people: Hide various things from users that are not staff

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 0fafce5c2ac11dbb7c4627815c89100e82608a1e..a1b6ee212a590c4b3c577b9bf955fb4831af709b 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -363,9 +363,17 @@ class Account(Object):
        def is_admin(self):
                return "wheel" in self.groups
 
-       def is_talk_enabled(self):
-               return "sipUser" in self.classes or "sipRoutingObject" in self.classes \
-                       or self.telephone_numbers or self.address
+       def is_staff(self):
+               return "staff" in self.groups
+
+       def has_shell(self):
+               return "posixAccount" in self.classes
+
+       def has_mail(self):
+               return "postfixMailUser" in self.classes
+
+       def has_sip(self):
+               return "sipUser" in self.classes or "sipRoutingObject" in self.classes
 
        def can_be_managed_by(self, account):
                """

diff --git a/src/templates/base.html b/src/templates/base.html
index 767d2f42c42286f46a42129eeb46d671512f0bdf..793a9124495a1079833051ee817298238740c39c 100644 (file)
--- a/src/templates/base.html
+++ b/src/templates/base.html
@@ -152,7 +152,7 @@
                                                                        aria-controls="navbar" aria-expanded="false" aria-label="Toggle navigation">
                                                                <span class="fas fa-bars"></span>
                                                        </button>
-                                       
+
                                                        <div class="collapse navbar-collapse" id="navbar">
                                                                <ul class="navbar-nav ml-auto mr-3">
                                                                        <li class="nav-item">
@@ -160,28 +160,34 @@
                                                                                        {{ _("My Profile") }}
                                                                                </a>
                                                                        </li>
-                                       
-                                                                       <li class="nav-item">
-                                                                               <a class="nav-link {% if request.path.startswith("/users/%s/calls" % current_user.uid) %}active{% end %}" href="/users/{{ current_user.uid }}/calls">
-                                                                                       {{ _("My Calls") }}
-                                       
-                                                                                       {% if current_user.sip_channels %}
-                                                                                               <span class="badge badge-primary ml-2">{{ len(current_user.sip_channels) }}</span>
-                                                                                       {% end %}
-                                                                               </a>
-                                                                       </li>
-                                       
-                                                                       <li class="nav-item">
-                                                                               <a class="nav-link {% if request.path == "/users" %}active{% end %}" href="/users">
-                                                                                       {{ _("Users") }}
-                                                                               </a>
-                                                                       </li>
-                                       
-                                                                       <li class="nav-item">
-                                                                               <a class="nav-link {% if request.path.startswith("/conferences") %}active{% end %}" href="/conferences">
-                                                                                       {{ _("Conferences") }}
-                                                                               </a>
-                                                                       </li>
+
+                                                                       {% if current_user.has_sip() %}
+                                                                               <li class="nav-item">
+                                                                                       <a class="nav-link {% if request.path.startswith("/users/%s/calls" % current_user.uid) %}active{% end %}" href="/users/{{ current_user.uid }}/calls">
+                                                                                               {{ _("My Calls") }}
+
+                                                                                               {% if current_user.sip_channels %}
+                                                                                                       <span class="badge badge-primary ml-2">{{ len(current_user.sip_channels) }}</span>
+                                                                                               {% end %}
+                                                                                       </a>
+                                                                               </li>
+                                                                       {% end %}
+
+                                                                       {% if current_user.is_staff() %}
+                                                                               <li class="nav-item">
+                                                                                       <a class="nav-link {% if request.path == "/users" %}active{% end %}" href="/users">
+                                                                                               {{ _("Users") }}
+                                                                                       </a>
+                                                                               </li>
+                                                                       {% end %}
+
+                                                                       {% if current_user.has_sip() %}
+                                                                               <li class="nav-item">
+                                                                                       <a class="nav-link {% if request.path.startswith("/conferences") %}active{% end %}" href="/conferences">
+                                                                                               {{ _("Conferences") }}
+                                                                                       </a>
+                                                                               </li>
+                                                                       {% end %}
                                                                </ul>
                                        
                                                                <form class="form-inline my-2 my-lg-0" action="/search" method="GET">

diff --git a/src/templates/people/base.html b/src/templates/people/base.html
index 71576acfe76e3d4a2198f9a0bc97efce43f12f08..590bfd6207eded2fd22b8bf91befed4332bff20d 100644 (file)
--- a/src/templates/people/base.html
+++ b/src/templates/people/base.html
@@ -12,7 +12,7 @@
                                        <a class="text-white" href="/users/{{ account.uid }}">{{ account.name }}</a>
                                </h3>
 
-                               {% if account.sip_id %}
+                               {% if account.has_sip() %}
                                        <h5>
                                                {{ account.sip_id }}
 
@@ -23,13 +23,15 @@
                                {% end %}
 
                                <div class="btn-toolbar mb-3">
-                                       <a class="btn btn-light btn-sm btn-block" href="/~{{ account.uid }}/">
-                                               <span class="fas fa-home mr-2"></span> {{ _("Home Directory") }}
-                                       </a>
+                                       {% if account.has_shell() %}
+                                               <a class="btn btn-light btn-sm btn-block" href="/~{{ account.uid }}/">
+                                                       <span class="fas fa-home mr-2"></span> {{ _("Home Directory") }}
+                                               </a>
 
-                                       <a class="btn btn-light btn-sm btn-block" href="/users/{{ account.uid }}/ssh-keys">
-                                               <span class="fas fa-key mr-2"></span> {{ _("SSH Keys") }}
-                                       </a>
+                                               <a class="btn btn-light btn-sm btn-block" href="/users/{{ account.uid }}/ssh-keys">
+                                                       <span class="fas fa-key mr-2"></span> {{ _("SSH Keys") }}
+                                               </a>
+                                       {% end %}
 
                                        {% if account.can_be_managed_by(current_user) %}
                                                <a class="btn btn-warning btn-sm btn-block" href="/users/{{ account.uid }}/edit">

diff --git a/src/templates/people/user-edit.html b/src/templates/people/user-edit.html
index b62d7ceac77618c7257398c9fd77ba8de201de7d..8cb66d17bf0f1ebc35aad5bb082a6d88431703e9 100644 (file)
--- a/src/templates/people/user-edit.html
+++ b/src/templates/people/user-edit.html
@@ -45,21 +45,22 @@
                        </small>
                </div>
 
+               {% if account.has_mail() %}
+                       <fieldset>
+                               <legend>{{ _("Email") }}</legend>
 
-               <fieldset>
-                       <legend>{{ _("Email") }}</legend>
+                               <div class="form-group">
+                                       <label>{{ _("Forward Emails") }}</label>
 
-                       <div class="form-group">
-                               <label>{{ _("Forward Emails") }}</label>
+                                       <input type="mail" class="form-control" name="mail_routing_address"
+                                               placeholder="{{ _("Email Address") }}" value="{{ account.mail_routing_address or "" }}">
 
-                               <input type="mail" class="form-control" name="mail_routing_address"
-                                       placeholder="{{ _("Email Address") }}" value="{{ account.mail_routing_address or "" }}">
-
-                               <small class="form-text text-muted">
-                                       {{ _("All emails will be forwarded to this email address") }}
-                               </small>
-                       </div>
-               </fieldset>
+                                       <small class="form-text text-muted">
+                                               {{ _("All emails will be forwarded to this email address") }}
+                                       </small>
+                               </div>
+                       </fieldset>
+               {% end %}
 
                <fieldset>
                        <legend>{{ _("Telephone") }}</legend>
@@ -75,16 +76,18 @@
                                </small>
                        </div>
 
-                       <div class="form-group">
-                               <label>{{ _("Forward Calls") }}</label>
+                       {% if account.has_sip() %}
+                               <div class="form-group">
+                                       <label>{{ _("Forward Calls") }}</label>
 
-                               <input type="text" class="form-control" name="sip_routing_address"
-                                       placeholder="{{ _("SIP URI or Phone Number") }}" value="{{ account.sip_routing_address or "" }}">
+                                       <input type="text" class="form-control" name="sip_routing_address"
+                                               placeholder="{{ _("SIP URI or Phone Number") }}" value="{{ account.sip_routing_address or "" }}">
 
-                               <small class="form-text text-muted">
-                                       {{ _("All calls will be forwarded to this phone number or SIP URI") }}
-                               </small>
-                       </div>
+                                       <small class="form-text text-muted">
+                                               {{ _("All calls will be forwarded to this phone number or SIP URI") }}
+                                       </small>
+                               </div>
+                       {% end %}
                </fieldset>
 
                <input class="btn btn-primary btn-block" type="submit" value="{{ _("Save") }}">

diff --git a/src/web/people.py b/src/web/people.py
index c5f18f5b9eaa48b7b39b23a26f4fc23e5d2081ee..e47a82d4e933b341c27429d4aca5765aaa8b4585 100644 (file)
--- a/src/web/people.py
+++ b/src/web/people.py
@@ -231,6 +231,10 @@ class SIPHandler(auth.CacheMixin, base.BaseHandler):
 class UsersHandler(auth.CacheMixin, base.BaseHandler):
        @tornado.web.authenticated
        def get(self):
+               # Only staff can see other users
+               if not self.current_user.is_staff():
+                       raise tornado.web.HTTPError(403)
+
                self.render("people/users.html")