Add option to remove "Refresh my rights" from menu

2020-04-27 17:19:41 +02:00 · 2020-04-27 17:19:41 +02:00 · 7e502af391
commit 7e502af391
parent a97041f8cd
17 changed files with 49 additions and 4 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Constants.pm
@ -24,7 +24,7 @@ use constant MANAGERSECTION  => "manager";
 use constant SESSIONSEXPLORERSECTION => "sessionsExplorer";
 use constant APPLYSECTION            => "apply";
 our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|facebook|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|ombModule)s)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|a(?:ut(?:hChoiceMod|oSigninR)ules|pplicationList)|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
-our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;
+our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|kipRenewConfirmation|fRemovedUseNotif|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:PasswordGrant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|RequireOldPassword|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:Group(?:DecodeSearchedValu|Recursiv)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|o(?:ntextSwitchingStopWithLogout|mpactConf|rsEnabled)|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|re(?:st(?:(?:Session|Config)Server|ExportSecretKeys)|freshSessions)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|d(?:isablePersistentStorage|biDynamicHashEnabled)|g(?:roupsBeforeMacros|lobalLogoutTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|(?:activeTim|wsdlServ)er|krb(?:RemoveDomain|ByJs))$/;

 our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );

--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -246,6 +246,7 @@ sub defaultValues {
        'portalDisplayLoginHistory'     => 1,
        'portalDisplayLogout'           => 1,
        'portalDisplayOidcConsents'     => '$_oidcConnectedRP',
+        'portalDisplayRefreshMyRights'  => 1,
        'portalDisplayRegister'         => 1,
        'portalErrorOnExpiredSession'   => 1,
        'portalForceAuthnInterval'      => 5,
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -2568,6 +2568,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
            'default' => 0,
            'type'    => 'bool'
        },
+        'portalDisplayRefreshMyRights' => {
+            'default' => 1,
+            'type'    => 'bool'
+        },
        'portalDisplayRegister' => {
            'default' => 1,
            'type'    => 'bool'
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -1078,6 +1078,11 @@ sub attributes {
            documentation =>
              'Display password generate box in reset password form',
        },
+        portalDisplayRefreshMyRights => {
+            default       => 1,
+            type          => 'bool',
+            documentation => 'Displays the link to refresh the user session',
+        },

        # Cookies
        cookieExpiration => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -99,7 +99,8 @@ sub tree {
                                        'portalAntiFrame',
                                        'portalPingInterval',
                                        'portalErrorOnExpiredSession',
-                                        'portalErrorOnMailNotFound'
+                                        'portalErrorOnMailNotFound',
+                                        'portalDisplayRefreshMyRights',
                                    ]
                                }
                            ]
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"تسجيل الخروج",
 "portalDisplayPasswordPolicy":"Display policy in password form",
 "portalDisplayOidcConsents":"OIDC Consents",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"تسجيل حساب جديد",
 "portalDisplayResetPassword":"إعادة تعيين كلمة المرور",
 "portalErrorOnExpiredSession":"عرض الخطأ في الجلسة المنتهية صلحيتها",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Logout",
 "portalDisplayPasswordPolicy":"Display policy in password form",
 "portalDisplayOidcConsents":"OIDC Consents",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"Register new account",
 "portalDisplayResetPassword":"Reset password",
 "portalErrorOnExpiredSession":"Show error on expired session",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Logout",
 "portalDisplayPasswordPolicy": "Display policy in password form",
 "portalDisplayOidcConsents":"OIDC Consents",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"Register new account",
 "portalDisplayResetPassword":"Reset password",
 "portalErrorOnExpiredSession":"Show error on expired session",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Déconnexion",
 "portalDisplayPasswordPolicy": "Afficher la politique dans le formulaire de mot de passe",
 "portalDisplayOidcConsents":"Accords OIDC",
+"portalDisplayRefreshMyRights": "Afficher le lien de rafraichissement des droits",
 "portalDisplayRegister":"Création d'un nouveau compte",
 "portalDisplayResetPassword":"Réinitialisation de mot de passe",
 "portalErrorOnExpiredSession":"Affiche une erreur si la session est expirée",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Logout",
 "portalDisplayPasswordPolicy":"Display policy in password form",
 "portalDisplayOidcConsents":"Consensi OIDC",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"Registra nuovo account",
 "portalDisplayResetPassword":"Reimposta password",
 "portalErrorOnExpiredSession":"Mostra errore nella sessione scaduta",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Çıkış Yap",
 "portalDisplayPasswordPolicy":"Politikayı parola form alanında görüntüle",
 "portalDisplayOidcConsents":"OIDC İzinleri",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"Yeni hesap kaydet",
 "portalDisplayResetPassword":"Parolayı sıfırla",
 "portalErrorOnExpiredSession":"Süresi dolmuş oturumda hatayı göster",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Đăng xuất",
 "portalDisplayPasswordPolicy":"Display policy in password form",
 "portalDisplayOidcConsents":"OIDC Consents",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"Đăng ký tài khoản mới",
 "portalDisplayResetPassword":"Đặt lại mật khẩu",
 "portalErrorOnExpiredSession":"Show error on expired session",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -715,6 +715,7 @@
 "portalDisplayLogout":"Logout",
 "portalDisplayPasswordPolicy":"Display policy in password form",
 "portalDisplayOidcConsents":"OIDC Consents",
+"portalDisplayRefreshMyRights": "Display rights refresh link",
 "portalDisplayRegister":"Register new account",
 "portalDisplayResetPassword":"Reset password",
 "portalErrorOnExpiredSession":"Show error on expired session",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Menu.pm
@ -114,6 +114,9 @@ sub params {
      $self->p->_sfEngine->display2fRegisters( $req, $req->userData );
    $self->logger->debug("Display 2fRegisters link") if $res{sfaManager};

+    # Display refresh my rights unless disabled
+    $res{RefreshMyRights} = $self->conf->{portalDisplayRefreshMyRights};
+
    # Display menu links only if required
    foreach (qw(ContextSwitching DecryptValue Notifications)) {
        my $plugin =
@ -129,6 +132,19 @@ sub params {
        undef $plugin;
    }

+    # Decide whether to display the dropdown or regular text
+    $res{DropdownMenu} = 0;
+
+    foreach (
+        qw(RefreshMyRights sfaManager Notifications DecryptValue ContextSwitching)
+      )
+    {
+        if ( $res{$_} ) {
+            $res{DropdownMenu} = 1;
+            last;
+        }
+    }
+
    return %res;
 }

--- a/lemonldap-ng-portal/site/templates/bootstrap/menu.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/menu.tpl
@ -56,10 +56,17 @@

      <ul class="user nav navbar-nav navbar-right">
        <li class="nav-item dropdown">
+          <TMPL_IF NAME="DropdownMenu">
          <a href="#" class="nav-link dropdown-toggle" data-toggle="dropdown">
            <span trspan="connectedAs">Connected as</span> <TMPL_VAR NAME="AUTH_USER">
            <span class="caret"></span>
          </a>
+          <TMPL_ELSE>
+          <div class="text-muted">
+            <span trspan="connectedAs">Connected as</span> <TMPL_VAR NAME="AUTH_USER">
+          </div>
+          </TMPL_IF>
+          <TMPL_IF NAME="DropdownMenu">
          <ul class="dropdown-menu" role="menu">
            <TMPL_IF NAME="sfaManager">
              <li class="dropdown-item"><a href="/2fregisters" class="nav-link">
@ -85,11 +92,14 @@
                <span trspan="contextSwitching_<TMPL_VAR NAME="contextSwitching">">contextSwitching_<TMPL_VAR NAME="ContextSwitching"></span>
              </a></li>
            </TMPL_IF>
+            <TMPL_IF NAME="RefreshMyRights">
            <li class="dropdown-item"><a href="/refresh" class="nav-link">
              <img src="<TMPL_VAR NAME="STATIC_PREFIX">common/icons/arrow_refresh.png" width="16" height="16" alt="refresh" />
              <span trspan="refreshrights">Refresh</span>
            </a></li>
+            </TMPL_IF>
          </ul>
+          </TMPL_IF>
        </li>
      </ul>