We have a Web UI patch in track submitted by David SpÄngberg (solarus). I'm sending it here to keep order.

https://fedorahosted.org/freeipa/ticket/2899

I ACKed and pushed it to master.

Problem description:
We use roles to determine if to show self-service or admin interface for not-admin users. We only checked for memberof_role and not memberofindirect_role. This patch adds a check for memberofindirect_role.
--
Petr Vobornik

From e82fee46327a16525c4dc0d35d1cbc541662542c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Sp=C3=A5ngberg?= <da...@tunna.org>
Date: Wed, 4 Jul 2012 10:28:43 +0200
Subject: [PATCH] Indirect roles in WebUI

Add a check in the WebUI to use the admin navigation if a user is a
indirect member of a role.
---
 install/ui/webui.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/install/ui/webui.js b/install/ui/webui.js
index 9b7c31be4c4f5edd2f3bd4bfab3559a5cb2aef4c..dbb0a852526dc6e714a2b41e8985ae66482c5dbf 100644
--- a/install/ui/webui.js
+++ b/install/ui/webui.js
@@ -151,6 +151,9 @@ $(function() {
         } else if (whoami.hasOwnProperty('memberof_role') &&
                    whoami.memberof_role.length > 0) {
             factory = IPA.admin_navigation;
+        } else if (whoami.hasOwnProperty('memberofindirect_role') &&
+                   whoami.memberofindirect_role.length > 0) {
+            factory = IPA.admin_navigation;
         } else {
             factory = IPA.self_serv_navigation;
         }
-- 
1.7.11.1

https://fedorahosted.org/freeipa/ticket/2899

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to