Hide Password Tab in administration for LDAP users (#6023)

2025-01-29 12:28:06 +01:00 · 2023-01-08 17:53:27 +04:00 · 2023-01-08 17:53:27 +04:00 · d724332dbd
commit d724332dbd
parent 27dee6363f
3 changed files with 34 additions and 5 deletions
--- a/CHANGELOG-DEV.md
+++ b/CHANGELOG-DEV.md
@ -1,9 +1,13 @@
 HumHub Changelog (DEVELOP)
 ==========================

+1.14.1 (Unreleased)
+--------------------------
+- Ehn #6017: Hide Password Tab in administration for LDAP users
+

 1.14.0 (February 28, 2023)
 --------------------------

 - Enh #4803: Added more panel styles (`panel-info` and `panel-primary`) 
- Enh #5972: Removed old vendor CSS prefixes (e.g. `-moz` or `-webkit`) 
+- Enh #5972: Removed old vendor CSS prefixes (e.g. `-moz` or `-webkit`) 
--- a/protected/humhub/modules/admin/controllers/UserController.php
+++ b/protected/humhub/modules/admin/controllers/UserController.php
@ -106,12 +106,13 @@ class UserController extends Controller
        }

        $canEditAdminFields = Yii::$app->user->isAdmin() || !$user->isSystemAdmin();
+        $canEditPassword = $canEditAdminFields && !$user->hasAuth('ldap');

        $user->scenario = 'editAdmin';
        $user->profile->scenario = Profile::SCENARIO_EDIT_ADMIN;
        $profile = $user->profile;

-        if ($canEditAdminFields) {
+        if ($canEditPassword) {
            if (!($password = PasswordEditForm::findOne(['user_id' => $user->id]))) {
                $password = new PasswordEditForm();
                $password->user_id = $user->id;
@ -171,7 +172,7 @@ class UserController extends Controller
        }

        // Change Password Form
-        if ($canEditAdminFields) {
+        if ($canEditPassword) {
            $definition['elements']['Password'] = [
                'type' => 'form',
                'title' => Yii::t('AdminModule.user', 'Password'),
@ -221,12 +222,12 @@ class UserController extends Controller
        $form = new HForm($definition);
        $form->models['User'] = $user;
        $form->models['Profile'] = $profile;
-        if ($canEditAdminFields) {
+        if ($canEditPassword) {
            $form->models['Password'] = $password;
        }

        if ($form->submitted('save') && $form->validate()) {
-            if ($canEditAdminFields) {
+            if ($canEditPassword) {
                if (!empty($password->newPassword)) {
                    $password->setPassword($password->newPassword);
                }
--- a/protected/humhub/modules/user/models/User.php
+++ b/protected/humhub/modules/user/models/User.php
@ -871,6 +871,30 @@ class User extends ContentContainerActiveRecord implements IdentityInterface, Se
        return $this->hasMany(Auth::class, ['user_id' => 'id']);
    }

+    /**
+     * Check if this user has at least one authentication or the authentication with requested type
+     *
+     * @param string|null $type
+     * @return bool
+     */
+    public function hasAuth(?string $type = null): bool
+    {
+        $auths = $this->getAuths();
+
+        if ($type === null) {
+            return $auths->exists();
+        }
+
+        foreach ($auths->all() as $auth) {
+            /* @var Auth $auth */
+            if ($auth->source === $type) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
    /**
     * Return user groups
     *