User life cycle: provide preserved user virtual attribute

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This commit is contained in:
Jan Cholasta 2015-05-20 08:12:07 +00:00 committed by Petr Vobornik
parent e9e4509b10
commit 69607250b9
3 changed files with 52 additions and 34 deletions

View File

@ -5218,7 +5218,7 @@ option: Str('pager', attribute=True, autofill=False, cli_name='pager', multivalu
option: Flag('pkey_only?', autofill=True, default=False)
option: Str('postalcode', attribute=True, autofill=False, cli_name='postalcode', multivalue=False, query=True, required=False)
option: Str('preferredlanguage', attribute=True, autofill=False, cli_name='preferredlanguage', multivalue=False, pattern='^(([a-zA-Z]{1,8}(-[a-zA-Z]{1,8})?(;q\\=((0(\\.[0-9]{0,3})?)|(1(\\.0{0,3})?)))?(\\s*,\\s*[a-zA-Z]{1,8}(-[a-zA-Z]{1,8})?(;q\\=((0(\\.[0-9]{0,3})?)|(1(\\.0{0,3})?)))?)*)|(\\*))$', query=True, required=False)
option: Flag('preserved?', autofill=True, cli_name='preserved', default=False)
option: Bool('preserved', attribute=False, autofill=False, cli_name='preserved', default=False, multivalue=False, query=True, required=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
option: Int('sizelimit?', autofill=False, minvalue=0)
option: Str('sn', attribute=True, autofill=False, cli_name='last', multivalue=False, query=True, required=False)

View File

@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
IPA_API_VERSION_MINOR=133
# Last change: pvoborni - add server-del internal command
IPA_API_VERSION_MINOR=134
# Last change: jcholast - User life cycle: provide preserved user virtual attribute

View File

@ -333,6 +333,11 @@ class user(baseuser):
label=_('Account disabled'),
flags=['no_option'],
),
Bool('preserved?',
label=_('Preserved user'),
default=False,
flags=['virtual_attribute', 'no_create', 'no_update'],
),
)
def get_dn(self, *keys, **options):
@ -369,6 +374,15 @@ class user(baseuser):
"""
return super(user, self).normalize_manager(manager, self.active_container_dn)
def get_preserved_attribute(self, entry, options):
if options.get('raw', False):
return
delete_container_dn = DN(self.delete_container_dn, api.env.basedn)
if entry.dn.endswith(delete_container_dn):
entry['preserved'] = True
elif options.get('all', False):
entry['preserved'] = False
@register()
class user_add(baseuser_add):
@ -540,6 +554,7 @@ class user_add(baseuser_add):
self.obj.get_password_attributes(ldap, dn, entry_attrs)
convert_sshpubkey_post(ldap, dn, entry_attrs)
radius_dn2pk(self.api, entry_attrs)
self.obj.get_preserved_attribute(entry_attrs, options)
return dn
@ -665,6 +680,7 @@ class user_mod(baseuser_mod):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.post_common_callback(ldap, dn, entry_attrs, **options)
self.obj.get_preserved_attribute(entry_attrs, options)
return dn
@ -675,56 +691,56 @@ class user_find(baseuser_find):
member_attributes = ['memberof']
has_output_params = baseuser_find.has_output_params + user_output_params
msg_summary = ngettext(
'%(count)d user matched', '%(count)d users matched', 0
)
takes_options = LDAPSearch.takes_options + (
Flag('whoami',
label=_('Self'),
doc=_('Display user record for current Kerberos principal'),
),
Flag('preserved?',
doc=_('Display preserved deleted user'),
cli_name='preserved',
default=False,
),
)
def execute(self, *args, **options):
if self.original_msg_summary:
object.__setattr__(self, 'msg_summary', self.original_msg_summary)
def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options):
assert isinstance(base_dn, DN)
if options.get('whoami'):
return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
getattr(context, 'principal'), base_dn, scope)
newoptions = {}
self.common_enhance_options(newoptions, **options)
options.update(newoptions)
for arg in args:
self.log.debug("user-find- exec arg %r" % (arg))
if options['preserved']:
self.obj.container_dn = baseuser.delete_container_dn
self.msg_summary = ngettext('%(count)d (delete) user matched', '%(count)d (delete) users matched', 0)
ret = super(user_find, self).execute(self, *args, **options)
self.obj.container_dn = baseuser.active_container_dn
return ret
preserved = options.get('preserved', False)
if preserved is None:
base_dn = self.api.env.basedn
scope = ldap.SCOPE_SUBTREE
elif preserved:
base_dn = DN(self.obj.delete_container_dn, self.api.env.basedn)
else:
return super(user_find, self).execute(self, *args, **options)
def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options):
assert isinstance(base_dn, DN)
if options.get('whoami'):
return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\
getattr(context, 'principal'), base_dn, scope)
base_dn = DN(self.obj.active_container_dn, self.api.env.basedn)
return (filter, base_dn, scope)
def post_callback(self, ldap, entries, truncated, *args, **options):
if options.get('pkey_only', False):
return truncated
self.post_common_callback(ldap, entries, lockout=False, **options)
return truncated
msg_summary = ngettext(
'%(count)d user matched', '%(count)d users matched', 0
)
original_msg_summary = msg_summary
if options.get('preserved', False) is None:
base_dns = (
DN(self.obj.active_container_dn, self.api.env.basedn),
DN(self.obj.delete_container_dn, self.api.env.basedn),
)
entries[:] = [e for e in entries
if any(e.dn.endswith(bd) for bd in base_dns)]
self.post_common_callback(ldap, entries, lockout=False, **options)
for entry in entries:
self.obj.get_preserved_attribute(entry, options)
return truncated
@register()
@ -736,6 +752,7 @@ class user_show(baseuser_show):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
convert_nsaccountlock(entry_attrs)
self.post_common_callback(ldap, dn, entry_attrs, **options)
self.obj.get_preserved_attribute(entry_attrs, options)
return dn
@register()
@ -944,6 +961,7 @@ class user_status(LDAPQuery):
convert_nsaccountlock(entry)
if 'nsaccountlock' in entry:
disabled = entry['nsaccountlock']
self.obj.get_preserved_attribute(entry, options)
entries.append(newresult)
count += 1
except errors.NotFound: