From aa2183578cb58d9f55b5f1b64c13627b88dae37c Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 20 Oct 2009 11:57:02 -0400 Subject: [PATCH] Add can_add() and can_delete() GER helpers --- ipaserver/plugins/ldap2.py | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index 9c655eced..f8e06576d 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -534,6 +534,43 @@ class ldap2(CrudBackend, Encoder): return False + # + # Entry-level effective rights + # + # a - Add + # d - Delete + # n - Rename the DN + # v - View the entry + # + + @encode_args(1) + def can_delete(self, dn): + """Returns True/False if the currently bound user has delete permissions + on the entry. + """ + (dn, attrs) = self.get_effective_rights(dn, ["*"]) + import pdb + pdb.set_trace() + if 'entrylevelrights' in attrs: + entry_rights = attrs['entrylevelrights'][0].decode('UTF-8') + if 'd' in entry_rights: + return True + + return False + + @encode_args(1) + def can_add(self, dn): + """Returns True/False if the currently bound user has add permissions + on the entry. + """ + (dn, attrs) = self.get_effective_rights(dn, ["*"]) + if 'entrylevelrights' in attrs: + entry_rights = attrs['entrylevelrights'][0].decode('UTF-8') + if 'a' in entry_rights: + return True + + return False + @encode_args(1, 2) def update_entry_rdn(self, dn, new_rdn, del_old=True): """