Remove redundant principal_type argument

Minor refactor to remove the redundant 'principal_type' argument from 'caacl_check' and associated functions. Part of: https://pagure.io/freeipa/issue/5011 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-01-25 15:51:46 +10:00 · 2017-01-25 15:51:46 +10:00 · 2066a80be2
commit 2066a80be2
parent 223a48b6d9
2 changed files with 12 additions and 9 deletions
--- a/ipaserver/plugins/caacl.py
+++ b/ipaserver/plugins/caacl.py
@ -151,7 +151,13 @@ def _acl_make_rule(principal_type, obj):
    return rule


-def acl_evaluate(principal_type, principal, ca_id, profile_id):
+def acl_evaluate(principal, ca_id, profile_id):
+    if principal.is_user:
+        principal_type = 'user'
+    elif principal.is_host:
+        principal_type = 'host'
+    else:
+        principal_type = 'service'
    req = _acl_make_request(principal_type, principal, ca_id, profile_id)
    acls = api.Command.caacl_find(no_members=False)['result']
    rules = [_acl_make_rule(principal_type, obj) for obj in acls]
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@ -200,11 +200,9 @@ def ca_enabled_check(_api):
    if not _api.Command.ca_is_enabled()['result']:
        raise errors.NotFound(reason=_('CA is not configured'))

-def caacl_check(principal_type, principal, ca, profile_id):
-    principal_type_map = {USER: 'user', HOST: 'host', SERVICE: 'service'}
-    if not acl_evaluate(
-            principal_type_map[principal_type],
-            principal, ca, profile_id):
+
+def caacl_check(principal, ca, profile_id):
+    if not acl_evaluate(principal, ca, profile_id):
        raise errors.ACIError(info=_(
                "Principal '%(principal)s' "
                "is not permitted to use CA '%(ca)s' "
@ -599,7 +597,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
            if principal_type == KRBTGT:
                ca_kdc_check(ldap, bind_principal.hostname)
            else:
-                caacl_check(principal_type, principal, ca, profile_id)
+                caacl_check(principal, ca, profile_id)

        try:
            csr_obj = pkcs10.load_certificate_request(csr)
@ -756,8 +754,7 @@ class cert_request(Create, BaseCertMethod, VirtualCommand):
                    if principal_type == KRBTGT:
                        ca_kdc_check(ldap, alt_principal.hostname)
                    else:
-                        caacl_check(principal_type, alt_principal, ca,
-                                    profile_id)
+                        caacl_check(alt_principal, ca, profile_id)

            elif isinstance(gn, (x509.KRB5PrincipalName, x509.UPN)):
                if principal_type == KRBTGT: