This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only.

Checking and working with the actual rights would require significantly bigger effort.


https://fedorahosted.org/freeipa/ticket/1972

--
Petr Vobornik
From 8a4d578dbc943a25c723011b683771f093375aa4 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Mon, 12 Dec 2011 15:52:23 +0100
Subject: [PATCH] Association facets are read only in self service

This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only.

Checkingi and working with the actual rights would require significantly bigger effort.

https://fedorahosted.org/freeipa/ticket/1972
---
 install/ui/user.js |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/install/ui/user.js b/install/ui/user.js
index 77fbae5bb2949f0d0b91ecaba829dd52f1290c15..879055edb70a6a3be396b4ceb7ef27806b9835ce 100644
--- a/install/ui/user.js
+++ b/install/ui/user.js
@@ -32,7 +32,8 @@ IPA.user.entity = function(spec) {
     that.init = function() {
         that.entity_init();
 
-        var link = IPA.nav.name == 'self-service' ? false : undefined;
+        var self_service = IPA.nav.name === 'self-service';
+        var link = self_service ? false : undefined;
 
         that.builder.search_facet({
             columns: [
@@ -108,31 +109,36 @@ IPA.user.entity = function(spec) {
         association_facet({
             name: 'memberof_group',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_netgroup',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_role',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_hbacrule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_sudorule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
         }).
         standard_association_facets({
             link: link
-- 
1.7.6.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to