diff options
-rw-r--r-- | ipa-server/ipa-gui/ipagui/forms/group.py | 3 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/forms/user.py | 9 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/static/css/style.css | 4 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/group.py | 12 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 12 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/templates/usereditform.kid | 20 | ||||
-rw-r--r-- | ipa-server/xmlrpc-server/funcs.py | 9 |
7 files changed, 49 insertions, 20 deletions
diff --git a/ipa-server/ipa-gui/ipagui/forms/group.py b/ipa-server/ipa-gui/ipagui/forms/group.py index fa3a0988a..afb63073e 100644 --- a/ipa-server/ipa-gui/ipagui/forms/group.py +++ b/ipa-server/ipa-gui/ipagui/forms/group.py @@ -41,11 +41,12 @@ class GroupNewForm(widgets.Form): class GroupEditValidator(validators.Schema): - cn = validators.String(not_empty=True) + cn = validators.String(not_empty=False) gidnumber = validators.Int(not_empty=False) description = validators.String(not_empty=False) pre_validators = [ + validators.RequireIfPresent(required='cn', present='editprotected'), validators.RequireIfPresent(required='gidnumber', present='editprotected'), ] diff --git a/ipa-server/ipa-gui/ipagui/forms/user.py b/ipa-server/ipa-gui/ipagui/forms/user.py index f1bf48365..b0c4d0aa7 100644 --- a/ipa-server/ipa-gui/ipagui/forms/user.py +++ b/ipa-server/ipa-gui/ipagui/forms/user.py @@ -11,7 +11,7 @@ class UserFields(object): displayname = widgets.TextField(name="displayname", label="Display Name") initials = widgets.TextField(name="initials", label="Initials") - uid = widgets.TextField(name="uid", label="Login") + uid = widgets.TextField(name="uid", label="Login", attrs=dict(onchange="warnRDN(this.id)")) userpassword = widgets.PasswordField(name="userpassword", label="Password") userpassword_confirm = widgets.PasswordField(name="userpassword_confirm", label="Confirm Password") @@ -56,9 +56,7 @@ class UserFields(object): label="Account Status", options = [("", "active"), ("true", "inactive")]) - uid_hidden = widgets.HiddenField(name="uid") - uidnumber_hidden = widgets.HiddenField(name="uidnumber") - gidnumber_hidden = widgets.HiddenField(name="gidnumber") + uid_hidden = widgets.HiddenField(name="uid_hidden") krbPasswordExpiration_hidden = widgets.HiddenField(name="krbPasswordExpiration") editprotected_hidden = widgets.HiddenField(name="editprotected") @@ -111,11 +109,12 @@ class UserEditValidator(validators.Schema): givenname = validators.String(not_empty=True) sn = validators.String(not_empty=True) cn = validators.ForEach(validators.String(not_empty=True)) - mail = validators.Email(not_empty=True) + mail = validators.Email(not_empty=False) uidnumber = validators.Int(not_empty=False) gidnumber = validators.Int(not_empty=False) pre_validators = [ + validators.RequireIfPresent(required='uid', present='editprotected'), validators.RequireIfPresent(required='uidnumber', present='editprotected'), validators.RequireIfPresent(required='gidnumber', present='editprotected'), ] diff --git a/ipa-server/ipa-gui/ipagui/static/css/style.css b/ipa-server/ipa-gui/ipagui/static/css/style.css index 1a7cbb1fb..71db8581e 100644 --- a/ipa-server/ipa-gui/ipagui/static/css/style.css +++ b/ipa-server/ipa-gui/ipagui/static/css/style.css @@ -339,14 +339,18 @@ table.formtable td input[type="text"], input#criteria { border: 1px inset #dcdcdc; font-size: medium; padding: 2px 1px; +/* background-color: #f5faff; +*/ } table.formtable td select { border: 1px inset #dcdcdc; font-size: small; padding: 2px 1px; +/* background-color: #f5faff; +*/ } p.empty-message { diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/group.py b/ipa-server/ipa-gui/ipagui/subcontrollers/group.py index dbcc77b9a..cc2944b22 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/group.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/group.py @@ -271,14 +271,6 @@ class GroupController(IPAController): rv = client.update_group(new_group) # # If the group update succeeds, but below operations fail, we - if new_group.cn != kw.get('cn'): - group_modified = True - new_group.setValue('cn', kw['cn']) - - if group_modified: - rv = client.update_group(new_group) - # - # If the group update succeeds, but below operations fail, we # need to make sure a subsequent submit doesn't try to update # the group again. # @@ -313,7 +305,7 @@ class GroupController(IPAController): kw['dnadd'] = failed_adds group_modified = True except ipaerror.IPAError, e: - turbogears.flash("Group update failed: " + str(e) + "<br/>" + e.detail[0]['desc']) + turbogears.flash("Updating group membership failed: " + str(e) + "<br/>" + e.detail[0]['desc']) return dict(form=group_edit_form, group=kw, members=member_dicts, tg_template='ipagui.templates.groupedit') @@ -331,7 +323,7 @@ class GroupController(IPAController): kw['dndel'] = failed_dels group_modified = True except ipaerror.IPAError, e: - turbogears.flash("Group update failed: " + str(e) + "<br/>" + e.detail[0]['desc']) + turbogears.flash("Updating group membership failed: " + str(e) + "<br/>" + e.detail[0]['desc']) return dict(form=group_edit_form, group=kw, members=member_dicts, tg_template='ipagui.templates.groupedit') diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py index eda0966bb..740eb777f 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py @@ -322,6 +322,8 @@ class UserController(IPAController): if user_dict.has_key('userpassword'): del(user_dict['userpassword']) + user_dict['uid_hidden'] = user_dict.get('uid') + user_groups = client.get_groups_by_member(user.dn, ['dn', 'cn']) user_groups.sort(self.sort_by_cn) user_groups_dicts = map(lambda group: group.toDict(), user_groups) @@ -369,6 +371,15 @@ class UserController(IPAController): self.restrict_post() client = self.get_ipaclient() + if not kw.get('uid'): + kw['uid'] = kw.get('uid_hidden') + + # We don't want to inadvertantly add this to a record + try: + del kw['uid_hidden'] + except KeyError: + pass + if kw.get('submit') == 'Cancel Edit': turbogears.flash("Edit user cancelled") raise turbogears.redirect('/user/show', uid=kw.get('uid')) @@ -459,6 +470,7 @@ class UserController(IPAController): new_user.setValue('uidnumber', str(kw.get('uidnumber'))) new_user.setValue('gidnumber', str(kw.get('gidnumber'))) new_user.setValue('homedirectory', str(kw.get('homedirectory'))) + new_user.setValue('uid', str(kw.get('uid'))) for custom_field in user_edit_form.custom_fields: new_user.setValue(custom_field.name, diff --git a/ipa-server/ipa-gui/ipagui/templates/usereditform.kid b/ipa-server/ipa-gui/ipagui/templates/usereditform.kid index 88b778d8c..5bf533432 100644 --- a/ipa-server/ipa-gui/ipagui/templates/usereditform.kid +++ b/ipa-server/ipa-gui/ipagui/templates/usereditform.kid @@ -38,12 +38,14 @@ from ipagui.helpers import ipahelper function toggleProtectedFields(checkbox) { passwordField = document.getElementById('form_userpassword'); passwordConfirmField = document.getElementById('form_userpassword_confirm'); + uidField = document.getElementById('form_uid'); uidnumberField = document.getElementById('form_uidnumber'); gidnumberField = document.getElementById('form_gidnumber'); homedirectoryField = document.getElementById('form_homedirectory'); if (checkbox.checked) { passwordField.disabled = false; passwordConfirmField.disabled = false; + uidField.disabled = false; uidnumberField.disabled = false; gidnumberField.disabled = false; homedirectoryField.disabled = false; @@ -51,6 +53,7 @@ from ipagui.helpers import ipahelper } else { passwordField.disabled = true; passwordConfirmField.disabled = true; + uidField.disabled = true; uidnumberField.disabled = true; gidnumberField.disabled = true; homedirectoryField.disabled = true; @@ -58,6 +61,13 @@ from ipagui.helpers import ipahelper } } + function warnRDN() { + if (confirm("Are you sure you want to change the login name?<br/>This can have unexpected results. A password change is required.")) { + return true; + } + return false; + } + function doSearch() { $('searchresults').update("Searching..."); new Ajax.Updater('searchresults', @@ -215,13 +225,21 @@ from ipagui.helpers import ipahelper py:content="tg.errors.get('nsAccountLock')" /> </td> </tr> + <tr> <th> <label class="fieldlabel" for="${user_fields.uid.field_id}" py:content="user_fields.uid.label" />: </th> <td> - ${value_for(user_fields.uid)} + <span py:replace="user_fields.uid.display( + value_for(user_fields.uid))" /> + <span py:if="tg.errors.get('uid')" class="fielderror" + py:content="tg.errors.get('uid')" /> + + <script type="text/javascript"> + document.getElementById('form_uid').disabled = true; + </script> </td> </tr> diff --git a/ipa-server/xmlrpc-server/funcs.py b/ipa-server/xmlrpc-server/funcs.py index d247878e0..485b6e255 100644 --- a/ipa-server/xmlrpc-server/funcs.py +++ b/ipa-server/xmlrpc-server/funcs.py @@ -1216,19 +1216,22 @@ class IPAServer: try: res = conn.updateRDN(oldentry.get('dn'), "cn=" + newcn[0]) newdn = oldentry.get('dn') + newcn = newentry.get('cn') + if isinstance(newcn, str): + newcn = [newcn] # Ick. Need to find the exact cn used in the old DN so we'll # walk the list of cns and skip the obviously bad ones: for c in oldentry.get('dn').split("cn="): if c and c != "groups" and not c.startswith("accounts"): - newdn = newdn.replace("cn=%s" % c, "uid=%s" % newentry.get('cn')[0]) + newdn = newdn.replace("cn=%s" % c, "cn=%s," % newcn[0]) break # Now fix up the dns and cns so they aren't seen as having # changed. oldentry['dn'] = newdn newentry['dn'] = newdn - oldentry['cn'] = newentry['cn'] + oldentry['cn'] = newentry.get('cn') newrdn = 1 finally: self.releaseConnection(conn) @@ -1237,7 +1240,7 @@ class IPAServer: config = self.get_ipa_config(opts) # Make sure we have the latest object classes - newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipauserobjectclasses')) + newentry['objectclass'] = uniq_list(newentry.get('objectclass') + config.get('ipagroupobjectclasses')) try: rv = self.update_entry(oldentry, newentry, opts) |