mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
permission plugin: Output the extratargetfilter virtual attribute
The --filter, --type, and --memberof options interact in a way that's difficult to recreate in the UI: type and memberof are "views" on the filter, they affect it and are affected by it Add a "extratagretfilter" view that only contains the filters not linked to type or memberof. Show extra target filter, and not the full target filter, by default; show both with --all, and full filter only with --raw. Write support will be added in a subsequent patch. Part of the work for: https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
parent
6fb53bb08c
commit
3120a6833e
9
API.txt
9
API.txt
@ -2324,11 +2324,12 @@ output: Output('result', <type 'bool'>, None)
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('value', <type 'unicode'>, None)
|
||||
command: permission_add
|
||||
args: 1,18,3
|
||||
args: 1,19,3
|
||||
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, required=True)
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
option: Str('attrs', attribute=False, cli_name='attrs', multivalue=True, required=False)
|
||||
option: Str('extratargetfilter', attribute=False, cli_name='extratargetfilter', multivalue=True, required=False)
|
||||
option: Str('filter', attribute=False, cli_name='filter', multivalue=True, required=False)
|
||||
option: StrEnum('ipapermbindruletype', attribute=True, autofill=True, cli_name='bindtype', default=u'permission', multivalue=False, required=True, values=(u'permission', u'all', u'anonymous'))
|
||||
option: DNOrURL('ipapermlocation', alwaysask=True, attribute=True, autofill=False, cli_name='subtree', multivalue=False, query=False, required=False)
|
||||
@ -2379,11 +2380,12 @@ output: Output('result', <type 'dict'>, None)
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('value', <type 'unicode'>, None)
|
||||
command: permission_find
|
||||
args: 1,23,4
|
||||
args: 1,24,4
|
||||
arg: Str('criteria?', noextrawhitespace=False)
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, query=True, required=False)
|
||||
option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=False)
|
||||
option: Str('extratargetfilter', attribute=False, autofill=False, cli_name='extratargetfilter', multivalue=True, query=True, required=False)
|
||||
option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False)
|
||||
option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, query=True, required=False, values=(u'permission', u'all', u'anonymous'))
|
||||
option: Str('ipapermdefaultattr', attribute=True, autofill=False, cli_name='defaultattrs', multivalue=True, query=True, required=False)
|
||||
@ -2409,12 +2411,13 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
|
||||
output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('truncated', <type 'bool'>, None)
|
||||
command: permission_mod
|
||||
args: 1,23,3
|
||||
args: 1,24,3
|
||||
arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=True)
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
|
||||
option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, required=False)
|
||||
option: Str('delattr*', cli_name='delattr', exclude='webui')
|
||||
option: Str('extratargetfilter', attribute=False, autofill=False, cli_name='extratargetfilter', multivalue=True, required=False)
|
||||
option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, required=False)
|
||||
option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, required=False, values=(u'permission', u'all', u'anonymous'))
|
||||
option: Str('ipapermexcludedattr', attribute=True, autofill=False, cli_name='excludedattrs', multivalue=True, required=False)
|
||||
|
4
VERSION
4
VERSION
@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000
|
||||
# #
|
||||
########################################################
|
||||
IPA_API_VERSION_MAJOR=2
|
||||
IPA_API_VERSION_MINOR=77
|
||||
# Last change: pviktori - permissions: multivalued memberof
|
||||
IPA_API_VERSION_MINOR=78
|
||||
# Last change: pviktori - permission extratargetfilter
|
||||
|
@ -101,7 +101,7 @@ register = Registry()
|
||||
|
||||
_DEPRECATED_OPTION_ALIASES = {
|
||||
'permissions': 'ipapermright',
|
||||
'filter': 'ipapermtargetfilter',
|
||||
'filter': 'extratargetfilter',
|
||||
'subtree': 'ipapermlocation',
|
||||
}
|
||||
|
||||
@ -229,6 +229,12 @@ class permission(baseldap.LDAPObject):
|
||||
doc=_('Subtree to apply permissions to'),
|
||||
flags={'ask_create'},
|
||||
),
|
||||
Str(
|
||||
'extratargetfilter*', prevalidate_filter,
|
||||
label=_('Extra target filter'),
|
||||
doc=_('Target filter, excluding filters set by type and memberof'),
|
||||
flags={'virtual_attribute'},
|
||||
),
|
||||
Str(
|
||||
'ipapermtargetfilter*', prevalidate_filter,
|
||||
cli_name='filter',
|
||||
@ -287,11 +293,16 @@ class permission(baseldap.LDAPObject):
|
||||
Command options. Contains keys such as ``raw``, ``all``,
|
||||
``pkey_only``, ``version``.
|
||||
"""
|
||||
old_client = not client_has_capability(
|
||||
options['version'], 'permissions2')
|
||||
|
||||
if not options.get('raw') and not options.get('pkey_only'):
|
||||
ipapermtargetfilter = entry.get('ipapermtargetfilter', [])
|
||||
ipapermtarget = entry.single_value.get('ipapermtarget')
|
||||
ipapermlocation = entry.single_value.get('ipapermlocation')
|
||||
|
||||
implicit_targetfilters = set()
|
||||
|
||||
# memberof
|
||||
memberof = []
|
||||
for targetfilter in ipapermtargetfilter:
|
||||
@ -302,6 +313,7 @@ class permission(baseldap.LDAPObject):
|
||||
self.api.env.basedn)
|
||||
if dn[1:] == groups_dn[:] and dn[0].attr == 'cn':
|
||||
memberof.append(dn[0].value)
|
||||
implicit_targetfilters.add(match.group(0))
|
||||
if memberof:
|
||||
entry['memberof'] = memberof
|
||||
|
||||
@ -324,17 +336,28 @@ class permission(baseldap.LDAPObject):
|
||||
if DN(ipapermlocation) != wantdn:
|
||||
continue
|
||||
|
||||
objectclass_targetfilters = set()
|
||||
for objclass in filter_objectclasses:
|
||||
filter_re = '\(objectclass=%s\)' % re.escape(objclass)
|
||||
if not any(re.match(filter_re, tf, re.I)
|
||||
for tf in ipapermtargetfilter):
|
||||
for tf in ipapermtargetfilter:
|
||||
if re.match(filter_re, tf, re.I):
|
||||
objectclass_targetfilters.add(tf)
|
||||
break
|
||||
else:
|
||||
break
|
||||
else:
|
||||
entry.single_value['type'] = unicode(obj.name)
|
||||
implicit_targetfilters |= objectclass_targetfilters
|
||||
break
|
||||
|
||||
if ipapermtargetfilter:
|
||||
extratargetfilter = sorted(
|
||||
set(ipapermtargetfilter) - implicit_targetfilters)
|
||||
if extratargetfilter:
|
||||
entry['extratargetfilter'] = extratargetfilter
|
||||
|
||||
# old output names
|
||||
if not client_has_capability(options['version'], 'permissions2'):
|
||||
if old_client:
|
||||
for old_name, new_name in _DEPRECATED_OPTION_ALIASES.items():
|
||||
if new_name in entry:
|
||||
entry[old_name] = entry[new_name]
|
||||
@ -359,7 +382,7 @@ class permission(baseldap.LDAPObject):
|
||||
set(rights.get('ipapermexcludedattr', '')),
|
||||
key=rights['ipapermincludedattr'].index))
|
||||
|
||||
if not client_has_capability(options['version'], 'permissions2'):
|
||||
if old_client:
|
||||
for old_name, new_name in _DEPRECATED_OPTION_ALIASES.items():
|
||||
if new_name in entry:
|
||||
rights[old_name] = rights[new_name]
|
||||
@ -386,7 +409,7 @@ class permission(baseldap.LDAPObject):
|
||||
not entry.get('ipapermdefaultattr')):
|
||||
entry.pop('ipapermincludedattr', None)
|
||||
|
||||
if not client_has_capability(options['version'], 'permissions2'):
|
||||
if old_client:
|
||||
# Legacy clients expect some attributes as a single value
|
||||
for attr in 'type', 'targetgroup', 'aci':
|
||||
if attr in entry:
|
||||
@ -407,6 +430,10 @@ class permission(baseldap.LDAPObject):
|
||||
new_filter.append(flt[1:-1])
|
||||
entry['filter'] = new_filter
|
||||
|
||||
if not options['raw'] and not options['all']:
|
||||
# Don't return the raw target filter by default
|
||||
entry.pop('ipapermtargetfilter', None)
|
||||
|
||||
def get_effective_attrs(self, entry):
|
||||
attrs = set(entry.get('ipapermdefaultattr', ()))
|
||||
attrs.update(entry.get('ipapermincludedattr', ()))
|
||||
|
@ -155,7 +155,6 @@ class test_old_permission(Declarative):
|
||||
permissions=[u'write'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -231,7 +230,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
),
|
||||
@ -282,7 +280,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
],
|
||||
@ -307,7 +304,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
],
|
||||
@ -344,7 +340,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
],
|
||||
@ -400,7 +395,6 @@ class test_old_permission(Declarative):
|
||||
owner=[u'cn=test', u'cn=test2'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -424,7 +418,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
{
|
||||
@ -435,7 +428,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
],
|
||||
@ -519,7 +511,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
],
|
||||
@ -544,7 +535,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
{
|
||||
@ -555,7 +545,6 @@ class test_old_permission(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
],
|
||||
@ -618,8 +607,6 @@ class test_old_permission(Declarative):
|
||||
owner=[u'cn=other-test', u'cn=other-test2'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'memberOf=%s' % DN('cn=ipausers', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -642,8 +629,6 @@ class test_old_permission(Declarative):
|
||||
'memberof': u'ipausers',
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'memberOf=%s' % DN('cn=ipausers', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
),
|
||||
@ -689,8 +674,6 @@ class test_old_permission(Declarative):
|
||||
'memberof': u'ipausers',
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'memberOf=%s' % DN('cn=ipausers', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
),
|
||||
@ -717,8 +700,6 @@ class test_old_permission(Declarative):
|
||||
'memberof': u'ipausers',
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'memberOf=%s' % DN('cn=ipausers', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
),
|
||||
@ -745,8 +726,6 @@ class test_old_permission(Declarative):
|
||||
'memberof': u'ipausers',
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [u'memberOf=%s' % DN('cn=ipausers', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
'subtree': u'ldap:///%s' % users_dn,
|
||||
},
|
||||
),
|
||||
@ -773,7 +752,6 @@ class test_old_permission(Declarative):
|
||||
memberof=u'ipausers',
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'memberOf=%s' % DN('cn=ipausers', groups_dn)],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -798,9 +776,6 @@ class test_old_permission(Declarative):
|
||||
'memberof':u'ipausers',
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'V2', u'SYSTEM'],
|
||||
'filter': [
|
||||
u'memberOf=%s' % DN('cn=ipausers', groups_dn)],
|
||||
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -946,8 +921,6 @@ class test_old_permission(Declarative):
|
||||
type=u'user',
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'memberOf=%s' % DN('cn=editors', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -979,8 +952,6 @@ class test_old_permission(Declarative):
|
||||
type=u'user',
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'memberOf=%s' % DN('cn=admins', groups_dn),
|
||||
u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -1004,7 +975,6 @@ class test_old_permission(Declarative):
|
||||
type=u'user',
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -1078,7 +1048,6 @@ class test_old_permission(Declarative):
|
||||
attrs=(u'cn',),
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'objectclass=posixaccount'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -1101,7 +1070,7 @@ class test_old_permission(Declarative):
|
||||
attributelevelrights=permission3_attributelevelrights,
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'objectclass=posixaccount'],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
@ -1124,7 +1093,7 @@ class test_old_permission(Declarative):
|
||||
attributelevelrights=permission3_attributelevelrights,
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'V2', u'SYSTEM'],
|
||||
filter=[u'objectclass=posixaccount'],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
subtree=u'ldap:///%s' % users_dn,
|
||||
),
|
||||
),
|
||||
|
@ -266,7 +266,6 @@ class test_permission_negative(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -378,7 +377,6 @@ class test_permission(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -463,7 +461,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
),
|
||||
),
|
||||
@ -517,7 +514,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -543,7 +539,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -581,7 +576,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -645,7 +639,6 @@ class test_permission(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -677,7 +670,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
{
|
||||
'dn': permission2_dn,
|
||||
@ -689,7 +681,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -774,7 +765,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -799,7 +789,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
'member_privilege': [privilege1],
|
||||
},
|
||||
{
|
||||
@ -812,7 +801,6 @@ class test_permission(Declarative):
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
},
|
||||
],
|
||||
),
|
||||
@ -877,10 +865,6 @@ class test_permission(Declarative):
|
||||
memberof=[u'ipausers'],
|
||||
owner=[u'cn=other-test', u'cn=other-test2'],
|
||||
attrs=[u'sn'],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN('cn=ipausers', groups_dn),
|
||||
u"(objectclass=posixaccount)",
|
||||
],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
@ -913,9 +897,6 @@ class test_permission(Declarative):
|
||||
'ipapermright': [u'read'],
|
||||
'memberof': [u'ipausers'],
|
||||
'attrs': [u'sn'],
|
||||
'ipapermtargetfilter': [
|
||||
u'(memberOf=%s)' % DN('cn=ipausers', groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
@ -958,9 +939,6 @@ class test_permission(Declarative):
|
||||
'ipapermright': [u'read'],
|
||||
'memberof': [u'ipausers'],
|
||||
'attrs': [u'sn'],
|
||||
'ipapermtargetfilter': [
|
||||
u'(memberOf=%s)' % DN('cn=ipausers', groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
@ -988,9 +966,6 @@ class test_permission(Declarative):
|
||||
'ipapermright': [u'all'],
|
||||
'memberof': [u'ipausers'],
|
||||
'attrs': [u'sn'],
|
||||
'ipapermtargetfilter': [
|
||||
u'(memberOf=%s)' % DN('cn=ipausers', groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
@ -1030,9 +1005,6 @@ class test_permission(Declarative):
|
||||
'ipapermright': [u'write'],
|
||||
'memberof': [u'ipausers'],
|
||||
'attrs': [u'sn'],
|
||||
'ipapermtargetfilter': [
|
||||
u'(memberOf=%s)' % DN('cn=ipausers', groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
@ -1071,8 +1043,6 @@ class test_permission(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
memberof=[u'ipausers'],
|
||||
attrs=[u'sn'],
|
||||
ipapermtargetfilter=[u'(memberOf=%s)' % DN('cn=ipausers',
|
||||
groups_dn)],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
),
|
||||
@ -1105,7 +1075,7 @@ class test_permission(Declarative):
|
||||
'attrs': [u'cn'],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermtargetfilter': [u'(objectclass=posixaccount)'],
|
||||
'extratargetfilter': [u'(objectclass=posixaccount)'],
|
||||
'ipapermlocation': [api.env.basedn],
|
||||
},
|
||||
),
|
||||
@ -1120,7 +1090,7 @@ class test_permission(Declarative):
|
||||
),
|
||||
|
||||
dict(
|
||||
desc='Search for %r using --subtree' % permission1,
|
||||
desc='Search for %r using --subtree' % permission1_renamed_ucase,
|
||||
command=('permission_find', [],
|
||||
{'ipapermlocation': u'ldap:///%s' % users_dn}),
|
||||
expected=dict(
|
||||
@ -1137,8 +1107,6 @@ class test_permission(Declarative):
|
||||
'ipapermright':[u'write'],
|
||||
'memberof':[u'ipausers'],
|
||||
'attrs': [u'sn'],
|
||||
'ipapermtargetfilter': [u'(memberOf=%s)' % DN(
|
||||
'cn=ipausers', groups_dn)],
|
||||
'ipapermbindruletype': [u'permission'],
|
||||
'ipapermissiontype': [u'SYSTEM', u'V2'],
|
||||
'ipapermlocation': [users_dn],
|
||||
@ -1288,9 +1256,6 @@ class test_permission(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
type=[u'user'],
|
||||
attrs=[u'sn'],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'editors'), groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
@ -1332,9 +1297,6 @@ class test_permission(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
type=[u'user'],
|
||||
attrs=[u'sn'],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
@ -1372,7 +1334,6 @@ class test_permission(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -1452,7 +1413,6 @@ class test_permission(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
attrs=(u'cn',),
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
),
|
||||
@ -1715,9 +1675,6 @@ class test_permission_sync_attributes(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
memberof=[u'admins'],
|
||||
),
|
||||
),
|
||||
@ -1750,8 +1707,7 @@ class test_permission_sync_attributes(Declarative):
|
||||
attrs=[u'sn'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
extratargetfilter=[
|
||||
u'(objectclass=posixaccount)'],
|
||||
memberof=[u'admins'],
|
||||
ipapermlocation=[api.env.basedn],
|
||||
@ -1790,9 +1746,6 @@ class test_permission_sync_attributes(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
memberof=[u'admins'],
|
||||
),
|
||||
),
|
||||
@ -1829,8 +1782,6 @@ class test_permission_sync_attributes(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn)],
|
||||
memberof=[u'admins'],
|
||||
),
|
||||
),
|
||||
@ -1894,7 +1845,6 @@ class test_permission_sync_attributes(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[groups_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=ipausergroup)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -1929,7 +1879,6 @@ class test_permission_sync_attributes(Declarative):
|
||||
ipapermtarget=[DN('cn=editors', groups_dn)],
|
||||
ipapermlocation=[groups_dn],
|
||||
targetgroup=[u'editors'],
|
||||
ipapermtargetfilter=[u'(objectclass=ipausergroup)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -1975,9 +1924,6 @@ class test_permission_sync_nice(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
u'(objectclass=posixaccount)'],
|
||||
memberof=[u'admins'],
|
||||
),
|
||||
),
|
||||
@ -2010,8 +1956,6 @@ class test_permission_sync_nice(Declarative):
|
||||
attrs=[u'sn'],
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermtargetfilter=[u'(memberOf=%s)' % DN(('cn', 'admins'),
|
||||
groups_dn)],
|
||||
memberof=[u'admins'],
|
||||
ipapermlocation=[api.env.basedn],
|
||||
),
|
||||
@ -2076,7 +2020,6 @@ class test_permission_sync_nice(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[groups_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=ipausergroup)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2111,7 +2054,6 @@ class test_permission_sync_nice(Declarative):
|
||||
ipapermtarget=[DN('cn=editors', groups_dn)],
|
||||
ipapermlocation=[groups_dn],
|
||||
targetgroup=[u'editors'],
|
||||
ipapermtargetfilter=[u'(objectclass=ipausergroup)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2278,7 +2220,6 @@ class test_permission_bindtype(Declarative):
|
||||
ipapermbindruletype=[u'anonymous'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2340,7 +2281,6 @@ class test_permission_bindtype(Declarative):
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2382,7 +2322,6 @@ class test_permission_bindtype(Declarative):
|
||||
objectclass=objectclasses.permission,
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
],
|
||||
),
|
||||
@ -2421,7 +2360,6 @@ class test_permission_bindtype(Declarative):
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2453,7 +2391,6 @@ class test_permission_bindtype(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2483,7 +2420,6 @@ class test_permission_bindtype(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -2795,7 +2731,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o'],
|
||||
ipapermincludedattr=[u'cn', u'sn', u'o'],
|
||||
@ -2827,7 +2762,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o'],
|
||||
ipapermincludedattr=[u'cn', u'sn', u'o'],
|
||||
@ -2903,7 +2837,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o'],
|
||||
ipapermexcludedattr=[u'cn'],
|
||||
@ -2935,7 +2868,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o', u'sn'],
|
||||
ipapermincludedattr=[u'sn'],
|
||||
@ -2969,7 +2901,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o', u'sn'],
|
||||
ipapermincludedattr=[u'sn'],
|
||||
@ -2995,7 +2926,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o', u'sn'],
|
||||
ipapermincludedattr=[u'sn'],
|
||||
@ -3032,7 +2962,6 @@ class test_managed_permissions(Declarative):
|
||||
ipapermright=[u'write'],
|
||||
ipapermbindruletype=[u'all'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
ipapermdefaultattr=[u'l', u'o', u'cn'],
|
||||
attrs=[u'l', u'o', u'sn', u'cn'],
|
||||
ipapermincludedattr=[u'sn'],
|
||||
@ -3100,11 +3029,8 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(objectclass=posixaccount)',
|
||||
extratargetfilter=[
|
||||
u'(objectclass=top)',
|
||||
u'(memberOf=%s)' % DN(('cn', 'ipausers'), groups_dn),
|
||||
u'(memberof=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
],
|
||||
),
|
||||
),
|
||||
@ -3146,10 +3072,8 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[api.env.basedn],
|
||||
ipapermtargetfilter=[
|
||||
extratargetfilter=[
|
||||
u'(objectclass=ipauser)',
|
||||
u'(memberOf=%s)' % DN(('cn', 'ipausers'), groups_dn),
|
||||
u'(memberof=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
],
|
||||
),
|
||||
),
|
||||
@ -3186,7 +3110,7 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[api.env.basedn],
|
||||
ipapermtargetfilter=[
|
||||
extratargetfilter=[
|
||||
u'(cn=xyz)',
|
||||
u'(objectclass=ipauser)',
|
||||
],
|
||||
@ -3227,9 +3151,7 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
u'(objectclass=posixaccount)',
|
||||
extratargetfilter=[
|
||||
u'(uid=abc)',
|
||||
],
|
||||
),
|
||||
@ -3267,7 +3189,7 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[api.env.basedn],
|
||||
ipapermtargetfilter=[
|
||||
extratargetfilter=[
|
||||
u'(uid=abc)',
|
||||
],
|
||||
),
|
||||
@ -3301,11 +3223,7 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[api.env.basedn],
|
||||
ipapermtargetfilter=[
|
||||
u'(uid=abc)',
|
||||
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
|
||||
u'(memberOf=%s)' % DN(('cn', 'editors'), groups_dn),
|
||||
],
|
||||
extratargetfilter=[u'(uid=abc)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -3354,9 +3272,6 @@ class test_permission_filters(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[
|
||||
u'(objectclass=posixaccount)',
|
||||
],
|
||||
),
|
||||
),
|
||||
),
|
||||
|
@ -107,7 +107,6 @@ class test_privilege(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
@ -228,7 +227,6 @@ class test_privilege(Declarative):
|
||||
ipapermbindruletype=[u'permission'],
|
||||
ipapermissiontype=[u'SYSTEM', u'V2'],
|
||||
ipapermlocation=[users_dn],
|
||||
ipapermtargetfilter=[u'(objectclass=posixaccount)'],
|
||||
),
|
||||
),
|
||||
),
|
||||
|
Loading…
Reference in New Issue
Block a user