fix(webservice) Do not let webservice request set disabled attributes

It seems deserializeValue method in Attribute was actually unused, setValue being called directly by simplePlugin. Now it’s used and does about the same thing as setValue, just returns an error if the attribute is disabled. issue #5811

fix(webservice) Do not let webservice request set disabled attributes
It seems deserializeValue method in Attribute was actually unused, setValue being called directly by simplePlugin. Now it’s used and does about the same thing as setValue, just returns an error if the attribute is disabled. issue #5811
ef77ec85 · Côme Chilliet · 2cead23f · ef77ec85 · ef77ec85 · ef77ec85
Commit ef77ec85 authored 7 years ago by Côme Chilliet
Hide whitespace changes
Inline Side-by-side

Showing

with 17 additions and 23 deletions
+17 -23
--- a/include/simpleplugin/attributes/class_CompositeAttribute.inc
+++ b/include/simpleplugin/attributes/class_CompositeAttribute.inc
@@ -261,17 +261,6 @@ class CompositeAttribute extends Attribute
    }
  }

-  function deserializeValue($values)
-  {
-    if ($this->visible) {
-      foreach ($this->attributes as &$attribute) {
-        $attribute->setDisabled($this->disabled);
-        $attribute->deserializeValue($values);
-      }
-      unset($attribute);
-    }
-  }
-
  function renderFormInput()
  {
    $display = "";

--- a/include/simpleplugin/attributes/class_FileAttribute.inc
+++ b/include/simpleplugin/attributes/class_FileAttribute.inc
@@ -94,16 +94,17 @@ class FileAttribute extends Attribute

  /*! \brief Apply value from RPC requests
   *
-   *  \param array $values the values array
+   *  \param mixed $value the value
   */
-  function deserializeValue($values)
+  function deserializeValue($value)
  {
-    if (isset($values[$this->getLdapName()])) {
-      if ($this->binary) {
-        $this->setValue(base64_decode($values[$this->getLdapName()]));
-      } else {
-        $this->setValue($values[$this->getLdapName()]);
-      }
+    if ($this->disabled) {
+      return sprintf(_('Attribute %s is disabled, its value could not be set'), $this->getLdapName());
+    }
+    if ($this->binary) {
+      $this->setValue(base64_decode($value));
+    } else {
+      $this->setValue($value);
    }
  }
 }

--- a/include/simpleplugin/class_Attribute.inc
+++ b/include/simpleplugin/class_Attribute.inc
@@ -635,11 +635,12 @@ class Attribute
   *
   *  \param array $values the values array
   */
-  function deserializeValue($values)
+  function deserializeValue($value)
  {
-    if (isset($values[$this->getLdapName()])) {
-      $this->setValue($values[$this->getLdapName()]);
+    if ($this->disabled) {
+      return sprintf(_('Attribute %s is disabled, its value could not be set'), $this->getLdapName());
    }
+    $this->setValue($values[$this->getLdapName()]);
  }

  /*! \brief Add ACL information around display

--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -1914,7 +1914,10 @@ class simplePlugin
    foreach ($values as $name => $value) {
      if (isset($this->attributesAccess[$name])) {
        if (!$checkAcl || $this->attrIsWriteable($name)) {
-          $this->attributesAccess[$name]->setValue($value);
+          $error = $this->attributesAccess[$name]->deserializeValue($value);
+          if (!empty($error)) {
+            return $error;
+          }
        } else {
          return msgPool::permModify($this->dn, $name);
        }