REbased, got the links for add and removed chacked as well, and set defautl to 'rsc'
From 1d86318f0129487f55297ad754713192f7b836e8 Mon Sep 17 00:00:00 2001
From: Adam Young <ayo...@redhat.com>
Date: Fri, 5 Nov 2010 13:11:56 -0400
Subject: [PATCH] rights check
 if the field does not have a 'w' for writable in its rights, disable it.
 Merged with the HBAC/Widget changes
 add and remove links are managed via permissions now

---
 install/static/details.js            |   62 +++++++++++++++++++++++-----------
 install/static/test/details_tests.js |   58 ++++++++++++++++++++++++++++++-
 install/static/widget.js             |    2 +-
 ipalib/plugins/baseldap.py           |    2 +-
 4 files changed, 100 insertions(+), 24 deletions(-)

diff --git a/install/static/details.js b/install/static/details.js
index e69a5da..9301f31 100644
--- a/install/static/details.js
+++ b/install/static/details.js
@@ -26,6 +26,13 @@
 
 var ipa_details_cache = {};
 
+IPA.is_field_writable = function(rights){
+    if (!rights){
+        alert('no right');
+    }
+    return rights.indexOf('w') > -1;
+}
+
 function ipa_details_field(spec) {
 
     spec = spec || {};
@@ -80,34 +87,41 @@ function ipa_details_field(spec) {
         }
 
         var value = result[that.name];
+        var rights = 'rsc';
+        if (result.attributelevelrights){
+            rights = result.attributelevelrights[this.name] || rights ;
+        }
         if (value) {
             dd = ipa_create_first_dd(
-                that.name, ipa_create_input(that.entity_name, that.name, value[0],hint_span)
+                that.name,ipa_create_input(
+                    that.entity_name, that.name, value[0],hint_span,rights)
             );
             dt.after(dd);
             var last_dd = dd;
             for (var i = 1; i < value.length; ++i) {
                 dd = ipa_create_other_dd(
-                    that.name, ipa_create_input(that.entity_name, that.name, value[i],hint_span)
+                    that.name, ipa_create_input(that.entity_name, that.name,
+                                                value[i],hint_span,rights)
                 );
                 last_dd.after(dd);
                 last_dd = dd;
             }
-            if (multivalue) {
+            if (multivalue && IPA.is_field_writable(rights) ) {
                 dd = ipa_create_other_dd(
                     that.name, _ipa_a_add_template.replace('A', that.name)
                 );
                 last_dd.after(dd);
             }
         } else {
-            if (multivalue) {
+            if (multivalue  && IPA.is_field_writable(rights)) { 
                 dd = ipa_create_first_dd(
-                    that.name, _ipa_a_add_template.replace('A', that.name) /*.append(hint_span)*/
+                    that.name, _ipa_a_add_template.replace('A', that.name)
                 );
                 dt.after(dd);
             } else {
                 dd = ipa_create_first_dd(
-                    that.name, ipa_create_input(that.entity_name, that.name, '') /*.append(hint_span)*/
+                    that.name, ipa_create_input(
+                        that.entity_name, that.name,'',hint_span,rights)
                 );
                 dt.after(dd);
             }
@@ -334,7 +348,7 @@ function ipa_details_setup(container, unspecified) {
     if (facet.pkey) params.push(facet.pkey);
 
     ipa_cmd(
-        'show', params, {all: true}, on_success, on_failure, facet.entity_name
+        'show', params, {all: true, rights: true}, on_success, on_failure, facet.entity_name
     );
 }
 
@@ -473,7 +487,7 @@ function ipa_details_update(container, pkey, on_win, on_fail)
         return;
 
     var values;
-    var modlist = {'all': true, 'setattr': [], 'addattr': []};
+    var modlist = {'all': true, 'setattr': [], 'addattr': [], 'rights': true};
     var attrs_wo_option = {};
 
     var facet = ipa_entity_get_details_facet(obj_name);
@@ -599,13 +613,13 @@ var _ipa_param_type_2_handler_map = {
  * arguments:
  *   attr - LDAP attribute name
  *   value - the attributes value */
-function ipa_create_input(entity_name, attr, value,hint)
+function ipa_create_input(entity_name, attr, value,hint,rights)
 {
     var input = $("<label>",{html:value.toString()});
     var param_info = ipa_get_param_info(entity_name, attr);
     if (!param_info) {
         /* no information about the param is available, default to text input */
-        input = _ipa_create_text_input(attr, value, null);
+        input = _ipa_create_text_input(attr, value, null,rights);
         if (hint){
             input.after(hint);
         }
@@ -618,8 +632,10 @@ function ipa_create_input(entity_name, attr, value,hint)
         /* call handler by param class */
         var handler = _ipa_param_type_2_handler_map[param_info['class']];
         if (handler) {
-            input = handler(attr, value, param_info);
-            if (param_info['multivalue'] || param_info['class'] == 'List') {
+            input = handler(attr, value, param_info,rights);
+            if ((param_info['multivalue'] ||
+                 param_info['class'] == 'List') &&
+                IPA.is_field_writable(rights)){
                 input.append( _ipa_create_remove_link(attr, param_info));
             }
             if (hint){
@@ -652,7 +668,7 @@ function _ipa_create_remove_link(attr, param_info)
 
 
 /* creates a input box for editing a string attribute */
-function _ipa_create_text_input(attr, value, param_info)
+function _ipa_create_text_input(attr, value, param_info, rights)
 {
 
     function calculate_dd_index(jobj){
@@ -683,8 +699,8 @@ function _ipa_create_text_input(attr, value, param_info)
         }
     }
 
-    var input = $("<Span />");
-    input.append($("<input/>",{
+    var span = $("<Span />");
+    var input = $("<input/>",{
         type:"text",
         name:attr,
         value:value.toString(),
@@ -696,9 +712,13 @@ function _ipa_create_text_input(attr, value, param_info)
             var text = $(this).val();
             validate_input(text, param_info,error_link);
         }
+    }).appendTo(span) ;
 
-    }));
-    input.append($("<a/>",{
+    if (!IPA.is_field_writable(rights)){
+        input.attr('disabled', 'disabled');
+    }
+
+    span.append($("<a/>",{
         html:"undo",
         "class":"ui-state-highlight ui-corner-all",
         style:"display:none",
@@ -722,12 +742,12 @@ function _ipa_create_text_input(attr, value, param_info)
             validate_input(previous_value, param_info,error_link);
         }
     }));
-    input.append($("<span/>",{
+    span.append($("<span/>",{
         html:"Does not match pattern",
         "class":"ui-state-error ui-corner-all",
         style:"display:none"
     }));
-    return input;
+    return span;
 }
 
 function ipa_details_reset(container)
@@ -750,7 +770,9 @@ function _ipa_add_on_click(obj)
     var obj_name = jobj.closest('.entity-container').attr('title');
 
     var param_info = ipa_get_param_info(obj_name, '');
-    var input = _ipa_create_text_input(attr, '', param_info);
+    //TODO rights need to be inherited
+    //And used to control  presnece of the add link 
+    var input = _ipa_create_text_input(attr, '', param_info, 'rswco');
 
     par.prepend(input);
     jobj.next('input').focus();
diff --git a/install/static/test/details_tests.js b/install/static/test/details_tests.js
index 8482f6d..1dd0ddf 100644
--- a/install/static/test/details_tests.js
+++ b/install/static/test/details_tests.js
@@ -36,7 +36,7 @@ test("Testing ipa_details_section.setup().", function() {
 
     var result = {};
 
-    var section = ipa_stanza({name:'IDIDID', label:'NAMENAMENAME'}).
+    var section = ipa_details_section({name:'IDIDID', label:'NAMENAMENAME'}).
         input({name:'cn', label:'Entity Name'}).
         input({name:'description', label:'Description'}).
         input({name:'number', label:'Entity ID'});
@@ -221,7 +221,8 @@ test("Testing  _ipa_create_text_input().", function(){
 
     var name = "name";
     var value="value";
-    var input = _ipa_create_text_input(name, value);
+    var rights = 'rscwo'
+    var input = _ipa_create_text_input(name, value, null,rights);
     ok(input,"input not null");
 
     var text = input.find('input');
@@ -231,3 +232,56 @@ test("Testing  _ipa_create_text_input().", function(){
     same(text[0].value,value );
     same(text[0].type,"text" );
 });
+
+test("Testing  _ipa_create_text_input() read only .", function(){
+
+    var name = "name";
+    var value="value";
+    var rights = 'rsc'
+    var input = _ipa_create_text_input(name, value, null,rights);
+    ok(input,"input not null");
+
+    var text = input.find('input');
+    ok(text);
+
+    same(text[0].name,name );
+    same(text[0].value,value );
+    same(text[0].type,"text" );
+    ok(text[0].disabled);
+
+});
+
+
+
+
+test("Testing ipa_details_section_setup again()",function(){
+
+    var section = ipa_details_section({name: 'IDIDID', label: 'NAMENAMENAME'}).
+        input({name:'cn', label:'Entity Name'}).
+        input({name:'description', label:'Description'}).
+        input({name:'number', label:'Entity ID'});
+    var fields = section.fields;
+    var container = $("<div title='entity'/>");
+    var details = $("<div/>");
+    container.append(details);
+
+    section.setup(container, details, section);
+
+    ok(container.find('hr'),'hr');
+
+    //var h2= container.find('h2');
+    //ok(h2);
+    //ok(h2[0].innerHTML.indexOf(section.label) > 1,"find name in html");
+
+    var dl = container.find('dl');
+    ok(dl,'dl');
+    same(dl[0].children.length,6,'6 children');
+    same(dl[0].id, section.name);
+    same(dl[0].children[0].title, fields[0].name,'title matches name');
+    same(dl[0].children[0].innerHTML, fields[0].label+":",
+         'inner HTML matches label');
+    same(dl[0].children[5].title, fields[2].name,
+         'title matches fields[2] name');
+
+
+});
diff --git a/install/static/widget.js b/install/static/widget.js
index bf893e0..7396943 100755
--- a/install/static/widget.js
+++ b/install/static/widget.js
@@ -461,7 +461,7 @@ function ipa_table_widget(spec) {
         }
 
         var pkey = $.bbq.getState(that.entity_name + '-pkey', true) || '';
-        ipa_cmd('show', [pkey], {}, on_success, on_error, that.entity_name);
+        ipa_cmd('show', [pkey], {'rights': true}, on_success, on_error, that.entity_name);
     };
 
     if (spec.columns) {
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 708d1e4..9536528 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -569,7 +569,7 @@ class LDAPRetrieve(LDAPQuery):
                 rdict = {}
                 for r in rights:
                     (k,v) = r.split(':')
-                    rdict[k] = v
+                    rdict[k.strip().lower()] = v
                 entry_attrs['attributelevelrights'] = rdict
 
         for callback in self.POST_CALLBACKS:
-- 
1.7.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to