From d724332dbdea84d8abd00c201e41c1e9d09aa772 Mon Sep 17 00:00:00 2001 From: Yuriy Bakhtin Date: Sun, 8 Jan 2023 17:53:27 +0400 Subject: [PATCH] Hide Password Tab in administration for LDAP users (#6023) --- CHANGELOG-DEV.md | 6 ++++- .../admin/controllers/UserController.php | 9 +++---- protected/humhub/modules/user/models/User.php | 24 +++++++++++++++++++ 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/CHANGELOG-DEV.md b/CHANGELOG-DEV.md index da43367a4d..909c643fa5 100644 --- a/CHANGELOG-DEV.md +++ b/CHANGELOG-DEV.md @@ -1,9 +1,13 @@ HumHub Changelog (DEVELOP) ========================== +1.14.1 (Unreleased) +-------------------------- +- Ehn #6017: Hide Password Tab in administration for LDAP users + 1.14.0 (February 28, 2023) -------------------------- - Enh #4803: Added more panel styles (`panel-info` and `panel-primary`) -- Enh #5972: Removed old vendor CSS prefixes (e.g. `-moz` or `-webkit`) +- Enh #5972: Removed old vendor CSS prefixes (e.g. `-moz` or `-webkit`) \ No newline at end of file diff --git a/protected/humhub/modules/admin/controllers/UserController.php b/protected/humhub/modules/admin/controllers/UserController.php index 9b3aa97393..f4ed16e51e 100644 --- a/protected/humhub/modules/admin/controllers/UserController.php +++ b/protected/humhub/modules/admin/controllers/UserController.php @@ -106,12 +106,13 @@ class UserController extends Controller } $canEditAdminFields = Yii::$app->user->isAdmin() || !$user->isSystemAdmin(); + $canEditPassword = $canEditAdminFields && !$user->hasAuth('ldap'); $user->scenario = 'editAdmin'; $user->profile->scenario = Profile::SCENARIO_EDIT_ADMIN; $profile = $user->profile; - if ($canEditAdminFields) { + if ($canEditPassword) { if (!($password = PasswordEditForm::findOne(['user_id' => $user->id]))) { $password = new PasswordEditForm(); $password->user_id = $user->id; @@ -171,7 +172,7 @@ class UserController extends Controller } // Change Password Form - if ($canEditAdminFields) { + if ($canEditPassword) { $definition['elements']['Password'] = [ 'type' => 'form', 'title' => Yii::t('AdminModule.user', 'Password'), @@ -221,12 +222,12 @@ class UserController extends Controller $form = new HForm($definition); $form->models['User'] = $user; $form->models['Profile'] = $profile; - if ($canEditAdminFields) { + if ($canEditPassword) { $form->models['Password'] = $password; } if ($form->submitted('save') && $form->validate()) { - if ($canEditAdminFields) { + if ($canEditPassword) { if (!empty($password->newPassword)) { $password->setPassword($password->newPassword); } diff --git a/protected/humhub/modules/user/models/User.php b/protected/humhub/modules/user/models/User.php index 55542c651f..ff8354067c 100644 --- a/protected/humhub/modules/user/models/User.php +++ b/protected/humhub/modules/user/models/User.php @@ -871,6 +871,30 @@ class User extends ContentContainerActiveRecord implements IdentityInterface, Se return $this->hasMany(Auth::class, ['user_id' => 'id']); } + /** + * Check if this user has at least one authentication or the authentication with requested type + * + * @param string|null $type + * @return bool + */ + public function hasAuth(?string $type = null): bool + { + $auths = $this->getAuths(); + + if ($type === null) { + return $auths->exists(); + } + + foreach ($auths->all() as $auth) { + /* @var Auth $auth */ + if ($auth->source === $type) { + return true; + } + } + + return false; + } + /** * Return user groups *