Skip to content

Commit 08c92e8

Browse files
skjnldsvskjnldsv
authored
Merge pull request #60948 from nextcloud/fix/ldap-profile-field-editing
fix(user_ldap): allow editing profile fields not managed by LDAP
2 parents cbac607 + bbf05d3 commit 08c92e8

2 files changed

Lines changed: 44 additions & 11 deletions

File tree

apps/user_ldap/lib/User_LDAP.php

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -690,17 +690,17 @@ public function canEditProperty(string $uid, string $property): bool {
690690
return match($property) {
691691
// Display name is always set by LDAP
692692
IAccountManager::PROPERTY_DISPLAYNAME => false,
693-
IAccountManager::PROPERTY_EMAIL => ((string)$this->access->connection->ldapEmailAttribute !== ''),
694-
IAccountManager::PROPERTY_PHONE => ((string)$this->access->connection->ldapAttributePhone !== ''),
695-
IAccountManager::PROPERTY_WEBSITE => ((string)$this->access->connection->ldapAttributeWebsite !== ''),
696-
IAccountManager::PROPERTY_ADDRESS => ((string)$this->access->connection->ldapAttributeAddress !== ''),
697-
IAccountManager::PROPERTY_FEDIVERSE => ((string)$this->access->connection->ldapAttributeFediverse !== ''),
698-
IAccountManager::PROPERTY_ORGANISATION => ((string)$this->access->connection->ldapAttributeOrganisation !== ''),
699-
IAccountManager::PROPERTY_ROLE => ((string)$this->access->connection->ldapAttributeRole !== ''),
700-
IAccountManager::PROPERTY_HEADLINE => ((string)$this->access->connection->ldapAttributeHeadline !== ''),
701-
IAccountManager::PROPERTY_BIOGRAPHY => ((string)$this->access->connection->ldapAttributeBiography !== ''),
702-
IAccountManager::PROPERTY_BIRTHDATE => ((string)$this->access->connection->ldapAttributeBirthDate !== ''),
703-
IAccountManager::PROPERTY_PRONOUNS => ((string)$this->access->connection->ldapAttributePronouns !== ''),
693+
IAccountManager::PROPERTY_EMAIL => ((string)$this->access->connection->ldapEmailAttribute === ''),
694+
IAccountManager::PROPERTY_PHONE => ((string)$this->access->connection->ldapAttributePhone === ''),
695+
IAccountManager::PROPERTY_WEBSITE => ((string)$this->access->connection->ldapAttributeWebsite === ''),
696+
IAccountManager::PROPERTY_ADDRESS => ((string)$this->access->connection->ldapAttributeAddress === ''),
697+
IAccountManager::PROPERTY_FEDIVERSE => ((string)$this->access->connection->ldapAttributeFediverse === ''),
698+
IAccountManager::PROPERTY_ORGANISATION => ((string)$this->access->connection->ldapAttributeOrganisation === ''),
699+
IAccountManager::PROPERTY_ROLE => ((string)$this->access->connection->ldapAttributeRole === ''),
700+
IAccountManager::PROPERTY_HEADLINE => ((string)$this->access->connection->ldapAttributeHeadline === ''),
701+
IAccountManager::PROPERTY_BIOGRAPHY => ((string)$this->access->connection->ldapAttributeBiography === ''),
702+
IAccountManager::PROPERTY_BIRTHDATE => ((string)$this->access->connection->ldapAttributeBirthDate === ''),
703+
IAccountManager::PROPERTY_PRONOUNS => ((string)$this->access->connection->ldapAttributePronouns === ''),
704704
default => true,
705705
};
706706
}

apps/user_ldap/tests/User_LDAPTest.php

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1460,4 +1460,37 @@ public function testImplementsAction(string $configurable, string|int $value, in
14601460

14611461
$this->assertSame($expected, $this->backend->implementsActions($actionCode));
14621462
}
1463+
1464+
public static function canEditPropertyProvider(): array {
1465+
return [
1466+
// Display name is always managed by LDAP
1467+
[\OCP\Accounts\IAccountManager::PROPERTY_DISPLAYNAME, '', false],
1468+
[\OCP\Accounts\IAccountManager::PROPERTY_DISPLAYNAME, 'cn', false],
1469+
// Fields with no LDAP attribute configured are user-editable
1470+
[\OCP\Accounts\IAccountManager::PROPERTY_EMAIL, '', true],
1471+
[\OCP\Accounts\IAccountManager::PROPERTY_PHONE, '', true],
1472+
[\OCP\Accounts\IAccountManager::PROPERTY_WEBSITE, '', true],
1473+
[\OCP\Accounts\IAccountManager::PROPERTY_ADDRESS, '', true],
1474+
[\OCP\Accounts\IAccountManager::PROPERTY_FEDIVERSE, '', true],
1475+
[\OCP\Accounts\IAccountManager::PROPERTY_ORGANISATION, '', true],
1476+
[\OCP\Accounts\IAccountManager::PROPERTY_ROLE, '', true],
1477+
[\OCP\Accounts\IAccountManager::PROPERTY_HEADLINE, '', true],
1478+
[\OCP\Accounts\IAccountManager::PROPERTY_BIOGRAPHY, '', true],
1479+
[\OCP\Accounts\IAccountManager::PROPERTY_BIRTHDATE, '', true],
1480+
[\OCP\Accounts\IAccountManager::PROPERTY_PRONOUNS, '', true],
1481+
// Fields with an LDAP attribute configured are managed by LDAP, not user-editable
1482+
[\OCP\Accounts\IAccountManager::PROPERTY_EMAIL, 'mail', false],
1483+
[\OCP\Accounts\IAccountManager::PROPERTY_PHONE, 'telephoneNumber', false],
1484+
[\OCP\Accounts\IAccountManager::PROPERTY_WEBSITE, 'labeledURI', false],
1485+
];
1486+
}
1487+
1488+
#[\PHPUnit\Framework\Attributes\DataProvider(methodName: 'canEditPropertyProvider')]
1489+
public function testCanEditProperty(string $property, string $ldapAttributeValue, bool $expected): void {
1490+
$this->connection->expects($this->any())
1491+
->method('__get')
1492+
->willReturn($ldapAttributeValue);
1493+
1494+
$this->assertSame($expected, $this->backend->canEditProperty('uid', $property));
1495+
}
14631496
}

0 commit comments

Comments
 (0)