Changing the token owner changes also the manager

This works if the change is made to a token which is owned and managed by the same person. The new owner then automatically becomes token's manager unless the attribute 'managedBy' is explicitly set otherwise. https://fedorahosted.org/freeipa/ticket/4681 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-01-14 15:57:45 +01:00 · 2015-01-14 15:57:45 +01:00 · c985de1ee6
commit c985de1ee6
parent 2dd54c9f33
1 changed files with 13 additions and 0 deletions
--- a/ipalib/plugins/otptoken.py
+++ b/ipalib/plugins/otptoken.py
@ -395,6 +395,19 @@ class otptoken_mod(LDAPUpdate):
                                      error='is after the validity end')
        _normalize_owner(self.api.Object.user, entry_attrs)

+        # ticket #4681: if the owner of the token is changed and the
+        # user also manages this token, then we should automatically
+        # set the 'managedby' attribute to the new owner
+        if 'ipatokenowner' in entry_attrs and 'managedby' not in entry_attrs:
+            new_owner = entry_attrs.get('ipatokenowner', None)
+            prev_entry = ldap.get_entry(dn, attrs_list=['ipatokenowner',
+                                                        'managedby'])
+            prev_owner = prev_entry.get('ipatokenowner', None)
+            prev_managedby = prev_entry.get('managedby', None)
+
+            if (new_owner != prev_owner) and (prev_owner == prev_managedby):
+                entry_attrs.setdefault('managedby', new_owner)
+
        attrs_list.append("objectclass")
        return dn