adjust search so that it works for non-admin users

Non-admin user can now search for: - hosts - hostgroups - netgroups - servers - services (Fixes ACI issue where search returns nothing when user does't have read rights for an attribute in search_attributes. https://fedorahosted.org/freeipa/ticket/5167 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-08-12 10:35:38 +02:00 · 2015-08-12 10:35:38 +02:00 · 196ef09bd2
commit 196ef09bd2
parent ba7e5df194
5 changed files with 8 additions and 3 deletions
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@ -292,7 +292,7 @@ class host(LDAPObject):
    # object_class_config = 'ipahostobjectclasses'
    search_attributes = [
        'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
-        'nshardwareplatform', 'nsosversion', 'managedby', 'ipaallowedtoperform'
+        'nshardwareplatform', 'nsosversion', 'managedby',
    ]
    default_attributes = [
        'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@ -78,6 +78,7 @@ class hostgroup(LDAPObject):
    object_name_plural = _('host groups')
    object_class = ['ipaobject', 'ipahostgroup']
    permission_filter_objectclasses = ['ipahostgroup']
+    search_attributes = ['cn', 'description', 'member', 'memberof']
    default_attributes = ['cn', 'description', 'member', 'memberof',
        'memberindirect', 'memberofindirect',
    ]
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@ -86,6 +86,10 @@ class netgroup(LDAPObject):
    object_name_plural = _('netgroups')
    object_class = ['ipaobject', 'ipaassociation', 'ipanisnetgroup']
    permission_filter_objectclasses = ['ipanisnetgroup']
+    search_attributes = [
+        'cn', 'description', 'memberof', 'externalhost', 'nisdomainname',
+        'memberuser', 'memberhost', 'member', 'usercategory', 'hostcategory',
+    ]
    default_attributes = [
        'cn', 'description', 'memberof', 'externalhost', 'nisdomainname',
        'memberuser', 'memberhost', 'member', 'memberindirect',
--- a/ipalib/plugins/server.py
+++ b/ipalib/plugins/server.py
@ -38,6 +38,7 @@ class server(LDAPObject):
    object_name = _('server')
    object_name_plural = _('servers')
    object_class = ['top']
+    search_attributes = ['cn']
    default_attributes = [
        'cn', 'iparepltopomanagedsuffix', 'ipamindomainlevel',
        'ipamaxdomainlevel'
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@ -391,8 +391,7 @@ class service(LDAPObject):
    ]
    possible_objectclasses = ['ipakrbprincipal', 'ipaallowedoperations']
    permission_filter_objectclasses = ['ipaservice']
-    search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata',
-        'ipaallowedtoperform']
+    search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']
    default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',
        'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform']
    uuid_attribute = 'ipauniqueid'