||||
|
@ -748,7 +748,7 @@ class lamList {
|
||||||
$left = new htmlGroup();
|
$left = new htmlGroup();
|
||||||
// button part
|
// button part
|
||||||
$left->alignment = htmlElement::ALIGN_LEFT;
|
$left->alignment = htmlElement::ALIGN_LEFT;
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed($this->type)) {
|
||||||
// add button
|
// add button
|
||||||
if (checkIfNewEntriesAreAllowed($this->type)) {
|
if (checkIfNewEntriesAreAllowed($this->type)) {
|
||||||
$newButton = new htmlButton('new', $this->labels['newEntry']);
|
$newButton = new htmlButton('new', $this->labels['newEntry']);
|
||||||
|
|
|
@ -843,7 +843,7 @@ class accountContainer {
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
// module actions
|
// module actions
|
||||||
if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed()) {
|
if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed($this->type)) {
|
||||||
$result = call_user_func(array(&$this->module[$this->order[$this->current_page]], 'process_'.$this->subpage));
|
$result = call_user_func(array(&$this->module[$this->order[$this->current_page]], 'process_'.$this->subpage));
|
||||||
if (is_array($result)) { // messages were returned, check for errors
|
if (is_array($result)) { // messages were returned, check for errors
|
||||||
for ($i = 0; $i < sizeof($result); $i++) {
|
for ($i = 0; $i < sizeof($result); $i++) {
|
||||||
|
@ -965,7 +965,7 @@ class accountContainer {
|
||||||
}
|
}
|
||||||
echo '<div id="passwordMessageArea"></div>';
|
echo '<div id="passwordMessageArea"></div>';
|
||||||
echo "<table class=\"".$this->type."-bright\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
|
echo "<table class=\"".$this->type."-bright\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n";
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed($this->type)) {
|
||||||
echo "<tr class=\"".$this->type."-bright\"><td style=\"padding: 15px 15px 0px 15px;\">\n";
|
echo "<tr class=\"".$this->type."-bright\"><td style=\"padding: 15px 15px 0px 15px;\">\n";
|
||||||
$this->printCommonControls($tabindex);
|
$this->printCommonControls($tabindex);
|
||||||
echo "</td></tr>\n";
|
echo "</td></tr>\n";
|
||||||
|
@ -1673,7 +1673,7 @@ class accountContainer {
|
||||||
* @return array list of status messages
|
* @return array list of status messages
|
||||||
*/
|
*/
|
||||||
function save_account() {
|
function save_account() {
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->type)) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
$this->finalDN = $this->dn_orig;
|
$this->finalDN = $this->dn_orig;
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2010 - 2011 Pavel Pozdniak
|
Copyright (C) 2010 - 2011 Pavel Pozdniak
|
||||||
2010 - 2013 Roland Gruber
|
2010 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -188,7 +188,7 @@ class imapAccess extends baseModule {
|
||||||
*/
|
*/
|
||||||
function display_html_attributes() {
|
function display_html_attributes() {
|
||||||
$return = new htmlTable();
|
$return = new htmlTable();
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
$prefix = $this->getMailboxPrefix();
|
$prefix = $this->getMailboxPrefix();
|
||||||
|
@ -335,7 +335,7 @@ class imapAccess extends baseModule {
|
||||||
*/
|
*/
|
||||||
function process_attributes() {
|
function process_attributes() {
|
||||||
$errors = array();
|
$errors = array();
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
|
||||||
return $errors;
|
return $errors;
|
||||||
}
|
}
|
||||||
$prefix = $this->getMailboxPrefix();
|
$prefix = $this->getMailboxPrefix();
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2005 - 2013 Roland Gruber
|
2005 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -1672,7 +1672,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// password buttons
|
// password buttons
|
||||||
if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed() && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
|
if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) {
|
||||||
$fieldContainer->addElement(new htmlSubTitle(_('Password')), true);
|
$fieldContainer->addElement(new htmlSubTitle(_('Password')), true);
|
||||||
$pwdContainer = new htmlTable();
|
$pwdContainer = new htmlTable();
|
||||||
if (pwd_is_enabled($this->attributes['userPassword'][0])) {
|
if (pwd_is_enabled($this->attributes['userPassword'][0])) {
|
||||||
|
@ -2516,7 +2516,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
||||||
* <br> )
|
* <br> )
|
||||||
*/
|
*/
|
||||||
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
|
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
// mail sending is LAM Pro only
|
// mail sending is LAM Pro only
|
||||||
|
|
|
@ -1429,7 +1429,7 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
$return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true);
|
$return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true);
|
||||||
}
|
}
|
||||||
// password buttons
|
// password buttons
|
||||||
if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->getPasswordAttrName()][0])) {
|
if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->getPasswordAttrName()][0])) {
|
||||||
$return->addElement(new htmlOutputText(_('Password')));
|
$return->addElement(new htmlOutputText(_('Password')));
|
||||||
$pwdContainer = new htmlTable();
|
$pwdContainer = new htmlTable();
|
||||||
if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0])) {
|
if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0])) {
|
||||||
|
@ -2172,7 +2172,7 @@ class posixAccount extends baseModule implements passwordService {
|
||||||
* <br> )
|
* <br> )
|
||||||
*/
|
*/
|
||||||
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
|
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
// on first call generate list of ldap operations
|
// on first call generate list of ldap operations
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2007 - 2013 Roland Gruber
|
2007 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -201,7 +201,7 @@ class posixGroup extends baseModule implements passwordService {
|
||||||
$return->addElement(new htmlTableExtendedInputField(_('Description'), 'description', $description, 'description'), true);
|
$return->addElement(new htmlTableExtendedInputField(_('Description'), 'description', $description, 'description'), true);
|
||||||
}
|
}
|
||||||
// password buttons
|
// password buttons
|
||||||
if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->passwordAttrName][0])) {
|
if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->passwordAttrName][0])) {
|
||||||
$return->addElement(new htmlOutputText(_('Password')));
|
$return->addElement(new htmlOutputText(_('Password')));
|
||||||
$pwdContainer = new htmlTable();
|
$pwdContainer = new htmlTable();
|
||||||
if (pwd_is_enabled($this->attributes[$this->passwordAttrName][0])) {
|
if (pwd_is_enabled($this->attributes[$this->passwordAttrName][0])) {
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2013 Roland Gruber
|
Copyright (C) 2013 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -1427,7 +1427,7 @@ class windowsUser extends baseModule implements passwordService {
|
||||||
* <br> )
|
* <br> )
|
||||||
*/
|
*/
|
||||||
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
|
function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) {
|
||||||
if (!checkIfWriteAccessIsAllowed()) {
|
if (!checkIfWriteAccessIsAllowed($this->get_scope())) {
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
// on first call generate list of ldap operations
|
// on first call generate list of ldap operations
|
||||||
|
|
|
@ -236,15 +236,23 @@ function logNewMessage($level, $message) {
|
||||||
/**
|
/**
|
||||||
* Checks if write access to LDAP is allowed.
|
* Checks if write access to LDAP is allowed.
|
||||||
*
|
*
|
||||||
|
* @param String $scope account type (e.g. user)
|
||||||
* @return boolean true, if allowed
|
* @return boolean true, if allowed
|
||||||
*/
|
*/
|
||||||
function checkIfWriteAccessIsAllowed() {
|
function checkIfWriteAccessIsAllowed($scope = null) {
|
||||||
if (!isset($_SESSION['config'])) {
|
if (!isset($_SESSION['config'])) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ($_SESSION['config']->getAccessLevel() >= LAMConfig::ACCESS_ALL) {
|
if ($_SESSION['config']->getAccessLevel() >= LAMConfig::ACCESS_ALL) {
|
||||||
|
$typeSettings = $_SESSION['config']->get_typeSettings();
|
||||||
|
if ($scope == null) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
elseif (!isset($typeSettings['readOnly_' . $scope]) || !$typeSettings['readOnly_' . $scope]) {
|
||||||
|
// check if write for this type is allowed
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2008 Thomas Manninger
|
Copyright (C) 2008 Thomas Manninger
|
||||||
2009 - 2013 Roland Gruber
|
2009 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -244,7 +244,7 @@ class lamDHCPList extends lamList {
|
||||||
* @param htmlGroup $right right part
|
* @param htmlGroup $right right part
|
||||||
*/
|
*/
|
||||||
protected function addExtraInputElementsToTopArea(&$left, &$right) {
|
protected function addExtraInputElementsToTopArea(&$left, &$right) {
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed($this->type)) {
|
||||||
$left->addElement(new htmlSpacer('20px', null));
|
$left->addElement(new htmlSpacer('20px', null));
|
||||||
$dhcpButton = new htmlButton('dhcpDefaults', $this->labels['dhcpDefaults']);
|
$dhcpButton = new htmlButton('dhcpDefaults', $this->labels['dhcpDefaults']);
|
||||||
$dhcpButton->setIconClass('settingsButton');
|
$dhcpButton->setIconClass('settingsButton');
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2005 - 2013 Roland Gruber
|
Copyright (C) 2005 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -293,13 +293,13 @@ class user extends baseType {
|
||||||
}
|
}
|
||||||
$statusTable .= '</table>';
|
$statusTable .= '</table>';
|
||||||
$tipContent = $statusTable;
|
$tipContent = $statusTable;
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed('user')) {
|
||||||
$tipContent .= '<br><img alt="hint" src="../../graphics/light.png"> ';
|
$tipContent .= '<br><img alt="hint" src="../../graphics/light.png"> ';
|
||||||
$tipContent .= _('Please click to lock/unlock this account.');
|
$tipContent .= _('Please click to lock/unlock this account.');
|
||||||
}
|
}
|
||||||
$dialogDiv = $this->buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable, $windowsLocked);
|
$dialogDiv = $this->buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable, $windowsLocked);
|
||||||
$onClick = '';
|
$onClick = '';
|
||||||
if (checkIfWriteAccessIsAllowed()) {
|
if (checkIfWriteAccessIsAllowed('user')) {
|
||||||
$onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"';
|
$onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"';
|
||||||
}
|
}
|
||||||
return $dialogDiv . '<a href="#"><img id="lam_accountStatus" alt="status" ' . $onClick . ' helptitle="' . _('Account status') . '" helpdata="' . $tipContent . '" height=16 width=16 src="../../graphics/' . $icon . '"></a> ';
|
return $dialogDiv . '<a href="#"><img id="lam_accountStatus" alt="status" ' . $onClick . ' helptitle="' . _('Account status') . '" helpdata="' . $tipContent . '" height=16 width=16 src="../../graphics/' . $icon . '"></a> ';
|
||||||
|
@ -664,7 +664,7 @@ class lamUserList extends lamList {
|
||||||
* @return lamListTool[] tools
|
* @return lamListTool[] tools
|
||||||
*/
|
*/
|
||||||
protected function getAdditionalTools() {
|
protected function getAdditionalTools() {
|
||||||
if (isLAMProVersion() && checkIfPasswordChangeIsAllowed()) {
|
if (isLAMProVersion() && checkIfPasswordChangeIsAllowed() && checkIfWriteAccessIsAllowed('user')) {
|
||||||
$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php');
|
$passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php');
|
||||||
return array($passwordTool);
|
return array($passwordTool);
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2004 - 2013 Roland Gruber
|
Copyright (C) 2004 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -280,7 +280,18 @@ if (sizeof($activeTypes) > 0) {
|
||||||
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
|
if (isset($typeSettings['hidden_' . $activeTypes[$i]])) {
|
||||||
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
|
$hidden = $typeSettings['hidden_' . $activeTypes[$i]];
|
||||||
}
|
}
|
||||||
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true);
|
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'));
|
||||||
|
if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) {
|
||||||
|
$advancedOptionsContent->addElement(new htmlSpacer('20px', null));
|
||||||
|
$isReadOnly = false;
|
||||||
|
if (isset($typeSettings['readOnly_' . $activeTypes[$i]])) {
|
||||||
|
$isReadOnly = $typeSettings['readOnly_' . $activeTypes[$i]];
|
||||||
|
}
|
||||||
|
$readOnly = new htmlTableExtendedInputCheckbox('readOnly_' . $activeTypes[$i], $isReadOnly, _('Read-only'), '265');
|
||||||
|
$readOnly->setElementsToDisable(array('hideNewButton_' . $activeTypes[$i], 'hideDeleteButton_' . $activeTypes[$i]));
|
||||||
|
$advancedOptionsContent->addElement($readOnly);
|
||||||
|
}
|
||||||
|
$advancedOptionsContent->addNewLine();
|
||||||
// custom label
|
// custom label
|
||||||
$customLabel = '';
|
$customLabel = '';
|
||||||
if (isset($typeSettings['customLabel_' . $activeTypes[$i]])) {
|
if (isset($typeSettings['customLabel_' . $activeTypes[$i]])) {
|
||||||
|
@ -403,6 +414,9 @@ function checkInput() {
|
||||||
// set if deletion of entries is allowed
|
// set if deletion of entries is allowed
|
||||||
$key = "hideDeleteButton_" . $accountTypes[$i];
|
$key = "hideDeleteButton_" . $accountTypes[$i];
|
||||||
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||||
|
// set if account type is read-only
|
||||||
|
$key = "readOnly_" . $accountTypes[$i];
|
||||||
|
$typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on'));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// save input
|
// save input
|
||||||
|
|
|
@ -72,7 +72,7 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) {
|
||||||
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
|
logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) {
|
if (!checkIfDeleteEntriesIsAllowed($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
|
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
@ -142,7 +142,7 @@ elseif (isset($_POST['cancelAllOk'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_POST['delete'])) {
|
if (isset($_POST['delete'])) {
|
||||||
if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) {
|
if (!checkIfDeleteEntriesIsAllowed($_POST['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
|
logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,7 +97,7 @@ if (isAccountTypeHidden($scope)) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
if (!checkIfNewEntriesAreAllowed($scope)) {
|
if (!checkIfNewEntriesAreAllowed($scope) || !checkIfWriteAccessIsAllowed($scope)) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
|
@ -68,7 +68,7 @@ if (isAccountTypeHidden($scope)) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
if (!checkIfNewEntriesAreAllowed($scope)) {
|
if (!checkIfNewEntriesAreAllowed($scope) || !checkIfWriteAccessIsAllowed($scope)) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,8 @@ $types = $_SESSION['config']->get_ActiveTypes();
|
||||||
$count = sizeof($types);
|
$count = sizeof($types);
|
||||||
for ($i = 0; $i < $count; $i++) {
|
for ($i = 0; $i < $count; $i++) {
|
||||||
$myType = new $types[$i]();
|
$myType = new $types[$i]();
|
||||||
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) {
|
if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i])
|
||||||
|
|| !checkIfNewEntriesAreAllowed($types[$i]) || !checkIfWriteAccessIsAllowed($types[$i])) {
|
||||||
unset($types[$i]);
|
unset($types[$i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -145,7 +146,7 @@ $selectedType = array();
|
||||||
if (isset($_REQUEST['type'])) {
|
if (isset($_REQUEST['type'])) {
|
||||||
$selectedType[] = $_REQUEST['type'];
|
$selectedType[] = $_REQUEST['type'];
|
||||||
}
|
}
|
||||||
else {
|
elseif (!empty($types)) {
|
||||||
$selectedType[] = $types[0];
|
$selectedType[] = $types[0];
|
||||||
}
|
}
|
||||||
$typeSelect = new htmlTableExtendedSelect('type', $typeList, $selectedType, _("Account type"));
|
$typeSelect = new htmlTableExtendedSelect('type', $typeList, $selectedType, _("Account type"));
|
||||||
|
@ -206,7 +207,9 @@ $table->addElement($moduleGroup, true);
|
||||||
|
|
||||||
// ok button
|
// ok button
|
||||||
$table->addElement(new htmlSpacer(null, '20px'), true);
|
$table->addElement(new htmlSpacer(null, '20px'), true);
|
||||||
|
if (!empty($types)) {
|
||||||
$table->addElement(new htmlButton('submit', _('Ok')), true);
|
$table->addElement(new htmlButton('submit', _('Ok')), true);
|
||||||
|
}
|
||||||
|
|
||||||
parseHtml(null, $table, array(), false, $tabindex, 'user');
|
parseHtml(null, $table, array(), false, $tabindex, 'user');
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -164,7 +164,7 @@ function display_main($message, $error) {
|
||||||
$types = array();
|
$types = array();
|
||||||
$typeList = $_SESSION['config']->get_ActiveTypes();
|
$typeList = $_SESSION['config']->get_ActiveTypes();
|
||||||
for ($i = 0; $i < sizeof($typeList); $i++) {
|
for ($i = 0; $i < sizeof($typeList); $i++) {
|
||||||
if (isAccountTypeHidden($typeList[$i])) {
|
if (isAccountTypeHidden($typeList[$i]) || !checkIfWriteAccessIsAllowed($typeList[$i])) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$types[$typeList[$i]] = getTypeAlias($typeList[$i]);
|
$types[$typeList[$i]] = getTypeAlias($typeList[$i]);
|
||||||
|
@ -179,6 +179,8 @@ function display_main($message, $error) {
|
||||||
}
|
}
|
||||||
$options[$title] = $elements;
|
$options[$title] = $elements;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!empty($options)) {
|
||||||
// new OU
|
// new OU
|
||||||
$container->addElement(new htmlOutputText(_("New organisational unit")));
|
$container->addElement(new htmlOutputText(_("New organisational unit")));
|
||||||
$parentOUSelect = new htmlSelect('parentOU', $options, array());
|
$parentOUSelect = new htmlSelect('parentOU', $options, array());
|
||||||
|
@ -204,6 +206,7 @@ function display_main($message, $error) {
|
||||||
$container->addElement(new htmlOutputText(''));
|
$container->addElement(new htmlOutputText(''));
|
||||||
$container->addElement(new htmlButton('deleteOU', _("Ok")));
|
$container->addElement(new htmlButton('deleteOU', _("Ok")));
|
||||||
$container->addElement(new htmlHelpLink('602'), true);
|
$container->addElement(new htmlHelpLink('602'), true);
|
||||||
|
}
|
||||||
|
|
||||||
parseHtml(null, $container, array(), false, $tabindex, 'user');
|
parseHtml(null, $container, array(), false, $tabindex, 'user');
|
||||||
echo ("</form>\n");
|
echo ("</form>\n");
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Michael Duergner
|
Copyright (C) 2003 - 2006 Michael Duergner
|
||||||
2005 - 2013 Roland Gruber
|
2005 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -73,7 +73,7 @@ if(isset($_POST['createNewTemplate'])) {
|
||||||
$scopes = $_SESSION['config']->get_ActiveTypes();
|
$scopes = $_SESSION['config']->get_ActiveTypes();
|
||||||
$sortedScopes = array();
|
$sortedScopes = array();
|
||||||
for ($i = 0; $i < sizeof($scopes); $i++) {
|
for ($i = 0; $i < sizeof($scopes); $i++) {
|
||||||
if (isAccountTypeHidden($scopes[$i])) {
|
if (isAccountTypeHidden($scopes[$i]) || !checkIfWriteAccessIsAllowed($scopes[$i])) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]);
|
$sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]);
|
||||||
|
@ -171,6 +171,7 @@ include '../main_header.php';
|
||||||
}
|
}
|
||||||
|
|
||||||
// new template
|
// new template
|
||||||
|
if (!empty($availableScopes)) {
|
||||||
$container->addElement(new htmlSubTitle(_('Create a new PDF structure')), true);
|
$container->addElement(new htmlSubTitle(_('Create a new PDF structure')), true);
|
||||||
$newPDFContainer = new htmlTable();
|
$newPDFContainer = new htmlTable();
|
||||||
$newScopeSelect = new htmlSelect('scope', $availableScopes);
|
$newScopeSelect = new htmlSelect('scope', $availableScopes);
|
||||||
|
@ -181,6 +182,7 @@ include '../main_header.php';
|
||||||
$newPDFContainer->addElement(new htmlButton('createNewTemplate', _('Create')));
|
$newPDFContainer->addElement(new htmlButton('createNewTemplate', _('Create')));
|
||||||
$container->addElement($newPDFContainer, true);
|
$container->addElement($newPDFContainer, true);
|
||||||
$container->addElement(new htmlSpacer(null, '10px'), true);
|
$container->addElement(new htmlSpacer(null, '10px'), true);
|
||||||
|
}
|
||||||
|
|
||||||
// existing templates
|
// existing templates
|
||||||
$configProfiles = getConfigProfiles();
|
$configProfiles = getConfigProfiles();
|
||||||
|
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Michael Duergner
|
Copyright (C) 2003 - 2006 Michael Duergner
|
||||||
2007 - 2013 Roland Gruber
|
2007 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -69,7 +69,7 @@ if(isset($_POST['type'])) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isAccountTypeHidden($_GET['type'])) {
|
if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']);
|
logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2012 Roland Gruber
|
Copyright (C) 2003 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -51,7 +51,7 @@ $types = $_SESSION['config']->get_ActiveTypes();
|
||||||
$profileClasses = array();
|
$profileClasses = array();
|
||||||
$profileClassesTemp = array();
|
$profileClassesTemp = array();
|
||||||
for ($i = 0; $i < sizeof($types); $i++) {
|
for ($i = 0; $i < sizeof($types); $i++) {
|
||||||
if (isAccountTypeHidden($types[$i])) {
|
if (isAccountTypeHidden($types[$i]) || !checkIfWriteAccessIsAllowed($types[$i])) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$profileClassesTemp[getTypeAlias($types[$i])] = array(
|
$profileClassesTemp[getTypeAlias($types[$i])] = array(
|
||||||
|
@ -152,6 +152,7 @@ if (isset($_GET['savedSuccessfully'])) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// new profile
|
// new profile
|
||||||
|
if (!empty($profileClasses)) {
|
||||||
$container->addElement(new htmlSubTitle(_('Create a new profile')), true);
|
$container->addElement(new htmlSubTitle(_('Create a new profile')), true);
|
||||||
$sortedTypes = array();
|
$sortedTypes = array();
|
||||||
for ($i = 0; $i < sizeof($profileClasses); $i++) {
|
for ($i = 0; $i < sizeof($profileClasses); $i++) {
|
||||||
|
@ -166,6 +167,7 @@ $newContainer->addElement($newProfileSelect);
|
||||||
$newContainer->addElement(new htmlSpacer('10px', null));
|
$newContainer->addElement(new htmlSpacer('10px', null));
|
||||||
$newContainer->addElement(new htmlButton('createProfileButton', _('Create')), true);
|
$newContainer->addElement(new htmlButton('createProfileButton', _('Create')), true);
|
||||||
$container->addElement($newContainer, true);
|
$container->addElement($newContainer, true);
|
||||||
|
}
|
||||||
|
|
||||||
$container->addElement(new htmlSpacer(null, '10px'), true);
|
$container->addElement(new htmlSpacer(null, '10px'), true);
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
$Id$
|
$Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2012 Roland Gruber
|
Copyright (C) 2003 - 2014 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
@ -61,7 +61,7 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) {
|
||||||
if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
|
if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname'];
|
||||||
if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];
|
if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype'];
|
||||||
|
|
||||||
if (isAccountTypeHidden($_GET['type'])) {
|
if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) {
|
||||||
logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
|
logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']);
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue