From 81ead980fb808b70d7590800518b655abe64948b Mon Sep 17 00:00:00 2001 From: Pavel Vomacka Date: Sep 29 2016 09:14:02 +0000 Subject: WebUI: hide buttons in certificate widget according to acl When user is logged in and opens details page of another user there should not be visible button for adding new certificate and also the option in action menu for deleting certificate should be grayed out. This is achieved by adding custom field for certificates widget, which is able to read ACLs from result of user-show and not from cert-find result. https://fedorahosted.org/freeipa/ticket/6341 Reviewed-By: Martin Babinsky --- diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index d8b957f..3088e22 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -1204,6 +1204,61 @@ field.sshkeys_field = IPA.sshkeys_field = function(spec) { return that; }; + +/** + * Field for certificates widget. + * - has the ObjectAdapter as default + * - by default has `w_if_no_aci` to workaround missing object class + * + * @class + * @alternateClassName IPA.certs_field + * @extends IPA.field + */ +field.certs_field = IPA.certs_field = function(spec) { + spec = spec || {}; + spec.adapter = spec.adapter || field.ObjectAdapter; + spec.flags = spec.flags || ['w_if_no_aci']; + + var that = IPA.field(spec); + + /** + * The index of record from batch command where ACLs are returned. + * Necessary for correct display 'add' and 'delete' buttons in certificate + * widget. + * + * @param {Number} acl_result_index + */ + that.acl_result_index = spec.acl_result_index; + + that.load = function(data) { + var value = that.adapter.load(data); + var parsed = util.parse(that.data_parser, value, "Parse error:"+that.name); + value = parsed.value; + if (!parsed.ok) { + window.console.warn(parsed.message); + } + + // specific part for certificates - it is necessary to read rights from + // result of user-show command not from cert-find result. + // Therefore we need to get record with different index. The correct + // index is set in acl_result_index variable, old index is stored + // and then put back. + var old_index = that.adapter.result_index; + if (that.acl_result_index !== undefined) { + that.adapter.result_index = that.acl_result_index; + } + + var record = that.adapter.get_record(data); + that.adapter.result_index = old_index; + + that.load_writable(record); + + that.set_value(value, true); + }; + + return that; +}; + /** * SSH Keys Adapter * @class @@ -1553,7 +1608,7 @@ field.register = function() { var v = reg.validator; var l = reg.adapter; - f.register('certs', field.field); + f.register('certs', field.certs_field); f.register('checkbox', field.checkbox_field); f.register('checkboxes', field.field); f.register('combobox', field.field); diff --git a/install/ui/src/freeipa/user.js b/install/ui/src/freeipa/user.js index e3eda50..7a08151 100644 --- a/install/ui/src/freeipa/user.js +++ b/install/ui/src/freeipa/user.js @@ -208,6 +208,8 @@ return { }, { $type: 'certs', + acl_param: 'usercertificate', + acl_result_index: 0, adapter: { $type: 'object_adapter', result_index: 3