lib/Auth lib/kolab_client_task.php

Aleksander Machniak machniak at kolabsys.com
Tue Sep 24 13:23:09 CEST 2013


 lib/Auth/LDAP.php         |    3 ++-
 lib/kolab_client_task.php |   16 ++++++++++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

New commits:
commit 48e4427ff85ac7606c3045b1b906dc87c6c8cf20
Author: Aleksander Machniak <alec at alec.pl>
Date:   Tue Sep 24 13:22:31 2013 +0200

    Prevent from deleting oneself (Bug #1808)

diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 0ef1f26..1a0fdac 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -1111,7 +1111,8 @@ class LDAP extends Net_LDAP3 {
 
         $entry_dn = $this->entry_dn($entry, $attributes, $base_dn);
 
-        if (!$entry_dn) {
+        // object not found or self deletion
+        if (!$entry_dn || $entry_dn == $_SESSION['user']->user_bind_dn) {
             return false;
         }
 
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 6e3eaa0..f6e574c 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -225,6 +225,10 @@ class kolab_client_task
                         if (is_array($res) && !empty($res)) {
                             $user['language'] = $res['preferredlanguage'];
                             $user['fullname'] = $res['cn'];
+
+                            // overwrite user id set in login request, which is user base DN,
+                            // with unique attribute, which suits better to our needs
+                            $user['id'] = $res['id'];
                         }
                     }
 
@@ -1333,10 +1337,14 @@ class kolab_client_task
 
         if (!empty($data['id']) && in_array('delete', (array) $data['effective_rights']['entry'])) {
             $id = $data['id'];
-            $form->add_button(array(
-                'value'   => kolab_html::escape($this->translate('button.delete')),
-                'onclick' => "kadm.{$name}_delete('{$id}')",
-            ));
+
+            // disable delete for self
+            if ($id != $_SESSION['user']['id']) {
+                $form->add_button(array(
+                    'value'   => kolab_html::escape($this->translate('button.delete')),
+                    'onclick' => "kadm.{$name}_delete('{$id}')",
+                ));
+            }
         }
 
         $ac_min_len = $this->config_get('autocomplete_min_length', 1, Conf::INT);




More information about the commits mailing list