diff options
Diffstat (limited to 'install/ui/field.js')
-rw-r--r-- | install/ui/field.js | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/install/ui/field.js b/install/ui/field.js index c5c999e6..612c8eb5 100644 --- a/install/ui/field.js +++ b/install/ui/field.js @@ -190,7 +190,17 @@ IPA.field = function(spec) { if (record.attributelevelrights) { var rights = record.attributelevelrights[that.param]; - if (!rights || rights.indexOf('w') < 0) { + var oc_rights= record.attributelevelrights['objectclass']; + var write_oc = oc_rights && oc_rights.indexOf('w') > -1; + + // Some objects in LDAP may not have set proper object class and + // therefore server doesn't send proper attribute rights. Flag + // 'w_if_no_aci' should be used when we want to ensure that UI + // shows edit interface in such cases. Usable only when user can + // modify object classes. + // For all others, lack of rights means no write. + if ((!rights && !(that.flags.indexOf('w_if_no_aci') > -1 && write_oc)) || + (rights && rights.indexOf('w') < 0)) { that.writable = false; } } @@ -644,7 +654,10 @@ IPA.sshkeys_field = function(spec) { var that = IPA.multivalued_field(spec); - that.sshfp_attr = 'sshpubkeyfp' || spec.sshfp_attr; + // Fixes upgrade issue. When attr rights are missing due to lack of object class. + that.flags = spec.flags || ['w_if_no_aci']; + + that.sshfp_attr = spec.sshfp_attr || 'sshpubkeyfp'; that.load = function(record) { |