Require uniqueness in the name/comment field of delegations

Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"

ipa-admintools/ipa-adddelegation

@@ -90,6 +90,25 @@ def main():
         new_aci.dest_group = target_grp[1].dn
         new_aci.attrs = attr_list
 
+        aci_entry = client.get_aci_entry(['*', 'aci'])
+
+        # Look for an existing ACI of the same name
+        aci_str_list = aci_entry.getValues('aci')
+        if aci_str_list is None:
+            aci_str_list = []
+        if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+            aci_str_list = [aci_str_list]
+
+        for aci_str in aci_str_list:
+            try:
+                old_aci = ipa.aci.ACI(aci_str)
+                if old_aci.name == new_aci.name:
+                    print "A delegation of that name already exists"
+                    return 2
+            except SyntaxError:
+                # ignore aci_str's that ACI can't parse
+                pass
+
         aci_entry = client.get_aci_entry(['dn'])
         aci_entry.setValue('aci', new_aci.export_to_string())
 

ipa-admintools/ipa-listdelegation

@@ -23,6 +23,7 @@ from optparse import OptionParser
 import ipa.ipaclient as ipaclient
 import ipa.config
 
+import operator
 import xmlrpclib
 import kerberos
 
@@ -75,7 +76,8 @@ def main():
 
     group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
-    for a in aci_list:
+    # the operator.itemgetter(0) lets us sort by the name field
+    for a in sorted(aci_list, key=operator.itemgetter(0)):
         labels = client.attrs_to_labels(a.attrs)
         print "Delegation Name: " + a.name
         print "Group " + group_dn_to_cn[a.source_group] 

ipa-python/aci.py

@@ -37,6 +37,16 @@ class ACI:
         if acistr is not None:
             self.parse_acistr(acistr)
 
+    def __getitem__(self,key):
+        """Fake getting attributes by key for sorting"""
+        if key == 0:
+            return self.name
+        if key == 1:
+            return self.source_group
+        if key == 2:
+            return self.dest_group
+        raise TypeError("Unknown key value %s" % key)
+
     def export_to_string(self):
         """Converts the ACI to a string suitable for an LDAP aci attribute."""
         attrs_str = ' || '.join(self.attrs)

ipa-server/ipa-gui/ipagui/forms/delegate.py

@@ -44,7 +44,7 @@ aci_checkbox_attrs = [(field.name, field.label) for field in aci_attrs]
 aci_name_to_label = dict(aci_checkbox_attrs)
 
 class DelegateFields():
-    name = widgets.TextField(name="name", label="Name")
+    name = widgets.TextField(name="name", label="Delegation Name")
 
     source_group_dn = widgets.HiddenField(name="source_group_dn")
     dest_group_dn = widgets.HiddenField(name="dest_group_dn")

ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py

@@ -19,6 +19,7 @@ import ipagui.forms.delegate
 import ipa.aci
 
 import ldap.dn
+import operator
 
 log = logging.getLogger(__name__)
 
@@ -63,11 +64,34 @@ class DelegationController(IPAController):
                     tg_template='ipagui.templates.delegatenew')
 
         try:
+            aci_entry = client.get_aci_entry(aci_fields)
+
             new_aci = ipa.aci.ACI()
             new_aci.name = kw.get('name')
             new_aci.source_group = kw.get('source_group_dn')
             new_aci.dest_group = kw.get('dest_group_dn')
             new_aci.attrs = kw.get('attrs')
+            if (new_aci.attrs, str):
+                new_aci.attrs = [new_aci.attrs]
+
+            # Look for an existing ACI of the same name
+            aci_str_list = aci_entry.getValues('aci')
+            if aci_str_list is None:
+                aci_str_list = []
+            if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+                aci_str_list = [aci_str_list]
+
+            for aci_str in aci_str_list:
+                try:
+                    old_aci = ipa.aci.ACI(aci_str)
+                    if old_aci.name == new_aci.name:
+                        turbogears.flash("Delgate add failed: a delegation of that name already exists")
+                        return dict(form=delegate_form, delegate=kw,
+                                tg_template='ipagui.templates.delegatenew')
+                except SyntaxError:
+                    # ignore aci_str's that ACI can't parse
+                    pass
+
 
             # not pulling down existing aci attributes
             aci_entry = client.get_aci_entry(['dn'])
@@ -75,7 +99,7 @@ class DelegationController(IPAController):
 
             client.update_entry(aci_entry)
         except ipaerror.IPAError, e:
-            turbogears.flash("Delgate add failed: " + str(e))
+            turbogears.flash("Delgate add failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=delegate_form, delegate=kw,
                     tg_template='ipagui.templates.delegatenew')
 
@@ -105,7 +129,7 @@ class DelegationController(IPAController):
 
             return dict(form=delegate_form, delegate=delegate)
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation edit failed: " + str(e))
+            turbogears.flash("Delegation edit failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/delegate/list')
 
 
@@ -162,7 +186,7 @@ class DelegationController(IPAController):
             turbogears.flash("delegate updated")
             raise turbogears.redirect('/delegate/list')
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation update failed: " + str(e))
+            turbogears.flash("Delegation update failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=delegate_form, delegate=kw,
                         tg_template='ipagui.templates.delegateedit')
 
@@ -175,7 +199,7 @@ class DelegationController(IPAController):
         try:
             aci_entry = client.get_aci_entry(aci_fields)
         except ipaerror.IPAError, e:
-            turbogears.flash("Delegation list failed: " + str(e))
+            turbogears.flash("Delegation list failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/')
 
         aci_str_list = aci_entry.getValues('aci')
@@ -194,6 +218,7 @@ class DelegationController(IPAController):
                 pass
         group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
+        aci_list = sorted(aci_list, key=operator.itemgetter(0))
         # The list page needs to display field labels, not raw
         # LDAP attributes
         for aci in aci_list:
@@ -237,7 +262,7 @@ class DelegationController(IPAController):
             turbogears.flash("delegate deleted")
             raise turbogears.redirect('/delegate/list')
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation deletion failed: " + str(e))
+            turbogears.flash("Delegation deletion failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/delegate/list')
 
     @expose("ipagui.templates.delegategroupsearch")