stageuser: Add stageuser-{add,remove}-cert

Move {add,remove}-cert implementation from user to baseuser and inherit {,stage}user-{add,remove}-cert from it. https://fedorahosted.org/freeipa/ticket/6623 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-01-18 13:24:29 +01:00 · 2017-01-18 13:24:29 +01:00 · 9c0e86530e
commit 9c0e86530e
parent 054c1e013a
4 changed files with 78 additions and 38 deletions
--- a/API.txt
+++ b/API.txt
@ -4751,6 +4751,17 @@ option: Str('version?')
 output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
+command: stageuser_add_cert/1
+args: 1,5,3
+arg: Str('uid', cli_name='login')
+option: Flag('all', autofill=True, cli_name='all', default=False)
+option: Flag('no_members', autofill=True, default=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False)
+option: Bytes('usercertificate+', alwaysask=True, cli_name='certificate')
+option: Str('version?')
+output: Entry('result')
+output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
+output: PrimaryKey('value')
 command: stageuser_add_manager/1
 args: 1,5,3
 arg: Str('uid', cli_name='login')
@ -4882,6 +4893,17 @@ option: Str('version?')
 output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
+command: stageuser_remove_cert/1
+args: 1,5,3
+arg: Str('uid', cli_name='login')
+option: Flag('all', autofill=True, cli_name='all', default=False)
+option: Flag('no_members', autofill=True, default=False)
+option: Flag('raw', autofill=True, cli_name='raw', default=False)
+option: Bytes('usercertificate+', alwaysask=True, cli_name='certificate')
+option: Str('version?')
+output: Entry('result')
+output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
+output: PrimaryKey('value')
 command: stageuser_remove_manager/1
 args: 1,5,3
 arg: Str('uid', cli_name='login')
@ -6661,10 +6683,12 @@ default: sidgen_was_run/1
 default: stageuser/1
 default: stageuser_activate/1
 default: stageuser_add/1
+default: stageuser_add_cert/1
 default: stageuser_add_manager/1
 default: stageuser_del/1
 default: stageuser_find/1
 default: stageuser_mod/1
+default: stageuser_remove_cert/1
 default: stageuser_remove_manager/1
 default: stageuser_show/1
 default: sudocmd/1
--- a/ipaserver/plugins/baseuser.py
+++ b/ipaserver/plugins/baseuser.py
@ -26,7 +26,7 @@ from ipalib.plugable import Registry
 from .baseldap import (
    DN, LDAPObject, LDAPCreate, LDAPUpdate, LDAPSearch, LDAPDelete,
    LDAPRetrieve, LDAPAddAttribute, LDAPRemoveAttribute, LDAPAddMember,
-    LDAPRemoveMember)
+    LDAPRemoveMember, LDAPAddAttributeViaOption, LDAPRemoveAttributeViaOption)
 from ipaserver.plugins.service import (
   validate_certificate, validate_realm, normalize_principal)
 from ipalib.request import context
@ -694,3 +694,37 @@ class baseuser_remove_principal(LDAPRemoveAttribute):
    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
        ensure_last_krbprincipalname(ldap, entry_attrs, *keys)
        return dn
+
+
+class baseuser_add_cert(LDAPAddAttributeViaOption):
+    attribute = 'usercertificate'
+
+    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
+                     **options):
+        self.obj.convert_usercertificate_pre(entry_attrs)
+
+        return dn
+
+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        assert isinstance(dn, DN)
+
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
+
+        return dn
+
+
+class baseuser_remove_cert(LDAPRemoveAttributeViaOption):
+    attribute = 'usercertificate'
+
+    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
+                     **options):
+        self.obj.convert_usercertificate_pre(entry_attrs)
+
+        return dn
+
+    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
+        assert isinstance(dn, DN)
+
+        self.obj.convert_usercertificate_post(entry_attrs, **options)
+
+        return dn
--- a/ipaserver/plugins/stageuser.py
+++ b/ipaserver/plugins/stageuser.py
@ -39,6 +39,8 @@ from .baseuser import (
    baseuser_show,
    NO_UPG_MAGIC,
    baseuser_output_params,
+    baseuser_add_cert,
+    baseuser_remove_cert,
    baseuser_add_manager,
    baseuser_remove_manager)
 from ipalib.request import context
@ -744,3 +746,15 @@ class stageuser_add_manager(baseuser_add_manager):
@register()
 class stageuser_remove_manager(baseuser_remove_manager):
    __doc__ = _("Remove a manager to the stage user entry")
+
+
+@register()
+class stageuser_add_cert(baseuser_add_cert):
+    __doc__ = _("Add one or more certificates to the stageuser entry")
+    msg_summary = _('Added certificates to stageuser "%(value)s"')
+
+
+@register()
+class stageuser_remove_cert(baseuser_remove_cert):
+    __doc__ = _("Remove one or more certificates to the stageuser entry")
+    msg_summary = _('Removed certificates from stageuser "%(value)s"')
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@ -43,6 +43,8 @@ from .baseuser import (
    fix_addressbook_permission_bindrule,
    baseuser_add_manager,
    baseuser_remove_manager,
+    baseuser_add_cert,
+    baseuser_remove_cert,
    baseuser_add_principal,
    baseuser_remove_principal)
 from .idviews import remove_ipaobject_overrides
@ -53,9 +55,7 @@ from .baseldap import (
    LDAPCreate,
    LDAPSearch,
    LDAPQuery,
-    LDAPMultiQuery,
-    LDAPAddAttributeViaOption,
-    LDAPRemoveAttributeViaOption)
+    LDAPMultiQuery)
 from . import baseldap
 from ipalib.request import context
 from ipalib import _, ngettext
@ -1157,47 +1157,15 @@ class user_status(LDAPQuery):


@register()
-class user_add_cert(LDAPAddAttributeViaOption):
+class user_add_cert(baseuser_add_cert):
    __doc__ = _('Add one or more certificates to the user entry')
    msg_summary = _('Added certificates to user "%(value)s"')
-    attribute = 'usercertificate'
-
-    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
-                     **options):
-        dn = self.obj.get_either_dn(*keys, **options)
-
-        self.obj.convert_usercertificate_pre(entry_attrs)
-
-        return dn
-
-    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-        assert isinstance(dn, DN)
-
-        self.obj.convert_usercertificate_post(entry_attrs, **options)
-
-        return dn


@register()
-class user_remove_cert(LDAPRemoveAttributeViaOption):
+class user_remove_cert(baseuser_remove_cert):
    __doc__ = _('Remove one or more certificates to the user entry')
    msg_summary = _('Removed certificates from user "%(value)s"')
-    attribute = 'usercertificate'
-
-    def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys,
-                     **options):
-        dn = self.obj.get_either_dn(*keys, **options)
-
-        self.obj.convert_usercertificate_pre(entry_attrs)
-
-        return dn
-
-    def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-        assert isinstance(dn, DN)
-
-        self.obj.convert_usercertificate_post(entry_attrs, **options)
-
-        return dn


@register()