diff --git a/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php b/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php index 311f97e76427..f2713078f5dc 100755 --- a/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php +++ b/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php @@ -334,6 +334,16 @@ private function initSettingsForm(): ilPropertyFormGUI $user_attr->setRequired(true); $form->addItem($user_attr); + if (!$this->checkAccessBool('write')) { + foreach ($form->getItems() as $item) { + if ($item instanceof ilFormSectionHeaderGUI) { + continue; + } + + $item->setDisabled(true); + } + } + return $form; } @@ -444,7 +454,7 @@ private function scopes(): void $this->setSubTabs(self::STAB_SCOPES); $url = $this->settings->getProvider(); - if ($url !== '') { + if ($url !== '' && $this->checkAccessBool('write')) { $this->toolbar->setFormAction($this->ctrl->getFormAction($this)); $this->toolbar->addFormButton($this->lng->txt('auth_oidc_discover_scopes'), 'discoverScopesFromServer'); } @@ -458,14 +468,19 @@ private function initScopesForm(): Form $this->checkAccess('read'); $ui_container = []; - $ui_container = $this->buildScopeSelection($ui_container); + $has_write_access = $this->checkAccessBool('write'); + $ui_container = $this->buildScopeSelection($ui_container, $has_write_access); /** @var Form $form */ $form = $this->ui->input()->container()->form()->standard( - $this->ctrl->getFormAction($this, 'saveScopes'), + $has_write_access ? $this->ctrl->getFormAction($this, 'saveScopes') : $this->ctrl->getFormAction($this, 'scopes'), $ui_container )->withAdditionalTransformation($this->saniziteArrayElementsTrafo()); + if (!$has_write_access) { + $form = $form->withSubmitLabel($this->lng->txt('refresh')); + } + return $form; } @@ -493,7 +508,7 @@ private function discoverScopesFromServer(): void * @param list $ui_container * @return list */ - private function buildScopeSelection(array $ui_container): array + private function buildScopeSelection(array $ui_container, bool $has_write_access): array { $disabled_input = $this->ui ->input() @@ -551,6 +566,12 @@ private function buildScopeSelection(array $ui_container): array ); $ui_container[] = $group; + if (!$has_write_access) { + foreach ($ui_container as $key => $item) { + $ui_container[$key] = $item->withDisabled(true); + } + } + return $ui_container; } @@ -766,6 +787,14 @@ private function initRolesForm(): ilPropertyFormGUI if ($this->checkAccessBool('write')) { $form->addCommandButton('saveRoles', $this->lng->txt('save')); + } else { + foreach ($form->getItems() as $item) { + if ($item instanceof ilFormSectionHeaderGUI) { + continue; + } + + $item->setDisabled(true); + } } return $form; @@ -925,6 +954,13 @@ private function initUserMappingForm(): Form $ui_container = $this->buildUserMappingInputFormUDF($field, $ui_container); } + $has_write_access = $this->checkAccessBool('write'); + if (!$has_write_access) { + foreach ($ui_container as $key => $item) { + $ui_container[$key] = $item->withDisabled(true); + } + } + $this->ctrl->setParameter( $this, 'opic', @@ -937,10 +973,14 @@ private function initUserMappingForm(): Form ->container() ->form() ->standard( - $this->ctrl->getFormAction($this, 'saveProfileMapping'), + $has_write_access ? $this->ctrl->getFormAction($this, 'saveProfileMapping') : $this->ctrl->getFormAction($this, 'profile'), $ui_container )->withAdditionalTransformation($this->saniziteArrayElementsTrafo()); + if (!$has_write_access) { + $form = $form->withSubmitLabel($this->lng->txt('refresh')); + } + return $form; }