diff options
Diffstat (limited to 'install/ui/src/freeipa/field.js')
-rw-r--r-- | install/ui/src/freeipa/field.js | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js index ea22d6d06..f53c6c1d0 100644 --- a/install/ui/src/freeipa/field.js +++ b/install/ui/src/freeipa/field.js @@ -106,6 +106,16 @@ field.field = IPA.field = function(spec) { that.acl_param = spec.acl_param || that.param; /** + * Rights which determines what operation can do with this field or + * attribute. + * + * E.g., 'rscwo' - read, search, compare, write(mod-add), obliterate(mod-del) + * + * @property {string} + */ + that.acl_rights = spec.acl_rights || 'r'; + + /** * Label * @property {string} */ @@ -449,6 +459,7 @@ field.field = IPA.field = function(spec) { that.load_writable = function(record) { var writable = true; + var old = that.acl_rights; function has_write(record, param) { var rights = record.attributelevelrights[param]; @@ -466,11 +477,17 @@ field.field = IPA.field = function(spec) { } } - if (record && record.attributelevelrights && writable) { + if (record && record.attributelevelrights) { var rights = record.attributelevelrights[that.acl_param]; var write_attr = has_write(record, that.acl_param); + var all_rights = record.attributelevelrights['*']; var write_all = has_write(record, '*'); + // don't assume any value if the rights are not defined, keep the original + if (rights !== undefined || all_rights !== undefined) { + that.acl_rights = rights || all_rights || ''; + } + // Some objects in LDAP may not have proper object class set and // therefore server doesn't send proper attribute rights. Flag // 'w_if_no_aci' should be used when we want to ensure that UI @@ -480,10 +497,13 @@ field.field = IPA.field = function(spec) { var may_add_oc = !rights && write_oc && that.flags.indexOf('w_if_no_aci') > -1; // If no rights, change writable to False: - writable = write_attr || write_all || may_add_oc; + writable = writable && (write_attr || write_all || may_add_oc); } that.set_writable(writable); + if (old !== that.acl_rights) { + that.emit('acl-rights-change', { source: that, rights: that.acl_rights, old: old }); + } }; /** |