lib/Auth lib/kolab_client_task.php
Aleksander Machniak
machniak at kolabsys.com
Tue Sep 24 13:23:09 CEST 2013
lib/Auth/LDAP.php | 3 ++-
lib/kolab_client_task.php | 16 ++++++++++++----
2 files changed, 14 insertions(+), 5 deletions(-)
New commits:
commit 48e4427ff85ac7606c3045b1b906dc87c6c8cf20
Author: Aleksander Machniak <alec at alec.pl>
Date: Tue Sep 24 13:22:31 2013 +0200
Prevent from deleting oneself (Bug #1808)
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 0ef1f26..1a0fdac 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -1111,7 +1111,8 @@ class LDAP extends Net_LDAP3 {
$entry_dn = $this->entry_dn($entry, $attributes, $base_dn);
- if (!$entry_dn) {
+ // object not found or self deletion
+ if (!$entry_dn || $entry_dn == $_SESSION['user']->user_bind_dn) {
return false;
}
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 6e3eaa0..f6e574c 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -225,6 +225,10 @@ class kolab_client_task
if (is_array($res) && !empty($res)) {
$user['language'] = $res['preferredlanguage'];
$user['fullname'] = $res['cn'];
+
+ // overwrite user id set in login request, which is user base DN,
+ // with unique attribute, which suits better to our needs
+ $user['id'] = $res['id'];
}
}
@@ -1333,10 +1337,14 @@ class kolab_client_task
if (!empty($data['id']) && in_array('delete', (array) $data['effective_rights']['entry'])) {
$id = $data['id'];
- $form->add_button(array(
- 'value' => kolab_html::escape($this->translate('button.delete')),
- 'onclick' => "kadm.{$name}_delete('{$id}')",
- ));
+
+ // disable delete for self
+ if ($id != $_SESSION['user']['id']) {
+ $form->add_button(array(
+ 'value' => kolab_html::escape($this->translate('button.delete')),
+ 'onclick' => "kadm.{$name}_delete('{$id}')",
+ ));
+ }
}
$ac_min_len = $this->config_get('autocomplete_min_length', 1, Conf::INT);
More information about the commits
mailing list