permission-find: Fix handling of the search term for legacy permissions

Previously the search term was only applied to the name. Fix it so that it filters results based on any attribute. Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-02-24 10:36:47 +01:00 · 2014-02-24 10:36:47 +01:00 · 427317efa6
commit 427317efa6
parent 4f302f6500
1 changed files with 24 additions and 17 deletions
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@ -1173,8 +1173,9 @@ class permission_find(baseldap.LDAPSearch):
            filters = ['(objectclass=ipaPermission)',
                       '(!(ipaPermissionType=V2))']
-            if args:
+            if 'name' in options:
-                filters.append(ldap.make_filter_from_attr('cn', args[0],
+                filters.append(ldap.make_filter_from_attr('cn',
                                                          options['name'],
                                                          exact=False))
            attrs_list = list(self.obj.default_attributes)
            attrs_list += list(self.obj.attribute_members)
@ -1206,22 +1207,28 @@ class permission_find(baseldap.LDAPSearch):
                    break
                self.obj.upgrade_permission(entry, output_only=True,
                                            cached_acientry=root_entry)
-                cn = entry.single_value['cn']
+                # If all given options match, include the entry
-                if any(a.lower() in cn.lower() for a in args if a):
+                # Do a case-insensitive match, on any value if multi-valued
-                    entries.append(entry)
+                for opt in attribute_options:
                    optval = options[opt]
                    if not isinstance(optval, (tuple, list)):
                        optval = [optval]
                    value = entry.get(opt)
                    if not value:
                        break
                    if not all(any(str(ov).lower() in str(v).lower()
                                for v in value) for ov in optval):
                        break
                else:
-                    # If all given options match, include the entry
+                    # Each search term must be present in some
-                    # Do a case-insensitive match, on any value if multi-valued
+                    # attribute value
-                    for opt in attribute_options:
+                    for arg in args:
-                        optval = options[opt]
+                        if arg:
-                        if not isinstance(optval, (tuple, list)):
+                            arg = arg.lower()
-                            optval = [optval]
+                            if not any(arg in str(value).lower()
-                        value = entry.get(opt)
+                                       for values in entry.values()
-                        if not value:
+                                       for value in values):
-                            break
+                                break
                        if not all(any(str(ov).lower() in str(v).lower()
                                   for v in value) for ov in optval):
                            break
                    else:
                        entries.append(entry)