2009-07-03
randomgurn
The auth system allows the developer to specify that certain fields may or may not be set via the canDo(...) method. For example, I am retrieving the user's real name and email address from an LDAP server, and so I do not want these to be set. The fields are correspondingly greyed out in the usermanager interface.
However, when I try to add the user, the process fails because fields have been left blank.
The issue arises in function _addUser(). The 2009-02-14 release version looks like this:-
...snip...
if (empty($pass)){
if(!empty($_REQUEST['usernotify'])){
$pass = auth_pwgen();
} else {
return false;
}
}
if (empty($name) || empty($mail)){
msg($this->lang['add_fail'], -1);
return false;
}
...snip...
This code should be modified to honour the canDo(...) method on auth. I propose this should be changed to:-
...snip...
if (empty($pass) && $this->_auth->canDo('modPass')){
if(!empty($_REQUEST['usernotify'])){
$pass = auth_pwgen();
} else {
return false;
}
}
if ((empty($name) && $this->_auth->canDo('modName')) || (empty($mail) && $this->_auth->canDo('modMail'))){
msg($this->lang['add_fail'], -1);
return false;
}
...snip...