Skip to content

Commit 37e2ec6

Browse files
skjnldsvskjnldsv
authored
Merge pull request #60999 from nextcloud/backport/60948/stable34
[stable34] fix(user_ldap): allow editing profile fields not managed by LDAP
2 parents 7f6df7e + f4cec9a commit 37e2ec6

2 files changed

Lines changed: 44 additions & 11 deletions

File tree

apps/user_ldap/lib/User_LDAP.php

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -689,17 +689,17 @@ public function canEditProperty(string $uid, string $property): bool {
689689
return match($property) {
690690
// Display name is always set by LDAP
691691
IAccountManager::PROPERTY_DISPLAYNAME => false,
692-
IAccountManager::PROPERTY_EMAIL => ((string)$this->access->connection->ldapEmailAttribute !== ''),
693-
IAccountManager::PROPERTY_PHONE => ((string)$this->access->connection->ldapAttributePhone !== ''),
694-
IAccountManager::PROPERTY_WEBSITE => ((string)$this->access->connection->ldapAttributeWebsite !== ''),
695-
IAccountManager::PROPERTY_ADDRESS => ((string)$this->access->connection->ldapAttributeAddress !== ''),
696-
IAccountManager::PROPERTY_FEDIVERSE => ((string)$this->access->connection->ldapAttributeFediverse !== ''),
697-
IAccountManager::PROPERTY_ORGANISATION => ((string)$this->access->connection->ldapAttributeOrganisation !== ''),
698-
IAccountManager::PROPERTY_ROLE => ((string)$this->access->connection->ldapAttributeRole !== ''),
699-
IAccountManager::PROPERTY_HEADLINE => ((string)$this->access->connection->ldapAttributeHeadline !== ''),
700-
IAccountManager::PROPERTY_BIOGRAPHY => ((string)$this->access->connection->ldapAttributeBiography !== ''),
701-
IAccountManager::PROPERTY_BIRTHDATE => ((string)$this->access->connection->ldapAttributeBirthDate !== ''),
702-
IAccountManager::PROPERTY_PRONOUNS => ((string)$this->access->connection->ldapAttributePronouns !== ''),
692+
IAccountManager::PROPERTY_EMAIL => ((string)$this->access->connection->ldapEmailAttribute === ''),
693+
IAccountManager::PROPERTY_PHONE => ((string)$this->access->connection->ldapAttributePhone === ''),
694+
IAccountManager::PROPERTY_WEBSITE => ((string)$this->access->connection->ldapAttributeWebsite === ''),
695+
IAccountManager::PROPERTY_ADDRESS => ((string)$this->access->connection->ldapAttributeAddress === ''),
696+
IAccountManager::PROPERTY_FEDIVERSE => ((string)$this->access->connection->ldapAttributeFediverse === ''),
697+
IAccountManager::PROPERTY_ORGANISATION => ((string)$this->access->connection->ldapAttributeOrganisation === ''),
698+
IAccountManager::PROPERTY_ROLE => ((string)$this->access->connection->ldapAttributeRole === ''),
699+
IAccountManager::PROPERTY_HEADLINE => ((string)$this->access->connection->ldapAttributeHeadline === ''),
700+
IAccountManager::PROPERTY_BIOGRAPHY => ((string)$this->access->connection->ldapAttributeBiography === ''),
701+
IAccountManager::PROPERTY_BIRTHDATE => ((string)$this->access->connection->ldapAttributeBirthDate === ''),
702+
IAccountManager::PROPERTY_PRONOUNS => ((string)$this->access->connection->ldapAttributePronouns === ''),
703703
default => true,
704704
};
705705
}

apps/user_ldap/tests/User_LDAPTest.php

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1463,4 +1463,37 @@ public function testImplementsAction(string $configurable, string|int $value, in
14631463

14641464
$this->assertSame($expected, $this->backend->implementsActions($actionCode));
14651465
}
1466+
1467+
public static function canEditPropertyProvider(): array {
1468+
return [
1469+
// Display name is always managed by LDAP
1470+
[\OCP\Accounts\IAccountManager::PROPERTY_DISPLAYNAME, '', false],
1471+
[\OCP\Accounts\IAccountManager::PROPERTY_DISPLAYNAME, 'cn', false],
1472+
// Fields with no LDAP attribute configured are user-editable
1473+
[\OCP\Accounts\IAccountManager::PROPERTY_EMAIL, '', true],
1474+
[\OCP\Accounts\IAccountManager::PROPERTY_PHONE, '', true],
1475+
[\OCP\Accounts\IAccountManager::PROPERTY_WEBSITE, '', true],
1476+
[\OCP\Accounts\IAccountManager::PROPERTY_ADDRESS, '', true],
1477+
[\OCP\Accounts\IAccountManager::PROPERTY_FEDIVERSE, '', true],
1478+
[\OCP\Accounts\IAccountManager::PROPERTY_ORGANISATION, '', true],
1479+
[\OCP\Accounts\IAccountManager::PROPERTY_ROLE, '', true],
1480+
[\OCP\Accounts\IAccountManager::PROPERTY_HEADLINE, '', true],
1481+
[\OCP\Accounts\IAccountManager::PROPERTY_BIOGRAPHY, '', true],
1482+
[\OCP\Accounts\IAccountManager::PROPERTY_BIRTHDATE, '', true],
1483+
[\OCP\Accounts\IAccountManager::PROPERTY_PRONOUNS, '', true],
1484+
// Fields with an LDAP attribute configured are managed by LDAP, not user-editable
1485+
[\OCP\Accounts\IAccountManager::PROPERTY_EMAIL, 'mail', false],
1486+
[\OCP\Accounts\IAccountManager::PROPERTY_PHONE, 'telephoneNumber', false],
1487+
[\OCP\Accounts\IAccountManager::PROPERTY_WEBSITE, 'labeledURI', false],
1488+
];
1489+
}
1490+
1491+
#[\PHPUnit\Framework\Attributes\DataProvider(methodName: 'canEditPropertyProvider')]
1492+
public function testCanEditProperty(string $property, string $ldapAttributeValue, bool $expected): void {
1493+
$this->connection->expects($this->any())
1494+
->method('__get')
1495+
->willReturn($ldapAttributeValue);
1496+
1497+
$this->assertSame($expected, $this->backend->canEditProperty('uid', $property));
1498+
}
14661499
}

0 commit comments

Comments
 (0)