diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-04-22 15:56:45 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-23 15:33:57 -0400 |
| commit | f54dd1074deaf71aa74e3990b778540b5b6b1368 (patch) | |
| tree | fb8f060f6cf80dc0f8aeeb1036572d9d03115bd5 /ipa-server/ipa-gui | |
| parent | f4a752c47969f0897eccc75499d82f69e0fef53a (diff) | |
| download | freeipa-f54dd1074deaf71aa74e3990b778540b5b6b1368.tar.gz freeipa-f54dd1074deaf71aa74e3990b778540b5b6b1368.tar.xz freeipa-f54dd1074deaf71aa74e3990b778540b5b6b1368.zip | |
Don't let a user change their own uid. Fix some related errors if they try.
440895
Diffstat (limited to 'ipa-server/ipa-gui')
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/proxyprovider.py | 4 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py index 2c55a131f..90257d391 100644 --- a/ipa-server/ipa-gui/ipagui/proxyprovider.py +++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py @@ -37,14 +37,14 @@ class IPA_User(object): def __init__(self, user_name): self.user_name = user_name (principal, realm) = user_name.split('@') - self.display_name = principal self.permissions = None transport = funcs.IPAServer() client = ipa.ipaclient.IPAClient(transport) client.set_krbccache(os.environ["KRB5CCNAME"]) try: # Use memberof so we can see recursive group memberships as well. - user = client.get_user_by_principal(user_name, ['dn', 'memberof']) + user = client.get_user_by_principal(user_name, ['dn', 'uid', 'memberof']) + self.display_name = user.getValue('uid') self.groups = [] memberof = user.getValues('memberof') if memberof is None: diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py index 5baaf3fb9..f57a29734 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py @@ -453,10 +453,15 @@ class UserController(IPAController): # the edit URI. if ((not 'admins' in turbogears.identity.current.groups and not 'editors' in turbogears.identity.current.groups) and - (kw.get('uid') != turbogears.identity.current.display_name)): + (kw.get('uid_hidden') != turbogears.identity.current.display_name)): turbogears.flash("You do not have permission to update this user.") raise turbogears.redirect('/user/show', uid=kw.get('uid')) + if (kw.get('uid_hidden') == turbogears.identity.current.display_name and + kw.get('uid') != kw.get('uid_hidden')): + turbogears.flash("You cannot change your own login name.") + raise turbogears.redirect('/user/show', uid=kw.get('uid_hidden')) + # Decode the group data, in case we need to round trip user_groups_dicts = loads(b64decode(kw.get('user_groups_data'))) |