From ef77ec852a5b22f8cd2a823d207709440cf56aee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Tue, 17 Apr 2018 15:43:15 +0200
Subject: [PATCH] :ambulance: fix(webservice) Do not let webservice request set
disabled attributes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It seems deserializeValue method in Attribute was actually unused,
setValue being called directly by simplePlugin.
Now it’s used and does about the same thing as setValue, just returns an
error if the attribute is disabled.
issue #5811
---
.../attributes/class_CompositeAttribute.inc | 11 -----------
.../attributes/class_FileAttribute.inc | 17 +++++++++--------
include/simpleplugin/class_Attribute.inc | 7 ++++---
include/simpleplugin/class_simplePlugin.inc | 5 ++++-
4 files changed, 17 insertions(+), 23 deletions(-)
diff --git a/include/simpleplugin/attributes/class_CompositeAttribute.inc b/include/simpleplugin/attributes/class_CompositeAttribute.inc
index 522a14f53..6c7d080da 100644
--- a/include/simpleplugin/attributes/class_CompositeAttribute.inc
+++ b/include/simpleplugin/attributes/class_CompositeAttribute.inc
@@ -261,17 +261,6 @@ class CompositeAttribute extends Attribute
}
}
- function deserializeValue($values)
- {
- if ($this->visible) {
- foreach ($this->attributes as &$attribute) {
- $attribute->setDisabled($this->disabled);
- $attribute->deserializeValue($values);
- }
- unset($attribute);
- }
- }
-
function renderFormInput()
{
$display = "";
diff --git a/include/simpleplugin/attributes/class_FileAttribute.inc b/include/simpleplugin/attributes/class_FileAttribute.inc
index 8fad4071c..a7a2455e4 100644
--- a/include/simpleplugin/attributes/class_FileAttribute.inc
+++ b/include/simpleplugin/attributes/class_FileAttribute.inc
@@ -94,16 +94,17 @@ class FileAttribute extends Attribute
/*! \brief Apply value from RPC requests
*
- * \param array $values the values array
+ * \param mixed $value the value
*/
- function deserializeValue($values)
+ function deserializeValue($value)
{
- if (isset($values[$this->getLdapName()])) {
- if ($this->binary) {
- $this->setValue(base64_decode($values[$this->getLdapName()]));
- } else {
- $this->setValue($values[$this->getLdapName()]);
- }
+ if ($this->disabled) {
+ return sprintf(_('Attribute %s is disabled, its value could not be set'), $this->getLdapName());
+ }
+ if ($this->binary) {
+ $this->setValue(base64_decode($value));
+ } else {
+ $this->setValue($value);
}
}
}
diff --git a/include/simpleplugin/class_Attribute.inc b/include/simpleplugin/class_Attribute.inc
index 52338aa01..d4a30e506 100644
--- a/include/simpleplugin/class_Attribute.inc
+++ b/include/simpleplugin/class_Attribute.inc
@@ -635,11 +635,12 @@ class Attribute
*
* \param array $values the values array
*/
- function deserializeValue($values)
+ function deserializeValue($value)
{
- if (isset($values[$this->getLdapName()])) {
- $this->setValue($values[$this->getLdapName()]);
+ if ($this->disabled) {
+ return sprintf(_('Attribute %s is disabled, its value could not be set'), $this->getLdapName());
}
+ $this->setValue($values[$this->getLdapName()]);
}
/*! \brief Add ACL information around display
diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index cf1596c18..d95c17b62 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -1914,7 +1914,10 @@ class simplePlugin
foreach ($values as $name => $value) {
if (isset($this->attributesAccess[$name])) {
if (!$checkAcl || $this->attrIsWriteable($name)) {
- $this->attributesAccess[$name]->setValue($value);
+ $error = $this->attributesAccess[$name]->deserializeValue($value);
+ if (!empty($error)) {
+ return $error;
+ }
} else {
return msgPool::permModify($this->dn, $name);
}
--
GitLab