Association facets are read only in self service

This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only. Checkingi and working with the actual rights would require significantly bigger effort. https://fedorahosted.org/freeipa/ticket/1972
author: Petr Vobornik <pvoborni@redhat.com> 2011-12-12 15:52:23 +0100
committer: Endi S. Dewata <edewata@redhat.com> 2011-12-12 19:14:46 +0000
commit: 7710bfb5bdef1faa959b7f9402c2840b5ef65d7e (patch)
tree: 9e10ff0085e87e08b4627cfb57c5efa7229df4d1
parent: 433cf5b5e733732d284398749db9633d27c619d5 (diff)
download: freeipa.git-7710bfb5bdef1faa959b7f9402c2840b5ef65d7e.tar.gz
freeipa.git-7710bfb5bdef1faa959b7f9402c2840b5ef65d7e.tar.xz
freeipa.git-7710bfb5bdef1faa959b7f9402c2840b5ef65d7e.zip
1 files changed, 12 insertions, 6 deletions
diff --git a/install/ui/user.js b/install/ui/user.js
index 77fbae5b..879055ed 100644
--- a/install/ui/user.js
+++ b/install/ui/user.js
@@ -32,7 +32,8 @@ IPA.user.entity = function(spec) {
     that.init = function() {
         that.entity_init();
 
-        var link = IPA.nav.name == 'self-service' ? false : undefined;
+        var self_service = IPA.nav.name === 'self-service';
+        var link = self_service ? false : undefined;
 
         that.builder.search_facet({
             columns: [
@@ -108,31 +109,36 @@ IPA.user.entity = function(spec) {
         association_facet({
             name: 'memberof_group',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_netgroup',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_role',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_hbacrule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_sudorule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
         }).
         standard_association_facets({
             link: link
author	Petr Vobornik <pvoborni@redhat.com>	2011-12-12 15:52:23 +0100
committer	Endi S. Dewata <edewata@redhat.com>	2011-12-12 19:14:46 +0000
commit	7710bfb5bdef1faa959b7f9402c2840b5ef65d7e (patch)
tree	9e10ff0085e87e08b4627cfb57c5efa7229df4d1
parent	433cf5b5e733732d284398749db9633d27c619d5 (diff)
download	freeipa.git-7710bfb5bdef1faa959b7f9402c2840b5ef65d7e.tar.gz freeipa.git-7710bfb5bdef1faa959b7f9402c2840b5ef65d7e.tar.xz freeipa.git-7710bfb5bdef1faa959b7f9402c2840b5ef65d7e.zip