diff options
-rw-r--r-- | install/ui/field.js | 17 | ||||
-rw-r--r-- | install/ui/host.js | 3 |
2 files changed, 17 insertions, 3 deletions
diff --git a/install/ui/field.js b/install/ui/field.js index c5c999e6..612c8eb5 100644 --- a/install/ui/field.js +++ b/install/ui/field.js @@ -190,7 +190,17 @@ IPA.field = function(spec) { if (record.attributelevelrights) { var rights = record.attributelevelrights[that.param]; - if (!rights || rights.indexOf('w') < 0) { + var oc_rights= record.attributelevelrights['objectclass']; + var write_oc = oc_rights && oc_rights.indexOf('w') > -1; + + // Some objects in LDAP may not have set proper object class and + // therefore server doesn't send proper attribute rights. Flag + // 'w_if_no_aci' should be used when we want to ensure that UI + // shows edit interface in such cases. Usable only when user can + // modify object classes. + // For all others, lack of rights means no write. + if ((!rights && !(that.flags.indexOf('w_if_no_aci') > -1 && write_oc)) || + (rights && rights.indexOf('w') < 0)) { that.writable = false; } } @@ -644,7 +654,10 @@ IPA.sshkeys_field = function(spec) { var that = IPA.multivalued_field(spec); - that.sshfp_attr = 'sshpubkeyfp' || spec.sshfp_attr; + // Fixes upgrade issue. When attr rights are missing due to lack of object class. + that.flags = spec.flags || ['w_if_no_aci']; + + that.sshfp_attr = spec.sshfp_attr || 'sshpubkeyfp'; that.load = function(record) { diff --git a/install/ui/host.js b/install/ui/host.js index a2b91b6b..6aff2c50 100644 --- a/install/ui/host.js +++ b/install/ui/host.js @@ -71,7 +71,8 @@ IPA.host.entity = function(spec) { }, { type: 'multivalued', - name: 'macaddress' + name: 'macaddress', + flags: ['w_if_no_aci'] } ] }, |