mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
If we're updating details from a SSO source, don't allow editing on settings page.
This commit is contained in:
Shane Kilkelly
parent
4b59fdd453
commit
2ab5ad4230
3 changed files with 65 additions and 20 deletions
|
|
@ -57,11 +57,13 @@ module.exports =
|
||||||
settingsPage : (req, res, next)->
|
settingsPage : (req, res, next)->
|
||||||
user_id = AuthenticationController.getLoggedInUserId(req)
|
user_id = AuthenticationController.getLoggedInUserId(req)
|
||||||
logger.log user: user_id, "loading settings page"
|
logger.log user: user_id, "loading settings page"
|
||||||
|
shouldAllowEditingDetails = !(Settings?.ldap?.updateUserDetailsOnLogin) and !(Settings?.saml?.updateUserDetailsOnLogin)
|
||||||
UserLocator.findById user_id, (err, user)->
|
UserLocator.findById user_id, (err, user)->
|
||||||
return next(err) if err?
|
return next(err) if err?
|
||||||
res.render 'user/settings',
|
res.render 'user/settings',
|
||||||
title:'account_settings'
|
title:'account_settings'
|
||||||
user: user,
|
user: user,
|
||||||
|
shouldAllowEditingDetails: shouldAllowEditingDetails
|
||||||
languages: Settings.languages,
|
languages: Settings.languages,
|
||||||
accountSettingsTabActive: true
|
accountSettingsTabActive: true
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,25 +39,34 @@ block content
|
||||||
label.control-label #{translate("email")}
|
label.control-label #{translate("email")}
|
||||||
div.form-control(readonly="true") #{user.email}
|
div.form-control(readonly="true") #{user.email}
|
||||||
|
|
||||||
.form-group
|
if shouldAllowEditingDetails
|
||||||
label(for='firstName').control-label #{translate("first_name")}
|
.form-group
|
||||||
input.form-control(
|
label(for='firstName').control-label #{translate("first_name")}
|
||||||
type='text',
|
input.form-control(
|
||||||
name='first_name',
|
type='text',
|
||||||
value=user.first_name
|
name='first_name',
|
||||||
)
|
value=user.first_name
|
||||||
.form-group
|
)
|
||||||
label(for='lastName').control-label #{translate("last_name")}
|
.form-group
|
||||||
input.form-control(
|
label(for='lastName').control-label #{translate("last_name")}
|
||||||
type='text',
|
input.form-control(
|
||||||
name='last_name',
|
type='text',
|
||||||
value=user.last_name
|
name='last_name',
|
||||||
)
|
value=user.last_name
|
||||||
.actions
|
)
|
||||||
button.btn.btn-primary(
|
.actions
|
||||||
type='submit',
|
button.btn.btn-primary(
|
||||||
ng-disabled="settingsForm.$invalid"
|
type='submit',
|
||||||
) #{translate("update")}
|
ng-disabled="settingsForm.$invalid"
|
||||||
|
) #{translate("update")}
|
||||||
|
else
|
||||||
|
.form-group
|
||||||
|
label.control-label #{translate("first_name")}
|
||||||
|
div.form-control(readonly="true") #{user.first_name}
|
||||||
|
.form-group
|
||||||
|
label.control-label #{translate("last_name")}
|
||||||
|
div.form-control(readonly="true") #{user.last_name}
|
||||||
|
|
||||||
if !externalAuthenticationSystemUsed()
|
if !externalAuthenticationSystemUsed()
|
||||||
.col-md-5.col-md-offset-1
|
.col-md-5.col-md-offset-1
|
||||||
h3 #{translate("change_password")}
|
h3 #{translate("change_password")}
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ describe "UserPagesController", ->
|
||||||
getLoggedInUserId: sinon.stub().returns(@user._id)
|
getLoggedInUserId: sinon.stub().returns(@user._id)
|
||||||
getSessionUser: sinon.stub().returns(@user)
|
getSessionUser: sinon.stub().returns(@user)
|
||||||
@UserPagesController = SandboxedModule.require modulePath, requires:
|
@UserPagesController = SandboxedModule.require modulePath, requires:
|
||||||
"settings-sharelatex":@settings
|
"settings-sharelatex": @settings
|
||||||
"logger-sharelatex":
|
"logger-sharelatex":
|
||||||
log:->
|
log:->
|
||||||
err:->
|
err:->
|
||||||
|
|
@ -149,6 +149,40 @@ describe "UserPagesController", ->
|
||||||
done()
|
done()
|
||||||
@UserPagesController.settingsPage @req, @res
|
@UserPagesController.settingsPage @req, @res
|
||||||
|
|
||||||
|
it "should set 'shouldAllowEditingDetails' to true", (done)->
|
||||||
|
@res.render = (page, opts)=>
|
||||||
|
opts.shouldAllowEditingDetails.should.equal true
|
||||||
|
done()
|
||||||
|
@UserPagesController.settingsPage @req, @res
|
||||||
|
|
||||||
|
describe 'when ldap.updateUserDetailsOnLogin is true', ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@settings.ldap = {updateUserDetailsOnLogin: true}
|
||||||
|
|
||||||
|
afterEach ->
|
||||||
|
delete @settings.ldap
|
||||||
|
|
||||||
|
it 'should set "shouldAllowEditingDetails" to false', (done) ->
|
||||||
|
@res.render = (page, opts)=>
|
||||||
|
opts.shouldAllowEditingDetails.should.equal false
|
||||||
|
done()
|
||||||
|
@UserPagesController.settingsPage @req, @res
|
||||||
|
|
||||||
|
describe 'when saml.updateUserDetailsOnLogin is true', ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@settings.saml = {updateUserDetailsOnLogin: true}
|
||||||
|
|
||||||
|
afterEach ->
|
||||||
|
delete @settings.saml
|
||||||
|
|
||||||
|
it 'should set "shouldAllowEditingDetails" to false', (done) ->
|
||||||
|
@res.render = (page, opts)=>
|
||||||
|
opts.shouldAllowEditingDetails.should.equal false
|
||||||
|
done()
|
||||||
|
@UserPagesController.settingsPage @req, @res
|
||||||
|
|
||||||
describe "activateAccountPage", ->
|
describe "activateAccountPage", ->
|
||||||
beforeEach ->
|
beforeEach ->
|
||||||
@req.query.user_id = @user_id
|
@req.query.user_id = @user_id
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue