Check if full name and email edit are allowed in realm
So far it was not checked, whether it was allowed to change the full
name or the email in a configured auth realm. This could lead to errors,
if a user tried to do it anyway.
This change checks the server config, if the edit of those fields is
allowed, and if not just shows the set value instead of an input.
Change-Id: I14950fe0daf8540be27e10dfafe5b7e5f0a12ff2
diff --git a/src/main/resources/static/gr-serviceuser-detail.html b/src/main/resources/static/gr-serviceuser-detail.html
index 8d5c0f3..ac48daa 100644
--- a/src/main/resources/static/gr-serviceuser-detail.html
+++ b/src/main/resources/static/gr-serviceuser-detail.html
@@ -93,11 +93,12 @@
</section>
<section>
<span class="title">Full Name</span>
- <span class="value">
+ <span class="value" hidden$="[[!_allowFullName]]">
<input id="serviceUserFullNameInput" class="wide" bind-value="{{_newFullName}}"
is="iron-input" type="text" disabled="[[_changingPrefs]]"
placeholder$="[[_serviceUser.name]]" on-keyup="_computePrefsChanged">
</span>
+ <span class="value" hidden$="[[_allowFullName]]">[[_serviceUser.name]]</span>
</section>
<section>
<span class="title">Email Address</span>
diff --git a/src/main/resources/static/gr-serviceuser-detail.js b/src/main/resources/static/gr-serviceuser-detail.js
index 95aded2..53ec980 100644
--- a/src/main/resources/static/gr-serviceuser-detail.js
+++ b/src/main/resources/static/gr-serviceuser-detail.js
@@ -25,6 +25,7 @@
_restApi: Object,
_serviceUserId: String,
_serviceUser: Object,
+ _serverConfig: Object,
_loading: {
type: Boolean,
value: true,
@@ -49,6 +50,10 @@
type: Boolean,
value: false,
},
+ _allowFullName: {
+ type: Boolean,
+ value: false,
+ },
_allowOwner: {
type: Boolean,
value: false,
@@ -75,8 +80,10 @@
],
attached() {
- this._extractUserId();
- this._loadServiceUser();
+ this._getPermissions().then(() => {
+ this._extractUserId();
+ this._loadServiceUser();
+ });
},
_loadServiceUser() {
@@ -86,6 +93,7 @@
promises.push(this._getPluginConfig());
promises.push(this._getServiceUser());
+ promises.push(this._getServerConfig());
Promise.all(promises).then(() => {
this.$.sshEditor.loadData(this._restApi, this._serviceUser);
@@ -96,6 +104,11 @@
this._loading = false;
this._newFullName = this._serviceUser.name;
this._newEmail = this._serviceUser.email;
+ this._allowFullName = this._serverConfig.auth.editable_account_fields
+ .includes('FULL_NAME');
+ this._allowEmail = this._allowEmail &&
+ this._serverConfig.auth.editable_account_fields
+ .includes('REGISTER_NEW_EMAIL');
});
},
@@ -115,17 +128,25 @@
},
_getPluginConfig() {
- return Promise.resolve(this._getPermissions()).then(() => {
- this.plugin.restApi('/config/server/serviceuser~config/').get('')
- .then(config => {
- if (!config) {
- return;
- }
- this._allowEmail = config.allow_email || this._isAdmin;
- this._allowOwner = config.allow_owner || this._isAdmin;
- this._allowHttpPassword = config.allow_http_password
- || this._isAdmin;
- });
+ return this.plugin.restApi('/config/server/serviceuser~config/').get('')
+ .then(config => {
+ if (!config) {
+ return;
+ }
+ this._allowEmail = config.allow_email || this._isAdmin;
+ this._allowOwner = config.allow_owner || this._isAdmin;
+ this._allowHttpPassword = config.allow_http_password
+ || this._isAdmin;
+ });
+ },
+
+ _getServerConfig() {
+ return this.plugin.restApi().getConfig().then(cfg => {
+ if (!cfg) {
+ return;
+ }
+
+ this._serverConfig = cfg;
});
},
