diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-04-22 15:56:45 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-23 15:36:14 -0400 |
| commit | 03b3dbd2ab588c9324400cf301aa32b251f3aa94 (patch) | |
| tree | fb8f060f6cf80dc0f8aeeb1036572d9d03115bd5 | |
| parent | 2427e7c130a47d202218818de4d33a9244879a4c (diff) | |
| download | freeipa-03b3dbd2ab588c9324400cf301aa32b251f3aa94.tar.gz freeipa-03b3dbd2ab588c9324400cf301aa32b251f3aa94.tar.xz freeipa-03b3dbd2ab588c9324400cf301aa32b251f3aa94.zip | |
Don't let a user change their own uid. Fix some related errors if they try.
440895
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/proxyprovider.py | 4 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py index 2c55a131f..90257d391 100644 --- a/ipa-server/ipa-gui/ipagui/proxyprovider.py +++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py @@ -37,14 +37,14 @@ class IPA_User(object): def __init__(self, user_name): self.user_name = user_name (principal, realm) = user_name.split('@') - self.display_name = principal self.permissions = None transport = funcs.IPAServer() client = ipa.ipaclient.IPAClient(transport) client.set_krbccache(os.environ["KRB5CCNAME"]) try: # Use memberof so we can see recursive group memberships as well. - user = client.get_user_by_principal(user_name, ['dn', 'memberof']) + user = client.get_user_by_principal(user_name, ['dn', 'uid', 'memberof']) + self.display_name = user.getValue('uid') self.groups = [] memberof = user.getValues('memberof') if memberof is None: diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py index 5baaf3fb9..f57a29734 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py @@ -453,10 +453,15 @@ class UserController(IPAController): # the edit URI. if ((not 'admins' in turbogears.identity.current.groups and not 'editors' in turbogears.identity.current.groups) and - (kw.get('uid') != turbogears.identity.current.display_name)): + (kw.get('uid_hidden') != turbogears.identity.current.display_name)): turbogears.flash("You do not have permission to update this user.") raise turbogears.redirect('/user/show', uid=kw.get('uid')) + if (kw.get('uid_hidden') == turbogears.identity.current.display_name and + kw.get('uid') != kw.get('uid_hidden')): + turbogears.flash("You cannot change your own login name.") + raise turbogears.redirect('/user/show', uid=kw.get('uid_hidden')) + # Decode the group data, in case we need to round trip user_groups_dicts = loads(b64decode(kw.get('user_groups_data'))) |