Fixed permission lookup

Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering functionality. https://fedorahosted.org/freeipa/ticket/818
2025-02-25 18:55:28 -06:00 · 2011-01-27 05:11:28 -05:00 · 2011-01-27 05:11:28 -05:00 · 6db3105315
commit 6db3105315
parent 987507efd0
3 changed files with 16 additions and 12 deletions
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@ -780,7 +780,16 @@ class aci_find(crud.Search):
                    except ValueError:
                        pass

-        # TODO: searching by: filter, subtree
+        if 'filter' in kw:
+            if not kw['filter'].startswith('('):
+                kw['filter'] = unicode('('+kw['filter']+')')
+            for a in acis:
+                if 'targetfilter' not in a.target or\
+                    not a.target['targetfilter']['expression'] or\
+                    a.target['targetfilter']['expression'] != kw['filter']:
+                    results.remove(a)
+
+        # TODO: searching by: subtree

        acis = []
        for result in results:
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@ -1372,11 +1372,9 @@ class LDAPSearch(CallbackInterface, crud.Search):

        for callback in self.POST_CALLBACKS:
            if hasattr(callback, 'im_self'):
-                more = callback(ldap, entries, truncated, *args, **options)
+                callback(ldap, entries, truncated, *args, **options)
            else:
-                more = callback(self, ldap, entries, truncated, *args, **options)
-            if more:
-                entries = entries + more
+                callback(self, ldap, entries, truncated, *args, **options)

        if not options.get('raw', False):
            for e in entries:
@ -1392,11 +1390,11 @@ class LDAPSearch(CallbackInterface, crud.Search):
            truncated=truncated,
        )

-    def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options):
-        return (filter, base_dn, scope)
+    def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options):
+        return (filters, base_dn, scope)

    def post_callback(self, ldap, entries, truncated, *args, **options):
-        return []
+        pass

    def exc_callback(self, args, options, exc, call_func, *call_args, **call_kwargs):
        raise exc
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@ -336,7 +336,6 @@ class permission_find(LDAPSearch):
    )

    def post_callback(self, ldap, entries, truncated, *args, **options):
-        newentries = []
        for entry in entries:
            (dn, attrs) = entry
            try:
@ -374,9 +373,7 @@ class permission_find(LDAPSearch):
                    dn = attrs['dn']
                    del attrs['dn']
                    if (dn, attrs) not in entries:
-                        newentries.append((dn, attrs))
-
-        return newentries
+                        entries.append((dn, attrs))

 api.register(permission_find)