From 7b7a5218feb2b3248c18cc843955d43ff2886c45 Mon Sep 17 00:00:00 2001
From: Thibault Dockx <thibault.dockx@fusiondirectory.org>
Date: Mon, 20 Jan 2025 18:32:13 +0000
Subject: [PATCH] :sparkles: (User) - locking mechanism

Lock induces a read only for all tabs.
---
 include/simpleplugin/class_simplePlugin.inc | 13 +++++++++++++
 plugins/personal/generic/class_user.inc     | 15 +++++++++------
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index ce0481daf..ca45083d8 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -38,6 +38,8 @@ class simplePlugin implements SimpleTab
    * associative array that stores attributeLdapName => reference on object
    */
   public $attributesAccess = [];
+  // This allows children class to get readOnly automatically via static state or class-level state
+  private static bool $user_locked = FALSE;
 
   /*!
     \brief Mark plugin as account
@@ -158,6 +160,11 @@ class simplePlugin implements SimpleTab
     $this->parent  = $parent;
     $this->mainTab = $mainTab;
 
+    // This class-level state allows children to get readOnly automatically.
+    if (self::$user_locked) {
+      $this->read_only = true;
+    }
+
     try {
       $plInfo = pluglist::pluginInfos(get_class($this));
     } catch (UnknownClassException $e) {
@@ -299,6 +306,12 @@ class simplePlugin implements SimpleTab
     }
   }
 
+
+  public static function setUserLocked(bool $locked): void
+  {
+    self::$user_locked = $locked;
+  }
+
   protected function loadAttributes ()
   {
     // We load attributes values
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 8ddca7a4b..9ad6f87ff 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -45,6 +45,7 @@ class PostalAddressAttribute extends TextAreaAttribute
 
 class user extends simplePlugin
 {
+  // This is used to see if the password is locked. The "was" is better interpreted as "is" - it is historical here.
   private $was_locked;
 
   static function plInfo (): array
@@ -262,6 +263,14 @@ class user extends simplePlugin
     global $config;
     parent::__construct($dn, $object, $parent, $mainTab);
 
+    // verify if the attribute password is locked
+    $this->was_locked = $this->attributesAccess['userPassword']->isLocked();
+
+    if ($this->was_locked){
+      $this->read_only = TRUE;
+      // This will update the parent class (simplePlugin) via class-level state allowing children to get read only state.
+      self::setUserLocked(true);
+    }
 
     if ($this->is_template && !$this->initially_was_account) {
       $this->attributesAccess['userPassword']->setValue('%askme%');
@@ -274,13 +283,7 @@ class user extends simplePlugin
     $filename = './plugins/users/images/default.jpg';
     $fd       = fopen($filename, 'rb');
     $this->attributesAccess['jpegPhoto']->setPlaceholder(fread($fd, filesize($filename)));
-    $this->was_locked = $this->attributesAccess['userPassword']->isLocked();
 
-    if ($this->was_locked){
-      $this->read_only = TRUE;
-      $warning = new FusionDirectoryWarning(nl2br(htmlescape(sprintf(_("This user account is locked ! Unlock to edit first.")))));
-      $warning->display();
-    }
 
     // Do not apply automatic snap on templates nor if the DN is not yet processed (new creation from template)
     if ($this->is_template !== TRUE && $this->dn !== 'new') {
-- 
GitLab