From 42b15f05d09e3bc1005b83c219fd6a08e385d9e1 Mon Sep 17 00:00:00 2001 From: Fabian Helfer Date: Thu, 5 Feb 2026 11:43:02 +0100 Subject: [PATCH 1/2] [Improvement] Auth: Tab OpenID Connect Access Restriction Form --- .../class.ilOpenIdConnectSettingsGUI.php | 44 ++++++++++++++++--- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php b/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php index 311f97e76427..082089a549ee 100755 --- a/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php +++ b/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php @@ -334,6 +334,15 @@ private function initSettingsForm(): ilPropertyFormGUI $user_attr->setRequired(true); $form->addItem($user_attr); + if (!$this->checkAccessBool('write')) { + foreach ($form->getItems() as $item) { + if ($item instanceof ilFormSectionHeaderGUI) { + continue; + } + + $item->setDisabled(true); + } + } return $form; } @@ -444,7 +453,7 @@ private function scopes(): void $this->setSubTabs(self::STAB_SCOPES); $url = $this->settings->getProvider(); - if ($url !== '') { + if ($url !== '' && $this->checkAccessBool('write')) { $this->toolbar->setFormAction($this->ctrl->getFormAction($this)); $this->toolbar->addFormButton($this->lng->txt('auth_oidc_discover_scopes'), 'discoverScopesFromServer'); } @@ -458,14 +467,19 @@ private function initScopesForm(): Form $this->checkAccess('read'); $ui_container = []; - $ui_container = $this->buildScopeSelection($ui_container); + $has_write_access = $this->checkAccessBool('write'); + $ui_container = $this->buildScopeSelection($ui_container, $has_write_access); /** @var Form $form */ $form = $this->ui->input()->container()->form()->standard( - $this->ctrl->getFormAction($this, 'saveScopes'), + $has_write_access ? $this->ctrl->getFormAction($this, 'saveScopes') : $this->ctrl->getFormAction($this, 'scopes'), $ui_container )->withAdditionalTransformation($this->saniziteArrayElementsTrafo()); + if (!$has_write_access) { + /** @var Form $form */ + $form = $form->withSubmitLabel($this->lng->txt('refresh')); + } return $form; } @@ -493,7 +507,7 @@ private function discoverScopesFromServer(): void * @param list $ui_container * @return list */ - private function buildScopeSelection(array $ui_container): array + private function buildScopeSelection(array $ui_container, bool $has_write_access): array { $disabled_input = $this->ui ->input() @@ -551,6 +565,10 @@ private function buildScopeSelection(array $ui_container): array ); $ui_container[] = $group; + foreach ($ui_container as $key => $item) { + $ui_container[$key] = $has_write_access ? $item->withDisabled(false) : $item->withDisabled(true); + } + return $ui_container; } @@ -766,6 +784,14 @@ private function initRolesForm(): ilPropertyFormGUI if ($this->checkAccessBool('write')) { $form->addCommandButton('saveRoles', $this->lng->txt('save')); + } else { + foreach ($form->getItems() as $item) { + if ($item instanceof ilFormSectionHeaderGUI) { + continue; + } + + $item->setDisabled(true); + } } return $form; @@ -925,6 +951,11 @@ private function initUserMappingForm(): Form $ui_container = $this->buildUserMappingInputFormUDF($field, $ui_container); } + $has_write_access = $this->checkAccessBool('write'); + foreach ($ui_container as $key => $item) { + $ui_container[$key] = $has_write_access ? $item : $item->withDisabled(true); + } + $this->ctrl->setParameter( $this, 'opic', @@ -937,10 +968,13 @@ private function initUserMappingForm(): Form ->container() ->form() ->standard( - $this->ctrl->getFormAction($this, 'saveProfileMapping'), + $has_write_access ? $this->ctrl->getFormAction($this, 'saveProfileMapping') : $this->ctrl->getFormAction($this, 'profile'), $ui_container )->withAdditionalTransformation($this->saniziteArrayElementsTrafo()); + if (!$has_write_access) { + $form = $form->withSubmitLabel($this->lng->txt('refresh')); + } return $form; } From 1c5c243f9a8d290265d941a6f7d4be0aa2c1eb3f Mon Sep 17 00:00:00 2001 From: Fabian Helfer Date: Thu, 5 Feb 2026 15:06:17 +0100 Subject: [PATCH 2/2] [Improvement] Auth: Tab OpenIDConnect code-style preferences --- .../classes/class.ilOpenIdConnectSettingsGUI.php | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php b/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php index 082089a549ee..f2713078f5dc 100755 --- a/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php +++ b/components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php @@ -343,6 +343,7 @@ private function initSettingsForm(): ilPropertyFormGUI $item->setDisabled(true); } } + return $form; } @@ -477,9 +478,9 @@ private function initScopesForm(): Form )->withAdditionalTransformation($this->saniziteArrayElementsTrafo()); if (!$has_write_access) { - /** @var Form $form */ $form = $form->withSubmitLabel($this->lng->txt('refresh')); } + return $form; } @@ -565,8 +566,10 @@ private function buildScopeSelection(array $ui_container, bool $has_write_access ); $ui_container[] = $group; - foreach ($ui_container as $key => $item) { - $ui_container[$key] = $has_write_access ? $item->withDisabled(false) : $item->withDisabled(true); + if (!$has_write_access) { + foreach ($ui_container as $key => $item) { + $ui_container[$key] = $item->withDisabled(true); + } } return $ui_container; @@ -952,8 +955,10 @@ private function initUserMappingForm(): Form } $has_write_access = $this->checkAccessBool('write'); - foreach ($ui_container as $key => $item) { - $ui_container[$key] = $has_write_access ? $item : $item->withDisabled(true); + if (!$has_write_access) { + foreach ($ui_container as $key => $item) { + $ui_container[$key] = $item->withDisabled(true); + } } $this->ctrl->setParameter( @@ -975,6 +980,7 @@ private function initUserMappingForm(): Form if (!$has_write_access) { $form = $form->withSubmitLabel($this->lng->txt('refresh')); } + return $form; }