From 7e7fe57fc9098e81ce90f4d56b1a3154abfa6123 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Thu, 31 Jul 2014 10:14:32 +0200
Subject: webui: hide non-readable fields

hide widgets if associated field had received attribute level rights
without 'r' right.

Explicit rights are required to avoid hiding of special widgets which
are not associated with any LDAP attribute.

https://fedorahosted.org/freeipa/ticket/4402

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
---
 install/ui/src/freeipa/FieldBinder.js | 13 +++++++++++++
 install/ui/src/freeipa/field.js       | 24 ++++++++++++++++++++++--
 install/ui/src/freeipa/widget.js      | 16 ++++++++++++++++
 3 files changed, 51 insertions(+), 2 deletions(-)

(limited to 'install/ui/src')

diff --git a/install/ui/src/freeipa/FieldBinder.js b/install/ui/src/freeipa/FieldBinder.js
index ed05d2531..7ee8e5874 100644
--- a/install/ui/src/freeipa/FieldBinder.js
+++ b/install/ui/src/freeipa/FieldBinder.js
@@ -121,6 +121,7 @@ define(['dojo/_base/declare',
             this.handle(field, 'require-change', this.on_field_require_change);
             this.handle(field, 'writable-change', this.on_field_writable_change);
             this.handle(field, 'readonly-change', this.on_field_readonly_change);
+            this.handle(field, 'acl-rights-change', this.on_field_acl_rights_change);
             this.handle(field, 'reset', this.on_field_reset);
 
             this.handle(widget, 'value-change', this.on_widget_value_change);
@@ -240,6 +241,18 @@ define(['dojo/_base/declare',
             this.widget.set_read_only(event.read_only);
         },
 
+        /**
+         * Field acl rights change handler
+         * @protected
+         */
+        on_field_acl_rights_change: function(event) {
+
+            var readable= event.rights.indexOf('r') > -1;
+            if (this.widget.set_readable) {
+                this.widget.set_readable(readable);
+            }
+        },
+
         /**
          * Field reset handler
          *
diff --git a/install/ui/src/freeipa/field.js b/install/ui/src/freeipa/field.js
index ea22d6d06..f53c6c1d0 100644
--- a/install/ui/src/freeipa/field.js
+++ b/install/ui/src/freeipa/field.js
@@ -105,6 +105,16 @@ field.field = IPA.field = function(spec) {
      */
     that.acl_param = spec.acl_param || that.param;
 
+    /**
+     * Rights which determines what operation can do with this field or
+     * attribute.
+     *
+     * E.g., 'rscwo' - read, search, compare, write(mod-add), obliterate(mod-del)
+     *
+     * @property {string}
+     */
+    that.acl_rights = spec.acl_rights || 'r';
+
     /**
      * Label
      * @property {string}
@@ -449,6 +459,7 @@ field.field = IPA.field = function(spec) {
     that.load_writable = function(record) {
 
         var writable = true;
+        var old = that.acl_rights;
 
         function has_write(record, param) {
             var rights = record.attributelevelrights[param];
@@ -466,11 +477,17 @@ field.field = IPA.field = function(spec) {
             }
         }
 
-        if (record && record.attributelevelrights && writable) {
+        if (record && record.attributelevelrights) {
             var rights = record.attributelevelrights[that.acl_param];
             var write_attr = has_write(record, that.acl_param);
+            var all_rights = record.attributelevelrights['*'];
             var write_all = has_write(record, '*');
 
+            // don't assume any value if the rights are not defined, keep the original
+            if (rights !== undefined || all_rights !== undefined) {
+                that.acl_rights = rights || all_rights || '';
+            }
+
             // Some objects in LDAP may not have proper object class set and
             // therefore server doesn't send proper attribute rights. Flag
             // 'w_if_no_aci' should be used when we want to ensure that UI
@@ -480,10 +497,13 @@ field.field = IPA.field = function(spec) {
             var may_add_oc = !rights && write_oc && that.flags.indexOf('w_if_no_aci') > -1;
 
             // If no rights, change writable to False:
-            writable = write_attr || write_all || may_add_oc;
+            writable = writable && (write_attr || write_all || may_add_oc);
         }
 
         that.set_writable(writable);
+        if (old !== that.acl_rights) {
+            that.emit('acl-rights-change', { source: that, rights: that.acl_rights, old: old });
+        }
     };
 
     /**
diff --git a/install/ui/src/freeipa/widget.js b/install/ui/src/freeipa/widget.js
index d5837e7ea..252fe0208 100644
--- a/install/ui/src/freeipa/widget.js
+++ b/install/ui/src/freeipa/widget.js
@@ -406,6 +406,9 @@ IPA.input_widget = function(spec) {
      */
     that.ctor_init = function() {
         on(that, 'value-change', that.hide_if_empty);
+        on(that, 'readable-change', function() {
+            that.set_visible();
+        });
     };
 
     /**
@@ -641,9 +644,22 @@ IPA.input_widget = function(spec) {
         if (that.has_value === false && !that.is_writable() && that.hidden_if_empty) {
             visible = false;
         }
+        if (that.readable !== undefined) {
+            visible = visible && that.readable;
+        }
         return visible;
     };
 
+    that.set_readable = function(readable) {
+
+        var old = that.readable;
+        that.readable = readable;
+
+        if (old !== that.readable) {
+            that.emit('readable-change', { source: that, readable: readable });
+        }
+    };
+
     /**
      * Widget is writable
      * @return {boolean}
-- 
cgit