admin: add "protected" callouts

2023-11-23 17:54:50 +01:00 · 2023-11-23 17:54:50 +01:00 · bcc23d5055
parent 365d404438
commit bcc23d5055
3 changed files with 18 additions and 4 deletions
--- a/webapp/admin.py
+++ b/webapp/admin.py
@ -101,7 +101,9 @@ def admin_user_view(uid):
    profile = _get_profile(conn, uid)
    groups = _get_groups_of(conn, uid)

-    return flask.render_template('admin/user.html', uid=uid, profile=_format_profile(profile), groups=groups)
+    is_protected = any(group in config.ldap_protected_groups for group in groups)
+
+    return flask.render_template('admin/user.html', uid=uid, profile=_format_profile(profile), groups=groups, is_protected=is_protected)

@bp.route('/admin/groups/')
@admin_required
@ -137,4 +139,6 @@ def admin_group_view(name):
    group_attrs = _get_group(conn, name)
    members = _get_user_list(conn, f'memberOf={ldaputils.group_dn(name)}')

-    return flask.render_template('admin/group.html', name=name, attributes=_format_profile(group_attrs), members=members)
+    is_protected = name in config.ldap_protected_groups
+
+    return flask.render_template('admin/group.html', name=name, attributes=_format_profile(group_attrs), members=members, is_protected=is_protected)
--- a/webapp/templates/admin/group.html
+++ b/webapp/templates/admin/group.html
@ -13,7 +13,12 @@
  {% endfor %}
 </p>

-<p>Full LDAP record:</p>
+<p>
+  {% if is_protected %}
+  <span class="label label-danger" title="You can’t modify this group because it is protected">Protected group</span>
+  {% endif %}
+  Full LDAP record:
+</p>

 <table class="table profile-table">
  <tr>
--- a/webapp/templates/admin/user.html
+++ b/webapp/templates/admin/user.html
@ -17,7 +17,12 @@
  {% endfor %}
 </p>

-<p>Full LDAP record:</p>
+<p>
+  {% if is_protected %}
+  <span class="label label-danger" title="You can’t modify this user because it belongs to a protected group">Protected user</span>
+  {% endif %}
+  Full LDAP record:
+</p>

 <table class="table profile-table">
  <tr>