Univention Bugzilla – Bug 48710
Self service manage contact data - frontend
Last modified: 2019-03-12 13:41:00 CET
Users should be able to manage their own contact data and update their picture. Admins should be able to define which attributes the users can manage. This bug covers the frontend implementation.
@Ole: I think i can take over the QA for this, as I already did a code review and things.
b481470ce7 (HEAD -> 4.4-0, origin/4.4-0, jkeiser/4.4-0/selfservice) Bug #48710: Merge branch 'jkeiser/4.4-0/selfservice' into 4.4-0 83863a0eb5 Bug #48710: changelog 43d80757e8 Bug #48710: Debian changelog entries 06b8a357f5 Bug #48710: Users can manage their contact data in the self-service Successful build Package: univention-web Version: 3.0.1-2A~4.4.0.201902211154 Successful build Package: univention-portal Version: 3.0.1-11A~4.4.0.201902211200 Successful build Package: univention-management-console-module-udm Version: 9.0.4-2A~4.4.0.201902211204 Successful build Package: univention-self-service Version: 4.0.1-8A~4.4.0.201902211207
Created attachment 9853 [details] Screenshot With german language the new link is displayed on a new row.
(In reply to Florian Best from comment #3) > Created attachment 9853 [details] > Screenshot > > With german language the new link is displayed on a new row. yes, the current design has a fixed max-width
3f5966e8e2 (HEAD -> 4.4-0, origin/4.4-0) Bug #48710: Debian changelog entry 26fdb6afb1 Bug #48710: fix missing mapping of dependency Successful build Package: univention-portal Version: 3.0.1-12A~4.4.0.201902211401
Created attachment 9854 [details] Screenshot If no attributes are selected, the service should either not be displayed or respond with an error message instead of showing an empty form.
Error handling for attributes which must not change is not present. (self-service/udm_attributes=uidNumber) Interner Server-Fehler in "passwordreset/set_user_attributes". Request: passwordreset/set_user_attributes Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 253, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 92, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 404, in set_user_attributes user[propname] = value File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 384, in __setitem__ raise univention.admin.uexceptions.valueMayNotChange(_('key=%(key)s old=%(old)s new=%(new)s') % {'key': key, 'old': self[key], 'new': value}) valueMayNotChange: Attribut=uidNumber alter Wert=2026 neuer Wert=0
Created attachment 9855 [details] Screenshot userPassword The self-service-backend - unlike UDM - returns the user-password-hash: password: "{crypt}$6$oyS/CDRKPd4yRVuh$L53zrrPvmW9OA7x3t81ouaX13/VnFe4XY3zhyv8pLiYnrMldwIlbJiwPgntnWKt.rVYE6.3GWgIZyx5hQtiFA/"
The changes are done with cn=admin instead of the ldap bind of the actual user. # univention-ldapsearch -LLLb uid=univention,cn=users,dc=school,dc=dev modifiersName dn: uid=univention,cn=users,dc=school,dc=dev modifiersName: cn=admin,dc=school,dc=dev
Created attachment 9856 [details] patch Currently the user is able to modify attributes which depend on options. Saving this doesn't change anything. We should not show those properties to the frontend. Can be achieved by using obj.has_property(). Attached is a patch. Any maybe you like the "value": ... in the properties dict? Could save an extra values-dict. Afaik the widgets will set that value then as the default?!
(In reply to Florian Best from comment #8) > Created attachment 9855 [details] > Screenshot userPassword > > The self-service-backend - unlike UDM - returns the user-password-hash: > > password: > "{crypt}$6$oyS/CDRKPd4yRVuh$L53zrrPvmW9OA7x3t81ouaX13/ > VnFe4XY3zhyv8pLiYnrMldwIlbJiwPgntnWKt.rVYE6.3GWgIZyx5hQtiFA/" You can prevent this by checking if the syntax of a property is one of: udm_syntax.passwd, udm_syntax.userPasswd See udm_ldap.py +308.
For later reuse: ucr set self-service/udm_attributes=uidNumber,username,title,firstname,lastname,description,overridePWHistory,overridePWLength,mailPrimaryAddress,displayName,birthday,jpegPhoto,organisation,employeeNumber,employeeType,secretary,primaryGroup,groups,disabled,userexpiry,pwdChangeNextLogin,passwordexpiry,unlock,unlockTime,homedrive,sambahome,scriptpath,profilepath,sambaRID,sambaPrivileges,sambaLogonHours,sambaUserWorkstations,unixhome,shell,gitNumber,homeShare,homeSharePath,mailAlternativeAddress,mailHomeServer,mailForwardCopyToSelf,mailForwardAddress,e-mail,phone,roomNumber,departmentNumber,street,postcode,city,country,homeTelephoneNumber,mobileTelephoneNumber,pagerTelephoneNumber,homePostalAddressumcProperty,userCertificate,certificateSubjectCommonName,certificateSubjectMail,certificateSubjectOrganisation,certificateSubjectOrganisationalUnit,certificateSubjectLocation,certificateSubjectState,certificateSubjectCountry,certificateIssuerCommonName,certificateIssuerMail,certificateIssuerOrganisation,certificateIssuerOrganisationalUnit,certificateIssuerLocation,certificateIssuerState,certificateIssuerCountry,certificateDateNotBefore,certificateDateNotAftercertificateVersion,certificateSerial
a0b8dd7c0e Bug #48710: Debian changelog entries 267299937e Bug #48710: fix hasChanged('disabled') wrongfully returning True 2af490f9ac Bug #48710: use ldap bind of user to change itself Successful build Package: univention-directory-manager-modules Version: 14.0.8-2A~4.4.0.201902260948 Successful build Package: univention-self-service Version: 4.0.1-10A~4.4.0.201902260954
The string "Your profile" is not translated. Error handling is missing, e.g. in case the user is not allowed to change his attribute. Interner Server-Fehler in "passwordreset/set_user_attributes". Request: passwordreset/set_user_attributes Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 253, in execute function.__func__(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 92, in _decorator return func(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 318, in _response result = _multi_response(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response return function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 440, in _response return list(function(self, iterator, *nones)) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 286, in _fake_func yield function(self, *args) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/passwordreset/__init__.py", line 416, in set_user_attributes user.modify() File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1672, in modify return super(object, self).modify(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 635, in modify dn = self._modify(modify_childs, ignore_license=ignore_license, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 1284, in _modify self.lo.modify(self.dn, ml, ignore_license=ignore_license, serverctrls=serverctrls, response=response) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 823, in modify raise univention.admin.uexceptions.permissionDenied permissionDenied
I think it would be best to just catch univention.admin.uexceptions.base and display it with some string like: The properties could not be saved: ….
cf4f42cf86 (HEAD -> jkeiser/4.4-0/selfservice, origin/4.4-0, 4.4-0) Bug #48710: Merge branch 'jkeiser/4.4-0/selfservice' into 4.4-0 eb17e71cdd Bug #48710: Debian changelog 04b3ff103b Bug #48710: catch error when modifying user attributes Successful build Package: univention-self-service Version: 4.0.1-11A~4.4.0.201902271407
53876ad609 Bug #48710: fix trailing comma
d9dc29e261 (HEAD -> 4.4-0, origin/4.4-0) Bug #48710: Debian changelog 4ab083aa46 Bug #48710: log error message
I added the missing translations and rebuilt the package. OK: error handling OK: setting (most) attributes works very nice REOPEN: when I have a userPhoto set, this is not displayed. Could you have a look why and fix it if it's easy? Otherwise create a new bug for it and we can fix it later. The description for user photo could be "Ihr Foto" instead of "Ihr Bild".
ca44520323 Bug #48710: Debian changelog 9dee97960d Bug #48710: Merge branch 'jkeiser/4.4-0/selfservice' into 4.4-0 91a4e515b6 Bug #48710: Debian changelog ae743fe33f Bug #48710: Fix Uploader.js overwriting value on creation Successful build Package: univention-self-service Version: 4.0.2-2A~4.4.0.201902271732 Successful build Package: univention-web Version: 3.0.2-3A~4.4.0.201902271758
OK: user photo OK: error handling OK: changelog
UCS 4.4 has been released: https://docs.software-univention.de/release-notes-4.4-0-en.html https://docs.software-univention.de/release-notes-4.4-0-de.html If this error occurs again, please use "Clone This Bug".