[identities ldap] add a read-only mode, which still allow to modify roles and disabled flag
This commit is contained in:
parent
97a639f2b2
commit
b11443e10d
|
@ -31,8 +31,10 @@ class IdentityObjectUI:
|
|||
form = Form(enctype='multipart/form-data')
|
||||
form.keep_referer()
|
||||
|
||||
for field in identities.get_store_class().fields:
|
||||
field.add_to_form(form, identity = self.identity, admin = True)
|
||||
store = identities.get_store()
|
||||
if not getattr(store, 'ldap_read_only', False):
|
||||
for field in identities.get_store_class().fields:
|
||||
field.add_to_form(form, identity = self.identity, admin = True)
|
||||
|
||||
form.add(WidgetList, 'roles', title = _('Roles'), element_type = SingleSelectWidget,
|
||||
value = self.identity.roles, add_element_label = _('Add Role'),
|
||||
|
@ -40,13 +42,14 @@ class IdentityObjectUI:
|
|||
str('options'): [ (identities.ROLE_NONE, '---'),
|
||||
(identities.ROLE_ADMIN, _('Administrator'))]})
|
||||
|
||||
for account in self.identity.accounts or []:
|
||||
if len(self.identity.accounts) > 1:
|
||||
form.widgets.append(HtmlWidget(
|
||||
htmltext('<fieldset><legend>%s</legend>') % account.type()))
|
||||
PasswordAccountObjectUI(account).edit_form_ui(form)
|
||||
if len(self.identity.accounts) > 1:
|
||||
form.widgets.append(HtmlWidget(htmltext('</fieldset>')))
|
||||
if not getattr(store, 'ldap_read_only', False):
|
||||
for account in self.identity.accounts or []:
|
||||
if len(self.identity.accounts) > 1:
|
||||
form.widgets.append(HtmlWidget(
|
||||
htmltext('<fieldset><legend>%s</legend>') % account.type()))
|
||||
PasswordAccountObjectUI(account).edit_form_ui(form)
|
||||
if len(self.identity.accounts) > 1:
|
||||
form.widgets.append(HtmlWidget(htmltext('</fieldset>')))
|
||||
|
||||
form.add(CheckboxWidget, 'disabled', title = _('Disabled'),
|
||||
value = self.identity.disabled)
|
||||
|
@ -245,6 +248,7 @@ class IdentitiesDirectory(Directory):
|
|||
proxied_identity_origin_keys = {}
|
||||
|
||||
def identity_li [html] (identity):
|
||||
store = identities.get_store()
|
||||
if identity.disabled:
|
||||
'<li class="disabled">'
|
||||
else:
|
||||
|
@ -267,8 +271,9 @@ class IdentitiesDirectory(Directory):
|
|||
'<p class="commands">'
|
||||
command_icon('%s/' % urllib.quote(identity.id), 'view')
|
||||
command_icon('%s/edit' % identity.id, 'edit')
|
||||
if hasattr(identities.get_store(), str('remove')):
|
||||
command_icon('%s/delete' % identity.id, 'remove')
|
||||
if not getattr(store, str('ldap_read_only'), False):
|
||||
if hasattr(identities.get_store(), str('remove')):
|
||||
command_icon('%s/delete' % identity.id, 'remove')
|
||||
if debug_cfg.get('logger', True):
|
||||
command_icon('../logger/by_identity/%s/' % identity.id, 'logs',
|
||||
label = _('Logs'), icon = 'stock_harddisk_16.png')
|
||||
|
|
|
@ -582,7 +582,7 @@ class IdentitiesStoreLdap(BaseIdentitiesStore):
|
|||
'ldap_bind_dn', 'ldap_bind_password', 'ldap_object_class',
|
||||
'ldap_object_uid', 'ldap_object_name', 'ldap_object_email',
|
||||
'ldap_big_directory', 'ldap_published_attributes',
|
||||
'ldap_field_mapping')
|
||||
'ldap_field_mapping','ldap_read_only')
|
||||
default_field_mapping = { 'email': 'mail', 'name': 'cn' }
|
||||
|
||||
ldap_object_name = None
|
||||
|
@ -960,6 +960,9 @@ class IdentitiesStoreLdap(BaseIdentitiesStore):
|
|||
mini.resource_id = identity.resource_id
|
||||
mini.store()
|
||||
|
||||
if self.ldap_read_only:
|
||||
return False
|
||||
|
||||
# Save LDAP stored data, administrative bind, because we do not have the
|
||||
# session password. How to access session variables ? Is get_session()
|
||||
# acceptable ?
|
||||
|
@ -1067,6 +1070,8 @@ class IdentitiesStoreLdap(BaseIdentitiesStore):
|
|||
form.add(StringWidget, 'ldap_url', title = _('LDAP URL'), required = True,
|
||||
hint = htmltext(_('Example: <tt>ldap://directory.example.com</tt>')),
|
||||
value = data_source.get('ldap_url', ''))
|
||||
form.add(CheckboxWidget, 'ldap_read_only', title=_('LDAP is Read only'), required=False,
|
||||
value = data_source.get('ldap_read_only',False))
|
||||
form.add(StringWidget, 'ldap_base', title = _('LDAP Base'), required = True,
|
||||
hint = htmltext(_('Example: <tt>dc=example, dc=com</tt>')),
|
||||
value = data_source.get('ldap_base', ''))
|
||||
|
|
623
po/authentic.pot
623
po/authentic.pot
File diff suppressed because it is too large
Load Diff
Reference in New Issue