From c1bcefc9cc4d9cf4d7ca84863c8e5cda2ef2e1b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Wed, 21 Sep 2016 09:24:13 +0200
Subject: [PATCH] Fixes #5153 Fixed ACL checks for user locking
---
plugins/admin/users/class_userManagement.inc | 2 +-
plugins/admin/users/user-list.xml | 6 +++---
setup/class_setupStep_Migrate.inc | 8 ++++----
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/plugins/admin/users/class_userManagement.inc b/plugins/admin/users/class_userManagement.inc
index cbab10fb3..063f76183 100644
--- a/plugins/admin/users/class_userManagement.inc
+++ b/plugins/admin/users/class_userManagement.inc
@@ -139,7 +139,7 @@ class userManagement extends simpleManagement
$disallowed = array();
$dns = array();
foreach ($entry as $dn) {
- if (!preg_match('/w/', $ui->get_permissions($dn, 'user/password'))) {
+ if (!preg_match('/w/', $ui->get_permissions($dn, 'user/user', 'userPassword'))) {
$disallowed[] = $dn;
} else {
$allowed[] = $dn;
diff --git a/plugins/admin/users/user-list.xml b/plugins/admin/users/user-list.xml
index 269eb6cd6..a81fba24d 100644
--- a/plugins/admin/users/user-list.xml
+++ b/plugins/admin/users/user-list.xml
@@ -123,7 +123,7 @@
<name>lockUsers</name>
<type>entry</type>
<image>geticon.php?context=status&icon=object-locked&size=16</image>
- <acl>user/password[w]</acl>
+ <acl>user/user[userPassword:rw]</acl>
<label>Lock users</label>
</action>
@@ -131,7 +131,7 @@
<name>unlockUsers</name>
<type>entry</type>
<image>geticon.php?context=status&icon=object-unlocked&size=16</image>
- <acl>user/password[w]</acl>
+ <acl>user/user[userPassword:rw]</acl>
<label>Unlock users</label>
</action>
@@ -195,7 +195,7 @@
<type>entry</type>
<objectclass>!fdTemplate</objectclass>
<image>%{filter:lockImage(userPassword)}</image>
- <acl>user/password[w]</acl>
+ <acl>user/user[userPassword:rw]</acl>
<label>%{filter:lockLabel(userPassword)}</label>
</action>
diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc
index 3847f7518..eec385b5c 100644
--- a/setup/class_setupStep_Migrate.inc
+++ b/setup/class_setupStep_Migrate.inc
@@ -232,19 +232,19 @@ class Step_Migrate extends setupStep
'cn' => 'manager',
'description' => _('Give all rights on users in the given branch'),
'objectclass' => array('top', 'gosaRole'),
- 'gosaAclTemplate' => '0:user/password;cmdrw,user/user;cmdrw,user/posixAccount;cmdrw'
+ 'gosaAclTemplate' => '0:user/user;cmdrw,user/posixAccount;cmdrw'
),
array(
'cn' => 'editowninfos',
'description' => _('Allow users to edit their own information (main tab and posix use only on base)'),
'objectclass' => array('top', 'gosaRole'),
- 'gosaAclTemplate' => '0:user/posixAccount;srw,user/user;srw'
+ 'gosaAclTemplate' => '0:user/user;srw,user/posixAccount;srw'
),
array(
- 'cn' => 'editowninfos',
+ 'cn' => 'editownpwd',
'description' => _('Allow users to edit their own password (use only on base)'),
'objectclass' => array('top', 'gosaRole'),
- 'gosaAclTemplate' => '0:user/password;srw'
+ 'gosaAclTemplate' => '0:user/user;#userPassword;srw'
),
);
}
--
GitLab