password optional

This commit is contained in:
Roland Gruber 2019-06-05 19:24:46 +02:00
parent 929b37ce40
commit ef0673decd
2 changed files with 85 additions and 58 deletions

View File

@ -2,6 +2,7 @@
- Parallel editing of multiple entries in different browser tabs supported - Parallel editing of multiple entries in different browser tabs supported
- LAM supports the progressive web app standard which allows to install LAM as an icon on home screen - LAM supports the progressive web app standard which allows to install LAM as an icon on home screen
- Windows: added home drive and force password change to profile editor - Windows: added home drive and force password change to profile editor
- Unix: password management can be disabled in module settings
- LAM Pro: - LAM Pro:
-> Bind DLZ: entry table can show record data (use special attribute "#records" in server profile) -> Bind DLZ: entry table can show record data (use special attribute "#records" in server profile)
- Fixed bugs: - Fixed bugs:

View File

@ -249,20 +249,6 @@ class posixAccount extends baseModule implements passwordService {
'values' => implode(", ", $this->getShells()), 'values' => implode(", ", $this->getShells()),
'default' => '/bin/bash' 'default' => '/bin/bash'
), ),
array(
'name' => 'posixAccount_password',
'description' => _('Password'),
'help' => 'userPassword',
'example' => _('secret')
),
array(
'name' => 'posixAccount_passwordDisabled',
'description' => _('Lock password'),
'help' => 'userPassword_lock',
'example' => 'false',
'values' => 'true, false',
'default' => 'false'
),
); );
if (self::areGroupOfNamesActive()) { if (self::areGroupOfNamesActive()) {
$return['upload_columns'][] = array( $return['upload_columns'][] = array(
@ -1098,6 +1084,7 @@ class posixAccount extends baseModule implements passwordService {
$this->attributes[$homedirAttrName][0] = $_POST['homeDirectory']; $this->attributes[$homedirAttrName][0] = $_POST['homeDirectory'];
} }
// Load attributes // Load attributes
if ($this->isPasswordManaged()) {
if (isset($_POST['lockPassword'])) { if (isset($_POST['lockPassword'])) {
$this->lock($modules); $this->lock($modules);
} }
@ -1107,6 +1094,7 @@ class posixAccount extends baseModule implements passwordService {
if (isset($_POST['removePassword'])) { if (isset($_POST['removePassword'])) {
unset($this->attributes[$this->getPasswordAttrName($modules)]); unset($this->attributes[$this->getPasswordAttrName($modules)]);
} }
}
if ($this->manageCn($modules)) { if ($this->manageCn($modules)) {
$this->processMultiValueInputTextField('cn', $errors, 'cn'); $this->processMultiValueInputTextField('cn', $errors, 'cn');
} }
@ -1712,7 +1700,9 @@ class posixAccount extends baseModule implements passwordService {
$return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true); $return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true);
} }
// password buttons // password buttons
if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->getPasswordAttrName($modules)][0])) { if (checkIfWriteAccessIsAllowed($this->get_scope())
&& isset($this->attributes[$this->getPasswordAttrName($modules)][0])
&& $this->isPasswordManaged()) {
$return->addElement(new htmlOutputText(_('Password'))); $return->addElement(new htmlOutputText(_('Password')));
$pwdContainer = new htmlTable(); $pwdContainer = new htmlTable();
if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName($modules)][0])) { if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName($modules)][0])) {
@ -2256,6 +2246,7 @@ class posixAccount extends baseModule implements passwordService {
$configUserContainer->addField(new htmlOutputText('')); $configUserContainer->addField(new htmlOutputText(''));
$configUserContainer->addVerticalSpacer('0.5rem'); $configUserContainer->addVerticalSpacer('0.5rem');
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegecos', false, _('Gecos'), null, false), 12); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegecos', false, _('Gecos'), null, false), 12);
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidepassword', false, _('Password'), null, false), 12);
$confActiveGONModules = array_merge($_SESSION['conf_config']->get_AccountModules('group'), $_SESSION['conf_config']->get_AccountModules('gon')); $confActiveGONModules = array_merge($_SESSION['conf_config']->get_AccountModules('group'), $_SESSION['conf_config']->get_AccountModules('gon'));
if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfMembers', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) { if (in_array('groupOfNames', $confActiveGONModules) || in_array('groupOfMembers', $confActiveGONModules) || in_array('groupOfUniqueNames', $confActiveGONModules)) {
$configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegon', false, _('Groups of names'), null, false), 12); $configUserContainer->add(new htmlResponsiveInputCheckbox('posixAccount_' . $typeId . '_hidegon', false, _('Groups of names'), null, false), 12);
@ -2437,6 +2428,22 @@ class posixAccount extends baseModule implements passwordService {
function get_uploadColumns($selectedModules, &$type) { function get_uploadColumns($selectedModules, &$type) {
$typeId = $type->getId(); $typeId = $type->getId();
$return = parent::get_uploadColumns($selectedModules, $type); $return = parent::get_uploadColumns($selectedModules, $type);
if ($this->isPasswordManaged($typeId)) {
$return[] = array(
'name' => 'posixAccount_password',
'description' => _('Password'),
'help' => 'userPassword',
'example' => _('secret')
);
$return[] = array(
'name' => 'posixAccount_passwordDisabled',
'description' => _('Lock password'),
'help' => 'userPassword_lock',
'example' => 'false',
'values' => 'true, false',
'default' => 'false'
);
}
if (($this->get_scope() == 'user') && $this->manageCn($selectedModules)) { if (($this->get_scope() == 'user') && $this->manageCn($selectedModules)) {
array_unshift($return, array( array_unshift($return, array(
'name' => 'posixAccount_cn', 'name' => 'posixAccount_cn',
@ -2645,14 +2652,19 @@ class posixAccount extends baseModule implements passwordService {
array_push($errMsg, array($i)); array_push($errMsg, array($i));
$errors[] = $errMsg; $errors[] = $errMsg;
} }
if ($this->isPasswordManaged($typeId)) {
$pwd_enabled = true; $pwd_enabled = true;
// password enabled/disabled // password enabled/disabled
if ($rawAccount[$ids['posixAccount_passwordDisabled']] == "") { if ($rawAccount[$ids['posixAccount_passwordDisabled']] == "") {
$pwd_enabled = true; $pwd_enabled = true;
} }
elseif (in_array($rawAccount[$ids['posixAccount_passwordDisabled']], array('true', 'false'))) { elseif (in_array($rawAccount[$ids['posixAccount_passwordDisabled']], array('true', 'false'))) {
if ($rawAccount[$ids['posixAccount_passwordDisabled']] == 'true') $pwd_enabled = false; if ($rawAccount[$ids['posixAccount_passwordDisabled']] == 'true') {
else $pwd_enabled = true; $pwd_enabled = false;
}
else {
$pwd_enabled = true;
}
} }
else { else {
$errMsg = $this->messages['passwordDisabled'][0]; $errMsg = $this->messages['passwordDisabled'][0];
@ -2685,6 +2697,7 @@ class posixAccount extends baseModule implements passwordService {
$errors[] = $errMsg; $errors[] = $errMsg;
} }
} }
}
// cn // cn
if ($this->manageCn($selectedModules)) { if ($this->manageCn($selectedModules)) {
if ($rawAccount[$ids['posixAccount_cn']] != "") { if ($rawAccount[$ids['posixAccount_cn']] != "") {
@ -3373,6 +3386,19 @@ class posixAccount extends baseModule implements passwordService {
return true; return true;
} }
/**
* Returns if the module manages the password attribute.
*
* @param string $typeId account type id
* @return boolean manages password
*/
private function isPasswordManaged($typeId = null) {
if ($typeId === null) {
$typeId = $this->getAccountContainer()->get_type()->getId();
}
return !$this->isBooleanConfigOptionSet('posixAccount_' . $typeId . '_hidepassword');
}
/** /**
* This method specifies if a module manages password attributes. * This method specifies if a module manages password attributes.
* @see passwordService::managesPasswordAttributes * @see passwordService::managesPasswordAttributes
@ -3380,7 +3406,7 @@ class posixAccount extends baseModule implements passwordService {
* @return boolean true if this module manages password attributes * @return boolean true if this module manages password attributes
*/ */
public function managesPasswordAttributes() { public function managesPasswordAttributes() {
return true; return $this->isPasswordManaged();
} }
/** /**