diff --git a/EVENTS.txt b/EVENTS.txt index 25a51516b4..c3fe73134c 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -489,6 +489,10 @@ ChangePassword: Handle a password change request - $newpassword: the desired new password - &$errormsg: set this to an error message if the password could not be changed. If the password was changed, leave this as false +CanUserChangeField: Determines if a user is allowed to change a specific profile field +- $nickname: nickname of the user who would like to know which of their profile fields are mutable +- $field: name of the field the user wants to change (nickname, fullname, password, avatar, etc) + UserDeleteRelated: Specify additional tables to delete entries from when deleting users - $user: User object - &$related: array of DB_DataObject class names to delete entries on matching user_id. diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php index 6658d279f2..15539d4a01 100644 --- a/actions/passwordsettings.php +++ b/actions/passwordsettings.php @@ -58,6 +58,19 @@ class PasswordsettingsAction extends AccountSettingsAction return _('Change password'); } + function prepare($args){ + parent::prepare($args); + + $user = common_current_user(); + + Event::handle('CanUserChangeField', array($user->nickname, 'password')); + + if(! $fields['password']){ + //user is not allowed to change his password + $this->clientError(_('You are not allowed to change your password')); + } + } + /** * Instructions for use * @@ -86,6 +99,7 @@ class PasswordsettingsAction extends AccountSettingsAction function showContent() { $user = common_current_user(); + $this->elementStart('form', array('method' => 'POST', 'id' => 'form_password', 'class' => 'form_settings', diff --git a/lib/accountsettingsaction.php b/lib/accountsettingsaction.php index a004a3ed99..9865e17489 100644 --- a/lib/accountsettingsaction.php +++ b/lib/accountsettingsaction.php @@ -102,26 +102,31 @@ class AccountSettingsNav extends Widget $this->action->elementStart('ul', array('class' => 'nav')); if (Event::handle('StartAccountSettingsNav', array(&$this->action))) { + $user = common_current_user(); - $menu = - array('profilesettings' => + $menu = array(); + $menu['profilesettings'] = array(_('Profile'), - _('Change your profile settings')), - 'avatarsettings' => - array(_('Avatar'), - _('Upload an avatar')), - 'passwordsettings' => - array(_('Password'), - _('Change your password')), - 'emailsettings' => + _('Change your profile settings')); + if(Event::handle('CanUserChangeField', array($user->nickname, 'avatar'))){ + $menu['avatarsettings'] = + array(_('Avatar'), + _('Upload an avatar')); + } + if(Event::handle('CanUserChangeField', array($user->nickname, 'password'))){ + $menu['passwordsettings'] = + array(_('Password'), + _('Change your password')); + } + $menu['emailsettings'] = array(_('Email'), - _('Change email handling')), - 'userdesignsettings' => + _('Change email handling')); + $menu['userdesignsettings'] = array(_('Design'), - _('Design your profile')), - 'othersettings' => + _('Design your profile')); + $menu['othersettings'] = array(_('Other'), - _('Other options'))); + _('Other options')); foreach ($menu as $menuaction => $menudesc) { $this->action->menuItem(common_local_url($menuaction), diff --git a/plugins/Ldap/LdapPlugin.php b/plugins/Ldap/LdapPlugin.php index 755562f54b..3795ffd7f1 100644 --- a/plugins/Ldap/LdapPlugin.php +++ b/plugins/Ldap/LdapPlugin.php @@ -102,4 +102,15 @@ class LdapPlugin extends Plugin //return false, indicating that the event has been handled return false; } + + function onCanUserChangeField($nickname, $field) + { + switch($field) + { + case 'password': + case 'nickname': + case 'email': + return false; + } + } }