1 files changed, 17 insertions, 7 deletions

diff --git a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
index 454aa619..5ee2f9fd 100644
--- a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
@@ -35,6 +35,7 @@ import org.apache.wicket.model.util.CollectionModel;
 import org.apache.wicket.model.util.ListModel;

 

 import com.gitblit.Constants.RegistrantType;

+import com.gitblit.Constants.Role;

 import com.gitblit.GitBlitException;

 import com.gitblit.Keys;

 import com.gitblit.models.RegistrantAccessPermission;

@@ -216,18 +217,27 @@ public class EditUserPage extends RootSubPage {
 		// do not let the browser pre-populate these fields

 		form.add(new SimpleAttributeModifier("autocomplete", "off"));

 

-		// not all user services support manipulating username and password

+		// not all user providers support manipulating username and password

 		boolean editCredentials = app().authentication().supportsCredentialChanges(userModel);

 

-		// not all user services support manipulating display name

+		// not all user providers support manipulating display name

 		boolean editDisplayName = app().authentication().supportsDisplayNameChanges(userModel);

 

-		// not all user services support manipulating email address

+		// not all user providers support manipulating email address

 		boolean editEmailAddress = app().authentication().supportsEmailAddressChanges(userModel);

 

-		// not all user services support manipulating team memberships

+		// not all user providers support manipulating team memberships

 		boolean editTeams = app().authentication().supportsTeamMembershipChanges(userModel);

 

+		// not all user providers support manipulating the admin role

+		boolean changeAdminRole = app().authentication().supportsRoleChanges(userModel, Role.ADMIN);

+

+		// not all user providers support manipulating the create role

+		boolean changeCreateRole = app().authentication().supportsRoleChanges(userModel, Role.CREATE);

+

+		// not all user providers support manipulating the fork role

+		boolean changeForkRole = app().authentication().supportsRoleChanges(userModel, Role.FORK);

+

 		// field names reflective match UserModel fields

 		form.add(new TextField<String>("username").setEnabled(editCredentials));

 		PasswordTextField passwordField = new PasswordTextField("password");

@@ -245,7 +255,7 @@ public class EditUserPage extends RootSubPage {
 			// display a disabled-yet-checked checkbox

 			form.add(new CheckBox("canAdmin", Model.of(true)).setEnabled(false));

 		} else {

-			form.add(new CheckBox("canAdmin"));

+			form.add(new CheckBox("canAdmin").setEnabled(changeAdminRole));

 		}

 

 		if (userModel.canFork() && !userModel.canFork) {

@@ -254,7 +264,7 @@ public class EditUserPage extends RootSubPage {
 			form.add(new CheckBox("canFork", Model.of(true)).setEnabled(false));

 		} else {

 			final boolean forkingAllowed = app().settings().getBoolean(Keys.web.allowForking, true);

-			form.add(new CheckBox("canFork").setEnabled(forkingAllowed));

+			form.add(new CheckBox("canFork").setEnabled(forkingAllowed && changeForkRole));

 		}

 

 		if (userModel.canCreate() && !userModel.canCreate) {

@@ -262,7 +272,7 @@ public class EditUserPage extends RootSubPage {
 			// display a disabled-yet-checked checkbox

 			form.add(new CheckBox("canCreate", Model.of(true)).setEnabled(false));

 		} else {

-			form.add(new CheckBox("canCreate"));

+			form.add(new CheckBox("canCreate").setEnabled(changeCreateRole));

 		}

 

 		form.add(new CheckBox("excludeFromFederation"));