From 7710bfb5bdef1faa959b7f9402c2840b5ef65d7e Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvoborni@redhat.com>
Date: Mon, 12 Dec 2011 15:52:23 +0100
Subject: Association facets are read only in self service

This patch works with assumption that user in self-service mode doesn't have rights for enrolling/un-enrolling himself to/from group, role, hbac rule, net group, sudo rule. He can only read the attributes. Therefore in self service mode all user association facets are set read only.

Checkingi and working with the actual rights would require significantly bigger effort.

https://fedorahosted.org/freeipa/ticket/1972
---
 install/ui/user.js | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'install/ui')

diff --git a/install/ui/user.js b/install/ui/user.js
index 77fbae5b..879055ed 100644
--- a/install/ui/user.js
+++ b/install/ui/user.js
@@ -32,7 +32,8 @@ IPA.user.entity = function(spec) {
     that.init = function() {
         that.entity_init();
 
-        var link = IPA.nav.name == 'self-service' ? false : undefined;
+        var self_service = IPA.nav.name === 'self-service';
+        var link = self_service ? false : undefined;
 
         that.builder.search_facet({
             columns: [
@@ -108,31 +109,36 @@ IPA.user.entity = function(spec) {
         association_facet({
             name: 'memberof_group',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_netgroup',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_role',
             associator: IPA.serial_associator,
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_hbacrule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
         }).
         association_facet({
             name: 'memberof_sudorule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user',
-            link: link
+            link: link,
+            read_only: self_service
         }).
         standard_association_facets({
             link: link
-- 
cgit