mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
If we're updating details from a SSO source, don't allow editing on settings page.
This commit is contained in:
parent
4b59fdd453
commit
2ab5ad4230
3 changed files with 65 additions and 20 deletions
|
@ -57,11 +57,13 @@ module.exports =
|
|||
settingsPage : (req, res, next)->
|
||||
user_id = AuthenticationController.getLoggedInUserId(req)
|
||||
logger.log user: user_id, "loading settings page"
|
||||
shouldAllowEditingDetails = !(Settings?.ldap?.updateUserDetailsOnLogin) and !(Settings?.saml?.updateUserDetailsOnLogin)
|
||||
UserLocator.findById user_id, (err, user)->
|
||||
return next(err) if err?
|
||||
res.render 'user/settings',
|
||||
title:'account_settings'
|
||||
user: user,
|
||||
shouldAllowEditingDetails: shouldAllowEditingDetails
|
||||
languages: Settings.languages,
|
||||
accountSettingsTabActive: true
|
||||
|
||||
|
|
|
@ -39,25 +39,34 @@ block content
|
|||
label.control-label #{translate("email")}
|
||||
div.form-control(readonly="true") #{user.email}
|
||||
|
||||
.form-group
|
||||
label(for='firstName').control-label #{translate("first_name")}
|
||||
input.form-control(
|
||||
type='text',
|
||||
name='first_name',
|
||||
value=user.first_name
|
||||
)
|
||||
.form-group
|
||||
label(for='lastName').control-label #{translate("last_name")}
|
||||
input.form-control(
|
||||
type='text',
|
||||
name='last_name',
|
||||
value=user.last_name
|
||||
)
|
||||
.actions
|
||||
button.btn.btn-primary(
|
||||
type='submit',
|
||||
ng-disabled="settingsForm.$invalid"
|
||||
) #{translate("update")}
|
||||
if shouldAllowEditingDetails
|
||||
.form-group
|
||||
label(for='firstName').control-label #{translate("first_name")}
|
||||
input.form-control(
|
||||
type='text',
|
||||
name='first_name',
|
||||
value=user.first_name
|
||||
)
|
||||
.form-group
|
||||
label(for='lastName').control-label #{translate("last_name")}
|
||||
input.form-control(
|
||||
type='text',
|
||||
name='last_name',
|
||||
value=user.last_name
|
||||
)
|
||||
.actions
|
||||
button.btn.btn-primary(
|
||||
type='submit',
|
||||
ng-disabled="settingsForm.$invalid"
|
||||
) #{translate("update")}
|
||||
else
|
||||
.form-group
|
||||
label.control-label #{translate("first_name")}
|
||||
div.form-control(readonly="true") #{user.first_name}
|
||||
.form-group
|
||||
label.control-label #{translate("last_name")}
|
||||
div.form-control(readonly="true") #{user.last_name}
|
||||
|
||||
if !externalAuthenticationSystemUsed()
|
||||
.col-md-5.col-md-offset-1
|
||||
h3 #{translate("change_password")}
|
||||
|
|
|
@ -31,7 +31,7 @@ describe "UserPagesController", ->
|
|||
getLoggedInUserId: sinon.stub().returns(@user._id)
|
||||
getSessionUser: sinon.stub().returns(@user)
|
||||
@UserPagesController = SandboxedModule.require modulePath, requires:
|
||||
"settings-sharelatex":@settings
|
||||
"settings-sharelatex": @settings
|
||||
"logger-sharelatex":
|
||||
log:->
|
||||
err:->
|
||||
|
@ -149,6 +149,40 @@ describe "UserPagesController", ->
|
|||
done()
|
||||
@UserPagesController.settingsPage @req, @res
|
||||
|
||||
it "should set 'shouldAllowEditingDetails' to true", (done)->
|
||||
@res.render = (page, opts)=>
|
||||
opts.shouldAllowEditingDetails.should.equal true
|
||||
done()
|
||||
@UserPagesController.settingsPage @req, @res
|
||||
|
||||
describe 'when ldap.updateUserDetailsOnLogin is true', ->
|
||||
|
||||
beforeEach ->
|
||||
@settings.ldap = {updateUserDetailsOnLogin: true}
|
||||
|
||||
afterEach ->
|
||||
delete @settings.ldap
|
||||
|
||||
it 'should set "shouldAllowEditingDetails" to false', (done) ->
|
||||
@res.render = (page, opts)=>
|
||||
opts.shouldAllowEditingDetails.should.equal false
|
||||
done()
|
||||
@UserPagesController.settingsPage @req, @res
|
||||
|
||||
describe 'when saml.updateUserDetailsOnLogin is true', ->
|
||||
|
||||
beforeEach ->
|
||||
@settings.saml = {updateUserDetailsOnLogin: true}
|
||||
|
||||
afterEach ->
|
||||
delete @settings.saml
|
||||
|
||||
it 'should set "shouldAllowEditingDetails" to false', (done) ->
|
||||
@res.render = (page, opts)=>
|
||||
opts.shouldAllowEditingDetails.should.equal false
|
||||
done()
|
||||
@UserPagesController.settingsPage @req, @res
|
||||
|
||||
describe "activateAccountPage", ->
|
||||
beforeEach ->
|
||||
@req.query.user_id = @user_id
|
||||
|
|
Loading…
Reference in a new issue