3:47 p.m.
New subject: [PATCH] BZ859998 disable certain fields from editing if in ldap mode
From: Tzu-Mainn Chen <tzumainn(a)redhat.com>
---
src/app/controllers/users_controller.rb | 1 +
src/app/models/user.rb | 9 +++++++++
src/app/views/users/_form.html.haml | 12 ++++++------
src/config/locales/en.yml | 1 +
4 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/app/controllers/users_controller.rb
b/src/app/controllers/users_controller.rb
index d26028d..4a2868f 100644
--- a/src/app/controllers/users_controller.rb
+++ b/src/app/controllers/users_controller.rb
@@ -97,6 +97,7 @@ class UsersController < ApplicationController
@user = params[:id] ? User.find(params[:id]) : current_user
require_privilege(Privilege::MODIFY, User) unless @user == current_user
@title = t'users.edit.edit_user'
+ @ldap_user = (SETTINGS_CONFIG[:auth][:strategy] == "ldap")
end
def update
diff --git a/src/app/models/user.rb b/src/app/models/user.rb
index e8bee26..ee7ba1f 100644
--- a/src/app/models/user.rb
+++ b/src/app/models/user.rb
@@ -77,6 +77,8 @@ class User < ActiveRecord::Base
before_validation :strip_whitespace
after_save :update_entity
+ validate :validate_ldap_changes, :if => Proc.new {|user|
+ !user.new_record? && SETTINGS_CONFIG[:auth][:strategy] == "ldap"}
validates_presence_of :quota
validates_length_of :first_name, :maximum => 255, :allow_blank => true
validates_length_of :last_name, :maximum => 255, :allow_blank => true
@@ -185,6 +187,13 @@ class User < ActiveRecord::Base
end
end
+ def validate_ldap_changes
+ if self.first_name_changed? || self.last_name_changed? || self.email_changed? ||
+ self.username_changed? || self.crypted_password_changed? then
+ errors.add(:base, I18n.t("users.errors.cannot_edit_ldap_user"))
+ end
+ end
+
def encrypt_password
self.crypted_password = Password::update(password) unless password.blank?
end
diff --git a/src/app/views/users/_form.html.haml b/src/app/views/users/_form.html.haml
index 859d920..abbb89a 100644
--- a/src/app/views/users/_form.html.haml
+++ b/src/app/views/users/_form.html.haml
@@ -5,28 +5,28 @@
.field
= form.label :first_name
.input
- = form.text_field :first_name, :class =>"check_change"
+ = form.text_field :first_name, :class =>"check_change", :disabled
=> @ldap_user
.field
= form.label :last_name
.input
- = form.text_field :last_name, :class =>"check_change"
+ = form.text_field :last_name, :class =>"check_change", :disabled =>
@ldap_user
.field
= form.label :email, t(:email), :required => true
.input
- = form.text_field :email, :class =>"check_change"
+ = form.text_field :email, :class =>"check_change", :disabled =>
@ldap_user
%fieldset
.field
= form.label :username, t(:choose_name), :required => true
.input
- = form.text_field :username, :class => "check_change"
+ = form.text_field :username, :class => "check_change", :disabled =>
@ldap_user
.field
= form.label :password, form.object.new_record? ? t(:choose_password) :
t(:change_password), :required => form.object.new_record?
.input
- = form.password_field :password
+ = form.password_field :password, :disabled => @ldap_user
.field
= form.label :password_confirmation, t(:confirm_password), :required =>
form.object.new_record?
.input
- = form.password_field :password_confirmation
+ = form.password_field :password_confirmation, :disabled => @ldap_user
- if check_privilege(Privilege::MODIFY, User)
%fieldset
diff --git a/src/config/locales/en.yml b/src/config/locales/en.yml
index cd43c3b..df75c38 100644
--- a/src/config/locales/en.yml
+++ b/src/config/locales/en.yml
@@ -153,6 +153,7 @@ en:
name_starts_with_B: "Name starts with B"
errors:
has_running_instances: '%{username} has running instances'
+ cannot_edit_ldap_user: Cannot edit LDAP user
user_groups:
groups: "User Groups"
local: Local
--
1.7.6.5
5:12 p.m.
New subject: [PATCH] BZ859998 disable certain fields from editing if in ldap mode
On Mon, Oct 01, 2012 at 04:47:38PM -0400, tzumainn(a)redhat.com wrote:
From: Tzu-Mainn Chen <tzumainn(a)redhat.com>
---
src/app/controllers/users_controller.rb | 1 +
src/app/models/user.rb | 9 +++++++++
src/app/views/users/_form.html.haml | 12 ++++++------
src/config/locales/en.yml | 1 +
4 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/src/app/controllers/users_controller.rb
b/src/app/controllers/users_controller.rb
index d26028d..4a2868f 100644
--- a/src/app/controllers/users_controller.rb
+++ b/src/app/controllers/users_controller.rb
@@ -97,6 +97,7 @@ class UsersController < ApplicationController
@user = params[:id] ? User.find(params[:id]) : current_user
require_privilege(Privilege::MODIFY, User) unless @user == current_user
@title = t'users.edit.edit_user'
+ @ldap_user = (SETTINGS_CONFIG[:auth][:strategy] == "ldap")
end
def update
diff --git a/src/app/models/user.rb b/src/app/models/user.rb
index e8bee26..ee7ba1f 100644
--- a/src/app/models/user.rb
+++ b/src/app/models/user.rb
@@ -77,6 +77,8 @@ class User < ActiveRecord::Base
before_validation :strip_whitespace
after_save :update_entity
+ validate :validate_ldap_changes, :if => Proc.new {|user|
+ !user.new_record? && SETTINGS_CONFIG[:auth][:strategy] == "ldap"}
validates_presence_of :quota
validates_length_of :first_name, :maximum => 255, :allow_blank => true
validates_length_of :last_name, :maximum => 255, :allow_blank => true
@@ -185,6 +187,13 @@ class User < ActiveRecord::Base
end
end
+ def validate_ldap_changes
+ if self.first_name_changed? || self.last_name_changed? || self.email_changed? ||
+ self.username_changed? || self.crypted_password_changed? then
+ errors.add(:base, I18n.t("users.errors.cannot_edit_ldap_user"))
+ end
+ end
+
def encrypt_password
self.crypted_password = Password::update(password) unless password.blank?
end
diff --git a/src/app/views/users/_form.html.haml b/src/app/views/users/_form.html.haml
index 859d920..abbb89a 100644
--- a/src/app/views/users/_form.html.haml
+++ b/src/app/views/users/_form.html.haml
@@ -5,28 +5,28 @@
.field
= form.label :first_name
.input
- = form.text_field :first_name, :class =>"check_change"
+ = form.text_field :first_name, :class =>"check_change", :disabled
=> @ldap_user
.field
= form.label :last_name
.input
- = form.text_field :last_name, :class =>"check_change"
+ = form.text_field :last_name, :class =>"check_change", :disabled
=> @ldap_user
.field
= form.label :email, t(:email), :required => true
.input
- = form.text_field :email, :class =>"check_change"
+ = form.text_field :email, :class =>"check_change", :disabled =>
@ldap_user
%fieldset
.field
= form.label :username, t(:choose_name), :required => true
.input
- = form.text_field :username, :class => "check_change"
+ = form.text_field :username, :class => "check_change", :disabled
=> @ldap_user
.field
= form.label :password, form.object.new_record? ? t(:choose_password) :
t(:change_password), :required => form.object.new_record?
.input
- = form.password_field :password
+ = form.password_field :password, :disabled => @ldap_user
.field
= form.label :password_confirmation, t(:confirm_password), :required =>
form.object.new_record?
.input
- = form.password_field :password_confirmation
+ = form.password_field :password_confirmation, :disabled => @ldap_user
- if check_privilege(Privilege::MODIFY, User)
%fieldset
diff --git a/src/config/locales/en.yml b/src/config/locales/en.yml
index cd43c3b..df75c38 100644
--- a/src/config/locales/en.yml
+++ b/src/config/locales/en.yml
@@ -153,6 +153,7 @@ en:
name_starts_with_B: "Name starts with B"
errors:
has_running_instances: '%{username} has running instances'
+ cannot_edit_ldap_user: Cannot edit LDAP user
user_groups:
groups: "User Groups"
local: Local
--
1.7.6.5
I'm afraid I have to head out for the night without being able to dig
into this fully, but I'm seeing some test failures when I have LDAP
enabled:
Failing Scenarios:
cucumber features/authentication.feature:37 # Scenario: Change user
login to one with invalid length
cucumber features/user.feature:11 # Scenario: Change the password
cucumber features/user.feature:89 # Scenario: Edit existing user
cucumber features/user_group.feature:25 # Scenario: Delete user groups
The last one looks to fail on master in that case as well.
I would dive a bit deeper and try to see what's going on, but
unfortunately I've got head out for the night.
-- Matt
6:01 p.m.
New subject: [PATCH] BZ859998 disable certain fields from editing if in ldap mode
Ah, no, it's my fault - I forgot to run the cucumber tests, only the spec tests.
I'll take a look a re-send tomorrow.
Mainn
----- Original Message -----
From: "Matt Wagner" <matt.wagner(a)redhat.com>
To: tzumainn(a)redhat.com
Cc: aeolus-devel(a)lists.fedorahosted.org
Sent: Monday, October 1, 2012 6:12:18 PM
Subject: Re: [PATCH] BZ859998 disable certain fields from editing if in ldap mode
On Mon, Oct 01, 2012 at 04:47:38PM -0400, tzumainn(a)redhat.com wrote:
> From: Tzu-Mainn Chen <tzumainn(a)redhat.com>
>
> ---
> src/app/controllers/users_controller.rb | 1 +
> src/app/models/user.rb | 9 +++++++++
> src/app/views/users/_form.html.haml | 12 ++++++------
> src/config/locales/en.yml | 1 +
> 4 files changed, 17 insertions(+), 6 deletions(-)
>
> diff --git a/src/app/controllers/users_controller.rb
> b/src/app/controllers/users_controller.rb
> index d26028d..4a2868f 100644
> --- a/src/app/controllers/users_controller.rb
> +++ b/src/app/controllers/users_controller.rb
> @@ -97,6 +97,7 @@ class UsersController < ApplicationController
> @user = params[:id] ? User.find(params[:id]) : current_user
> require_privilege(Privilege::MODIFY, User) unless @user ==
> current_user
> @title = t'users.edit.edit_user'
> + @ldap_user = (SETTINGS_CONFIG[:auth][:strategy] == "ldap")
> end
>
> def update
> diff --git a/src/app/models/user.rb b/src/app/models/user.rb
> index e8bee26..ee7ba1f 100644
> --- a/src/app/models/user.rb
> +++ b/src/app/models/user.rb
> @@ -77,6 +77,8 @@ class User < ActiveRecord::Base
> before_validation :strip_whitespace
> after_save :update_entity
>
> + validate :validate_ldap_changes, :if => Proc.new {|user|
> + !user.new_record? && SETTINGS_CONFIG[:auth][:strategy] ==
> "ldap"}
> validates_presence_of :quota
> validates_length_of :first_name, :maximum => 255, :allow_blank
> => true
> validates_length_of :last_name, :maximum => 255, :allow_blank
> => true
> @@ -185,6 +187,13 @@ class User < ActiveRecord::Base
> end
> end
>
> + def validate_ldap_changes
> + if self.first_name_changed? || self.last_name_changed? ||
> self.email_changed? ||
> + self.username_changed? || self.crypted_password_changed?
> then
> + errors.add(:base,
> I18n.t("users.errors.cannot_edit_ldap_user"))
> + end
> + end
> +
> def encrypt_password
> self.crypted_password = Password::update(password) unless
> password.blank?
> end
> diff --git a/src/app/views/users/_form.html.haml
> b/src/app/views/users/_form.html.haml
> index 859d920..abbb89a 100644
> --- a/src/app/views/users/_form.html.haml
> +++ b/src/app/views/users/_form.html.haml
> @@ -5,28 +5,28 @@
> .field
> = form.label :first_name
> .input
> - = form.text_field :first_name, :class =>"check_change"
> + = form.text_field :first_name, :class =>"check_change",
> :disabled => @ldap_user
> .field
> = form.label :last_name
> .input
> - = form.text_field :last_name, :class =>"check_change"
> + = form.text_field :last_name, :class =>"check_change",
> :disabled => @ldap_user
> .field
> = form.label :email, t(:email), :required => true
> .input
> - = form.text_field :email, :class =>"check_change"
> + = form.text_field :email, :class =>"check_change", :disabled
> => @ldap_user
> %fieldset
> .field
> = form.label :username, t(:choose_name), :required => true
> .input
> - = form.text_field :username, :class => "check_change"
> + = form.text_field :username, :class => "check_change",
> :disabled => @ldap_user
> .field
> = form.label :password, form.object.new_record? ?
> t(:choose_password) : t(:change_password), :required =>
> form.object.new_record?
> .input
> - = form.password_field :password
> + = form.password_field :password, :disabled => @ldap_user
> .field
> = form.label :password_confirmation, t(:confirm_password),
> :required => form.object.new_record?
> .input
> - = form.password_field :password_confirmation
> + = form.password_field :password_confirmation, :disabled =>
> @ldap_user
>
> - if check_privilege(Privilege::MODIFY, User)
> %fieldset
> diff --git a/src/config/locales/en.yml b/src/config/locales/en.yml
> index cd43c3b..df75c38 100644
> --- a/src/config/locales/en.yml
> +++ b/src/config/locales/en.yml
> @@ -153,6 +153,7 @@ en:
> name_starts_with_B: "Name starts with B"
> errors:
> has_running_instances: '%{username} has running instances'
> + cannot_edit_ldap_user: Cannot edit LDAP user
> user_groups:
> groups: "User Groups"
> local: Local
> --
> 1.7.6.5
I'm afraid I have to head out for the night without being able to dig
into this fully, but I'm seeing some test failures when I have LDAP
enabled:
Failing Scenarios:
cucumber features/authentication.feature:37 # Scenario: Change user
login to one with invalid length
cucumber features/user.feature:11 # Scenario: Change the password
cucumber features/user.feature:89 # Scenario: Edit existing user
cucumber features/user_group.feature:25 # Scenario: Delete user
groups
The last one looks to fail on master in that case as well.
I would dive a bit deeper and try to see what's going on, but
unfortunately I've got head out for the night.
-- Matt
6:36 p.m.
New subject: [PATCH] BZ859998 disable certain fields from editing if in ldap mode
Hm, nevermind - I was pretty sure that I had run both sets of tests, and after re-running
the cucumber tests - they all pass for me. I guess we'll see what's up tomorrow.
Mainn
----- Original Message -----
From: "Tzu-Mainn Chen" <tzumainn(a)redhat.com>
To: "Matt Wagner" <matt.wagner(a)redhat.com>
Cc: aeolus-devel(a)lists.fedorahosted.org
Sent: Monday, October 1, 2012 7:01:34 PM
Subject: Re: [PATCH] BZ859998 disable certain fields from editing if in ldap mode
Ah, no, it's my fault - I forgot to run the cucumber tests, only the
spec tests. I'll take a look a re-send tomorrow.
Mainn
----- Original Message -----
> From: "Matt Wagner" <matt.wagner(a)redhat.com>
> To: tzumainn(a)redhat.com
> Cc: aeolus-devel(a)lists.fedorahosted.org
> Sent: Monday, October 1, 2012 6:12:18 PM
> Subject: Re: [PATCH] BZ859998 disable certain fields from editing
> if in ldap mode
>
> On Mon, Oct 01, 2012 at 04:47:38PM -0400, tzumainn(a)redhat.com
> wrote:
> > From: Tzu-Mainn Chen <tzumainn(a)redhat.com>
> >
> > ---
> > src/app/controllers/users_controller.rb | 1 +
> > src/app/models/user.rb | 9 +++++++++
> > src/app/views/users/_form.html.haml | 12 ++++++------
> > src/config/locales/en.yml | 1 +
> > 4 files changed, 17 insertions(+), 6 deletions(-)
> >
> > diff --git a/src/app/controllers/users_controller.rb
> > b/src/app/controllers/users_controller.rb
> > index d26028d..4a2868f 100644
> > --- a/src/app/controllers/users_controller.rb
> > +++ b/src/app/controllers/users_controller.rb
> > @@ -97,6 +97,7 @@ class UsersController < ApplicationController
> > @user = params[:id] ? User.find(params[:id]) : current_user
> > require_privilege(Privilege::MODIFY, User) unless @user ==
> > current_user
> > @title = t'users.edit.edit_user'
> > + @ldap_user = (SETTINGS_CONFIG[:auth][:strategy] == "ldap")
> > end
> >
> > def update
> > diff --git a/src/app/models/user.rb b/src/app/models/user.rb
> > index e8bee26..ee7ba1f 100644
> > --- a/src/app/models/user.rb
> > +++ b/src/app/models/user.rb
> > @@ -77,6 +77,8 @@ class User < ActiveRecord::Base
> > before_validation :strip_whitespace
> > after_save :update_entity
> >
> > + validate :validate_ldap_changes, :if => Proc.new {|user|
> > + !user.new_record? && SETTINGS_CONFIG[:auth][:strate
gy] ==
> > "ldap"}
> > validates_presence_of :quota
> > validates_length_of :first_name, :maximum => 255, :allow_blank
> > => true
> > validates_length_of :last_name, :maximum => 255, :allow_blank
> > => true
> > @@ -185,6 +187,13 @@ class User < ActiveRecord::Base
> > end
> > end
> >
> > + def validate_ldap_changes
> > + if self.first_name_changed? || self.last_name_changed? ||
> > self.email_changed? ||
> > + self.username_changed? || self.crypted_password_changed?
> > then
> > + errors.add(:base,
> > I18n.t("users.errors.cannot_edit_ldap_user"))
> > + end
> > + end
> > +
> > def encrypt_password
> > self.crypted_password = Password::update(password) unless
> > password.blank?
> > end
> > diff --git a/src/app/views/users/_form.html.haml
> > b/src/app/views/users/_form.html.haml
> > index 859d920..abbb89a 100644
> > --- a/src/app/views/users/_form.html.haml
> > +++ b/src/app/views/users/_form.html.haml
> > @@ -5,28 +5,28 @@
> > .field
> > = form.label :first_name
> > .input
> > - = form.text_field :first_name, :class =>"check_change"
> > + = form.text_field :first_name, :class =>"check_change",
> > :disabled => @ldap_user
> > .field
> > = form.label :last_name
> > .input
> > - = form.text_field :last_name, :class =>"check_change"
> > + = form.text_field :last_name, :class =>"check_change",
> > :disabled => @ldap_user
> > .field
> > = form.label :email, t(:email), :required => true
> > .input
> > - = form.text_field :email, :class =>"check_change"
> > + = form.text_field :email, :class =>"check_change",
> > :disabled
> > => @ldap_user
> > %fieldset
> > .field
> > = form.label :username, t(:choose_name), :required => true
> > .input
> > - = form.text_field :username, :class => "check_change"
> > + = form.text_field :username, :class => "check_change",
> > :disabled => @ldap_user
> > .field
> > = form.label :password, form.object.new_record? ?
> > t(:choose_password) : t(:change_password), :required =>
> > form.object.new_record?
> > .input
> > - = form.password_field :password
> > + = form.password_field :password, :disabled => @ldap_user
> > .field
> > = form.label :password_confirmation, t(:confirm_password),
> > :required => form.object.new_record?
> > .input
> > - = form.password_field :password_confirmation
> > + = form.password_field :password_confirmation, :disabled =>
> > @ldap_user
> >
> > - if check_privilege(Privilege::MODIFY, User)
> > %fieldset
> > diff --git a/src/config/locales/en.yml
> > b/src/config/locales/en.yml
> > index cd43c3b..df75c38 100644
> > --- a/src/config/locales/en.yml
> > +++ b/src/config/locales/en.yml
> > @@ -153,6 +153,7 @@ en:
> > name_starts_with_B: "Name starts with B"
> > errors:
> > has_running_instances: '%{username} has running instances'
> > + cannot_edit_ldap_user: Cannot edit LDAP user
> > user_groups:
> > groups: "User Groups"
> > local: Local
> > --
> > 1.7.6.5
>
> I'm afraid I have to head out for the night without being able to
> dig
> into this fully, but I'm seeing some test failures when I have LDAP
> enabled:
>
> Failing Scenarios:
> cucumber features/authentication.feature:37 # Scenario: Change user
> login to one with invalid length
> cucumber features/user.feature:11 # Scenario: Change the password
> cucumber features/user.feature:89 # Scenario: Edit existing user
> cucumber features/user_group.feature:25 # Scenario: Delete user
> groups
>
> The last one looks to fail on master in that case as well.
>
> I would dive a bit deeper and try to see what's going on, but
> unfortunately I've got head out for the night.
>
> -- Matt
>
4234
days inactive
4234
days old
aeolus-devel@lists.fedorahosted.org
4 comments
2 participants
participants (2)
-
Matt Wagner -
Tzu-Mainn Chen