permission-mod prompts for all parameters

ipa permission-mod was prompting for all parameters because they had specified flag 'ask_update'. The flag was removed. Additionally the exec_callback for permission-mod was updated to unify the behaviour with other ipa commands (raise exception when no modification was specified). https://fedorahosted.org/freeipa/ticket/2280
2025-01-28 09:06:44 -06:00 · 2012-05-16 13:36:35 +02:00 · 2012-05-16 13:36:35 +02:00 · 677ea8cbfa
commit 677ea8cbfa
parent 13b51f3011
3 changed files with 14 additions and 21 deletions
--- a/API.txt
+++ b/API.txt
@ -2097,12 +2097,12 @@ command: permission_mod
 args: 1,15,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
 option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, required=False)
-option: Str('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=False, required=False)
+option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, required=False)
-option: StrEnum('type', alwaysask=True, attribute=True, autofill=False, cli_name='type', multivalue=False, query=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
+option: StrEnum('type', attribute=True, autofill=False, cli_name='type', multivalue=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
-option: Str('memberof', alwaysask=True, attribute=True, autofill=False, cli_name='memberof', multivalue=False, query=False, required=False)
+option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', multivalue=False, required=False)
-option: Str('filter', alwaysask=True, attribute=True, autofill=False, cli_name='filter', multivalue=False, query=False, required=False)
+option: Str('filter', attribute=True, autofill=False, cli_name='filter', multivalue=False, required=False)
-option: Str('subtree', alwaysask=True, attribute=True, autofill=False, cli_name='subtree', multivalue=False, query=False, required=False)
+option: Str('subtree', attribute=True, autofill=False, cli_name='subtree', multivalue=False, required=False)
-option: Str('targetgroup', alwaysask=True, attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, query=False, required=False)
+option: Str('targetgroup', attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Str('delattr*', cli_name='delattr', exclude='webui')
--- a/2
+++ b/2
@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=34
+IPA_API_VERSION_MINOR=35
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@ -133,38 +133,38 @@ class permission(LDAPObject):
            doc=_('Comma-separated list of attributes'),
            csv=True,
            normalizer=lambda value: value.lower(),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
        ),
        StrEnum('type?',
            cli_name='type',
            label=_('Type'),
            doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)'),
            values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord',),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
        ),
        Str('memberof?',
            cli_name='memberof',
            label=_('Member of group'),  # FIXME: Does this label make sense?
            doc=_('Target members of a group'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
        ),
        Str('filter?',
            cli_name='filter',
            label=_('Filter'),
            doc=_('Legal LDAP filter (e.g. ou=Engineering)'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
        ),
        Str('subtree?',
            cli_name='subtree',
            label=_('Subtree'),
            doc=_('Subtree to apply permissions to'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
        ),
        Str('targetgroup?',
            cli_name='targetgroup',
            label=_('Target group'),
            doc=_('User group to apply permissions to'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
        ),
    )
@ -314,14 +314,7 @@ class permission_mod(LDAPUpdate):
        if call_func.func_name == 'update_entry':
            if isinstance(exc, errors.EmptyModlist):
                aciupdate = getattr(context, 'aciupdate')
-                opts = copy.copy(options)
+                if aciupdate:
                # Clear the aci attributes out of the permission entry
                for o in self.obj.aci_attributes + ['all', 'raw', 'rights']:
                    try:
                        del opts[o]
                    except:
                        pass
                if len(opts) == 0 or aciupdate:
                    return
        raise exc