mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Prohibit deletion of predefined profiles
Deletion of predefined profiles, including the default profile, should not be allowed. Detect this case and raise an error. Also update the predefined profiles collection to use namedtuple, making it easier to access the various components. Fixes: https://fedorahosted.org/freeipa/ticket/5198 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
65b8c62207
commit
27988f1b83
@ -3,6 +3,7 @@
|
||||
#
|
||||
|
||||
import re
|
||||
from operator import attrgetter
|
||||
|
||||
from ipalib import api, Bool, File, Str
|
||||
from ipalib import output, util
|
||||
@ -14,6 +15,7 @@ from ipalib.plugins.baseldap import (
|
||||
from ipalib.request import context
|
||||
from ipalib import ngettext
|
||||
from ipalib.text import _
|
||||
from ipapython.dogtag import INCLUDED_PROFILES
|
||||
from ipapython.version import API_VERSION
|
||||
|
||||
from ipalib import errors
|
||||
@ -287,9 +289,16 @@ class certprofile_del(LDAPDelete):
|
||||
__doc__ = _("Delete a Certificate Profile.")
|
||||
msg_summary = _('Deleted profile "%(value)s"')
|
||||
|
||||
def execute(self, *args, **kwargs):
|
||||
def pre_callback(self, ldap, dn, *keys, **options):
|
||||
ca_enabled_check()
|
||||
return super(certprofile_del, self).execute(*args, **kwargs)
|
||||
|
||||
if keys[0] in map(attrgetter('profile_id'), INCLUDED_PROFILES):
|
||||
raise errors.ValidationError(name='profile_id',
|
||||
error=_("Predefined profile '%(profile_id)s' cannot be deleted")
|
||||
% {'profile_id': keys[0]}
|
||||
)
|
||||
|
||||
return dn
|
||||
|
||||
def post_callback(self, ldap, dn, *keys, **options):
|
||||
with self.api.Backend.ra_certprofile as profile_api:
|
||||
|
@ -17,6 +17,7 @@
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
import collections
|
||||
import os
|
||||
import httplib
|
||||
import xml.dom.minidom
|
||||
@ -42,10 +43,11 @@ from ipapython.ipa_log_manager import *
|
||||
# the configured version.
|
||||
|
||||
|
||||
Profile = collections.namedtuple('Profile', ['profile_id', 'description', 'store_issued'])
|
||||
|
||||
INCLUDED_PROFILES = {
|
||||
# ( profile_id , description , store_issued)
|
||||
(u'caIPAserviceCert', u'Standard profile for network services', True),
|
||||
(u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True),
|
||||
Profile(u'caIPAserviceCert', u'Standard profile for network services', True),
|
||||
Profile(u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True),
|
||||
}
|
||||
|
||||
DEFAULT_PROFILE = u'caIPAserviceCert'
|
||||
|
Loading…
Reference in New Issue
Block a user